| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ignoring host keys that cannot be read means we may ask the user whether
to accept a host key for a hitherto unknown server. This is subtly
different from asking the user whether to accept a new or modified host
key for a server for which a different host key is already known.
So do not ignore such keys but store them as UnsupportedSshPublicKey.
That enables us to give the user the correct feedback. If the user
allows connecting and wants the new key to be stored, do not replace
the line with the unknown key type as it might be perfectly fine for
some other SSH program the user uses outside of JGit. Instead, add
the new key as a new line.
Change-Id: I304cb877d37b926c25a39acc16844088f54e0bde
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement the "@cert-authority" marker and its handling: if the server
sent an OpenSshCertificate, consider only entries marked as CA and look
for the certificate's CA key. If the CA key cannot be found, just return
false, rejecting the certificate. Never ask to add such keys to the
file. Certificate authorities must always be added manually.
Checking that the certificate is a valid host certificate and lists a
matching principal is beyond the scope of the ServerKeyDatabase and is
done in the key exchange even before the database is queried.
In lookup(), skip CA keys. The purpose of lookup() is to do an early
re-ordering of the signatures proposal in the initial key exchange, but
since a CA key can be used to sign any other key of any key type it has
no real benefit in this case. Also, the return value of lookup() is just
a list of PublicKeys, so the caller couldn't distinguish CA keys from
other keys anyway.
Change-Id: I92c2c9d69d73cc4b125e8cad0262a48d2ec3c466
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If there are several keys for a host in the known_hosts files, prefer
reporting and updating a line for the same key type as the host key
received from the server.
For instance, if there's an RSA and an EC key for a server but neither
match an EC host key received from that server, report and overwrite the
EC key, not the RSA key. And vice versa: if the server sent an RSA key,
report an update the line for the RSA key, not the one for the EC key.
Change-Id: I30c8a23ffe15242469bc538edba68ac3e38c6a55
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add tests for known_hosts handling and fix two problems uncovered.
When host patterns from different known_host files matched, but none had
the key wanted, and the user said to accept the new key and store it,
we'd try to always update a line read from the second file in the first
file. As a result the new host key was not stored.
Fix this by ensuring that we always try to modify the file the matching
line was read from.
When adding a new key (no host patterns matched), the new line would
have duplicates in the host patterns, for instance, twice the same
hostname. It did not have the IP address, though.
Fix this by making sure we also add the IP address to the candidates to
check against host patterns, and avoid writing duplicates when the new
line is added to the file.
Change-Id: I4c61050422ea635fb9bc30f585f00287fc437486
|
| |
|
|
|
|
|
|
| |
Use the correct parsing method to parse just a key type followed by the
base64-encoded key data. If we parse an AuthorizedKeyEntry, we may get
an exception if an unknown key type is listed.
Change-Id: I9e4e58410f1bb4e1af849d0586085052e04284d7
|
| |
|
|
|
|
|
|
| |
Not all SSH key types start with "ssh-" (for instance ECDSA keys).
Don't test for this; instead test that the string we want to use
as base64-encoded key starts with "AAAA".
Change-Id: Ia0e24d63c69c98813ac7419f4a688f3d15139a10
|
| |
|
|
|
|
|
| |
We are moving away from the old java.util.Date API to the
java.time API.
Change-Id: I66147445b90df8ca8c8c65239bc9f1ca3f086e75
|
| |
|
|
|
|
| |
It's deprecated and marked for removal since Java 17.
Change-Id: I6d0d4ac08f10cc73a409f202628a23faed4e5b36
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Errorpone considers an error to have arrays (mutable) inside records
(immutable) [1].
Suppress the warnings in these records, as they are overriding equals
and hash to do the right thing.
[1] https://errorprone.info/bugpattern/ArrayRecordComponent
Change-Id: I01c724516b1b14d512d366a35708436463fccffc
|
| |
|
|
|
|
|
| |
Instead of set.headMap(x).lastKey() use set.floorKey(x) and
instead of set.tailMap(x).firstKey() use set.ceilingKey(x).
