This is an automated email from the ASF dual-hosted git repository. gnodet pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
The following commit(s) were added to refs/heads/master by this push: new 675c79e Record which AuthorizedKeyEntry is used to authenticate 675c79e is described below commit 675c79e4e2821481d5a6def689d29ca46adba09f Author: w <none> AuthorDate: Sun Oct 6 19:47:23 2019 -0700 Record which AuthorizedKeyEntry is used to authenticate # Conflicts: # sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/PublickeyAuthenticator.java --- ...AuthorizedKeyEntriesPublickeyAuthenticator.java | 109 +++++++++++++++++++++ .../server/auth/pubkey/PublickeyAuthenticator.java | 6 +- 2 files changed, 111 insertions(+), 4 deletions(-) diff --git a/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/AuthorizedKeyEntriesPublickeyAuthenticator.java b/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/AuthorizedKeyEntriesPublickeyAuthenticator.java new file mode 100644 index 0000000..0967a28 --- /dev/null +++ b/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/AuthorizedKeyEntriesPublickeyAuthenticator.java @@ -0,0 +1,109 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.server.auth.pubkey; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.PublicKey; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +import org.apache.sshd.common.AttributeRepository; +import org.apache.sshd.common.config.keys.AuthorizedKeyEntry; +import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.config.keys.PublicKeyEntryResolver; +import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.logging.AbstractLoggingBean; +import org.apache.sshd.server.session.ServerSession; + +/** + * Checks against a {@link Collection} of {@link AuthorizedKeyEntry}s + * + * Records the matched entry under a session attribute. + */ +public class AuthorizedKeyEntriesPublickeyAuthenticator extends AbstractLoggingBean implements PublickeyAuthenticator { + public static final AttributeRepository.AttributeKey<AuthorizedKeyEntry> AUTHORIZED_KEY = new AttributeRepository.AttributeKey<>(); + + private Map<AuthorizedKeyEntry, PublicKey> resolvedKeys; + private Object id; + + public AuthorizedKeyEntriesPublickeyAuthenticator( + Object id, ServerSession session, + Collection<? extends AuthorizedKeyEntry> entries, + PublicKeyEntryResolver fallbackResolver) + throws IOException, GeneralSecurityException { + this.id = id; + int numEntries = GenericUtils.size(entries); + if (numEntries <= 0) { + resolvedKeys = Collections.emptyMap(); + } else { + resolvedKeys = new HashMap<>(numEntries); + for (AuthorizedKeyEntry e : entries) { + Map<String, String> headers = e.getLoginOptions(); + PublicKey k = e.resolvePublicKey(session, headers, fallbackResolver); + if (k != null) { + resolvedKeys.put(e, k); + } + } + } + } + + /** + * @return Some kind of mnemonic identifier for the authenticator - used also in {@code toString()} + */ + public Object getId() { + return id; + } + + @Override + public boolean authenticate(String username, PublicKey key, ServerSession session) { + if (GenericUtils.isEmpty(resolvedKeys)) { + if (log.isDebugEnabled()) { + log.debug("authenticate(" + username + ")[" + session + "] no entries"); + } + + return false; + } + + for (Map.Entry<AuthorizedKeyEntry, PublicKey> e : resolvedKeys.entrySet()) { + if (KeyUtils.compareKeys(key, e.getValue())) { + if (log.isDebugEnabled()) { + log.debug("authenticate(" + username + ")[" + session + "] match found"); + } + if (session != null) { + session.setAttribute(AUTHORIZED_KEY, e.getKey()); + } + return true; + } + } + + if (log.isDebugEnabled()) { + log.debug("authenticate(" + username + ")[" + session + "] match not found"); + } + return false; + } + + @Override + public String toString() { + return Objects.toString(getId()); + } +} diff --git a/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/PublickeyAuthenticator.java b/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/PublickeyAuthenticator.java index 6902b57..45767f0 100644 --- a/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/PublickeyAuthenticator.java +++ b/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/PublickeyAuthenticator.java @@ -24,7 +24,6 @@ import java.security.PublicKey; import java.util.Collection; import org.apache.sshd.common.config.keys.AuthorizedKeyEntry; -import org.apache.sshd.common.config.keys.PublicKeyEntry; import org.apache.sshd.common.config.keys.PublicKeyEntryResolver; import org.apache.sshd.common.util.GenericUtils; import org.apache.sshd.server.auth.AsyncAuthException; @@ -65,11 +64,10 @@ public interface PublickeyAuthenticator { Collection<? extends AuthorizedKeyEntry> entries, PublicKeyEntryResolver fallbackResolver) throws IOException, GeneralSecurityException { - Collection<PublicKey> keys = PublicKeyEntry.resolvePublicKeyEntries(session, entries, fallbackResolver); - if (GenericUtils.isEmpty(keys)) { + if (GenericUtils.isEmpty(entries)) { return RejectAllPublickeyAuthenticator.INSTANCE; } else { - return new KeySetPublickeyAuthenticator(id, keys); + return new AuthorizedKeyEntriesPublickeyAuthenticator(id, session, entries, fallbackResolver); } } }