diff options
author | Marco Miller <marco.miller@ericsson.com> | 2021-05-12 16:15:31 -0400 |
---|---|---|
committer | Marco Miller <marco.miller@ericsson.com> | 2021-05-12 16:15:31 -0400 |
commit | bccd3032a90f59cc1f64c7760d18162134e1bdb3 (patch) | |
tree | fc75d2caca4ff37e050568789360673da3943dfa | |
parent | 1256501790eb943342a2bf5dde039a8ab88ab06b (diff) | |
parent | 0bacda9078197ae7bcfda58add498768981fa83e (diff) |
Merge branch 'stable-3.2' into stable-3.3
* stable-3.2:
Fix registration redirect on OpenID
Update jgit to 00386272264f65c41e36406f7c2e9ea6e901276e
Log when a new SSH connection is rejected due to exceeded limit
Change-Id: I2646bbfcc7ae4f23d8e92db071c2895f8fc4998d
3 files changed, 48 insertions, 3 deletions
diff --git a/java/com/google/gerrit/httpd/auth/openid/OpenIdServiceImpl.java b/java/com/google/gerrit/httpd/auth/openid/OpenIdServiceImpl.java index be975c5e99..b685011744 100644 --- a/java/com/google/gerrit/httpd/auth/openid/OpenIdServiceImpl.java +++ b/java/com/google/gerrit/httpd/auth/openid/OpenIdServiceImpl.java @@ -477,8 +477,9 @@ class OpenIdServiceImpl { final StringBuilder rdr = new StringBuilder(); rdr.append(urlProvider.get(req)); String nextToken = Url.decode(token); - if (isNew && !token.startsWith(PageLinks.REGISTER + "/")) { - rdr.append('#' + PageLinks.REGISTER); + String registerUri = PageLinks.REGISTER + "/"; + if (isNew && !token.startsWith(registerUri)) { + rdr.append('#' + registerUri); if (nextToken.startsWith("#")) { // Need to strip the leading # off the token to fix registration page redirect nextToken = nextToken.substring(1); diff --git a/java/com/google/gerrit/sshd/LogMaxConnectionsPerUserExceeded.java b/java/com/google/gerrit/sshd/LogMaxConnectionsPerUserExceeded.java new file mode 100644 index 0000000000..6f568b1a5b --- /dev/null +++ b/java/com/google/gerrit/sshd/LogMaxConnectionsPerUserExceeded.java @@ -0,0 +1,42 @@ +// Copyright (C) 2021 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package com.google.gerrit.sshd; + +import com.google.common.flogger.FluentLogger; +import com.google.inject.Singleton; +import java.io.IOException; +import org.apache.sshd.common.Service; +import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.session.SessionDisconnectHandler; + +@Singleton +public class LogMaxConnectionsPerUserExceeded implements SessionDisconnectHandler { + private static final FluentLogger logger = FluentLogger.forEnclosingClass(); + + @Override + public boolean handleSessionsCountDisconnectReason( + Session session, + Service service, + String username, + int currentSessionCount, + int maxSessionCount) + throws IOException { + logger.atWarning().log( + "Max connection count for user %s exceeded, rejecting new connection." + + " currentSessionCount = %d, maxSessionCount = %d", + username, currentSessionCount, maxSessionCount); + return false; + } +} diff --git a/java/com/google/gerrit/sshd/SshDaemon.java b/java/com/google/gerrit/sshd/SshDaemon.java index c14ebd8d2d..fa3529cbf4 100644 --- a/java/com/google/gerrit/sshd/SshDaemon.java +++ b/java/com/google/gerrit/sshd/SshDaemon.java @@ -161,7 +161,8 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { SshLog sshLog, @SshListenAddresses List<SocketAddress> listen, @SshAdvertisedAddresses List<String> advertised, - MetricMaker metricMaker) { + MetricMaker metricMaker, + LogMaxConnectionsPerUserExceeded logMaxConnectionsPerUserExceeded) { setPort(IANA_SSH_PORT /* never used */); this.cfg = cfg; @@ -241,6 +242,7 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { setKeyPairProvider(hostKeyProvider); setCommandFactory(commandFactory); setShellFactory(noShell); + setSessionDisconnectHandler(logMaxConnectionsPerUserExceeded); final AtomicInteger connected = new AtomicInteger(); metricMaker.newCallbackMetric( |