[RESULT] [VOTE] Release Apache Mina SSHD 1.4.0

[Guillaume Nodet]

Closing this vote with 3 binding +1s.
I'll publish the artifacts asap.

2017-02-28 18:13 GMT+01:00 Lyor Goldstein :

> +1
>
> Proper disclosure: I am the one who made most of the changes and initiated
> the vote (through Guillaume).
>



-- 

Guillaume Nodet

Re: How to handle Ctrl+C and other Sigint

[Guillaume Nodet]

SSHd won't do anything about it, it simply focuses on transporting the data
and conveying all the needed informations.
It's the responsibility of the shell to implement things correctly, so the
only thing I can do (and did already) is to point you to a java shell which
is doing this.  If you write your own commands and shell, then you'll have
to do it yourself.

2017-03-03 6:29 GMT+01:00 waseem.farooqui :

> Yes I research on reading from the input stream IN case of Ctrl+c terminal
> sends 3 as a byte data and same in case of others.
> But should I handle all the special inputs  myself or is there any class ?
> I have search a lot for its example but not find any.
>
>
>
> --
> View this message in context: http://apache-mina.10907.n7.
> nabble.com/How-to-handle-Ctrl-C-and-other-Sigint-tp52319p52361.html
> Sent from the Apache MINA Developer Forum mailing list archive at
> Nabble.com.
>



-- 

Guillaume Nodet

Re: How to handle Ctrl+C and other Sigint

[waseem.farooqui]

Yes I research on reading from the input stream IN case of Ctrl+c terminal
sends 3 as a byte data and same in case of others.
But should I handle all the special inputs  myself or is there any class ?
I have search a lot for its example but not find any.  



--
View this message in context: 
http://apache-mina.10907.n7.nabble.com/How-to-handle-Ctrl-C-and-other-Sigint-tp52319p52361.html
Sent from the Apache MINA Developer Forum mailing list archive at Nabble.com.

[jira] [Commented] (SSHD-730) Relative symbolic links with .. is not resolved properly by sftp readLink

[Goldstein Lyor (JIRA)]

[ 
https://issues.apache.org/jira/browse/SSHD-730?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15893717#comment-15893717
 ] 

Goldstein Lyor commented on SSHD-730:
-

Please clarify the problem some more - specifically what is meant by {quote}is 
invalid because in can not be resolved properly in the context of the current 
directory which symbolic link is referring to{quote}. Can you give a concrete 
example ? Mainly

* What is the full path of server-side current directory that ".." should be 
resolved against ?
* What is the full path of server-side symbolic link path that "../test/file" 
should yield when resolved ?
* What is the expected result of resolving the symbolic link that 
"../test/file" references ?

> Relative symbolic links with .. is not resolved properly by sftp readLink
> -
>
> Key: SSHD-730
> URL: https://issues.apache.org/jira/browse/SSHD-730
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 1.1.0, 1.2.0, 1.3.0
>Reporter: Lukas Waldmann
>Assignee: Goldstein Lyor
>Priority: Minor
>
> Using sftp to resolve symbolic links doesn't return proper resolution in case 
> symbolic link contains ..
> Since version 1.1 the sendLink function of SftpSubsystem uses
> normalizedPath = SelectorUtils.normalizePath(unixPath, "/");
> to normalize path
> This function however return invalid path in case link contains ".."
> So for example if link is "../test/file" than normalizePath returns 
> "test/file" which is invalid because in can not be resolved properly in the 
> context of the current directory which symbolic link is referring to.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (SSHD-730) Relative symbolic links with .. is not resolved properly by sftp readLink

[Goldstein Lyor (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SSHD-730?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Goldstein Lyor updated SSHD-730:

Priority: Minor  (was: Major)

> Relative symbolic links with .. is not resolved properly by sftp readLink
> -
>
> Key: SSHD-730
> URL: https://issues.apache.org/jira/browse/SSHD-730
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 1.1.0, 1.2.0, 1.3.0
>Reporter: Lukas Waldmann
>Assignee: Goldstein Lyor
>Priority: Minor
>
> Using sftp to resolve symbolic links doesn't return proper resolution in case 
> symbolic link contains ..
> Since version 1.1 the sendLink function of SftpSubsystem uses
> normalizedPath = SelectorUtils.normalizePath(unixPath, "/");
> to normalize path
> This function however return invalid path in case link contains ".."
> So for example if link is "../test/file" than normalizePath returns 
> "test/file" which is invalid because in can not be resolved properly in the 
> context of the current directory which symbolic link is referring to.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Resolved] (SSHD-731) Vulnerability in SimpleAccessControlSftpEventListener implementation

[Goldstein Lyor (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SSHD-731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Goldstein Lyor resolved SSHD-731.
-
   Resolution: Fixed
Fix Version/s: 1.5.0

