mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7786 Commits
49 Branches
Tree: fd3778b935
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fd3778b935'
${ noResults }
jgit/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitClientSession.java

JGitClientSession.java 13KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422 
  1. /*

  2.  * Copyright (C) 2018, 2019 Thomas Wolf <thomas.wolf@paranor.ch> and others

  3.  *

  4.  * This program and the accompanying materials are made available under the

  5.  * terms of the Eclipse Distribution License v. 1.0 which is available at

  6.  * https://www.eclipse.org/org/documents/edl-v10.php.

  7.  *

  8.  * SPDX-License-Identifier: BSD-3-Clause

  9.  */

  10. package org.eclipse.jgit.internal.transport.sshd;

  11. 

  12. import static java.text.MessageFormat.format;

  13. 

  14. import java.io.IOException;

  15. import java.io.StreamCorruptedException;

  16. import java.net.SocketAddress;

  17. import java.nio.charset.StandardCharsets;

  18. import java.security.GeneralSecurityException;

  19. import java.security.PublicKey;

  20. import java.util.ArrayList;

  21. import java.util.Iterator;

  22. import java.util.LinkedHashSet;

  23. import java.util.List;

  24. import java.util.Set;

  25. 

  26. import org.apache.sshd.client.ClientFactoryManager;

  27. import org.apache.sshd.client.config.hosts.HostConfigEntry;

  28. import org.apache.sshd.client.keyverifier.ServerKeyVerifier;

  29. import org.apache.sshd.client.session.ClientSessionImpl;

  30. import org.apache.sshd.common.FactoryManager;

  31. import org.apache.sshd.common.PropertyResolverUtils;

  32. import org.apache.sshd.common.SshException;

  33. import org.apache.sshd.common.config.keys.KeyUtils;

  34. import org.apache.sshd.common.io.IoSession;

  35. import org.apache.sshd.common.io.IoWriteFuture;

  36. import org.apache.sshd.common.util.Readable;

  37. import org.apache.sshd.common.util.buffer.Buffer;

  38. import org.eclipse.jgit.errors.InvalidPatternException;

  39. import org.eclipse.jgit.fnmatch.FileNameMatcher;

  40. import org.eclipse.jgit.internal.transport.sshd.proxy.StatefulProxyConnector;

  41. import org.eclipse.jgit.transport.CredentialsProvider;

  42. import org.eclipse.jgit.transport.SshConstants;

  43. 

  44. /**

  45.  * A {@link org.apache.sshd.client.session.ClientSession ClientSession} that can

  46.  * be associated with the {@link HostConfigEntry} the session was created for.

  47.  * The {@link JGitSshClient} creates such sessions and sets this association.

  48.  * <p>

  49.  * Also provides for associating a JGit {@link CredentialsProvider} with a

  50.  * session.

  51.  * </p>

  52.  */

  53. public class JGitClientSession extends ClientSessionImpl {

  54. 

  55. 	/**

  56. 	 * Default setting for the maximum number of bytes to read in the initial

  57. 	 * protocol version exchange. 64kb is what OpenSSH < 8.0 read; OpenSSH 8.0

  58. 	 * changed it to 8Mb, but that seems excessive for the purpose stated in RFC

  59. 	 * 4253. The Apache MINA sshd default in

  60. 	 * {@link FactoryManager#DEFAULT_MAX_IDENTIFICATION_SIZE} is 16kb.

  61. 	 */

  62. 	private static final int DEFAULT_MAX_IDENTIFICATION_SIZE = 64 * 1024;

  63. 

  64. 	private HostConfigEntry hostConfig;

  65. 

  66. 	private CredentialsProvider credentialsProvider;

  67. 

  68. 	private volatile StatefulProxyConnector proxyHandler;

  69. 

  70. 	/**

  71. 	 * @param manager

  72. 	 * @param session

  73. 	 * @throws Exception

  74. 	 */

  75. 	public JGitClientSession(ClientFactoryManager manager, IoSession session)

  76. 			throws Exception {

  77. 		super(manager, session);

  78. 	}

  79. 

  80. 	/**

  81. 	 * Retrieves the {@link HostConfigEntry} this session was created for.

  82. 	 *

  83. 	 * @return the {@link HostConfigEntry}, or {@code null} if none set

  84. 	 */

  85. 	public HostConfigEntry getHostConfigEntry() {

  86. 		return hostConfig;

  87. 	}

  88. 

  89. 	/**

  90. 	 * Sets the {@link HostConfigEntry} this session was created for.

  91. 	 *

  92. 	 * @param hostConfig

  93. 	 *            the {@link HostConfigEntry}

  94. 	 */

  95. 	public void setHostConfigEntry(HostConfigEntry hostConfig) {

  96. 		this.hostConfig = hostConfig;

  97. 	}

  98. 