Change-Id: I22f44cbe82b9ead06d6ff517d609dfdbc89a758c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signature verification needs quite a bit of infrastructure. There are
two files to read: a list of allowed signers, and a list of revoked keys
or certificates. Introduce a SigningKeyDatabase abstraction for these,
and give client code the possibility to plug in its own implementation.
Loading these files afresh for every signature to be checked would be
prohibitively expensive. Introduce a cache of SigningKeyDatabases, and
have them reload the files only when they have changed.
Include a default implementation that works with the OpenSSH allowed
signers file and with OpenSSH revocation lists. Binary KRLs are parsed
according to [1]; the test data was generated using the OpenSSH test
script[2].
[1] https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.krl
[2] https://github.com/openssh/openssh-portable/blob/67a115e/regress/krl.sh
Bug: jgit-44
Change-Id: I6a2fa24f38a2f2fe63ffb353da5b6665ca7277e1
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement a Signer and its factory, and publish the factory for the
ServiceLoader. SSH signatures can be created directly if the key is
given via a file in user.signingKey and the private key can be found.
Otherwise, signing is delegated to an SSH agent, if available.
If a certificate is used as public key, the signer verifies the
certificate (correct signature, and valid at the commit time).
SSH signatures are documented at [1].
[1] https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig
Bug: jgit-44
Change-Id: I3848ccc06ba3be5e868f879bd5705fee1b39c632
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| |
|
|
|
|
|
| |
To read passphrase-protected private keys SSH signing will need to use a
PasswordProviderWrapper without SSH session.
Change-Id: I3ecac6c099f3ed1565fb4f0d56d55aee16edb9fc
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| |
|
|
|
|
|
|
|
| |
Introduce a global default factory to create KeyPasswordProvider.
Previously, their creation was tied to the SSH session, but for SSH
signatures, we will need to be able to create KeyPasswordProviders
without having an SSH session.
Change-Id: If4a69c4d4c4e8de390cb1ef3b65966d0e39c24ff
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit a44b9e8bf changed the logic so that we try to read a public key
from the file given first, and only then try the file with the ".pub"
extension. Unfortunately the exception handling was not sufficient to
correctly deal with the given file containing a private key.
Apache MINA SSHD may throw a StreamCorruptedException when one tries
to read a public key from a file containing a private key. Handle
this exception in addition to GeneralSecurityException, and change
the order of exception handlers because StreamCorruptedException is
an IOException.
Bug: jgit-53
Change-Id: I7dddc2c11aa75d7663f7fe41652df612bf8c88cd
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| |
|
|
|
|
| |
See https://errorprone.info/bugpattern/JdkObsolete
Change-Id: Id105e2695eb64523bd217f507bf95f909bc6b348
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream will remove the CBC algorithms aes128-cbc, aes192-cbc, and
aes256-cbc from the server's KEX proposal in the next release. Removal
of these algorithms by default in the client is planned for the release
after that. These CBC algorithms were found vulnerable back in 2008,[1]
and OpenSSH does not propose them: server-side since 2014, client-side
since 2017.
It is _highly_ unlikely that the removal of these algorithms by default
would affect any JGit user. Nevertheless, let's give users a way to
explicitly specify ciphers (including enabling deprecated algorithms)
via their ~/.ssh/config file.
[1] https://www.kb.cert.org/vuls/id/958563
Change-Id: I7444861df3a7f526277fef2485773a20ac74ae8a
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Public keys in the SSH configuration's "IdentityFile" are used for
example by Password Managers like KeePassXC
(https://keepassxc.org/docs/#faq-ssh-agent-auth-errors) or 1Password
(https://developer.1password.com/docs/ssh/agent/advanced/#match-key-with-host)
to match keys in the SSH agent with specific hosts.
Bug: jgit-25
Change-Id: I33d47057d9dd54d3d08ba5bb17f730435ac93dac
|
| |
|
|
|
|
|
|
| |
The byte buffers used here are created by wrapping a byte[].
See https://errorprone.info/bugpattern/ByteBufferBackingArray
Change-Id: Idbc16d5ae4ff9f64b97be07a3cdf190716da191f
|
| |
|
|
| |
Change-Id: I4da51c7e089366b016a0cc64f768a151c24bc956
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
File#getAbsoluteFile is non-nullable, so this check can never trigger.
