summaryrefslogtreecommitdiffstats
path: root/org.eclipse.jgit.ssh.apache/src/org
Commit message (Collapse)AuthorAgeFilesLines
...
* Migrate to Apache MINA sshd 2.6.0 and Orbit I20210203173513David Ostrovsky2021-02-049-192/+80
| | | | | | | | | | | | | | | | | | Re-enable DSA, DSA_CERT, and RSA_CERT public key authentication. DSA is discouraged for a long time already, but it might still be way too disruptive to completely drop it. RSA is discouraged for far less long, and dropping that would be really disruptive. Adapt to the changed property handling. Remove work-arounds for shortcomings of earlier sshd versions. Use Orbit I20210203173513, which includes sshd 2.6.0. This also bumps apache.httpclient to 4.5.13 and apache.httpcore to 4.4.14. Change-Id: I2d24a1ce4cc9f616a94bb5c4bdaedbf20dc6638e Signed-off-by: David Ostrovsky <david@ostrovsky.org> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Client-side protocol V2 support for fetchingThomas Wolf2021-01-011-4/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make all transports request protocol V2 when fetching. Depending on the transport, set the GIT_PROTOCOL environment variable (file and ssh), pass the Git-Protocol header (http), or set the hidden "\0version=2\0" (git anon). We'll fall back to V0 if the server doesn't reply with a version 2 answer. A user can control which protocol the client requests via the git config protocol.version; if not set, JGit requests protocol V2 for fetching. Pushing always uses protocol V0 still. In the API, there is only a new Transport.openFetch() version that takes a collection of RefSpecs plus additional patterns to construct the Ref prefixes for the "ls-refs" command in protocol V2. If none are given, the server will still advertise all refs, even in protocol V2. BasePackConnection.readAdvertisedRefs() handles falling back to protocol V0. It newly returns true if V0 was used and the advertised refs were read, and false if V2 is used and an explicit "ls-refs" is needed. (This can't be done transparently inside readAdvertisedRefs() because a "stateless RPC" transport like TransportHttp may need to open a new connection for writing.) BasePackFetchConnection implements the changes needed for the protocol V2 "fetch" command (stateless protocol, simplified ACK handling, delimiters, section headers). In TransportHttp, change readSmartHeaders() to also recognize the "version 2" packet line as a valid smart server indication. Adapt tests, and run all the HTTP tests not only with both HTTP connection factories (JDK and Apache HttpClient) but also with both protocol V0 and V2. The SSH tests are much slower and much more focused on the SSH protocol and SSH key handling. Factor out two very simple cloning and pulling tests and make those run with protocol V2. Bug: 553083 Change-Id: I357c7f5daa7efb2872f1c64ee6f6d54229031ae1 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* [spotbugs] Fix potential NPE in OpenSshServerKeyDatabaseMatthias Sohn2020-12-221-1/+4
| | | | | | | | | If oldLine is null #updateModifiedServerKey shouldn't be called since it would derefence it. Spotbugs raised this as problem RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE. Fix it by checking if oldLine is null before calling #updateModifiedServerKey. Change-Id: I8a2000492986e52ce7dbe25f48b321c05fd371e4 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Revert "Client-side protocol V2 support for fetching"Thomas Wolf2020-11-031-13/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit f802f06e7fd5a98f256b7b7727598491f563bf2f. I had misunderstood how protocol V2 works. This implementation only works if the negotiation during fetch is done in one round. Fixing this is substantial work in BasePackFetchConnection. Basically I think I'd have to change back negotiate to the V0 version, and have a doFetch() that does if protocol V2 doFetchV2() else doFetchV0() with doFetchV0 the old code, and doFetchV2 completely new. Plus there would need to be a HTTP test case requiring several negotiation rounds. This is a couple of days work at least, and I don't know when I will have the time to revisit this. So although the rest of the code is fine I prefer to back this out completely and not leave a only half working implementation in the code for an indeterminate time. Bug: 553083 Change-Id: Icbbbb09882b3b83f9897deac4a06d5f8dc99d84e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Client-side protocol V2 support for fetchingThomas Wolf2020-10-291-4/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make