> Vulnerability in SimpleAccessControlSftpEventListener  implementation
> -
>
> Key: SSHD-731
> URL: https://issues.apache.org/jira/browse/SSHD-731
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 1.3.0
>Reporter: Boris Fridland
>Assignee: Goldstein Lyor
>Priority: Minor
> Fix For: 1.5.0
>
>
> After implementing sftp access control by overriding 
> SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
> Scenario:
> 1.set SimpleAccessControlSftpEventListener.isModificationAllowed to return 
> false
> 2.  Establish connection with WinScp
> 3. try to create new file
> expected result: access denied  message + no influence on file system
> actual: access denied  message, + empty file is written to server disc.
> in addition if existing file is opened, and being saved --> result is that 
> file content of is removed.
> Attached configuration code:
> {code:java}
> SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
> builder.addSftpEventListener(new 
> SimpleAccessControlSftpEventListener() {
> protected boolean isAccessAllowed(ServerSession session, String 
> remoteHandle, Path localPath)
> throws IOException {
> EUserAccessLevel level = 
> authorizationManager.getAccessLevel(session.getUsername());
> return level.hasReadAccess();
> }
> protected boolean isModificationAllowed(ServerSession session, 
> String remoteHandle, Path localPath)
> throws IOException {
> EUserAccessLevel level = 
> authorizationManager.getAccessLevel(session.getUsername());
>return level.hasWriteAccess();
> }
> });
> 
> sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
> sshd.setCommandFactory(new ScpCommandFactory());
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (SSHD-731) Vulnerability in SimpleAccessControlSftpEventListener implementation

[Goldstein Lyor (JIRA)]

[ 
https://issues.apache.org/jira/browse/SSHD-731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15892724#comment-15892724
 ] 

Goldstein Lyor commented on SSHD-731:
-

You are right about the behavior - I am working on a fix, meanwhile I believe 
you can work around it as follows:
{code:java}
SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder()
.withFileSystemAccessor(new SftpFileSystemAccessor() {
@Override
public SeekableByteChannel openFile() throws IOException {
   ...check access on session user...
}
@Override
public SeekableByteChannel openDirectory() throws IOException {
   ...check access on session user...
}
});
builder.addSftpEventListener(new SimpleAccessControlSftpEventListener() { ... 
your overrides... };
sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
{code}

> Vulnerability in SimpleAccessControlSftpEventListener  implementation
> -
>
> Key: SSHD-731
> URL: https://issues.apache.org/jira/browse/SSHD-731
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 1.3.0
>Reporter: Boris Fridland
>Assignee: Goldstein Lyor
>Priority: Minor
>
> After implementing sftp access control by overriding 
> SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
> Scenario:
> 1.set SimpleAccessControlSftpEventListener.isModificationAllowed to return 
> false
> 2.  Establish connection with WinScp
> 3. try to create new file
> expected result: access denied  message + no influence on file system
> actual: access denied  message, + empty file is written to server disc.
> in addition if existing file is opened, and being saved --> result is that 
> file content of is removed.
> Attached configuration code:
> {code:java}
> SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
> builder.addSftpEventListener(new 
> SimpleAccessControlSftpEventListener() {
> protected boolean isAccessAllowed(ServerSession session, String 
> remoteHandle, Path localPath)
> throws IOException {
> EUserAccessLevel level = 
> authorizationManager.getAccessLevel(session.getUsername());
> return level.hasReadAccess();
> }
> protected boolean isModificationAllowed(ServerSession session, 
> String remoteHandle, Path localPath)
> throws IOException {
> EUserAccessLevel level = 
> authorizationManager.getAccessLevel(session.getUsername());
>return level.hasWriteAccess();
> }
> });
> 
> sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
> sshd.setCommandFactory(new ScpCommandFactory());
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Work started] (SSHD-731) Vulnerability in SimpleAccessControlSftpEventListener implementation

[Goldstein Lyor (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SSHD-731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Work on SSHD-731 started by Goldstein Lyor.
---
> Vulnerability in SimpleAccessControlSftpEventListener  implementation
> -
>
> Key: SSHD-731
> URL: https://issues.apache.org/jira/browse/SSHD-731
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 1.3.0
>Reporter: Boris Fridland
>Assignee: Goldstein Lyor
>Priority: Minor
>
> After implementing sftp access control by overriding 
> SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
> Scenario:
> 1.set SimpleAccessControlSftpEventListener.isModificationAllowed to return 
> false
> 2.  Establish connection with WinScp
> 3. try to create new file
> expected result: access denied  message + no influence on file system
> actual: access denied  message, + empty file is written to server disc.
> in addition if existing file is opened, and being saved --> result is that 
> file content of is removed.
> Attached configuration code:
> {code:java}
> SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
> builder.addSftpEventListener(new 
> SimpleAccessControlSftpEventListener() {
> protected boolean isAccessAllowed(ServerSession session, String 
> remoteHandle, Path localPath)
> throws IOException {
> EUserAccessLevel level = 
> authorizationManager.getAccessLevel(session.getUsername());
> return level.hasReadAccess();
> }
> protected boolean isModificationAllowed(ServerSession session, 
> String remoteHandle, Path localPath)
> throws IOException {
> EUserAccessLevel level = 
> authorizationManager.getAccessLevel(session.getUsername());
>return level.hasWriteAccess();
> }
> });
> 
> sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
> sshd.setCommandFactory(new ScpCommandFactory());
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (SSHD-731) Vulnerability in SimpleAccessControlSftpEventListener implementation