Worse, getAbsoluteFile can throw an exception such as
InvalidPathException, and since this call isn't in the "try" block
that checks for that, the exception would then escape the getSession
call.
Noticed because the exception is being thrown in googlesource.com's
custom SshdSessionFactory, causing incoming ssh requests to fail
(noticed using internal tests).
Change-Id: I57f2d5e497ff678b17573f79827b6e1d9a6c9b9f
Signed-off-by: Jonathan Nieder <jrn@google.com>
|
| |
|
|
|
|
| |
Home directory might not be set in DFS.
Change-Id: I3528685838065dc291826fc73a37126af7bf47ce
|
| |
|
|
|
|
|
|
|
|
| |
The condition looks suspicious, as in case of
(hasElement==null && hasNext())
the check will generate a NPE
Change-Id: I267f9df6746393d72f5102bd5271441422550968
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support PKCS#11 HSMs (like YubiKey PIV) for SSH authentication.
Use the SunPKCS11 provider as described at [1]. This provider
dynamically loads the library from the PKCS11Provider SSH configuration
and creates a Java KeyStore with that provider. A Java CallbackHandler
is needed to feed PIN prompts from the KeyStore into the JGit
CredentialsProvider framework. Because the JGit CredentialsProvider may
be specific to a SSH session but the PKCS11Provider may be used by
several sessions, the CallbackHandler needs to be configurable per
session.
PIN prompts respect the NumberOfPasswordPrompts SSH configuration. As
long as the library asks only for a PIN, we use the KeyPasswordProvider
to prompt for it. This gives automatic integration in Eclipse with the
Eclipse secure storage, so a user has even the option to store the PIN
there. (Eclipse will then ask for the secure storage master password on
first access, so the usefulness of this is debatable.)
By default the provider uses the first PKCS#11 token (slot list index
zero). This can be overridden by a non-standard PKCS11SlotListIndex
ssh configuration entry. (For OpenSSH interoperability, also set
"IgnoreUnknown PKCS11SlotListIndex" in the SSH config file then.)
Once loaded, the provider and its shared library and the keys
contained remain available until the application exits.
Manually tested using SoftHSM. See file manual_tests.txt. Kudos to
Christopher Lamb for additional manual testing with a real YubiKey,
also on Windows.[2]
[1] https://docs.oracle.com/en/java/javase/11/security/pkcs11-reference-guide1.html
[2] https://www.eclipse.org/forums/index.php/t/1113295/
Change-Id: I544c97e1e24d05e28a9f0e803fd4b9151a76ed11
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes all the javadoc warnings, stops ignoring doclint 'missing'
category and fails the build on javadoc warnings for public and
protected classes and class members.
Since javadoc doesn't allow access specifiers when specifying doclint
configuration we cannot set `-Xdoclint:all,-missing/private`
hence there is no simple way to skip private elements from doclint.
Therefore we check javadoc using the Eclipse Java compiler
(which is used by default) and javadoc configuration in
`.settings/org.eclipse.jdt.core.prefs` files.
This allows more fine grained configuration.
We can reconsider this when javadoc starts supporting access specifiers
in the doclint configuration.
Below are detailled explanations for most modifications.
@inheritDoc
===========
doclint complains about explicits `{@inheritDoc}` when the parent does
not have any documentation. As far as I can tell, javadoc defaults to
inherit comments and should only be used when one wants to append extra
documentation from the parent. Given the parent has no documentation,
remove those usages which doclint complains about.
In some case I have moved up the documentation from the concrete class
up to the abstract class.
Remove `{@inheritDoc}` on overriden methods which don't add additional
documentation since javadoc defaults to inherit javadoc of overridden
methods.
@value to @link
===============
In PackConfig, DEFAULT_SEARCH_FOR_REUSE_TIMEOUT and similar are forged
from Integer.MAX_VALUE and are thus not considered constants (I guess
cause the value would depends on the platform). Replace it with a link
to `Integer.MAX_VALUE`.