  99. 	/**

  100. 	 * Sets the {@link CredentialsProvider} for this session.

  101. 	 *

  102. 	 * @param provider

  103. 	 *            to set

  104. 	 */

  105. 	public void setCredentialsProvider(CredentialsProvider provider) {

  106. 		credentialsProvider = provider;

  107. 	}

  108. 

  109. 	/**

  110. 	 * Retrieves the {@link CredentialsProvider} set for this session.

  111. 	 *

  112. 	 * @return the provider, or {@code null} if none is set.

  113. 	 */

  114. 	public CredentialsProvider getCredentialsProvider() {

  115. 		return credentialsProvider;

  116. 	}

  117. 

  118. 	/**

  119. 	 * Sets a {@link StatefulProxyConnector} to handle proxy connection

  120. 	 * protocols.

  121. 	 *

  122. 	 * @param handler

  123. 	 *            to set

  124. 	 */

  125. 	public void setProxyHandler(StatefulProxyConnector handler) {

  126. 		proxyHandler = handler;

  127. 	}

  128. 

  129. 	@Override

  130. 	protected IoWriteFuture sendIdentification(String ident)

  131. 			throws IOException {

  132. 		StatefulProxyConnector proxy = proxyHandler;

  133. 		if (proxy != null) {

  134. 			try {

  135. 				// We must not block here; the framework starts reading messages

  136. 				// from the peer only once the initial sendKexInit() following

  137. 				// this call to sendIdentification() has returned!

  138. 				proxy.runWhenDone(() -> {

  139. 					JGitClientSession.super.sendIdentification(ident);

  140. 					return null;

  141. 				});

  142. 				// Called only from the ClientSessionImpl constructor, where the

  143. 				// return value is ignored.

  144. 				return null;

  145. 			} catch (IOException e) {

  146. 				throw e;

  147. 			} catch (Exception other) {

  148. 				throw new IOException(other.getLocalizedMessage(), other);

  149. 			}

  150. 		}

  151. 		return super.sendIdentification(ident);

  152. 	}

  153. 

  154. 	@Override

  155. 	protected byte[] sendKexInit()

  156. 			throws IOException, GeneralSecurityException {

  157. 		StatefulProxyConnector proxy = proxyHandler;

  158. 		if (proxy != null) {

  159. 			try {

  160. 				// We must not block here; the framework starts reading messages

  161. 				// from the peer only once the initial sendKexInit() has

  162. 				// returned!

  163. 				proxy.runWhenDone(() -> {

  164. 					JGitClientSession.super.sendKexInit();

  165. 					return null;

  166. 				});

  167. 				// This is called only from the ClientSessionImpl

  168. 				// constructor, where the return value is ignored.

  169. 				return null;

  170. 			} catch (IOException | GeneralSecurityException e) {

  171. 				throw e;

  172. 			} catch (Exception other) {

  173. 				throw new IOException(other.getLocalizedMessage(), other);

  174. 			}

  175. 		}

  176. 		return super.sendKexInit();

  177. 	}

  178. 

  179. 	/**

  180. 	 * {@inheritDoc}

  181. 	 *

  182. 	 * As long as we're still setting up the proxy connection, diverts messages

  183. 	 * to the {@link StatefulProxyConnector}.

  184. 	 */

  185. 	@Override

  186. 	public void messageReceived(Readable buffer) throws Exception {

  187. 		StatefulProxyConnector proxy = proxyHandler;

  188. 		if (proxy != null) {

  189. 			proxy.messageReceived(getIoSession(), buffer);

  190. 		} else {

  191. 			super.messageReceived(buffer);

  192. 		}

  193. 	}

  194. 

  195. 	@Override

  196. 	protected void checkKeys() throws SshException {

  197. 		ServerKeyVerifier serverKeyVerifier = getServerKeyVerifier();

  198. 		// The super implementation always uses

  199. 		// getIoSession().getRemoteAddress(). In case of a proxy connection,

  200. 		// that would be the address of the proxy!

  201. 		SocketAddress remoteAddress = getConnectAddress();

  202. 		PublicKey serverKey = getKex().getServerKey();

  203. 		if (!serverKeyVerifier.verifyServerKey(this, remoteAddress,

  204. 				serverKey)) {

  205. 			throw new SshException(

  206. 					org.apache.sshd.common.SshConstants.SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE,

  207. 					SshdText.get().kexServerKeyInvalid);

  208. 		}

  209. 	}

  210. 