[Goldstein Lyor (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SSHD-731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Goldstein Lyor updated SSHD-731:

Description: 
After implementing sftp access control by overriding 
SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
Scenario:
1.set SimpleAccessControlSftpEventListener.isModificationAllowed to return false
2.  Establish connection with WinScp
3. try to create new file
expected result: access denied  message + no influence on file system
actual: access denied  message, + empty file is written to server disc.
in addition if existing file is opened, and being saved --> result is that file 
content of is removed.


Attached configuration code:
{code:java}
SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
builder.addSftpEventListener(new SimpleAccessControlSftpEventListener() 
{
protected boolean isAccessAllowed(ServerSession session, String 
remoteHandle, Path localPath)
throws IOException {
EUserAccessLevel level = 
authorizationManager.getAccessLevel(session.getUsername());
return level.hasReadAccess();
}

protected boolean isModificationAllowed(ServerSession session, 
String remoteHandle, Path localPath)
throws IOException {
EUserAccessLevel level = 
authorizationManager.getAccessLevel(session.getUsername());
   return level.hasWriteAccess();
}
});
sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
sshd.setCommandFactory(new ScpCommandFactory());
{code}

  was:
After implementing sftp access control by overriding 
SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
Scenario:
1.set SimpleAccessControlSftpEventListener.isModificationAllowed to return false
2.  Establish connection with WinScp
3. try to create new file
expected result: access denied  message + no influence on file system
actual: access denied  message, + empty file is written to server disc.
in addition if existing file is opened, and being saved --> result is that file 
content of is removed.


Attached configuration code:
SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
builder.addSftpEventListener(new SimpleAccessControlSftpEventListener() 
{
protected boolean isAccessAllowed(ServerSession session, String 
remoteHandle, Path localPath)
throws IOException {
EUserAccessLevel level = 
authorizationManager.getAccessLevel(session.getUsername());
return level.hasReadAccess();
}

protected boolean isModificationAllowed(ServerSession session, 
String remoteHandle, Path localPath)
throws IOException {
EUserAccessLevel level = 
authorizationManager.getAccessLevel(session.getUsername());
   return level.hasWriteAccess();
}
});
sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
sshd.setCommandFactory(new ScpCommandFactory());



Maven dependency

org.apache.sshd
sshd-core
1.3.0


org.apache.sshd
sshd-contrib
1.3.0





> Vulnerability in SimpleAccessControlSftpEventListener  implementation
> -
>
> Key: SSHD-731
> URL: https://issues.apache.org/jira/browse/SSHD-731
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 1.3.0
>Reporter: Boris Fridland
>Assignee: Goldstein Lyor
>Priority: Minor
>
> After implementing sftp access control by overriding 
> SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
> Scenario:
> 1.set SimpleAccessControlSftpEventListener.isModificationAllowed to return 
> false
> 2.  Establish connection with WinScp
> 3. try to create new file
> expected result: access denied  message + no influence on file system
> actual: access denied  message, + empty file is written to server disc.
> in addition if existing file is opened, and being saved --> result is that 
> file content of is removed.
> Attached configuration code:
> {code:java}
> SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
> builder.addSftpEventListener(new 
> SimpleAccessControlSftpEventListener() {
> protected boolean isAccessAllowed(ServerSession session, String 
> remoteHandle, Path localPath)
> throws IOException {
> EUserAccessLevel level = 
> authorizationManager.getAccessLevel(session.getUsername());
> return level.hasReadAccess();
> }
> protected 

[jira] [Updated] (SSHD-731) Vulnerability in SimpleAccessControlSftpEventListener implementation

[Goldstein Lyor (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SSHD-731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Goldstein Lyor updated SSHD-731:

Priority: Minor  (was: Major)

> Vulnerability in SimpleAccessControlSftpEventListener  implementation
> -
>
> Key: SSHD-731
> URL: https://issues.apache.org/jira/browse/SSHD-731
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 1.3.0
>Reporter: Boris Fridland
>Assignee: Goldstein Lyor
>Priority: Minor
>
> After implementing sftp access control by overriding 
> SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
> Scenario:
> 1.set SimpleAccessControlSftpEventListener.isModificationAllowed to return 
> false
> 2.  Establish connection with WinScp
> 3. try to create new file
> expected result: access denied  message + no influence on file system
> actual: access denied  message, + empty file is written to server disc.
> in addition if existing file is opened, and being saved --> result is that 
> file content of is removed.
> Attached configuration code:
> SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
> builder.addSftpEventListener(new 
> SimpleAccessControlSftpEventListener() {
> protected boolean isAccessAllowed(ServerSession session, String 
> remoteHandle, Path localPath)
> throws IOException {
> EUserAccessLevel level = 
> authorizationManager.getAccessLevel(session.getUsername());
> return level.hasReadAccess();
> }
> protected boolean isModificationAllowed(ServerSession session, 
> String remoteHandle, Path localPath)
> throws IOException {
> EUserAccessLevel level = 
> authorizationManager.getAccessLevel(session.getUsername());
>return level.hasWriteAccess();
> }
> });
> 
> sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
> sshd.setCommandFactory(new ScpCommandFactory());
> Maven dependency
> 
> org.apache.sshd
> sshd-core
> 1.3.0
> 
> 
> org.apache.sshd
> sshd-contrib
> 1.3.0
> 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (SSHD-731) Vulnerability in SimpleAccessControlSftpEventListener implementation