all transports request protocol V2 when fetching. Depending on the transport, set the GIT_PROTOCOL environment variable (file and ssh), pass the Git-Protocol header (http), or set the hidden "\0version=2\0" (git anon). We'll fall back to V0 if the server doesn't reply with a version 2 answer. A user can control which protocol the client requests via the git config protocol.version; if not set, JGit requests protocol V2 for fetching. Pushing always uses protocol V0 still. In the API, there is only a new Transport.openFetch() version that takes a collection of RefSpecs plus additional patterns to construct the Ref prefixes for the "ls-refs" command in protocol V2. If none are given, the server will still advertise all refs, even in protocol V2. BasePackConnection.readAdvertisedRefs() handles falling back to protocol V0. It newly returns true if V0 was used and the advertised refs were read, and false if V2 is used and an explicit "ls-refs" is needed. (This can't be done transparently inside readAdvertisedRefs() because a "stateless RPC" transport like TransportHttp may need to open a new connection for writing.) BasePackFetchConnection implements the changes needed for the protocol V2 "fetch" command (simplified ACK handling, delimiters, section headers). In TransportHttp, change readSmartHeaders() to also recognize the "version 2" packet line as a valid smart server indication. Adapt tests, and run all the HTTP tests not only with both HTTP connection factories (JDK and Apache HttpClient) but also with both protocol V0 and V2. Do the same for the SSH transport tests. Bug: 553083 Change-Id: Ice9866aa78020f5ca8f397cde84dc224bf5d41b4 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Support "http.userAgent" and "http.extraHeader" from the git configJames Wynn2020-09-261-46/+5
| | | | | | | | | | | | | | | | Validate the extra headers and log but otherwise ignore invalid headers. An empty http.extraHeader starts the list afresh. The http.userAgent is restricted to printable 7-bit ASCII, other characters are replaced by '.'. Moves a support method from the ssh.apache bundle to HttpSupport in the main JGit bundle. Bug:541500 Change-Id: Id2d8df12914e2cdbd936ff00dc824d8f871bd580 Signed-off-by: James Wynn <james@jameswynn.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* sshd: better error report when user cancels authenticationThomas Wolf2020-09-264-15/+101
| | | | | | | | Use a dedicated exception class to be able to detect this case in the SshdSessionFactory and skip the generic SshException in that case. Change-Id: I2a0bacf47bae82f154a0f4e79efbb2af2a17d0cf Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* sshd: support the ProxyJump ssh configThomas Wolf2020-09-194-34/+225
| | | | | | | | | | | | | | This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* SshdSession: close channel gracefullyThomas Wolf2020-09-051-1/+1
| | | | | | | | Close the channel gracefully to give the server a chance to clean up properly on its side. Bug: 565854 Change-Id: Iedda5af3b97c8321f08f7ce854274cbb30e401de Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Update javadoc for RemoteSession and SshSessionFactoryThomas Wolf2020-08-101-26/+16
| | | | | | | | | | | | | | | | | | The timeout on RemoteSession.exec() cannot be a timeout for the whole command. It can only be a timeout for setting up the process; after that it's the application's responsibility to implement some timeout for the execution of the command, for instance by calling Process.waitFor(int, TimeUnit) or through other means. Sessions returned by an SshSessionFactory are already connected and authenticated -- they must be, because RemoteSession offers no operations for connecting or authenticating a session. Change the implementation of SshdExecProcess.waitFor() to wait indefinitely. The original implementation used the timeout from RemoteSession.exec() because of that erroneous javadoc. Change-Id: I3c7ede24ab66d4c81f72d178ce5012d383cd826e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* sshd: work around a race condition in Apache MINA sshd 2.4.0/2.5.xThomas Wolf2020-08-102-0/+135
| | | | | | | | | | | | | | | | | When exceptions occur very early in the SSH connection setup, it's possible that an exception gets lost. A subsequent authentication attempt may then never be notified of the failure, and then wait indefinitely or until its timeout expires. This is caused by race conditions in sshd. The issue has been reported upstream as SSHD-1050,[1] but will be fixed at the earliest in sshd 2.6.0. [1] https://issues.apache.org/jira/projects/SSHD/issues/SSHD-1050 Bug: 565394 Change-Id: If9b62839db38f9e59a5e1137c2257039ba82de98 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* sshd: store per-session data on the sshd session objectThomas Wolf2020-08-095-95/+225
