You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by lg...@apache.org on 2020/04/23 14:12:03 UTC
[mina-sshd] branch master updated: [SSHD-745] Allow colon and
percentage as valid host pattern
This is an automated email from the ASF dual-hosted git repository.
lgoldstein pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
The following commit(s) were added to refs/heads/master by this push:
new edb7b3f [SSHD-745] Allow colon and percentage as valid host pattern
edb7b3f is described below
commit edb7b3fe4b0b1d67d42559a9b75cd8c95f87e814
Author: FliegenKLATSCH <ch...@koras.de>
AuthorDate: Thu Apr 23 17:10:44 2020 +0300
[SSHD-745] Allow colon and percentage as valid host pattern
---
.../client/config/hosts/HostPatternsHolder.java | 4 +++-
.../config/keys/loader/openssh/kdf/BCrypt.java | 4 ++--
.../client/config/hosts/HostConfigEntryTest.java | 26 ++++++++++++++++++++--
.../org/apache/sshd/client/keyverifier/known_hosts | 6 +++++
4 files changed, 35 insertions(+), 5 deletions(-)
diff --git a/sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostPatternsHolder.java b/sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostPatternsHolder.java
index 17cc645..ecdd6dd 100644
--- a/sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostPatternsHolder.java
+++ b/sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostPatternsHolder.java
@@ -315,6 +315,8 @@ public abstract class HostPatternsHolder {
* <LI>Underscore (_)</LI>
* <LI>Hyphen (-)</LI>
* <LI>Dot (.)</LI>
+ * <LI>Colon (:)</LI>
+ * <LI>Percent (%) for scoped ipv6</LI>
* <LI>The {@link #WILDCARD_PATTERN}</LI>
* <LI>The {@link #SINGLE_CHAR_PATTERN}</LI>
* </UL>
@@ -335,7 +337,7 @@ public abstract class HostPatternsHolder {
if ((ch >= '0') && (ch <= '9')) {
return true;
}
- if ("-_.".indexOf(ch) >= 0) {
+ if ("-_.:%".indexOf(ch) >= 0) {
return true;
}
return PATTERN_CHARS.indexOf(ch) >= 0;
diff --git a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/BCrypt.java b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/BCrypt.java
index 20a8b76..f5a2834 100644
--- a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/BCrypt.java
+++ b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/BCrypt.java
@@ -17,8 +17,8 @@
// CHECKSTYLE:OFF
package org.apache.sshd.common.config.keys.loader.openssh.kdf;
-// This code comes from https://github.com/kruton/jbcrypt/blob/37a5a77/jbcrypt/src/main/java/org/mindrot/jbcrypt/BCrypt.java .
-// It's available on maven as artifact org.connectbot.jbcrypt:jbcrypt:1.0.0. pbkdf method added 2016 by Kenny Root.
+// This code comes from https://github.com/kruton/jbcrypt/blob/37a5a77/jbcrypt/src/main/java/org/mindrot/jbcrypt/BCrypt.java .
+// It's available on maven as artifact org.connectbot.jbcrypt:jbcrypt:1.0.0. pbkdf method added 2016 by Kenny Root.
// Modifications for Apache MINA sshd: this comment, plus changed the package from org.mindrot.jbcrypt to avoid conflicts.
import java.io.UnsupportedEncodingException;
import java.security.DigestException;
diff --git a/sshd-common/src/test/java/org/apache/sshd/client/config/hosts/HostConfigEntryTest.java b/sshd-common/src/test/java/org/apache/sshd/client/config/hosts/HostConfigEntryTest.java
index d2b5c9b..df9804c 100644
--- a/sshd-common/src/test/java/org/apache/sshd/client/config/hosts/HostConfigEntryTest.java
+++ b/sshd-common/src/test/java/org/apache/sshd/client/config/hosts/HostConfigEntryTest.java
@@ -156,6 +156,28 @@ public class HostConfigEntryTest extends JUnitTestSupport {
}
@Test
+ public void testIPv6AddressSingleCharPatternMatching() {
+ StringBuilder sb = new StringBuilder().append("fe80::7780:db3:a57:6a9");
+ int sbLen = sb.length();
+
+ for (int v = 0; v <= 255; v++) {
+ sb.setLength(sbLen); // start from scratch
+ sb.append(v);
+
+ String address = sb.toString();
+ // replace the added digits with single char pattern
+ for (int index = sbLen; index < sb.length(); index++) {
+ sb.setCharAt(index, HostPatternsHolder.SINGLE_CHAR_PATTERN);
+ }
+
+ String pattern = sb.toString();
+ HostPatternValue pp = HostPatternsHolder.toPattern(pattern);
+ assertTrue("No match for " + address + " on pattern=" + pattern,
+ HostPatternsHolder.isHostMatch(address, 0, Collections.singletonList(pp)));
+ }
+ }
+
+ @Test
public void testIsValidPatternChar() {
for (char ch = '\0'; ch <= ' '; ch++) {
assertFalse("Unexpected valid character (0x" + Integer.toHexString(ch & 0xFF) + ")",
@@ -181,8 +203,8 @@ public class HostConfigEntryTest extends JUnitTestSupport {
for (char ch : new char[] {
'(', ')', '{', '}', '[', ']', '@',
- '#', '$', '^', '&', '%', '~', '<', '>',
- ',', '/', '\\', '\'', '"', ':', ';'
+ '#', '$', '^', '&', '~', '<', '>',
+ ',', '/', '\\', '\'', '"', ';'
}) {
assertFalse("Unexpected valid character: " + Character.toString(ch), HostPatternsHolder.isValidPatternChar(ch));
}
diff --git a/sshd-core/src/test/resources/org/apache/sshd/client/keyverifier/known_hosts b/sshd-core/src/test/resources/org/apache/sshd/client/keyverifier/known_hosts
index fe17f97..50a2944 100644
--- a/sshd-core/src/test/resources/org/apache/sshd/client/keyverifier/known_hosts
+++ b/sshd-core/src/test/resources/org/apache/sshd/client/keyverifier/known_hosts
@@ -13,3 +13,9 @@ server.sshd.apache.org,10.23.222.240 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbml
# non-standard port overrides
[issues.apache.org]:5637 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCWDHD00Ltb5fmmL9cFLTqWqxgJHwsxbiZgL632CXqbDmf69wA+8GSP96rtIix2d5aGXyh/kXMbSMjPgIx+n7p0=
+
+2001:4860:4860::8888 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCWDHD00Ltb5fmmL9cFLTqWqxgJHwsxbiZgL632CXqbDmf69wA+8GSP96rtIix2d5aGXyh/kXMbSMjPgIx+n7p0=
+fe80::7780:db3:a57:6a9 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCWDHD00Ltb5fmmL9cFLTqWqxgJHwsxbiZgL632CXqbDmf69wA+8GSP96rtIix2d5aGXyh/kXMbSMjPgIx+n7p0=
+fe80::7780:db3:a57:6a9%eth0 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCWDHD00Ltb5fmmL9cFLTqWqxgJHwsxbiZgL632CXqbDmf69wA+8GSP96rtIix2d5aGXyh/kXMbSMjPgIx+n7p0=
+::1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCWDHD00Ltb5fmmL9cFLTqWqxgJHwsxbiZgL632CXqbDmf69wA+8GSP96rtIix2d5aGXyh/kXMbSMjPgIx+n7p0=
+[::]:1234 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCWDHD00Ltb5fmmL9cFLTqWqxgJHwsxbiZgL632CXqbDmf69wA+8GSP96rtIix2d5aGXyh/kXMbSMjPgIx+n7p0=