  211. 	@Override

  212. 	protected String resolveAvailableSignaturesProposal(

  213. 			FactoryManager manager) {

  214. 		Set<String> defaultSignatures = new LinkedHashSet<>();

  215. 		defaultSignatures.addAll(getSignatureFactoriesNames());

  216. 		HostConfigEntry config = resolveAttribute(

  217. 				JGitSshClient.HOST_CONFIG_ENTRY);

  218. 		String hostKeyAlgorithms = config

  219. 				.getProperty(SshConstants.HOST_KEY_ALGORITHMS);

  220. 		if (hostKeyAlgorithms != null && !hostKeyAlgorithms.isEmpty()) {

  221. 			char first = hostKeyAlgorithms.charAt(0);

  222. 			switch (first) {

  223. 			case '+':

  224. 				// Additions make not much sense -- it's either in

  225. 				// defaultSignatures already, or we have no implementation for

  226. 				// it. No point in proposing it.

  227. 				return String.join(",", defaultSignatures); //$NON-NLS-1$

  228. 			case '-':

  229. 				// This takes wildcard patterns!

  230. 				removeFromList(defaultSignatures,

  231. 						SshConstants.HOST_KEY_ALGORITHMS,

  232. 						hostKeyAlgorithms.substring(1));

  233. 				if (defaultSignatures.isEmpty()) {

  234. 					// Too bad: user config error. Warn here, and then fail

  235. 					// later.

  236. 					log.warn(format(

  237. 							SshdText.get().configNoRemainingHostKeyAlgorithms,

  238. 							hostKeyAlgorithms));

  239. 				}

  240. 				return String.join(",", defaultSignatures); //$NON-NLS-1$

  241. 			default:

  242. 				// Default is overridden -- only accept the ones for which we do

  243. 				// have an implementation.

  244. 				List<String> newNames = filteredList(defaultSignatures,

  245. 						hostKeyAlgorithms);

  246. 				if (newNames.isEmpty()) {

  247. 					log.warn(format(

  248. 							SshdText.get().configNoKnownHostKeyAlgorithms,

  249. 							hostKeyAlgorithms));

  250. 					// Use the default instead.

  251. 				} else {

  252. 					return String.join(",", newNames); //$NON-NLS-1$

  253. 				}

  254. 				break;

  255. 			}

  256. 		}

  257. 		// No HostKeyAlgorithms; using default -- change order to put existing

  258. 		// keys first.

  259. 		ServerKeyVerifier verifier = getServerKeyVerifier();

  260. 		if (verifier instanceof ServerKeyLookup) {

  261. 			SocketAddress remoteAddress = resolvePeerAddress(

  262. 					resolveAttribute(JGitSshClient.ORIGINAL_REMOTE_ADDRESS));

  263. 			List<PublicKey> allKnownKeys = ((ServerKeyLookup) verifier)

  264. 					.lookup(this, remoteAddress);

  265. 			Set<String> reordered = new LinkedHashSet<>();

  266. 			for (PublicKey key : allKnownKeys) {

  267. 				if (key != null) {

  268. 					String keyType = KeyUtils.getKeyType(key);

  269. 					if (keyType != null) {

  270. 						reordered.add(keyType);

  271. 					}

  272. 				}

  273. 			}

  274. 			reordered.addAll(defaultSignatures);

  275. 			return String.join(",", reordered); //$NON-NLS-1$

  276. 		}

  277. 		return String.join(",", defaultSignatures); //$NON-NLS-1$

  278. 	}

  279. 

  280. 	private void removeFromList(Set<String> current, String key,

  281. 			String patterns) {

  282. 		for (String toRemove : patterns.split("\\s*,\\s*")) { //$NON-NLS-1$

  283. 			if (toRemove.indexOf('*') < 0 && toRemove.indexOf('?') < 0) {

  284. 				current.remove(toRemove);

  285. 				continue;

  286. 			}

  287. 			try {

  288. 				FileNameMatcher matcher = new FileNameMatcher(toRemove, null);

  289. 				for (Iterator<String> i = current.iterator(); i.hasNext();) {

  290. 					matcher.reset();

  291. 					matcher.append(i.next());

  292. 					if (matcher.isMatch()) {

  293. 						i.remove();

  294. 					}

  295. 				}

  296. 			} catch (InvalidPatternException e) {

  297. 				log.warn(format(SshdText.get().configInvalidPattern, key,

  298. 						toRemove));

  299. 			}

  300. 		}

  301. 	}

  302. 

  303. 	private List<String> filteredList(Set<String> known, String values) {

  304. 		List<String> newNames = new ArrayList<>();

  305. 		for (String newValue : values.split("\\s*,\\s*")) { //$NON-NLS-1$

  306. 			if (known.contains(newValue)) {

  307. 				newNames.add(newValue);

  308. 			}

  309. 		}

  310. 		return newNames;

  311. 	}

  312. 