In `StringUtils.toBoolean`, @value was used to refer to the
`stringValue` parameter. I have replaced it with `{@code stringValue}`.
{@link <url>} to <a>
====================
@link does not support being given an external URL. Replaces them with
HTML `<a>`.
@since: being invalid
=====================
org.eclipse.jgit/src/org/eclipse/jgit/util/Equality.java has an invalid
tag `@since: ` due to the extra `:`. Javadoc does not complain about it
with version 11.0.18+10 but does with 11.0.19.7. It is invalid
regardless.
invalid HTML syntax
===================
- javadoc doesn't allow <br/>, <p/> and </p> anymore, use <br> and <p>
instead
- replace <tt>code</tt> by {@code code}
- <table> tags don't allow summary attribute, specify caption as
<caption>caption</caption> to fix this
doclint visibility issue
========================
In the private abstract classes `BaseDirCacheEditor` and
`BasePackConnection` links to other methods in the abstract class are
inherited in the public subclasses but doclint gets confused and
considers them unreachable. The HTML documentation for the sub classes
shows the relative links in the sub classes, so it is all correct. It
must be a bug somewhere in javadoc.
Mute those warnings with: @SuppressWarnings("doclint:missing")
Misc
====
Replace `<` and `>` with HTML encoded entities (`< and `>`).
In `SshConstants` I went enclosing a serie of -> arrows in @literal.
Additional tags
===============
Configure maven-javad0c-plugin to allow the following additional tags
defined in https://openjdk.org/jeps/8068562:
- apiNote
- implSpec
- implNote
Missing javadoc
===============
Add missing @params and descriptions
Change-Id: I840056389aa59135cfb360da0d5e40463ce35bd0
Also-By: Matthias Sohn <matthias.sohn@sap.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bump the version numbers in pom.xml and in MANIFESTs, and in the bazel
WORKSPACE file. Update the target platforms. Remove work-arounds in
org.eclipse.jgit.ssh.apache that are no longer necessary.
The release notes for Apache MINA sshd are at [1].
[1] https://github.com/apache/mina-sshd/blob/master/docs/changes/2.10.0.md
Bug: 581770
Change-Id: Id27e73e9712b7865353c9b32b5b768f6e998b05e
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| |
|
|
|
|
|
| |
The previous implementation mixed nano seconds (elapsed) and milli
seconds (remaining) without conversion.
Change-Id: I9e1654afa47fa32c94808af3b2dd0418a372fb00
|
| |
|
|
|
|
|
|
|
| |
Release notes for 2.9.2:
https://github.com/apache/mina-sshd/blob/master/docs/changes/2.9.2.md
Change-Id: I7809bcba1d45b76ab9dcc031f86beb2f69da3788
Signed-off-by: Thomas Wolf <twolf@apache.org>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
|
| |
|
|
|
|
| |
Check the key length before adding; the addition might overflow.
Change-Id: Icde7c92a5bb267fdd869d5a1c0842967ab1a7fd9
Signed-off-by: Thomas Wolf <twolf@apache.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ensure that there is always a list of signature factories in public key
authentication. For keys loaded directly, Apache MINA sshd will use the
(always set) list from the SSH session by default, but for keys from an
SSH agent it won't and instead consider the list set locally on the
UserAuthPublicKey instance. Only that one is null by default, and then
Apache MINA sshd just uses the key type as signature type. Which for
RSA keys from an agent is the "ssh-rsa" signature, i.e., the deprecated
SHA1 signature.
Fix this by explicitly propagating the list from the session to the
UserAuthPublicKey instance if not set already.
Upstream issue is SSHD-1272.[1]
[1] https://issues.apache.org/jira/browse/SSHD-1272
Bug: 580073
Change-Id: Id7a783f19d06c9e7c8494b1fbf7465d392ffc366
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When authentication fails, JGit produces an exception with an error
message telling the user that it could not log in (including the host
name). The causal chain has an SshException from Apache MINA sshd with
message "No more authentication methods available".
This is not very helpful. The user was left without any indication why
authentication failed.