| | | | | | | | | | | | Don't store session properties on the client but in a dedicated per-session object that is attached to the sshd session. Also make sure that each sshd session gets its own instance of IdentityPasswordProvider that asks for passphrases of encrypted private keys, and also store it on the session itself. Bug: 563380 Change-Id: Ia88bf9f91cd22b5fd32b5972d8204d60f2de56bf Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Decouple JSch from JGit CoreMatthias Sohn2020-06-011-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | Motivation: JSch serves as 'default' implementations of the SSH transport. If a client application does not use it then there is no need to pull in this dependency. Move the classes depending on JSch to an OSGi fragment extending the org.eclipse.jgit bundle and keep them in the same package as before since moving them to another package would break API. Defer moving them to a separate package to the next major release. Add a new feature org.eclipse.jgit.ssh.jsch feature to enable installation. With that users can now decide which of the ssh client integrations (JCraft JSch or Apache Mina SSHD) they want to install. We will remove the JCraft JSch integration in a later step due to the reasons discussed in bug 520927. Bug: 553625 Change-Id: I5979c8a9dbbe878a2e8ac0fbfde7230059d74dc2 Also-by: Michael Dardis <git@md-5.net> Signed-off-by: Michael Dardis <git@md-5.net> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: David Ostrovsky <david@ostrovsky.org>
* Builder API to configure SshdSessionFactoriesThomas Wolf2020-05-233-47/+459
| | | | | | | | | | | | | A builder API provides a more convenient way to define a customized SshdSessionFactory by hiding the subclassing. Also provide a new interface SshConfigStore to abstract away the specifics of reading a ssh config file, and provide a way to customize the concrete ssh config implementation to be used. This facilitates using an alternate ssh config implementation that may or may not be based on files. Change-Id: Ib9038e8ff2a4eb3a9ce7b3554d1450befec8e1e1 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Log stack trace if CachingKeyPairProvider hits unexpected exceptionMatthias Sohn2020-05-201-1/+1
| | | | | | | Log the stack trace in order to help understanding the bug 563380 Bug: 563380 Change-Id: If993a63ccec5042b10e1d5e945b18f4b5f06d8ff Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Update to org.apache.sshd 2.4.0Thomas Wolf2020-03-224-23/+21
| | | | | | | | | | | | | | | | | Change target platforms to Orbit I20200319180910 and regenerate them. Change package imports to [2.4.0,2.5.0); adapt code to upstream API changes. Maven build: update version in root pom. Bazel build: update version & hash in WORKSPACE file. Proxy functionality verified manually using 3proxy (HTTP & SOCKS, with basic authentication) and ssh -vvv -D7020 localhost (SOCKS, no authentication). Bug: 561078 Change-Id: I582f6b98055b013c006f2c749890fe6db801cbaa Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Merge branch 'stable-5.6'Matthias Sohn2020-02-282-2/+2
|\ | | | | | | | | | | | | | | | | | | * stable-5.6: Cygwin expects forward slashes for commands to be run via sh.exe Make Logger instances final Move array designators from the variable to the type Change-Id: I9a5dc570deb478525bf48ef526d8cba5b19418bf Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
| * Move array designators from the variable to the typeDavid Pursehouse2020-02-272-2/+2
| | | | | | | | | | | | | | | | | | | | | | As reported by Sonar Lint: Array designators should always be located on the type for better code readability. Otherwise, developers must look both at the type and the variable name to know whether or not a variable is an array. Change-Id: If6b41fed3483d0992d402d8680552ab4bef89ffb Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
* | Update EDL 1.0 license headers to new short SPDX compliant formatMatthias Sohn2020-01-0439-1482/+195
| | | | | | | | | | | | | | | | | | | | This is the format given by the Eclipse legal doc generator [1]. [1] https://www.eclipse.org/projects/tools/documentation.php?id=technology.jgit Bug: 548298 Change-Id: I8d8cabc998ba1b083e3f0906a8d558d391ffb6c4 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | Replace chain of if statements with switchCarsten Hammer2019-12-141-3/+5
