Repository: mina-sshd Updated Branches: refs/heads/master ceee0faf0 -> 326725da2
[SSHD-852] Verification fails for hashed known host entry on non standard port generated by OpenSSH client Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/326725da Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/326725da Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/326725da Branch: refs/heads/master Commit: 326725da23bc83593b3a6ce8a367a321f6bb81fd Parents: ceee0fa Author: Stefan Verhoeven <[email protected]> Authored: Thu Oct 18 15:22:07 2018 +0300 Committer: Lyor Goldstein <[email protected]> Committed: Thu Oct 18 15:22:55 2018 +0300 ---------------------------------------------------------------------- .../client/config/hosts/KnownHostEntry.java | 11 +- .../config/hosts/KnownHostHashEntryTest.java | 104 +++++++++++++++++++ .../config/hosts/KnownHostHashValueTest.java | 14 ++- .../apache/sshd/client/keyverifier/known_hosts | 2 +- 4 files changed, 127 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/326725da/sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java ---------------------------------------------------------------------- diff --git a/sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java b/sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java index 91d6184..c6f0150 100644 --- a/sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java +++ b/sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java @@ -126,8 +126,17 @@ public class KnownHostEntry extends HostPatternsHolder { return true; } + String address; + if ((port > 0) && (port != ConfigFileReaderSupport.DEFAULT_PORT)) { + address = HostPatternsHolder.NON_STANDARD_PORT_PATTERN_ENCLOSURE_START_DELIM + + host + HostPatternsHolder.NON_STANDARD_PORT_PATTERN_ENCLOSURE_END_DELIM + + HostPatternsHolder.PORT_VALUE_DELIMITER + port; + } else { + address = host; + } + KnownHostHashValue hash = getHashedEntry(); - return (hash != null) && hash.isHostMatch(host); + return (hash != null) && hash.isHostMatch(address); } @Override http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/326725da/sshd-common/src/test/java/org/apache/sshd/client/config/hosts/KnownHostHashEntryTest.java ---------------------------------------------------------------------- diff --git a/sshd-common/src/test/java/org/apache/sshd/client/config/hosts/KnownHostHashEntryTest.java b/sshd-common/src/test/java/org/apache/sshd/client/config/hosts/KnownHostHashEntryTest.java new file mode 100644 index 0000000..6bf1177 --- /dev/null +++ b/sshd-common/src/test/java/org/apache/sshd/client/config/hosts/KnownHostHashEntryTest.java @@ -0,0 +1,104 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.client.config.hosts; + +import java.util.Arrays; +import java.util.List; + +import org.apache.sshd.common.config.ConfigFileReaderSupport; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.util.test.JUnit4ClassRunnerWithParametersFactory; +import org.apache.sshd.util.test.JUnitTestSupport; +import org.apache.sshd.util.test.NoIoTestCase; +import org.junit.Assume; +import org.junit.FixMethodOrder; +import org.junit.Test; +import org.junit.experimental.categories.Category; +import org.junit.runner.RunWith; +import org.junit.runners.MethodSorters; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameters; +import org.junit.runners.Parameterized.UseParametersRunnerFactory; + +/** + * TODO Add javadoc + * + * @author <a href="mailto:[email protected]";>Apache MINA SSHD Project</a> + */ +@FixMethodOrder(MethodSorters.NAME_ASCENDING) +@RunWith(Parameterized.class) // see https://github.com/junit-team/junit/wiki/Parameterized-tests +@UseParametersRunnerFactory(JUnit4ClassRunnerWithParametersFactory.class) +@Category({ NoIoTestCase.class }) +public class KnownHostHashEntryTest extends JUnitTestSupport { + private final String host; + private final int port; + private final String comment; + private final String line; + + public KnownHostHashEntryTest(String host, int port, String hashValue, String keyType, String keyData, String comment) { + this.host = host; + this.port = port; + this.comment = comment; + this.line = GenericUtils.join(new Object[]{hashValue, keyType, keyData, comment}, ' '); + } + + @Parameters(name = "{5}") + public static List<Object[]> parameters() { + return Arrays.asList( + // line generated `ssh xenon@localhost hostname` (SSH-2.0-OpenSSH_7.5) + new Object[] { + "localhost", ConfigFileReaderSupport.DEFAULT_PORT, + "|1|vLQs+atPgodQmPes21ZaMSgLD0s=|A2K2Ym0ZPtQmD8kB3FVViQvQ7qQ=", "ecdsa-sha2-nistp256", + "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJTsDTYFSYyRMlOec6JBfC8dEFqHNNWu7n8N0niS1zmHpggX+L4cndxhJPE0ILi9otHO7h0mp0cmqqho2tsX8lc=", + "xenon@localhost" + }, + // line