You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Matthew Pitts (JIRA)" <ji...@apache.org> on 2016/08/30 16:39:20 UTC
[jira] [Created] (SSHD-695) Client - support receiving of banner
prior to auth()
Matthew Pitts created SSHD-695:
----------------------------------
Summary: Client - support receiving of banner prior to auth()
Key: SSHD-695
URL: https://issues.apache.org/jira/browse/SSHD-695
Project: MINA SSHD
Issue Type: Bug
Affects Versions: 1.2.0
Reporter: Matthew Pitts
If an SSHD client receives a SSH_MSG_USERAUTH_BANNER packet from the server immediately after KEX and user-auth SSH_MSG_SERVICE_REQUEST/SSH_MSG_SERVICE_ACCEPT exchanges it can be processed prior to the using code calling ClientSession#auth. This situation leads to AuthFuture being null in ClientUserAuthService#process which results in a validation exception and subsequent short-circuiting of the auth exchange and session communication.
This was discovered testing 1.2.0 against a Cisco ASA device configured with a login banner that shows prior to the user entering credentials.
I can confirmed that the same tests work fine using the below patched process method in ClientUserAuthService which allows for AuthFuture to be null.
{code}
@Override
public void process(int cmd, Buffer buffer) throws Exception {
ClientSession session = getClientSession();
// let authFuture be null (not yet present) for handling packets coming in before
// the client code has auth()'d
AuthFuture authFuture = authFutureHolder.get();
if (authFuture != null && authFuture.isSuccess()) {
throw new IllegalStateException("UserAuth message delivered to authenticated client");
} else if (authFuture != null && authFuture.isDone()) {
if (log.isDebugEnabled()) {
log.debug("process({}) Ignoring random message - cmd={}",
session, SshConstants.getCommandMessageName(cmd));
}
// ignore for now; TODO: random packets
} else if (cmd == SshConstants.SSH_MSG_USERAUTH_BANNER) {
String welcome = buffer.getString();
String lang = buffer.getString();
if (log.isDebugEnabled()) {
log.debug("process({}) Welcome banner(lang={}): {}", session, lang, welcome);
}
UserInteraction ui = session.getUserInteraction();
try {
if ((ui != null) && ui.isInteractionAllowed(session)) {
ui.welcome(session, welcome, lang);
}
} catch (Error e) {
log.warn("process({}) failed ({}) to consult interaction: {}",
session, e.getClass().getSimpleName(), e.getMessage());
if (log.isDebugEnabled()) {
log.debug("process(" + session + ") interaction consultation failure details", e);
}
throw new RuntimeSshException(e);
}
} else {
buffer.rpos(buffer.rpos() - 1);
processUserAuth(buffer);
}
}
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)