  313. 	/**

  314. 	 * Reads the RFC 4253, section 4.2 protocol version identification. The

  315. 	 * Apache MINA sshd default implementation checks for NUL bytes also in any

  316. 	 * preceding lines, whereas RFC 4253 requires such a check only for the

  317. 	 * actual identification string starting with "SSH-". Likewise, the 255

  318. 	 * character limit exists only for the identification string, not for the

  319. 	 * preceding lines. CR-LF handling is also relaxed.

  320. 	 *

  321. 	 * @param buffer

  322. 	 *            to read from

  323. 	 * @param server

  324. 	 *            whether we're an SSH server (should always be {@code false})

  325. 	 * @return the lines read, with the server identification line last, or

  326. 	 *         {@code null} if no identification line was found and more bytes

  327. 	 *         are needed

  328. 	 * @throws StreamCorruptedException

  329. 	 *             if the identification is malformed

  330. 	 * @see <a href="https://tools.ietf.org/html/rfc4253#section-4.2">RFC 4253,

  331. 	 *      section 4.2</a>

  332. 	 */

  333. 	@Override

  334. 	protected List<String> doReadIdentification(Buffer buffer, boolean server)

  335. 			throws StreamCorruptedException {

  336. 		if (server) {

  337. 			// Should never happen. No translation; internal bug.

  338. 			throw new IllegalStateException(

  339. 					"doReadIdentification of client called with server=true"); //$NON-NLS-1$

  340. 		}

  341. 		int maxIdentSize = PropertyResolverUtils.getIntProperty(this,

  342. 				FactoryManager.MAX_IDENTIFICATION_SIZE,

  343. 				DEFAULT_MAX_IDENTIFICATION_SIZE);

  344. 		int current = buffer.rpos();

  345. 		int end = current + buffer.available();

  346. 		if (current >= end) {

  347. 			return null;

  348. 		}

  349. 		byte[] raw = buffer.array();

  350. 		List<String> ident = new ArrayList<>();

  351. 		int start = current;

  352. 		boolean hasNul = false;

  353. 		for (int i = current; i < end; i++) {

  354. 			switch (raw[i]) {

  355. 			case 0:

  356. 				hasNul = true;

  357. 				break;

  358. 			case '\n':

  359. 				int eol = 1;

  360. 				if (i > start && raw[i - 1] == '\r') {

  361. 					eol++;

  362. 				}

  363. 				String line = new String(raw, start, i + 1 - eol - start,

  364. 						StandardCharsets.UTF_8);

  365. 				start = i + 1;

  366. 				if (log.isDebugEnabled()) {

  367. 					log.debug(format("doReadIdentification({0}) line: ", this) + //$NON-NLS-1$

  368. 							escapeControls(line));

  369. 				}

  370. 				ident.add(line);

  371. 				if (line.startsWith("SSH-")) { //$NON-NLS-1$

  372. 					if (hasNul) {

  373. 						throw new StreamCorruptedException(

  374. 								format(SshdText.get().serverIdWithNul,

  375. 										escapeControls(line)));

  376. 					}

  377. 					if (line.length() + eol > 255) {

  378. 						throw new StreamCorruptedException(

  379. 								format(SshdText.get().serverIdTooLong,

  380. 										escapeControls(line)));

  381. 					}

  382. 					buffer.rpos(start);

  383. 					return ident;

  384. 				}

  385. 				// If this were a server, we could throw an exception here: a

  386. 				// client is not supposed to send any extra lines before its

  387. 				// identification string.

  388. 				hasNul = false;

  389. 				break;

  390. 			default:

  391. 				break;

  392. 			}

  393. 			if (i - current + 1 >= maxIdentSize) {

  394. 				String msg = format(SshdText.get().serverIdNotReceived,

  395. 						Integer.toString(maxIdentSize));

  396. 				if (log.isDebugEnabled()) {

  397. 					log.debug(msg);

  398. 					log.debug(buffer.toHex());

  399. 				}

  400. 				throw new StreamCorruptedException(msg);

  401. 			}

  402. 		}

  403. 		// Need more data

  404. 		return null;

  405. 	}

  406. 

  407. 	private static String escapeControls(String s) {

  408. 		StringBuilder b = new StringBuilder();

  409. 		int l = s.length();

  410. 		for (int i = 0; i < l; i++) {

  411. 			char ch = s.charAt(i);

  412. 			if (Character.isISOControl(ch)) {

  413. 				b.append(ch <= 0xF ? "\\u000" : "\\u00") //$NON-NLS-1$ //$NON-NLS-2$

  414. 						.append(Integer.toHexString(ch));

  415. 			} else {

  416. 				b.append(ch);

  417. 			}

  418. 		}

  419. 		return b.toString();

  420. 	}

  421. 

  422. }