Include in the exception message a log of all attempted authentications.
That way, the user can see which keys were tried, in which order and
with which signature algorithms. The log also reports authentication
attempts for gssapi-with-mic or password authentication. For
keyboard-interactive Apache MINA sshd is lacking a callback interface.
The way Apache MINA sshd loads keys from files, the file names are lost
in higher layers. Add a mechanism to record on the session for each
key fingerprint the file it was loaded from, if any. That way the
exception message can refer to keys by file name, which is easier to
understand by users than the rather cryptic key fingerprints.
Bug: 571390
Change-Id: Ic4b6ce6b99f307d5e798fcc91b16b9ffd995d224
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
| |
Parse the value from the ssh config and if set use it when connecting.
Change-Id: I85b44c9468a5027602375706612c46ea7a99b2bd
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
An SSH agent might contain keys that Apache MINA sshd cannot handle.
Pageant for instance can contain ed448 keys, which are not implemented
in OpenSSH or in Apache MINA sshd.
When an agent delivers such keys, simply skip (and log) them. That way,
we can work with the remaining keys. Otherwise a single unknown key in
the agent would break pubkey authentication.
Change-Id: I3945d932c7e64b628465004cfbaf10f4dc05f3e4
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
|
|
|
|
| |
Add parsing of the config. Implement the SSH agent protocol for adding
a key. In the pubkey authentication, add keys to the agent as soon as
they've been loaded successfully, before even attempting to use them
for authentication. OpenSSH does the same.
Bug: 577052
Change-Id: Id1c08d9676a74652256b22281c2f8fa0b6508fa6
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
|
|
|
| |
Win32-OpenSSH uses a named Windows pipe for communication. Implement
a connector for this mechanism using JNA. Choose the appropriate
connector based on the setting of the 'identityAgent' parameter.
Bug: 577053
Change-Id: I205f07fb33654aa18ca5db92706e65544ce38641
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If an SSH agent is used but "IdentitiesOnly yes" is set, only those
keys from the agent that correspond to one of the keys explicitly given
via an IdentityFile directive are to be used.
Implement this by filtering the list of keys obtained from the agent
against the list of IdentityFiles, each entry suffixed with ".pub".
Load the public keys from these files, and ignore all other keys from
the agent. Keys without ".pub" file are also ignored.
Apache MINA sshd has no operation to load only the public key from a
private key file, so we have to rely on *.pub files.
Bug: 577053
Change-Id: I75c2c0b3ce35781c933ec2944bd6da1b94f4caf9
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
|
|
|
| |
Handle the 'none' value, and change the value to select Pageant to
something that looks like an absolute UNC path name to avoid it's
handled as an relative path name.
Bug: 577053
Change-Id: I4ccf047abbc1def50e2782319e4fa7c744069401
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
|
|
|
|
|
| |
Update version in root pom.xml, adapt code & manifests. Bump the
dependency in the bazel build.
Update Orbit to I20220105095044 to get Apache MINA sshd 2.8.0 and
regenerate all target platforms.
Bug: 577542
Change-Id: Iefc02ceda8a9b0683f49aa8059999a5486d1f322
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSHD-1231[1] may lead to exceptions when trying to authenticate first
with an RSA key that is rejected by the server. The upstream fix is a
one-liner but unfortunately didn't make it into Apache MINA sshd 2.8.0.
Incorporate the upstream fix in JGitPublicKeyAuthentication, and add
a test case for this.
[1] https://issues.apache.org/jira/browse/SSHD-1231
Bug: 577545
Change-Id: Ia744cd4aa569bccd937c855f3bb45c0116915bad
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
|
|
|
| |
Skip javadoc generation for test bundles.
Use character entities < and > for < and > outside of
code-formatted spans.
Change-Id: I66e1a1dc98881c61f93c9e5561c5513896b2ba01
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
|
|
|
|
| |
Since OpenSSH 7.8, the ProxyJump directive accepts the value "none"[1]
to override and clear a setting that might otherwise be contributed by
another (wildcard) host entry.