[Goldstein Lyor (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SSHD-731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Goldstein Lyor updated SSHD-731:

Environment: (was: 
org.apache.sshd
sshd-core
1.3.0


org.apache.sshd
sshd-contrib
1.3.0

)

> Vulnerability in SimpleAccessControlSftpEventListener  implementation
> -
>
> Key: SSHD-731
> URL: https://issues.apache.org/jira/browse/SSHD-731
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 1.3.0
>Reporter: Boris Fridland
>Assignee: Goldstein Lyor
>
> After implementing sftp access control by overriding 
> SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
> Scenario:
> 1.set SimpleAccessControlSftpEventListener.isModificationAllowed to return 
> false
> 2.  Establish connection with WinScp
> 3. try to create new file
> expected result: access denied  message + no influence on file system
> actual: access denied  message, + empty file is written to server disc.
> in addition if existing file is opened, and being saved --> result is that 
> file content of is removed.
> Attached configuration code:
> SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
> builder.addSftpEventListener(new 
> SimpleAccessControlSftpEventListener() {
> protected boolean isAccessAllowed(ServerSession session, String 
> remoteHandle, Path localPath)
> throws IOException {
> EUserAccessLevel level = 
> authorizationManager.getAccessLevel(session.getUsername());
> return level.hasReadAccess();
> }
> protected boolean isModificationAllowed(ServerSession session, 
> String remoteHandle, Path localPath)
> throws IOException {
> EUserAccessLevel level = 
> authorizationManager.getAccessLevel(session.getUsername());
>return level.hasWriteAccess();
> }
> });
> 
> sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
> sshd.setCommandFactory(new ScpCommandFactory());
> Maven dependency
> 
> org.apache.sshd
> sshd-core
> 1.3.0
> 
> 
> org.apache.sshd
> sshd-contrib
> 1.3.0
> 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (SSHD-731) Vulnerability in SimpleAccessControlSftpEventListener implementation

[Goldstein Lyor (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SSHD-731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Goldstein Lyor updated SSHD-731:

Affects Version/s: 1.3.0

> Vulnerability in SimpleAccessControlSftpEventListener  implementation
> -
>
> Key: SSHD-731
> URL: https://issues.apache.org/jira/browse/SSHD-731
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 1.3.0
> Environment: 
> org.apache.sshd
> sshd-core
> 1.3.0
> 
> 
> org.apache.sshd
> sshd-contrib
> 1.3.0
> 
>Reporter: Boris Fridland
>Assignee: Goldstein Lyor
>
> After implementing sftp access control by overriding 
> SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
> Scenario:
> 1.set SimpleAccessControlSftpEventListener.isModificationAllowed to return 
> false
> 2.  Establish connection with WinScp
> 3. try to create new file
> expected result: access denied  message + no influence on file system
> actual: access denied  message, + empty file is written to server disc.
> in addition if existing file is opened, and being saved --> result is that 
> file content of is removed.
> Attached configuration code:
> SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
> builder.addSftpEventListener(new 
> SimpleAccessControlSftpEventListener() {
> protected boolean isAccessAllowed(ServerSession session, String 
> remoteHandle, Path localPath)
> throws IOException {
> EUserAccessLevel level = 
> authorizationManager.getAccessLevel(session.getUsername());
> return level.hasReadAccess();
> }
> protected boolean isModificationAllowed(ServerSession session, 
> String remoteHandle, Path localPath)
> throws IOException {
> EUserAccessLevel level = 
> authorizationManager.getAccessLevel(session.getUsername());
>return level.hasWriteAccess();
> }
> });
> 
> sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
> sshd.setCommandFactory(new ScpCommandFactory());
> Maven dependency
> 
> org.apache.sshd
> sshd-core
> 1.3.0
> 
> 
> org.apache.sshd
> sshd-contrib
> 1.3.0
> 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Assigned] (SSHD-731) Vulnerability in SimpleAccessControlSftpEventListener implementation

[Goldstein Lyor (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SSHD-731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Goldstein Lyor reassigned SSHD-731:
---

