Hi Guillaume,
I was unsuccessful in finding some minimum code to reproduce the problem.
In the simple cases like
Policy.setPolicy(new Policy() {
@Override
public PermissionCollection getPermissions(ProtectionDomain
domain) {
PermissionCollection result = new Permissions();
result.add(new AllPermission());
return result;
}
});
System.setSecurityManager(new SecurityManager());
SshServer sshd = SshServer.setUpDefaultServer();
sshd.setKeyPairProvider(new
SimpleGeneratorHostKeyProvider("hostkey.ser"));
sshd.setPasswordAuthenticator(new MyPasswordAuthenticator());
sshd.setPort(9022);
sshd.setShellFactory(new MyFactory());
sshd.start();
things behave as expected. So till I have time to investigate what really
happens in the OSGi environment where the problem occurs I will stick to
version 0.8.0.
Cheres,
Reto
On Mon, May 19, 2014 at 3:42 PM, Guillaume Nodet <[email protected]> wrote:
> Sorry, but your syntax is difficult to understand.
> Fwiw, SSHD does nothing with permissions whatsoever. There are a few
> static code blocks, but none of them try to access any files.
>
>
> 2014-05-19 15:21 GMT+02:00 Reto Gmür <[email protected]>:
>
> > If the getPermissions(ProtectionDomain) method of the policy object set
> > long before any mina code gets called would be invoked when the
> permission
> > is checked this would return a PermissionCollection with a single
> > AllPermissions() instance. The problem is that this method never gets
> > invoked. Things are working with versions <= 0.8.0 even though the sshd
> > obviously needs to access the same key file.
> >
> > Cheers,
> > Reto
> >
> >
> > On Mon, May 19, 2014 at 3:07 PM, Guillaume Nodet <[email protected]>
> > wrote:
> >
> > > I'm not really sure what you're talking about, but if you run under a
> > > security manager, you need to ensure that the sshd code is granted
> > correct
> > > permissions.
> > > In particular, the use of the key pair provider configure to load host
> > keys
> > > from a file requires a file read permission on the given file.
> > >
> > >
> > > 2014-05-19 14:59 GMT+02:00 Reto Gmür <[email protected]>:
> > >
> > > > Hello
> > > >
> > > > Attempting to updated sshd I've noticed that for version > 0.8.0 I'm
> > > > getting an AccessControlException (see below) in the Nio2Acceptor. It
> > > seems
> > > > that completed the security Policy set with Policy.setPolicy is no
> > longer
> > > > in use. I've no idea what causes this change of security policy and
> how
> > > to
> > > > get around this.
> > > >
> > > > Cheers,
> > > > Reto
> > > >
> > > >
> > > > 19.05.2014 14:36:11.268 *WARN* [pool-2-thread-1]
> > > > org.apache.sshd.common.io.nio2.Nio2Acceptor Caught exception while
> > > > accepting incoming connection java.security.AccessControlException:
> > > access
> > > > denied ("java.io.FilePermission"
> "/home/reto/.clerezza/ssh/hostkey.ser"
> > > > "read")
> > > > at
> > > >
> > > >
> > >
> >
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
> > > > at
> > > >
> > java.security.AccessController.checkPermission(AccessController.java:559)
> > > > at
> > > java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > > > at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> > > > at java.io.File.exists(File.java:808)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider.loadKeys(AbstractGeneratorHostKeyProvider.java:107)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.sshd.common.keyprovider.AbstractKeyPairProvider.getKeyTypes(AbstractKeyPairProvider.java:53)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.sshd.server.session.ServerSession.sendKexInit(ServerSession.java:127)
> > > > at
> > > >
> > >
> >
> org.apache.sshd.server.session.ServerSession.<init>(ServerSession.java:60)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.sshd.server.session.SessionFactory.doCreateSession(SessionFactory.java:43)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.sshd.common.session.AbstractSessionFactory.createSession(AbstractSessionFactory.java:38)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.sshd.common.AbstractSessionIoHandler.sessionCreated(AbstractSessionIoHandler.java:36)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.completed(Nio2Acceptor.java:128)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.completed(Nio2Acceptor.java:109)
> > > > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
> > > > at sun.nio.ch.Invoker$2.run(Invoker.java:218)
> > > > at
> > > >
> > > >
> > >
> >
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
> > > > at
> > > >
> > > >
> > >
> >
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> > > > at
> > > >
> > > >
> > >
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> > > > at java.lang.Thread.run(Thread.java:744)
> > > >
> > >
> >
>
