[SSHD-543] Consider logging client session setup with level 'debug'
Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/9dbd66ea Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/9dbd66ea Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/9dbd66ea Branch: refs/heads/master Commit: 9dbd66ea9c8ddfea0d64be16360e99aa281b52ad Parents: 84f7b62 Author: Lyor Goldstein <[email protected]> Authored: Tue Jul 28 09:29:58 2015 +0300 Committer: Lyor Goldstein <[email protected]> Committed: Tue Jul 28 09:29:58 2015 +0300 ---------------------------------------------------------------------- .../keyverifier/StaticServerKeyVerifier.java | 28 +++++++++++++------- .../sshd/common/session/AbstractSession.java | 4 +-- .../password/StaticPasswordAuthenticator.java | 17 ++++++++++-- .../pubkey/StaticPublickeyAuthenticator.java | 18 ++++++++++--- 4 files changed, 51 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/9dbd66ea/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/StaticServerKeyVerifier.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/StaticServerKeyVerifier.java b/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/StaticServerKeyVerifier.java index 09111bd..14685f9 100644 --- a/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/StaticServerKeyVerifier.java +++ b/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/StaticServerKeyVerifier.java @@ -45,17 +45,27 @@ public abstract class StaticServerKeyVerifier extends AbstractLoggingBean implem @Override public final boolean verifyServerKey(ClientSession sshClientSession, SocketAddress remoteAddress, PublicKey serverKey) { - if (isAccepted()) { - log.warn("Server at {} presented unverified {} key: {}", - new Object[]{remoteAddress, (serverKey == null) ? null : serverKey.getAlgorithm(), KeyUtils.getFingerPrint(serverKey)}); - return true; + boolean accepted = isAccepted(); + if (accepted) { + handleAcceptance(sshClientSession, remoteAddress, serverKey); } else { - if (log.isDebugEnabled()) { - log.debug("Reject server {} unverified {} key: {}", - new Object[]{remoteAddress, (serverKey == null) ? null : serverKey.getAlgorithm(), KeyUtils.getFingerPrint(serverKey)}); - } + handleRejection(sshClientSession, remoteAddress, serverKey); + } + + return accepted; + } - return false; + protected void handleAcceptance(ClientSession sshClientSession, SocketAddress remoteAddress, PublicKey serverKey) { + // accepting without really checking is dangerous, thus the warning + log.warn("Server at {} presented unverified {} key: {}", + remoteAddress, (serverKey == null) ? null : serverKey.getAlgorithm(), KeyUtils.getFingerPrint(serverKey)); + } + + protected void handleRejection(ClientSession sshClientSession, SocketAddress remoteAddress, PublicKey serverKey) { + if (log.isDebugEnabled()) { + log.debug("Reject server {} unverified {} key: {}", + remoteAddress, (serverKey == null) ? null : serverKey.getAlgorithm(), KeyUtils.getFingerPrint(serverKey)); } } + } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/9dbd66ea/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java b/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java index acf0c2f..ba4ac67 100644 --- a/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java +++ b/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java @@ -589,7 +589,7 @@ public abstract class AbstractSession extends CloseableUtils.AbstractInnerClosea public IoWriteFuture writePacket(Buffer buffer, final long timeout, final TimeUnit unit) throws IOException { final IoWriteFuture writeFuture = writePacket(buffer); final DefaultSshFuture<IoWriteFuture> future = (DefaultSshFuture<IoWriteFuture>) writeFuture; - ScheduledExecutorService executor = factoryManager.getScheduledExecutorService(); + ScheduledExecutorService executor = factoryManager.getScheduledExecutorService(); final ScheduledFuture<?> sched = executor.schedule(new Runnable() { @SuppressWarnings("synthetic-access") @Override @@ -1202,7 +1202,7 @@ public abstract class AbstractSession extends CloseableUtils.AbstractInnerClosea @Override public void disconnect(int reason, String msg) throws IOException { - log.info("Disconnecting: {} - {}", Integer.valueOf(reason), msg); + log.info("Disconnecting: {} - {}", reason, msg); Buffer buffer = createBuffer(SshConstants.SSH_MSG_DISCONNECT); buffer.putInt(reason); buffer.putString(msg); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/9dbd66ea/sshd-core/src/main/java/org/apache/sshd/server/auth/password/StaticPasswordAuthenticator.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/server/auth/password/StaticPasswordAuthenticator.java b/sshd-core/src/main/java/org/apache/sshd/server/auth/password/StaticPasswordAuthenticator.java index 30ad31e..fad2ea8 100644 --- a/sshd-core/src/main/java/org/apache/sshd/server/auth/password/StaticPasswordAuthenticator.java +++ b/sshd-core/src/main/java/org/apache/sshd/server/auth/password/StaticPasswordAuthenticator.java @@ -38,10 +38,23 @@ public class StaticPasswordAuthenticator extends AbstractLoggingBean implements @Override public final boolean authenticate(String username, String password, ServerSession session) { boolean accepted = isAccepted(); - if (log.isDebugEnabled()) { - log.debug("authenticate({}[{}]: {}", username, session, accepted); + if (accepted) { + handleAcceptance(username, password, session); + } else { + handleRejection(username, password, session); } return accepted; } + + protected void handleAcceptance(String username, String password, ServerSession session) { + // accepting without really checking is dangerous, thus the warning + log.warn("authenticate({}[{}]: accepted without checking", username, session); + } + + protected void handleRejection(String username, String password, ServerSession session) { + if (log.isDebugEnabled()) { + log.debug("authenticate({}[{}]: rejected", username, session); + } + } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/9dbd66ea/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/StaticPublickeyAuthenticator.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/StaticPublickeyAuthenticator.java b/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/StaticPublickeyAuthenticator.java index d760f1d..29f7a57 100644 --- a/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/StaticPublickeyAuthenticator.java +++ b/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/StaticPublickeyAuthenticator.java @@ -41,11 +41,23 @@ public abstract class StaticPublickeyAuthenticator extends AbstractLoggingBean i @Override public final boolean authenticate(String username, PublicKey key, ServerSession session) { boolean accepted = isAccepted(); - if (log.isDebugEnabled()) { - log.debug("authenticate({}[{}][{}][{}]: {}", - username, session, key.getAlgorithm(), KeyUtils.getFingerPrint(key), accepted); + if (accepted) { + handleAcceptance(username, key, session); } return accepted; } + + protected void handleAcceptance(String username, PublicKey key, ServerSession session) { + // accepting without really checking is dangerous, thus the warning + log.warn("authenticate({}[{}][{}][{}]: accepted without checking", + username, session, key.getAlgorithm(), KeyUtils.getFingerPrint(key)); + } + + protected void handleRejection(String username, PublicKey key, ServerSession session) { + if (log.isDebugEnabled()) { + log.debug("authenticate({}[{}][{}][{}]: rejected", + username, session, key.getAlgorithm(), KeyUtils.getFingerPrint(key)); + } + } } \ No newline at end of file