Assignee: Goldstein Lyor

> Vulnerability in SimpleAccessControlSftpEventListener  implementation
> -
>
> Key: SSHD-731
> URL: https://issues.apache.org/jira/browse/SSHD-731
> Project: MINA SSHD
>  Issue Type: Bug
>Affects Versions: 1.3.0
> Environment: 
> org.apache.sshd
> sshd-core
> 1.3.0
> 
> 
> org.apache.sshd
> sshd-contrib
> 1.3.0
> 
>Reporter: Boris Fridland
>Assignee: Goldstein Lyor
>
> After implementing sftp access control by overriding 
> SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
> Scenario:
> 1.set SimpleAccessControlSftpEventListener.isModificationAllowed to return 
> false
> 2.  Establish connection with WinScp
> 3. try to create new file
> expected result: access denied  message + no influence on file system
> actual: access denied  message, + empty file is written to server disc.
> in addition if existing file is opened, and being saved --> result is that 
> file content of is removed.
> Attached configuration code:
> SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
> builder.addSftpEventListener(new 
> SimpleAccessControlSftpEventListener() {
> protected boolean isAccessAllowed(ServerSession session, String 
> remoteHandle, Path localPath)
> throws IOException {
> EUserAccessLevel level = 
> authorizationManager.getAccessLevel(session.getUsername());
> return level.hasReadAccess();
> }
> protected boolean isModificationAllowed(ServerSession session, 
> String remoteHandle, Path localPath)
> throws IOException {
> EUserAccessLevel level = 
> authorizationManager.getAccessLevel(session.getUsername());
>return level.hasWriteAccess();
> }
> });
> 
> sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
> sshd.setCommandFactory(new ScpCommandFactory());
> Maven dependency
> 
> org.apache.sshd
> sshd-core
> 1.3.0
> 
> 
> org.apache.sshd
> sshd-contrib
> 1.3.0
> 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Re: How to handle Ctrl+C and other Sigint

[elijah baley]

The answer is very long and complex however here are a few pointers


- See Signal(s) and how to register for them

- Do some research into reading from the peer input stream and detecting key 
combinations and/or special characters.



From: waseem.farooqui 
Sent: Thursday, March 2, 2017 12:55 PM
To: dev@mina.apache.org
Subject: How to handle Ctrl+C and other Sigint

Hi,

I am new in Apache mina and have just follow the embedded server tutorial
but I have some problem in it.

*  When I typed Ctrl+C from the client nix based terminal It prints some
unicodes but in real server its not print on clients terminal How Can I
handle this in my sshd server or which class handle this type of request
Kindly share a sample code.
*  The server should terminate on this should I handle it myself or apache
mina have some class or it.
*   DEL or Backspace and Tab is also not working how I could handle it.

Thanks,



--
View this message in context: 
http://apache-mina.10907.n7.nabble.com/How-to-handle-Ctrl-C-and-other-Sigint-tp52319.html
Apache MINA Developer Forum - How to handle Ctrl+C and other 
Sigint
apache-mina.10907.n7.nabble.com
How to handle Ctrl+C and other Sigint. Hi, I am new in Apache mina and have 
just follow the embedded server tutorial but I have some problem in it. * When 
I typed Ctrl+C from the client nix...



Sent from the Apache MINA Developer Forum mailing list archive at Nabble.com.

Re: Apache MINA SSHd default ShellFactory Chocked the resources

[elijah baley]

Seems like the wrong way - the SSHDServer is a singleton and should be created 
only once (!). Please read the documentation on the MINA side about how to set 
up a server and how to configure command/shell factories.


From: waseem.farooqui 
Sent: Thursday, March 2, 2017 12:53 PM
To: dev@mina.apache.org
Subject: Re: Apache MINA SSHd default ShellFactory Chocked the resources

How do you do that ?
I am connecting multiple client with the servers i-e I open 2 terminals and
ssh the server with both of them.
I open a new thread at every new connection like this

public static void main(String[] args) {

new Thread(new SshDaemon()).start();
}

@Override
public void run() {

SshServer sshd = SshServer.setUpDefaultServer();
//creating the welcome banner for after login
PropertyResolverUtils.updateProperty(
sshd,
ServerFactoryManager.WELCOME_BANNER,
BANNER);

sshd.setFileSystemFactory(new
VirtualFileSystemFactory(Paths.get(System.getProperty("user.dir";


//adding the password authenticator
sshd.setPasswordAuthenticator(
new SshPasswordAuthenticator());

//setting the port the ssh daemon is listening on
sshd.setPort(PORT);
sshd.setHost("0.0.0.0");
//setting the class that hooks up users
//with their session
//sshd.setShellFactory( new SshSessionFactory() );



sshd.setSubsystemFactories(Collections.>singletonList(new
SftpSubsystemFactory()));
sshd.setShellFactory(new ProcessShellFactory(new String[]{"/bin/sh",
"-i", "-l"}));


sshd.setKeyPairProvider(
new SimpleGeneratorHostKeyProvider(
new File("id_rsa")));

try {
sshd.start();
} catch (IOException e) {
e.printStackTrace();
}

//TODO replace with proper interrupt
while (!shutdownRequested) {
try {
Thread.sleep(500);
} catch (Exception e) {
}
}
}

`sshd.setShellFactory(new ProcessShellFactory(new String[]{"/bin/sh", "-i",
"-l"}));` I am using this shell.
Its default and built-in I guess, will you please explain me with the code
How to use this `InteractiveProcessShellFactory`.