|/ | | | | | | | | | | and switch over strings where possible. Sometimes if statements are chained and form a series of comparisons against constants. Using switch statements improves readability. Bug: 545856 Change-Id: Iacb78956ee5c20db4d793e6b668508ec67466606 Signed-off-by: Carsten Hammer <carsten.hammer@t-online.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Enable and fix "Statement unnecessarily nested within else clause" warningsDavid Pursehouse2019-10-175-20/+13
| | | | | | | | | | | | | | | Since [1] the gerrit project includes jgit as a submodule, and has this warning enabled, resulting in 100s of warnings in the console. Also enable the warning here, and fix them. At the same time, add missing braces around adjacent and nearby one-line blocks. [1] https://gerrit-review.googlesource.com/c/gerrit/+/227897 Change-Id: I81df3fc7ed6eedf6874ce1a3bedfa727a1897e4c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
* sshd: fix proxy connections with the DefaultProxyDataFactoryThomas Wolf2019-09-022-2/+6
| | | | | | | | | | | | | | | | | | | | | | | The java.net.ProxySelector is quite a bit different from the one in Eclipse. Eclipse (and the OS) uses "socks" as URI scheme to look up a SOCKS proxy. java.net.ProxySelector needs "socket" as scheme (and internally maps that to "socks" if and when it asks the OS about the proxies). Moreover, java.net.ProxySelector may return unresolved addresses, whereas the Eclipse proxy selector always returns resolved addresses. Fix both by explicitly resolving unresolved proxy addresses and using scheme "socket" in the DefaultProxyDataFactory. Tested manually with the jgit command-line tool using ssh -vvv -D7020 localhost and 3proxy as SOCKS5 proxies on localhost (3proxy with user/password authentication). Start jgit with _JAVA_OPTIONS set to "-DsocksProxyHost=<host> -DsocksProxyPort=<port> -Djava.net.useSystemProxies=false" to test manually. Bug: 548965 Change-Id: Ib81ae8255ac2f9c48268f172e7d8ebb4a792b66d Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* sshd: support the HashKnownHosts configurationThomas Wolf2019-09-023-12/+52
| | | | | | | | | Add the constant, and implement hashing of known host names in OpenSshServerKeyDatabase. Add a test verifying that the hashing works. Bug: 548492 Change-Id: Iabe82b666da627bd7f4d82519a366d166aa9ddd4 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* sshd: configurable server key verificationThomas Wolf2019-09-024-88/+459
| | | | | | | | | | Provide a wrapper interface and change the implementation such that a client can substitute its own database of known hosts keys instead of the default file-based mechanism. Bug: 547619 Change-Id: Ifc25a4519fa5bcf7bb8541b9f3e2de15215e3d66 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* sshd: allow setting a null ssh configThomas Wolf2019-08-302-8/+26
| | | | | | | | | | | The same effect could already be obtained if the ~/.ssh/config file did not exist. But that is more difficult to control by clients, since JGit would pick up the config if it was then created. Therefore allow specifying a null config explicitly to permanently switch off config file handling. Change-Id: Iedf8a7f4d5c1ca08e0a513ed28301d8e5261b22a Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* sshd: simplify OpenSshServerKeyVerifierThomas Wolf2019-08-301-160/+135
| | | | | | | | | | | Reduce the dependency on the ClientSession in preparation to remove it altogether. Remove the internal helper, re-implement the needed bits. We have not implemented any configuration possibility in JGit for creating hashed host names in known hosts files, so we don't need the sshd code that theoretically would enable this. Change-Id: I295f5106b60e1cc3a9d085b0cb7ff747daae88be Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* sshd: simplify ServerKeyLookup interfaceThomas Wolf2019-08-303-10/+8
| | | | | | | We're actually interested only in the known public keys, we don't need the corresponding host entry from the config. Change-Id: Ibde6dffe9e3f87bfbb7c70d1f733b2b0e28cad71 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* sshd: shared reference in JGitClientSession must be volatileThomas Wolf2019-07-151-1/+1
| | | | | | | The proxy handler may be re-set from an unspecified I/O thread. Declare the shared variable as volatile. Change-Id: I4e7ce393ae2cdc7f1cd4edf40c137da6d6c50ad5 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* sshd: correct the protocol version exchangeThomas Wolf2019-07-152-1/+135