generated `ssh xenon@localhost -p 10022 hostname` (SSH-2.0-OpenSSH_7.5) + new Object[] { + "localhost", 10022, + "|1|qhjoqX12EcnwZO3KNbpoFbxrdYE=|J+voEFzRbRL49TiHV+jbUfaS+kg=", "ecdsa-sha2-nistp256", + "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJTsDTYFSYyRMlOec6JBfC8dEFqHNNWu7n8N0niS1zmHpggX+L4cndxhJPE0ILi9otHO7h0mp0cmqqho2tsX8lc=", + "xenon@localhost:10022" + }); + } + + @Test + public void testHostHashMatchOnSamePort() { + KnownHostEntry entry = KnownHostEntry.parseKnownHostEntry(line); + assertTrue(entry.isHostMatch(host, port)); + } + + @Test + public void testHostHashNotMatchOnDifferentPort() { + KnownHostEntry entry = KnownHostEntry.parseKnownHostEntry(line); + assertFalse(entry.isHostMatch(host, port / 2)); + } + + @Test + public void testHostHashMatchOnDefaultPort() { + Assume.assumeTrue("No-default port used", port == ConfigFileReaderSupport.DEFAULT_PORT); + KnownHostEntry entry = KnownHostEntry.parseKnownHostEntry(line); + assertTrue(entry.isHostMatch(host, 0)); + } + + @Override + public String toString() { + return getClass().getSimpleName() + "[" + comment + "]"; + } +} http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/326725da/sshd-common/src/test/java/org/apache/sshd/client/config/hosts/KnownHostHashValueTest.java ---------------------------------------------------------------------- diff --git a/sshd-common/src/test/java/org/apache/sshd/client/config/hosts/KnownHostHashValueTest.java b/sshd-common/src/test/java/org/apache/sshd/client/config/hosts/KnownHostHashValueTest.java index 80d58d0..4f2bf0d 100644 --- a/sshd-common/src/test/java/org/apache/sshd/client/config/hosts/KnownHostHashValueTest.java +++ b/sshd-common/src/test/java/org/apache/sshd/client/config/hosts/KnownHostHashValueTest.java @@ -54,8 +54,13 @@ public class KnownHostHashValueTest extends JUnitTestSupport { @Parameters(name = "host={0}, hash={1}") public static Collection<Object[]> parameters() { - return Arrays.<Object[]>asList( - (Object[]) new String[]{"192.168.1.61", "|1|F1E1KeoE/eEWhi10WpGv4OdiO6Y=|3988QV0VE8wmZL7suNrYQLITLCg="}); + return Arrays.asList( + // line generated `ssh xenon@localhost -p 10022 hostname` (SSH-2.0-OpenSSH_7.5) + new String[]{"[localhost]:10022", "|1|qhjoqX12EcnwZO3KNbpoFbxrdYE=|J+voEFzRbRL49TiHV+jbUfaS+kg="}, + // line generated `ssh xenon@localhost hostname` (SSH-2.0-OpenSSH_7.5) + new String[]{"localhost", "|1|vLQs+atPgodQmPes21ZaMSgLD0s=|A2K2Ym0ZPtQmD8kB3FVViQvQ7qQ="}, + new String[]{"192.168.1.61", "|1|F1E1KeoE/eEWhi10WpGv4OdiO6Y=|3988QV0VE8wmZL7suNrYQLITLCg="} + ); } @Test @@ -76,4 +81,9 @@ public class KnownHostHashValueTest extends JUnitTestSupport { byte[] actual = KnownHostHashValue.calculateHashValue(hostName, hash.getDigester(), hash.getSaltValue()); assertArrayEquals("Mismatched hash value", expected, actual); } + + @Override + public String toString() { + return getClass().getSimpleName() + "[host=" + hostName + ", hashValue=" + hashValue + "]"; + } } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/326725da/sshd-core/src/test/resources/org/apache/sshd/client/keyverifier/known_hosts ---------------------------------------------------------------------- diff --git a/sshd-core/src/test/resources/org/apache/sshd/client/keyverifier/known_hosts b/sshd-core/src/test/resources/org/apache/sshd/client/keyverifier/known_hosts index f842391..fe17f97 100644 --- a/sshd-core/src/test/resources/org/apache/sshd/client/keyverifier/known_hosts +++ b/sshd-core/src/test/resources/org/apache/sshd/client/keyverifier/known_hosts @@ -12,4 +12,4 @@ server.sshd.apache.org,10.23.222.240 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbml |1|F1E1KeoE/eEWhi10WpGv4OdiO6Y=|3988QV0VE8wmZL7suNrYQLITLCg= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2KFr3GqL/3yXY2bAwRGGDxl/qLuE9qdx20+DMh5oAZPpwprlUnlxLm+ikimwn65Z0KeUyfofYKt+vc3rl1k2mDqyG8DqHeH0C+uFBbom0fthX7PRiQr2T9SOzSodjowZuBHlWIfgtcZI0bygX+GlKaAq00l4yCoe1xUTCRd2ZVyNuB1nozcFI+sUzdeKfaxvuyvbccG4tOx06HDryNdxW2e99bsAhLAg7d8xciOeb4PCAI1USg83dt0wVZE9VJbnRnoZ2y/DaQCJtBJ8t8uNLVdggakydDzQuglyd4dYRxeU7t4TEw6wsfXPB0kqdecd0Llspjx0ciEY/BbycdiApw== comment-hashed-host # non-standard port overrides -[issues.apache.org]:5637 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCWDHD00Ltb5fmmL9cFLTqWqxgJHwsxbiZgL632CXqbDmf69wA+8GSP96rtIix2d5aGXyh/kXMbSMjPgIx+n7p0= \ No newline at end of file +[issues.apache.org]:5637 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCWDHD00Ltb5fmmL9cFLTqWqxgJHwsxbiZgL632CXqbDmf69wA+8GSP96rtIix2d5aGXyh/kXMbSMjPgIx+n7p0=