--
View this message in context: 
http://apache-mina.10907.n7.nabble.com/Apache-MINA-SSHd-default-ShellFactory-Chocked-the-resources-tp52309p52318.html
Apache MINA Developer Forum - Apache MINA SSHd default ShellFactory Chocked the 
resources
apache-mina.10907.n7.nabble.com
Apache MINA SSHd default ShellFactory Chocked the resources. Hi Devs, I am 
using Apache MINA server for the ssh server implementation. I basically want to 
intercept all the commands typed by the...



Sent from the Apache MINA Developer Forum mailing list archive at Nabble.com.

Re: MIA for a while...

[Guillaume Nodet]

Congrats to you and your wife !
Enjoy !

2017-03-02 15:15 GMT+01:00 Emmanuel Lécharny :

> Hi !
>
>
> just for you to know, I may be MIA for a while, or at least way less
> responsive : My wife just gave birth to our wonderful daughter today,
> and I'm afraid it's going to be our priority number one in the next few
> weeks :-)
>
>
> Thanks !
>
> --
> Emmanuel Lecharny
>
> Symas.com
> directory.apache.org
>
>


-- 

Guillaume Nodet

Re: MIA for a while...

[Maxim Solodovnik]

Congratulations :)
This is most important duty :)

WBR, Maxim
(from mobile, sorry for the typos)

On Mar 2, 2017 21:15, "Emmanuel Lécharny"  wrote:

> Hi !
>
>
> just for you to know, I may be MIA for a while, or at least way less
> responsive : My wife just gave birth to our wonderful daughter today,
> and I'm afraid it's going to be our priority number one in the next few
> weeks :-)
>
>
> Thanks !
>
> --
> Emmanuel Lecharny
>
> Symas.com
> directory.apache.org
>
>

[jira] [Updated] (SSHD-731) Vanorability in SimpleAccessControlSftpEventListener implementation

[Boris Fridland (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SSHD-731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Boris Fridland updated SSHD-731:

Description: 
After implementing sftp access control by overriding 
SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
Scenario:
1.set SimpleAccessControlSftpEventListener.isModificationAllowed to return false
2.  Establish connection with WinScp
3. try to create new file
expected result: access denied  message + no influence on file system
actual: access denied  message, + empty file is written to server disc.
in addition if existing file is opened, and being saved --> result is that file 
content of is removed.


Attached configuration code:
SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
builder.addSftpEventListener(new SimpleAccessControlSftpEventListener() 
{
protected boolean isAccessAllowed(ServerSession session, String 
remoteHandle, Path localPath)
throws IOException {
EUserAccessLevel level = 
authorizationManager.getAccessLevel(session.getUsername());
return level.hasReadAccess();
}

protected boolean isModificationAllowed(ServerSession session, 
String remoteHandle, Path localPath)
throws IOException {
EUserAccessLevel level = 
authorizationManager.getAccessLevel(session.getUsername());
   return level.hasWriteAccess();
}
});
sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
sshd.setCommandFactory(new ScpCommandFactory());



Maven dependency

org.apache.sshd
sshd-core
1.3.0


org.apache.sshd
sshd-contrib
1.3.0




  was:
After implementing sftp access control by overriding 
SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
Scenario:
1.set SimpleAccessControlSftpEventListener.isModificationAllowed to return false
2.  Establish connection with WinScp
3. try to create new file
expected result: access denied  message + no influence on file system
actual: access denied  message, + empty file is written to server disc.
in addition if existing file is opened, and being saved --> result is that file 
content of is removed.


Attached configuration code:
SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
builder.addSftpEventListener(new SimpleAccessControlSftpEventListener() 
{
protected boolean isAccessAllowed(ServerSession session, String 
remoteHandle, Path localPath)
throws IOException {
EUserAccessLevel level = 
authorizationManager.getAccessLevel(session.getUsername());
return level.hasReadAccess();
}

protected boolean isModificationAllowed(ServerSession session, 
String remoteHandle, Path localPath)
throws IOException {
EUserAccessLevel level = 
authorizationManager.getAccessLevel(session.getUsername());
   return level.hasWriteAccess();
}
});
sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
sshd.setCommandFactory(new ScpCommandFactory());



 
following 




> Vanorability in SimpleAccessControlSftpEventListener  implementation
> 
>
> Key: SSHD-731
> URL: https://issues.apache.org/jira/browse/SSHD-731
> Project: MINA SSHD
>  Issue Type: Bug
> Environment: 
> org.apache.sshd
> sshd-core
> 1.3.0
> 
> 
> org.apache.sshd
> sshd-contrib
> 1.3.0
> 
>Reporter: Boris Fridland
>
> After implementing sftp access control by overriding 
> SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
> Scenario:
> 1.set SimpleAccessControlSftpEventListener.isModificationAllowed to return 
> false
> 2.  Establish connection with WinScp
> 3. try to create new file
> expected result: access denied  message + no influence on file system
> actual: access denied  message, + empty file is written to server disc.
> in addition if existing file is opened, and being saved --> result is that 
> file content of is removed.
> Attached configuration code:
> SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
> builder.addSftpEventListener(new 
> SimpleAccessControlSftpEventListener() {
> protected boolean isAccessAllowed(ServerSession session, String 
> remoteHandle, Path localPath)
> throws IOException {
> EUserAccessLevel level = 
> 

MIA for a while...