| | | | | | | | | | | | | | | | | | | RFC 4253 section 4.2 allows an ssh server to send additional lines before its server identification string. Apache MINA sshd enforces for these lines the constraints specified for the server identification line, too: no NUL characters and not longer than 255 characters. That is too strict. RFC 4253 doesn't mandate this, and it also doesn't make sense given the rationale for these lines in RFC 4253: a TCP wrapper may not be aware of SSH restrictions, and may not adhere to these constraints. Be more lenient when parsing the server's protocol version. Allow NULs and longer lines in the preamble, and also handle line endings more leniently. Only enforce the restrictions for the actual server identification line. Bug: 545939 Change-Id: I75955e9d8a8daef7c04fc0f39539c2ee93514e1c Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Convert to lambda or member referenceCarsten Hammer2019-05-161-11/+6
| | | | | | | | | | | Convert anonymous inner classes to lambda expressions or member references Bug: 545856 CQ: 19537 Change-Id: I621431c178e8b99316314602f7c66c9a36f9ae98 Signed-off-by: Carsten Hammer <carsten.hammer@t-online.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Apache MINA sshd client: test reading encrypted ed25519 keysThomas Wolf2019-05-061-0/+6
| | | | | | | | | | | | | | | Add encrypted ed25519 keys in the tests; sshd 2.2.0 can finally decrypt encrypted new-style OpenSSH key files. (Needs the "unlimited strength" JCE, which is the default since Java 8u161. On older JREs, users should install the policy files available from Oracle.) The "expensive" key added has been generated with OpenSSH's ssh-keygen -t ed25519 -a 256, i.e., with 256 bcrypt KDF rounds instead of the default 16. On my machine it takes about 2sec to decrypt. Bug: 541703 Change-Id: Id3872ca2fd75d8f009cbc932eeb6357d3d1f267c Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Apache MINA sshd client: adapt to sshd 2.2.0Thomas Wolf2019-05-0613-748/+131
| | | | | | | | | | | | | | Update target platforms, maven and bazel builds to use sshd 2.2.0. Adapt internal classes to changed sshd interfaces and remove previous work-arounds for asking repeatedly for key passwords and for loading keys lazily; both are now done by sshd. CQ: 19034 CQ: 19035 Bug: 541425 Change-Id: I85e1df6ebb8a94953a912d9b2b8a7b5bdfbd608a Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Merge branch 'stable-5.3'Matthias Sohn2019-04-293-32/+44
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-5.3: Prepare 5.3.2-SNAPSHOT builds JGit v5.3.1.201904271842-r Prepare 5.2.3-SNAPSHOT builds JGit v5.2.2.201904231744-r Revert 4678f4b and provide another solution for bug 467631 Apache MINA sshd: make sendKexInit() work also for re-keying Prepare 5.1.8-SNAPSHOT builds JGit v5.1.7.201904200442-r ObjectUploadListener: Add callback interface Prepare 4.11.9-SNAPSHOT builds JGit v4.11.8.201904181247-r Prepare 4.9.11-SNAPSHOT builds JGit v4.9.10.201904181027-r Prepare 4.7.10-SNAPSHOT builds JGit v4.7.9.201904161809-r Prepare 4.5.8-SNAPSHOT builds JGit v4.5.7.201904151645-r Remember the cause for invalidating a packfile Fix API problem filters Fix pack files scan when filesnapshot isn't modified Change-Id: I8a8671f7767444a77b809bd66a27d776c8332736 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
| * Merge branch 'stable-5.2' into stable-5.3Matthias Sohn2019-04-283-32/+44
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-5.2: Prepare 5.2.3-SNAPSHOT builds JGit v5.2.2.201904231744-r Revert 4678f4b and provide another solution for bug 467631 Apache MINA sshd: make sendKexInit() work also for re-keying Prepare 5.1.8-SNAPSHOT builds JGit v5.1.7.201904200442-r ObjectUploadListener: Add callback interface Prepare 4.11.9-SNAPSHOT builds JGit v4.11.8.201904181247-r Prepare 4.9.11-SNAPSHOT builds JGit v4.9.10.201904181027-r Prepare 4.7.10-SNAPSHOT builds JGit v4.7.9.201904161809-r Prepare 4.5.8-SNAPSHOT builds JGit v4.5.7.201904151645-r Remember the cause for invalidating a packfile Fix API problem filters Fix pack files scan when filesnapshot isn't modified Change-Id: Ie7e572ac7e346f21fe0c387d7448be168a9c127a Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
