Repository: mina-sshd Updated Branches: refs/heads/master e94b082b3 -> 4f207ad6d
[SSHD-714] The SSH client does not support password starts or ends with space Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/4f207ad6 Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/4f207ad6 Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/4f207ad6 Branch: refs/heads/master Commit: 4f207ad6df18948876ae267e95f07b719b11bf85 Parents: e94b082 Author: Lyor Goldstein <[email protected]> Authored: Fri Nov 18 07:30:43 2016 +0200 Committer: Lyor Goldstein <[email protected]> Committed: Fri Nov 18 07:30:43 2016 +0200 ---------------------------------------------------------------------- .../java/org/apache/sshd/client/SshClient.java | 4 +- .../client/session/AbstractClientSession.java | 4 +- .../sshd/common/auth/AuthenticationTest.java | 55 +++++++++++++++----- 3 files changed, 48 insertions(+), 15 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/4f207ad6/sshd-core/src/main/java/org/apache/sshd/client/SshClient.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/client/SshClient.java b/sshd-core/src/main/java/org/apache/sshd/client/SshClient.java index 3502b1b..cd40c7e 100644 --- a/sshd-core/src/main/java/org/apache/sshd/client/SshClient.java +++ b/sshd-core/src/main/java/org/apache/sshd/client/SshClient.java @@ -322,7 +322,9 @@ public class SshClient extends AbstractFactoryManager implements ClientFactoryMa @Override public void addPasswordIdentity(String password) { - identities.add(ValidateUtils.checkNotNullAndNotEmpty(password, "No password provided")); + // DO NOT USE checkNotNullOrNotEmpty SINCE IT TRIMS THE RESULT + ValidateUtils.checkTrue((password != null) && (!password.isEmpty()), "No password provided"); + identities.add(password); if (log.isDebugEnabled()) { // don't show the password in the log log.debug("addPasswordIdentity({}) {}", this, KeyUtils.getFingerPrint(password)); } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/4f207ad6/sshd-core/src/main/java/org/apache/sshd/client/session/AbstractClientSession.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/client/session/AbstractClientSession.java b/sshd-core/src/main/java/org/apache/sshd/client/session/AbstractClientSession.java index efe7a67..f2f1aea 100644 --- a/sshd-core/src/main/java/org/apache/sshd/client/session/AbstractClientSession.java +++ b/sshd-core/src/main/java/org/apache/sshd/client/session/AbstractClientSession.java @@ -168,7 +168,9 @@ public abstract class AbstractClientSession extends AbstractSession implements C @Override public void addPasswordIdentity(String password) { - identities.add(ValidateUtils.checkNotNullAndNotEmpty(password, "No password provided")); + // DO NOT USE checkNotNullOrNotEmpty SINCE IT TRIMS THE RESULT + ValidateUtils.checkTrue((password != null) && (!password.isEmpty()), "No password provided"); + identities.add(password); if (log.isDebugEnabled()) { // don't show the password in the log log.debug("addPasswordIdentity({}) {}", this, KeyUtils.getFingerPrint(password)); } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/4f207ad6/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java b/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java index 841cafb..5e0333b 100644 --- a/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java @@ -547,8 +547,8 @@ public class AuthenticationTest extends BaseTestSupport { @Test public void testPasswordIdentityProviderPropagation() throws Exception { try (SshClient client = setupTestClient()) { - final List<String> passwords = Collections.singletonList(getCurrentTestName()); - final AtomicInteger loadCount = new AtomicInteger(0); + List<String> passwords = Collections.singletonList(getCurrentTestName()); + AtomicInteger loadCount = new AtomicInteger(0); PasswordIdentityProvider provider = () -> { loadCount.incrementAndGet(); outputDebugMessage("loadPasswords - count=%s", loadCount); @@ -569,7 +569,7 @@ public class AuthenticationTest extends BaseTestSupport { @Test // see SSHD-618 public void testPublicKeyAuthDifferentThanKex() throws Exception { - final KeyPairProvider serverKeys = KeyPairProvider.wrap( + KeyPairProvider serverKeys = KeyPairProvider.wrap( Utils.generateKeyPair(KeyUtils.RSA_ALGORITHM, 1024), Utils.generateKeyPair(KeyUtils.DSS_ALGORITHM, 512), Utils.generateKeyPair(KeyUtils.EC_ALGORITHM, 256)); @@ -617,7 +617,7 @@ public class AuthenticationTest extends BaseTestSupport { @Test // see SSHD-624 public void testMismatchedUserAuthPkOkData() throws Exception { - final AtomicInteger challengeCounter = new AtomicInteger(0); + AtomicInteger challengeCounter = new AtomicInteger(0); sshd.setUserAuthFactories(Collections.singletonList( new org.apache.sshd.server.auth.pubkey.UserAuthPublicKeyFactory() { @Override @@ -674,10 +674,10 @@ public class AuthenticationTest extends BaseTestSupport { @Test // see SSHD-620 public void testHostBasedAuthentication() throws Exception { - final String hostClienUser = getClass().getSimpleName(); - final String hostClientName = SshdSocketAddress.toAddressString(SshdSocketAddress.getFirstExternalNetwork4Address()); - final KeyPair hostClientKey = Utils.generateKeyPair(KeyUtils.RSA_ALGORITHM, 1024); - final AtomicInteger invocationCount = new AtomicInteger(0); + String hostClienUser = getClass().getSimpleName(); + String hostClientName = SshdSocketAddress.toAddressString(SshdSocketAddress.getFirstExternalNetwork4Address()); + KeyPair hostClientKey = Utils.generateKeyPair(KeyUtils.RSA_ALGORITHM, 1024); + AtomicInteger invocationCount = new AtomicInteger(0); sshd.setHostBasedAuthenticator((session, username, clientHostKey, clientHostName, clientUsername, certificates) -> { invocationCount.incrementAndGet(); return hostClienUser.equals(clientUsername) @@ -711,9 +711,9 @@ public class AuthenticationTest extends BaseTestSupport { @Test // see SSHD-625 public void testRuntimeErrorsInAuthenticators() throws Exception { - final Error thrown = new OutOfMemoryError(getCurrentTestName()); - final PasswordAuthenticator authPassword = sshd.getPasswordAuthenticator(); - final AtomicInteger passCounter = new AtomicInteger(0); + Error thrown = new OutOfMemoryError(getCurrentTestName()); + PasswordAuthenticator authPassword = sshd.getPasswordAuthenticator(); + AtomicInteger passCounter = new AtomicInteger(0); sshd.setPasswordAuthenticator((username, password, session) -> { int count = passCounter.incrementAndGet(); if (count == 1) { @@ -722,8 +722,8 @@ public class AuthenticationTest extends BaseTestSupport { return authPassword.authenticate(username, password, session); }); - final PublickeyAuthenticator authPubkey = sshd.getPublickeyAuthenticator(); - final AtomicInteger pubkeyCounter = new AtomicInteger(0); + PublickeyAuthenticator authPubkey = sshd.getPublickeyAuthenticator(); + AtomicInteger pubkeyCounter = new AtomicInteger(0); sshd.setPublickeyAuthenticator((username, key, session) -> { int count = pubkeyCounter.incrementAndGet(); if (count == 1) { @@ -759,6 +759,35 @@ public class AuthenticationTest extends BaseTestSupport { } } + @Test // see SSHD-714 + public void testPasswordIdentityWithSpacesPrefixOrSuffix() throws Exception { + sshd.setPasswordAuthenticator((username, password, session) -> { + return (username != null) && (!username.trim().isEmpty()) + && (password != null) && (!password.isEmpty()) + && ((password.charAt(0) == ' ') || (password.charAt(password.length() - 1) == ' ')); + }); + + try (SshClient client = setupTestClient()) { + client.start(); + + try { + for (String password : new String[]{ + " ", " ", " " + getCurrentTestName(), getCurrentTestName() + " " + }) { + try (ClientSession s = client.connect(getCurrentTestName(), TEST_LOCALHOST, port).verify(7L, TimeUnit.SECONDS).getSession()) { + s.addPasswordIdentity(password); + + AuthFuture auth = s.auth(); + assertTrue("No authentication result in time for password='" + password + "'", auth.await(11L, TimeUnit.SECONDS)); + assertTrue("Failed to authenticate with password='" + password + "'", auth.isSuccess()); + } + } + } finally { + client.stop(); + } + } + } + private static void assertAuthenticationResult(String message, AuthFuture future, boolean expected) throws IOException { assertTrue(message + ": failed to get result on time", future.await(5L, TimeUnit.SECONDS)); assertEquals(message + ": mismatched authentication result", expected, future.isSuccess());
