diff options
author | Saša Živkov <sasa.zivkov@sap.com> | 2014-12-05 13:55:51 +0100 |
---|---|---|
committer | Saša Živkov <sasa.zivkov@sap.com> | 2014-12-05 14:04:59 +0100 |
commit | c7dedf989cf1717548b0793490d0be9506c1bc2e (patch) | |
tree | 6adfa3f81c07293c9a97e7a14ff37400ac090b33 | |
parent | 074fd761bfe1d4c3e66ce2bdacf8b442e9ea7c70 (diff) |
Revert "SSHD: Prevent double authentication for the same public key"
This reverts commit a5959d2216bee502c70ba7c285b2e3873d69d190.
This revert is necessary because of downgrade to the SSHD 0.9.0.
Change-Id: Ia41ad2d9a713ddd515bc383923844227b676070f
3 files changed, 11 insertions, 83 deletions
diff --git a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/CachingPublicKeyAuthenticator.java b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/CachingPublicKeyAuthenticator.java deleted file mode 100644 index f315cff3b8..0000000000 --- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/CachingPublicKeyAuthenticator.java +++ /dev/null @@ -1,72 +0,0 @@ -// Copyright (C) 2014 The Android Open Source Project -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package com.google.gerrit.sshd; - -import com.google.inject.Inject; -import com.google.inject.Singleton; - -import org.apache.sshd.common.Session; -import org.apache.sshd.common.SessionListener; -import org.apache.sshd.server.PublickeyAuthenticator; -import org.apache.sshd.server.session.ServerSession; - -import java.security.PublicKey; -import java.util.HashMap; -import java.util.Map; -import java.util.concurrent.ConcurrentHashMap; - -@Singleton -public class CachingPublicKeyAuthenticator implements PublickeyAuthenticator, - SessionListener { - - private final PublickeyAuthenticator authenticator; - private final Map<ServerSession, Map<PublicKey, Boolean>> sessionCache; - - @Inject - public CachingPublicKeyAuthenticator(DatabasePubKeyAuth authenticator) { - this.authenticator = authenticator; - this.sessionCache = new ConcurrentHashMap<>(); - } - - @Override - public boolean authenticate(String username, PublicKey key, - ServerSession session) { - Map<PublicKey, Boolean> m = sessionCache.get(session); - if (m == null) { - m = new HashMap<>(); - sessionCache.put(session, m); - session.addListener(this); - } - if (m.containsKey(key)) { - return m.get(key); - } - boolean r = authenticator.authenticate(username, key, session); - m.put(key, r); - return r; - } - - @Override - public void sessionCreated(Session session) { - } - - @Override - public void sessionEvent(Session sesssion, Event event) { - } - - @Override - public void sessionClosed(Session session) { - sessionCache.remove(session); - } -} diff --git a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/DatabasePubKeyAuth.java b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/DatabasePubKeyAuth.java index cc7b637321..a2a56320d9 100644 --- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/DatabasePubKeyAuth.java +++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/DatabasePubKeyAuth.java @@ -14,13 +14,13 @@ package com.google.gerrit.sshd; -import com.google.common.base.Preconditions; import com.google.gerrit.reviewdb.client.AccountSshKey; import com.google.gerrit.server.IdentifiedUser; import com.google.gerrit.server.PeerDaemonUser; import com.google.gerrit.server.config.GerritServerConfig; import com.google.gerrit.server.config.SitePaths; import com.google.inject.Inject; +import com.google.inject.Singleton; import org.apache.commons.codec.binary.Base64; import org.apache.sshd.common.KeyPairProvider; @@ -48,6 +48,7 @@ import java.util.Set; /** * Authenticates by public key through {@link AccountSshKey} entities. */ +@Singleton class DatabasePubKeyAuth implements PublickeyAuthenticator { private static final Logger log = LoggerFactory.getLogger(DatabasePubKeyAuth.class); @@ -91,11 +92,10 @@ class DatabasePubKeyAuth implements PublickeyAuthenticator { } } - @Override - public boolean authenticate(String username, PublicKey suppliedKey, - ServerSession session) { - SshSession sd = session.getAttribute(SshSession.KEY); - Preconditions.checkState(sd.getCurrentUser() == null); + public boolean authenticate(String username, + final PublicKey suppliedKey, final ServerSession session) { + final SshSession sd = session.getAttribute(SshSession.KEY); + if (PeerDaemonUser.USER_NAME.equals(username)) { if (myHostKeys.contains(suppliedKey) || getPeerKeys().contains(suppliedKey)) { @@ -112,10 +112,10 @@ class DatabasePubKeyAuth implements PublickeyAuthenticator { username = username.toLowerCase(Locale.US); } - Iterable<SshKeyCacheEntry> keyList = sshKeyCache.get(username); - SshKeyCacheEntry key = find(keyList, suppliedKey); + final Iterable<SshKeyCacheEntry> keyList = sshKeyCache.get(username); + final SshKeyCacheEntry key = find(keyList, suppliedKey); if (key == null) { - String err; + final String err; if (keyList == SshKeyCacheImpl.NO_SUCH_USER) { err = "user-not-found"; } else if (keyList == SshKeyCacheImpl.NO_KEYS) { @@ -133,7 +133,7 @@ class DatabasePubKeyAuth implements PublickeyAuthenticator { // security check to ensure there aren't two users sharing the same // user name on the server. // - for (SshKeyCacheEntry otherKey : keyList) { + for (final SshKeyCacheEntry otherKey : keyList) { if (!key.getAccount().equals(otherKey.getAccount())) { sd.authenticationError(username, "keys-cross-accounts"); return false; diff --git a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshModule.java b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshModule.java index 7dd12b0cfd..50ab639b3e 100644 --- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshModule.java +++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshModule.java @@ -81,7 +81,7 @@ public class SshModule extends LifecycleModule { bind(QueueProvider.class).to(CommandExecutorQueueProvider.class).in(SINGLETON); bind(GSSAuthenticator.class).to(GerritGSSAuthenticator.class); - bind(PublickeyAuthenticator.class).to(CachingPublicKeyAuthenticator.class); + bind(PublickeyAuthenticator.class).to(DatabasePubKeyAuth.class); bind(ModuleGenerator.class).to(SshAutoRegisterModuleGenerator.class); bind(SshPluginStarterCallback.class); |