| | * Apache MINA sshd: make sendKexInit() work also for re-keyingThomas Wolf2019-04-203-32/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The message delaying for the initial SSH messages (client identification followed by the initial key exchange request) was broken. sendKexInit() is _also_ called when a new key exchange is requested. We inadvertently also re-sent the client identification at that point, which is wrong and makes the server terminate the connection. Re-keying occurs from time to time during an SSH connection depending on time, the number of messages (packets/blocks) exchanged, or the amount of data exchanged. The net result was that for large repositories data-intensive operations failed on the first re-keying. Change the initial message delay such that the two messages for the client identification and the initial key exchange can be buffered individually while the proxy protocol is still in progress. The AbstractClientProxyConnector can now buffer several commands, which should also resolve bug 544715. Bug: 545920 Change-Id: If09ee963a439b39098a0f52a1510237b428df8dd Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | Use Arrays.asList instead of copying array in a for loopCarsten Hammer2019-04-141-3/+2
| | | | | | | | | | | | | | | Change-Id: Ie44950f7d2f2f94a0412efb6c274f6e1e31efcd6 Signed-off-by: Carsten Hammer <carsten.hammer@t-online.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | Join catch sections using multicatchCarsten Hammer2019-04-131-4/+1
|/ / | | | | | | | | Change-Id: I1a9112e6a4f938638c599b489cb0858eca27ab91 Signed-off-by: Carsten Hammer <carsten.hammer@t-online.de> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | SshdSessionFactory: generalize providing default keysThomas Wolf2019-01-224-24/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Provide a mechanism for a subclass to provide its own set of default identities from anywhere as an Iterable<KeyPair>. The default implementation is functionally unchanged and uses the known default identity files in the ~/.ssh directory. A subclass can override the getDefaultKeys() function and return whatever keys are appropriate. Bug: 543152 Change-Id: I500d63146bc67e20e051f617790eb87c7cb500b6 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | Consistently import constants from StandardCharsets as staticDavid Pursehouse2019-01-205-18/+18
| | | | | | | | | | Change-Id: I143c242c0e3299323ae166a59947b1195539e6bf Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
* | Apache MINA sshd client: less aggressive key file name cachingThomas Wolf2019-01-053-5/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | Don't use the ~/.ssh directory as cache key for the key provider but the configured paths of the default keys. Otherwise changes in that list of paths are not picked up. This is in particular a problem for EGit, where the user can modify this list of keys interactively in the preferences. Without this change, Eclipse needs to be restarted to pick up such changes. Bug: 542845 Change-Id: I63432fb10729a90b3c5e14f13e39bf482aef811b Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | Avoid double wordsMincong HUANG2018-12-211-1/+1
| | | | | | | | | | Change-Id: I0fdf595cba93f5a5cdd0496cee07ac91db304532 Signed-off-by: Mincong Huang <mincong.h@gmail.com>
* | Remove unnecessary @since tags from non-API classesDavid Pursehouse2018-12-203-3/+0
|/ | | | | Change-Id: I6bed174c062a0785641dc8ad69151bf7e843cdcf Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
* Remove unnecessary modifiers from interfacesJonathan Nieder2018-11-202-2/+2
| | | | | | | This continues what commit d9ac7ddf1026123fee6c4477d172d614522dfc08 (Remove unnecessary modifiers from interfaces, 2018-11-15) started. Change-Id: I89720985a5a986722a0dcb9b5e9bbc25996bd5b3
* Apache MINA sshd client: don't leak HostConfigEntryThomas Wolf2018-11-173-17/+7
| | | | | | | | | | | | ProxyDataFactory had a parameter of type HostConfigEntry, but actually it wasn't used anywhere. Remove it -- it was the last leaked type from Apache MINA sshd. Also use the logger provided by upstream SshClient instead of creating a new Logger. Bug: 520927 Change-Id: Iaa78bbb998a5e574fa091664b75c48a3b9cfb897 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Apache MINA sshd client: test & fix password authenticationThomas Wolf2018-11-177-23/+263
| | | | | | | | | | | | | | | | | | | | | | | Add tests for password and keyboard-interactive authentication. Implement password authentication; the default provided by sshd is non-interactive, which is not useful for JGit. Make sure the CredentialsProvider gets reset on successive password retrieval attempts. Otherwise it might always return the same non- accepted password from a secure storage. (That one was discovered by actually trying this via EGit; the JGit tests don't catch this.) Change the default order of authentication mechanisms to prefer password over keyboard-interactive. This is a mitigation for upstream bug SSHD-866.[1] Also include a fix for upstream bug SSHD-867.[2] [1] https://issues.apache.org/jira/projects/SSHD/issues/SSHD-866 [2] https://issues.apache.org/jira/projects/SSHD/issues/SSHD-867 Bug: 520927 Change-Id: I423e548f06d3b51531016cf08938c8bd7acaa2a9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Apache MINA sshd client: proxy supportThomas Wolf2018-11-1722-15/+2970