[Emmanuel Lécharny]

Hi !


just for you to know, I may be MIA for a while, or at least way less
responsive : My wife just gave birth to our wonderful daughter today,
and I'm afraid it's going to be our priority number one in the next few
weeks :-)


Thanks !

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

[jira] [Created] (SSHD-731) Vanorability in SimpleAccessControlSftpEventListener implementation

[Boris Fridland (JIRA)]

Boris Fridland created SSHD-731:
---

 Summary: Vanorability in SimpleAccessControlSftpEventListener  
implementation
 Key: SSHD-731
 URL: https://issues.apache.org/jira/browse/SSHD-731
 Project: MINA SSHD
  Issue Type: Bug
 Environment: 
org.apache.sshd
sshd-core
1.3.0


org.apache.sshd
sshd-contrib
1.3.0


Reporter: Boris Fridland


After implementing sftp access control by overriding 
SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory: 
even when isModificationAllowed function returns fals
Scenario:
1.set isModificationAllowed to return false
2.  Establish connection with WinScp
3. try to create new file
expected result: access denied  message + no influence on file system
actual: access denied  message, + empty file is written to server disc.
in addition if existing file is opened, and being saved --> result is that file 
content is removed.
It is huge variability

Attached configuration code:
SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
builder.addSftpEventListener(new SimpleAccessControlSftpEventListener() 
{
protected boolean isAccessAllowed(ServerSession session, String 
remoteHandle, Path localPath)
throws IOException {
EUserAccessLevel level = 
authorizationManager.getAccessLevel(session.getUsername());
if(level.hasReadAccess()) {
return true;
}
return false;
}

protected boolean isModificationAllowed(ServerSession session, 
String remoteHandle, Path localPath)
throws IOException {
EUserAccessLevel level = 
authorizationManager.getAccessLevel(session.getUsername());
if(level.hasWriteAccess()) {
return true;
}
return false;
}
});
sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
sshd.setCommandFactory(new ScpCommandFactory());



 
following 





--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Re: How to handle Ctrl+C and other Sigint

[Guillaume Nodet]

You need to configure the terminal correctly on the client and server side,
you also need to process the signals correctly.
For example, Ctrl+C is just the character 0x03 in the input stream.  Wether
you should terminate or not is your decision.  Del, backspace and tab are
also characters in the input stream, so it really depends on what kind of
shell you use on the server side.

If you want a complete example, you may want to have a look at JLine.
There is some sample integration code  with SSHD for both the client and
server side which I haven't committed to the master branch yet:

https://github.com/gnodet/jline3/blob/wip-ssh/remote-ssh/src/main/java/org/jline/builtins/ssh/



2017-03-02 11:55 GMT+01:00 waseem.farooqui :

> Hi,
>
> I am new in Apache mina and have just follow the embedded server tutorial
> but I have some problem in it.
>
> *  When I typed Ctrl+C from the client nix based terminal It prints some
> unicodes but in real server its not print on clients terminal How Can I
> handle this in my sshd server or which class handle this type of request
> Kindly share a sample code.
> *  The server should terminate on this should I handle it myself or apache
> mina have some class or it.
> *   DEL or Backspace and Tab is also not working how I could handle it.
>
> Thanks,
>
>
>
> --
> View this message in context: http://apache-mina.10907.n7.
> nabble.com/How-to-handle-Ctrl-C-and-other-Sigint-tp52319.html
> Sent from the Apache MINA Developer Forum mailing list archive at
> Nabble.com.
>



-- 

Guillaume Nodet

Re: Apache MINA SSHd default ShellFactory Chocked the resources

[waseem.farooqui]

/How do you do that ? /
I am connecting multiple client with the servers i-e I open 2 terminals and
ssh the server with both of them.
I open a new thread at every new connection like this

public static void main(String[] args) {

new Thread(new SshDaemon()).start();
}

@Override
public void run() {

SshServer sshd = SshServer.setUpDefaultServer();
//creating the welcome banner for after login
PropertyResolverUtils.updateProperty(
sshd,
ServerFactoryManager.WELCOME_BANNER,
BANNER);

sshd.setFileSystemFactory(new
VirtualFileSystemFactory(Paths.get(System.getProperty("user.dir";


//adding the password authenticator
sshd.setPasswordAuthenticator(
new SshPasswordAuthenticator());