[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2869
Change-Id: Ia35e82c6f8c58d5c6b8040cda7a07b220f43fc21
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
|
|
| |
According to Spotbugs, that's better practice. It's questionable
whether it makes a big difference, though, especially since the
hash is the cryptographically weak SHA1.
Change-Id: Id293de2bad809d9cc19230bd720184786dc6c226
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Once a factory supports different SSH agents on the same platform,
which is planned for Windows once we use Apache MINA sshd 2.8.0,
client code may need to have a way to specify which SSH agent shall
be used when the SSH config doesn't define anything.
Add a mechanism by which a ConnectorFactory can tell what Connectors
it may provide. Client code can use this to set the identityAgent
parameter of ConnectorFactory.create() to the wanted default if it
would be null otherwise.
A ConnectorDescriptor is a pair of strings: an internal name, and a
display name. The latter is included because client code might want to
communicate agent names to the user, be it in error messages or in some
chooser dialog where a user could define which of several alternative
SSH agents should be used as default. The internal name is intended to
be used in the IdentityAgent directive in ~/.ssh/config.
Also make the ConnectorFactory discovered via the ServiceLoader
accessible and overrideable. Provide static get/setDefault() methods,
similar to the SshSessionFactory itself.
Change-Id: Ie3d077395d32dfddc72bc8627e92b23636938182
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
|
|
| |
Apache MINA sshd has simpler API for reading directories, and it has a
functional interface suitable for us. So no need to use our own
interface, or to deal with low-level abstractions like CloseableHandle.
Change-Id: Ic125c587535670504983f157a696b41ed6a76bb7
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a simple SSH agent connector using JNA. Include com.sum.jna and
com.sun.jna.platform in the target platform.
JNA is used to communicate through Unix domain sockets with ssh-agent,
and if on Windows, to communicate via shared memory with Pageant.
The new bundle o.e.j.ssh.apache.agent is an OSGi fragment so that
the java.util.ServiceLoader can find the provided factory without
further ado in OSGi environments.
Adapt both maven and bazel builds to include the new bundle.
Manually tested on OS X, CentOS 7, and Win10 with Pageant 0.76. Tested
by installing JGit built from this change into freshly downloaded
Eclipse 2021-12 M1, and then doing git fetches via SSH with different
~/.ssh/config settings (explicit IdentityFile, without any but a key in
the agent, with no keys and a key in the agent and IdentitiesOnly=yes
(must fail)).
Bug: 541274
Bug: 541275
Change-Id: I34e85467293707dbad1eb44d1f40fc2e70ba3622
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add interfaces Connector and ConnectorFactory. A "connector" is just
something that knows how to connect to an ssh-agent and then can make
simple synchronous RPC-style requests (request-reply).
Add a way to customize an SshdSessionFactory with a ConnectorFactory.
Provide a default setup using the Java ServiceLoader mechanism to
discover an ConnectorFactory.
Implement an SshAgentClient in the internal part. Unfortunately we
cannot re-use the implementation in Apache MINA sshd: it's hard-wired
to Apache Tomcat APR, and it's also buggy.
No behavior changes yet since there is nothing that would provide an
actual ConnectorFactory. So for Apache MINA sshd, the SshAgentFactory
remains null as before.
Change-Id: I963a3d181357df2bdb66298bc702f2b9a6607a30
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
| |
Fix the few issues reported. (None serious.)
Change-Id: I8d72ef7d425ab61f4c27b657c92fc021850730d6
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
|
|
| |
Explain in the JSch bundle that it is essentially unmaintained. Add
descriptions in both bundles explaining how to use it, or how to use
an alternate implementation.
Change-Id: Idaf46c33b14543279f78a55cb7c6bd42b06ee6b8
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
|
|
| |
In Java 11 type arguments for anonymous subclasses can be inferred
and don't need to be specified. This resolves a number of compiler
warnings.
Change-Id: I55eff3babb7628aa0627085e65a1b45eb12c2cd3
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
|
| |
|
|
|
|
|
| |
Since upstream changed the method profile to throw Exception it's not
necessary anymore to re-throw as IOException.
Change-Id: I31afab4f6e1a2f0feef79e6abced20d0ca1c493b
|