| | | | | | | | | | | | | | | | | | | | | | This is not about the ssh config ProxyCommand but about programmatic support for HTTP and SOCKS5 proxies. Eclipse allows the user to specify such proxies, and JSch at least contains code to connect through proxies. So our Apache MINA sshd client also should be able to do this. Add interfaces and provide two implementations for HTTP and SOCKS5 proxies. Adapt the core code to be able to deal with proxy connections at all. The built-in client-side support for this in sshd 2.0.0 is woefully inadequate. Tested manually by running proxies and then fetching various real- world repositories via these proxies from different servers. Proxies tested: ssh -D (SOCKS, anonymous), tinyproxy (HTTP, anonymous), and 3proxy (SOCKS & HTTP, username-password authentication). The GSS-API authentication is untested since I have no Kerberos setup. Bug: 520927 Change-Id: I1a5c34687d439b3ef8373c5d58e24004f93e63ae Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Apache MINA sshd client: don't leak upstream classes and interfacesThomas Wolf2018-11-1610-94/+343
| | | | | | | | | | | | | | | | | | | | | | | We will get an API evolution problem if we expose as API classes and interfaces that derive from upstream classes or interfaces. Upstream interfaces also evolve quite erratically and evolution doesn't seem to follow semantic versioning. Introduce a new KeyPasswordProvider interface so that we don't have to depend on the upstream FilePasswordProvider in our API. (We do need _some_ abstraction for getting passwords for encrypted keys in the API; EGit will need to provide its own implementation.) Move some other upstream dependencies (HostConfigEntry, and various previously protected methods in SshdSessionFactory) out of the API: classes moved to internal space, and methods made private. The only dependencies on upstream interfaces are thus in a few method parameter types. Those cannot be avoided, but should also not pose problems. Bug: 520927 Change-Id: Idc9c6b0f237f29f46343c0fe15179242f2007bec Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Apache MINA sshd: use NumberOfPasswordPrompts for encrypted keysThomas Wolf2018-11-146-11/+483
| | | | | | | | | | | sshd only asks exactly once for the password. C.f. upstream issue SSHD-850.[1] So we have to work around this limitation for now. Once we move to sshd > 2.1.0, this can be simplified somewhat. [1] https://issues.apache.org/jira/browse/SSHD-850 Bug: 520927 Change-Id: Id65650228486c5ed30affa9c62eac982e01ae207 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Apache MINA sshd client: properly handle HostKeyAlgorithms configThomas Wolf2018-11-136-10/+441
| | | | | | | | | | | | | | | | | | | By default sshd will use its default built-in list, which matches the one of openssh (as far as the algorithms exist in sshd at all). But it doesn't handle HostKeyAlgorithms from the ssh config at all. Implement this as in openssh, including the '+' and '-' modifiers and reordering the default if there are known host keys for a server already. Add tests for the reordering. Also use a more robust reader for the known hosts file. The default aborts on the first error. Bug: 520927 Change-Id: Ib1684440bfe2e96140536aa1a93c4bd4a0d35916 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Apache MINA sshd client: respect NumberOfPasswordPromptsThomas Wolf2018-11-132-0/+22
| | | | | | | | | | | | | | | | Set the internal property on the session as defined in the ssh config. Note that NumberOfPasswordPrompts in openssh applies independently to both user logins in keyboard-interactive authentication _and_ to passphrases for identity files (encrypted keys). Apache MINA sshd uses the setting only for keyboard-interactive authentication, but not for identity file passphrase prompts. For identity files, it asks exactly once. This has been reported as issue SSHD-850 upstream.[1] [1] https://issues.apache.org/jira/browse/SSHD-850 Bug: 520927 Change-Id: I390ffe9e1c52b96d3e8e28fd8edbdc73dde9edb4 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>