summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarco Miller <marco.miller@ericsson.com>2021-05-12 14:24:15 -0400
committerMarco Miller <marco.miller@ericsson.com>2021-05-12 14:24:15 -0400
commit0bacda9078197ae7bcfda58add498768981fa83e (patch)
treec5602410168fc2ad96a782429be56ac2fbd4aaf3
parent593ff6225c3775876446b7789601a06b8ce9633a (diff)
parentb23b7e82936f37e76e352e70ea15b5afbd8e319e (diff)
Merge branch 'stable-3.1' into stable-3.2
* stable-3.1: Fix registration redirect on OpenID Update jgit to 00386272264f65c41e36406f7c2e9ea6e901276e Log when a new SSH connection is rejected due to exceeded limit Change-Id: Ibbf94b2eff60cc08ee437873a1a335e9e6a413ed
Diffstat
-rw-r--r--java/com/google/gerrit/httpd/auth/openid/OpenIdServiceImpl.java5
-rw-r--r--java/com/google/gerrit/sshd/LogMaxConnectionsPerUserExceeded.java42
-rw-r--r--java/com/google/gerrit/sshd/SshDaemon.java4
3 files changed, 48 insertions, 3 deletions
diff --git a/java/com/google/gerrit/httpd/auth/openid/OpenIdServiceImpl.java b/java/com/google/gerrit/httpd/auth/openid/OpenIdServiceImpl.java
index be975c5e99..b685011744 100644
--- a/java/com/google/gerrit/httpd/auth/openid/OpenIdServiceImpl.java
+++ b/java/com/google/gerrit/httpd/auth/openid/OpenIdServiceImpl.java
@@ -477,8 +477,9 @@ class OpenIdServiceImpl {
final StringBuilder rdr = new StringBuilder();
rdr.append(urlProvider.get(req));
String nextToken = Url.decode(token);
- if (isNew && !token.startsWith(PageLinks.REGISTER + "/")) {
- rdr.append('#' + PageLinks.REGISTER);
+ String registerUri = PageLinks.REGISTER + "/";
+ if (isNew && !token.startsWith(registerUri)) {
+ rdr.append('#' + registerUri);
if (nextToken.startsWith("#")) {
// Need to strip the leading # off the token to fix registration page redirect
nextToken = nextToken.substring(1);
diff --git a/java/com/google/gerrit/sshd/LogMaxConnectionsPerUserExceeded.java b/java/com/google/gerrit/sshd/LogMaxConnectionsPerUserExceeded.java
new file mode 100644
index 0000000000..6f568b1a5b
--- /dev/null
+++ b/java/com/google/gerrit/sshd/LogMaxConnectionsPerUserExceeded.java
@@ -0,0 +1,42 @@
+// Copyright (C) 2021 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.sshd;
+
+import com.google.common.flogger.FluentLogger;
+import com.google.inject.Singleton;
+import java.io.IOException;
+import org.apache.sshd.common.Service;
+import org.apache.sshd.common.session.Session;
+import org.apache.sshd.common.session.SessionDisconnectHandler;
+
+@Singleton
+public class LogMaxConnectionsPerUserExceeded implements SessionDisconnectHandler {
+ private static final FluentLogger logger = FluentLogger.forEnclosingClass();
+
+ @Override
+ public boolean handleSessionsCountDisconnectReason(
+ Session session,
+ Service service,
+ String username,
+ int currentSessionCount,
+ int maxSessionCount)
+ throws IOException {
+ logger.atWarning().log(
+ "Max connection count for user %s exceeded, rejecting new connection."
+ + " currentSessionCount = %d, maxSessionCount = %d",
+ username, currentSessionCount, maxSessionCount);
+ return false;
+ }
+}
diff --git a/java/com/google/gerrit/sshd/SshDaemon.java b/java/com/google/gerrit/sshd/SshDaemon.java
index c14ebd8d2d..fa3529cbf4 100644
--- a/java/com/google/gerrit/sshd/SshDaemon.java
+++ b/java/com/google/gerrit/sshd/SshDaemon.java
@@ -161,7 +161,8 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
SshLog sshLog,
@SshListenAddresses List<SocketAddress> listen,
@SshAdvertisedAddresses List<String> advertised,
- MetricMaker metricMaker) {
+ MetricMaker metricMaker,
+ LogMaxConnectionsPerUserExceeded logMaxConnectionsPerUserExceeded) {
setPort(IANA_SSH_PORT /* never used */);
this.cfg = cfg;
@@ -241,6 +242,7 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
setKeyPairProvider(hostKeyProvider);
setCommandFactory(commandFactory);
setShellFactory(noShell);
+ setSessionDisconnectHandler(logMaxConnectionsPerUserExceeded);
final AtomicInteger connected = new AtomicInteger();
metricMaker.newCallbackMetric(
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-21 05:40:24 +0000