You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by lg...@apache.org on 2015/07/28 08:30:12 UTC
[3/3] mina-sshd git commit: [SSHD-543] Consider logging client
session setup with level 'debug'
[SSHD-543] Consider logging client session setup with level 'debug'
Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo
Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/9dbd66ea
Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/9dbd66ea
Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/9dbd66ea
Branch: refs/heads/master
Commit: 9dbd66ea9c8ddfea0d64be16360e99aa281b52ad
Parents: 84f7b62
Author: Lyor Goldstein <lg...@vmware.com>
Authored: Tue Jul 28 09:29:58 2015 +0300
Committer: Lyor Goldstein <lg...@vmware.com>
Committed: Tue Jul 28 09:29:58 2015 +0300
----------------------------------------------------------------------
.../keyverifier/StaticServerKeyVerifier.java | 28 +++++++++++++-------
.../sshd/common/session/AbstractSession.java | 4 +--
.../password/StaticPasswordAuthenticator.java | 17 ++++++++++--
.../pubkey/StaticPublickeyAuthenticator.java | 18 ++++++++++---
4 files changed, 51 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/9dbd66ea/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/StaticServerKeyVerifier.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/StaticServerKeyVerifier.java b/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/StaticServerKeyVerifier.java
index 09111bd..14685f9 100644
--- a/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/StaticServerKeyVerifier.java
+++ b/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/StaticServerKeyVerifier.java
@@ -45,17 +45,27 @@ public abstract class StaticServerKeyVerifier extends AbstractLoggingBean implem
@Override
public final boolean verifyServerKey(ClientSession sshClientSession, SocketAddress remoteAddress, PublicKey serverKey) {
- if (isAccepted()) {
- log.warn("Server at {} presented unverified {} key: {}",
- new Object[]{remoteAddress, (serverKey == null) ? null : serverKey.getAlgorithm(), KeyUtils.getFingerPrint(serverKey)});
- return true;
+ boolean accepted = isAccepted();
+ if (accepted) {
+ handleAcceptance(sshClientSession, remoteAddress, serverKey);
} else {
- if (log.isDebugEnabled()) {
- log.debug("Reject server {} unverified {} key: {}",
- new Object[]{remoteAddress, (serverKey == null) ? null : serverKey.getAlgorithm(), KeyUtils.getFingerPrint(serverKey)});
- }
+ handleRejection(sshClientSession, remoteAddress, serverKey);
+ }
+
+ return accepted;
+ }
- return false;
+ protected void handleAcceptance(ClientSession sshClientSession, SocketAddress remoteAddress, PublicKey serverKey) {
+ // accepting without really checking is dangerous, thus the warning
+ log.warn("Server at {} presented unverified {} key: {}",
+ remoteAddress, (serverKey == null) ? null : serverKey.getAlgorithm(), KeyUtils.getFingerPrint(serverKey));
+ }
+
+ protected void handleRejection(ClientSession sshClientSession, SocketAddress remoteAddress, PublicKey serverKey) {
+ if (log.isDebugEnabled()) {
+ log.debug("Reject server {} unverified {} key: {}",
+ remoteAddress, (serverKey == null) ? null : serverKey.getAlgorithm(), KeyUtils.getFingerPrint(serverKey));
}
}
+
}
http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/9dbd66ea/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java b/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java
index acf0c2f..ba4ac67 100644
--- a/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java
+++ b/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java
@@ -589,7 +589,7 @@ public abstract class AbstractSession extends CloseableUtils.AbstractInnerClosea
public IoWriteFuture writePacket(Buffer buffer, final long timeout, final TimeUnit unit) throws IOException {
final IoWriteFuture writeFuture = writePacket(buffer);
final DefaultSshFuture<IoWriteFuture> future = (DefaultSshFuture<IoWriteFuture>) writeFuture;
- ScheduledExecutorService executor = factoryManager.getScheduledExecutorService();
+ ScheduledExecutorService executor = factoryManager.getScheduledExecutorService();
final ScheduledFuture<?> sched = executor.schedule(new Runnable() {
@SuppressWarnings("synthetic-access")
@Override
@@ -1202,7 +1202,7 @@ public abstract class AbstractSession extends CloseableUtils.AbstractInnerClosea
@Override
public void disconnect(int reason, String msg) throws IOException {
- log.info("Disconnecting: {} - {}", Integer.valueOf(reason), msg);
+ log.info("Disconnecting: {} - {}", reason, msg);
Buffer buffer = createBuffer(SshConstants.SSH_MSG_DISCONNECT);
buffer.putInt(reason);
buffer.putString(msg);
http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/9dbd66ea/sshd-core/src/main/java/org/apache/sshd/server/auth/password/StaticPasswordAuthenticator.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/main/java/org/apache/sshd/server/auth/password/StaticPasswordAuthenticator.java b/sshd-core/src/main/java/org/apache/sshd/server/auth/password/StaticPasswordAuthenticator.java
index 30ad31e..fad2ea8 100644
--- a/sshd-core/src/main/java/org/apache/sshd/server/auth/password/StaticPasswordAuthenticator.java
+++ b/sshd-core/src/main/java/org/apache/sshd/server/auth/password/StaticPasswordAuthenticator.java
@@ -38,10 +38,23 @@ public class StaticPasswordAuthenticator extends AbstractLoggingBean implements
@Override
public final boolean authenticate(String username, String password, ServerSession session) {
boolean accepted = isAccepted();
- if (log.isDebugEnabled()) {
- log.debug("authenticate({}[{}]: {}", username, session, accepted);
+ if (accepted) {
+ handleAcceptance(username, password, session);
+ } else {
+ handleRejection(username, password, session);
}
return accepted;
}
+
+ protected void handleAcceptance(String username, String password, ServerSession session) {
+ // accepting without really checking is dangerous, thus the warning
+ log.warn("authenticate({}[{}]: accepted without checking", username, session);
+ }
+
+ protected void handleRejection(String username, String password, ServerSession session) {
+ if (log.isDebugEnabled()) {
+ log.debug("authenticate({}[{}]: rejected", username, session);
+ }
+ }
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/9dbd66ea/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/StaticPublickeyAuthenticator.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/StaticPublickeyAuthenticator.java b/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/StaticPublickeyAuthenticator.java
index d760f1d..29f7a57 100644
--- a/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/StaticPublickeyAuthenticator.java
+++ b/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/StaticPublickeyAuthenticator.java
@@ -41,11 +41,23 @@ public abstract class StaticPublickeyAuthenticator extends AbstractLoggingBean i
@Override
public final boolean authenticate(String username, PublicKey key, ServerSession session) {
boolean accepted = isAccepted();
- if (log.isDebugEnabled()) {
- log.debug("authenticate({}[{}][{}][{}]: {}",
- username, session, key.getAlgorithm(), KeyUtils.getFingerPrint(key), accepted);
+ if (accepted) {
+ handleAcceptance(username, key, session);
}
return accepted;
}
+
+ protected void handleAcceptance(String username, PublicKey key, ServerSession session) {
+ // accepting without really checking is dangerous, thus the warning
+ log.warn("authenticate({}[{}][{}][{}]: accepted without checking",
+ username, session, key.getAlgorithm(), KeyUtils.getFingerPrint(key));
+ }
+
+ protected void handleRejection(String username, PublicKey key, ServerSession session) {
+ if (log.isDebugEnabled()) {
+ log.debug("authenticate({}[{}][{}][{}]: rejected",
+ username, session, key.getAlgorithm(), KeyUtils.getFingerPrint(key));
+ }
+ }
}
\ No newline at end of file