//setting the port the ssh daemon is listening on
sshd.setPort(PORT);
sshd.setHost("0.0.0.0");
//setting the class that hooks up users
//with their session
//sshd.setShellFactory( new SshSessionFactory() );


   
sshd.setSubsystemFactories(Collections.>singletonList(new
SftpSubsystemFactory()));
sshd.setShellFactory(new ProcessShellFactory(new String[]{"/bin/sh",
"-i", "-l"}));


sshd.setKeyPairProvider(
new SimpleGeneratorHostKeyProvider(
new File("id_rsa")));

try {
sshd.start();
} catch (IOException e) {
e.printStackTrace();
}

//TODO replace with proper interrupt
while (!shutdownRequested) {
try {
Thread.sleep(500);
} catch (Exception e) {
}
}
}

`sshd.setShellFactory(new ProcessShellFactory(new String[]{"/bin/sh", "-i",
"-l"}));` I am using this shell.
Its default and built-in I guess, will you please explain me with the code
How to use this `InteractiveProcessShellFactory`.



--
View this message in context: 
http://apache-mina.10907.n7.nabble.com/Apache-MINA-SSHd-default-ShellFactory-Chocked-the-resources-tp52309p52317.html
Sent from the Apache MINA Developer Forum mailing list archive at Nabble.com.

How to Handle Ctrl+C on any SigInts in SSHd.

[waseem.farooqui]

Hi,

I am new in Apache mina and have just follow the embedded server tutorial
but I have some problem in it.

 * When I typed Ctrl+C from the client nix based terminal It prints some
unicodes but in real server its not print on clients terminal How Can I
handle this in my sshd server or which class handle this type of request
Kindly share a sample code.
*  The server should terminate on this should I handle it myself or apache
mina have some class or it.

Thanks, 



--
View this message in context: 
http://apache-mina.10907.n7.nabble.com/How-to-Handle-Ctrl-C-on-any-SigInts-in-SSHd-tp52316.html
Sent from the Apache MINA Developer Forum mailing list archive at Nabble.com.

How to handle Ctrl+C and other Sigint

[waseem.farooqui]

Hi, 

I am new in Apache mina and have just follow the embedded server tutorial
but I have some problem in it. 

*  When I typed Ctrl+C from the client nix based terminal It prints some
unicodes but in real server its not print on clients terminal How Can I
handle this in my sshd server or which class handle this type of request
Kindly share a sample code. 
*  The server should terminate on this should I handle it myself or apache
mina have some class or it. 
*   DEL or Backspace and Tab is also not working how I could handle it. 

Thanks,



--
View this message in context: 
http://apache-mina.10907.n7.nabble.com/How-to-handle-Ctrl-C-and-other-Sigint-tp52319.html
Sent from the Apache MINA Developer Forum mailing list archive at Nabble.com.

Re: Apache MINA SSHd default ShellFactory Chocked the resources

[waseem.farooqui]

How do you do that ? 
I am connecting multiple client with the servers i-e I open 2 terminals and
ssh the server with both of them. 
I open a new thread at every new connection like this 

public static void main(String[] args) { 

new Thread(new SshDaemon()).start(); 
} 

@Override 
public void run() { 

SshServer sshd = SshServer.setUpDefaultServer(); 
//creating the welcome banner for after login 
PropertyResolverUtils.updateProperty( 
sshd, 
ServerFactoryManager.WELCOME_BANNER, 
BANNER); 

sshd.setFileSystemFactory(new
VirtualFileSystemFactory(Paths.get(System.getProperty("user.dir"; 


//adding the password authenticator 
sshd.setPasswordAuthenticator( 
new SshPasswordAuthenticator()); 

//setting the port the ssh daemon is listening on 
sshd.setPort(PORT); 
sshd.setHost("0.0.0.0"); 
//setting the class that hooks up users 
//with their session 
//sshd.setShellFactory( new SshSessionFactory() ); 


   
sshd.setSubsystemFactories(Collections.>singletonList(new
SftpSubsystemFactory())); 
sshd.setShellFactory(new ProcessShellFactory(new String[]{"/bin/sh",
"-i", "-l"})); 


sshd.setKeyPairProvider( 
new SimpleGeneratorHostKeyProvider( 
new File("id_rsa"))); 

try { 
sshd.start(); 
} catch (IOException e) { 
e.printStackTrace(); 
} 

//TODO replace with proper interrupt 
while (!shutdownRequested) { 
try { 
Thread.sleep(500); 
} catch (Exception e) { 
} 
} 
} 

`sshd.setShellFactory(new ProcessShellFactory(new String[]{"/bin/sh", "-i",
"-l"}));` I am using this shell. 
Its default and built-in I guess, will you please explain me with the code
How to use this `InteractiveProcessShellFactory`.



--
View this message in context: 
http://apache-mina.10907.n7.nabble.com/Apache-MINA-SSHd-default-ShellFactory-Chocked-the-resources-tp52309p52318.html
Sent from the Apache MINA Developer Forum mailing list archive at Nabble.com.