You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by gn...@apache.org on 2015/02/11 17:39:50 UTC
mina-sshd git commit: [SSHD-372] Server doesn't reject connections
that don't send client identification, has to time out
Repository: mina-sshd
Updated Branches:
refs/heads/master 0ebd488da -> 709aa9327
[SSHD-372] Server doesn't reject connections that don't send client identification, has to time out
Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo
Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/709aa932
Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/709aa932
Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/709aa932
Branch: refs/heads/master
Commit: 709aa932748d5f6fe28b1d0bdb9d8f6659245694
Parents: 0ebd488
Author: Guillaume Nodet <gn...@apache.org>
Authored: Wed Feb 11 17:39:37 2015 +0100
Committer: Guillaume Nodet <gn...@apache.org>
Committed: Wed Feb 11 17:39:37 2015 +0100
----------------------------------------------------------------------
.../sshd/client/session/ClientSessionImpl.java | 2 +-
.../sshd/common/session/AbstractSession.java | 6 +++---
.../sshd/server/session/ServerSession.java | 19 ++++++++++++++-----
.../org/apache/sshd/AbstractSessionTest.java | 2 +-
4 files changed, 19 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/709aa932/sshd-core/src/main/java/org/apache/sshd/client/session/ClientSessionImpl.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/main/java/org/apache/sshd/client/session/ClientSessionImpl.java b/sshd-core/src/main/java/org/apache/sshd/client/session/ClientSessionImpl.java
index 9309674..7d9a8c9 100644
--- a/sshd-core/src/main/java/org/apache/sshd/client/session/ClientSessionImpl.java
+++ b/sshd-core/src/main/java/org/apache/sshd/client/session/ClientSessionImpl.java
@@ -350,7 +350,7 @@ public class ClientSessionImpl extends AbstractSession implements ClientSession
}
protected boolean readIdentification(Buffer buffer) throws IOException {
- serverVersion = doReadIdentification(buffer);
+ serverVersion = doReadIdentification(buffer, false);
if (serverVersion == null) {
return false;
}
http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/709aa932/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java b/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java
index a0b16c1..6c342a9 100644
--- a/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java
+++ b/sshd-core/src/main/java/org/apache/sshd/common/session/AbstractSession.java
@@ -807,7 +807,7 @@ public abstract class AbstractSession extends CloseableUtils.AbstractInnerClosea
/**
* Read the other side identification.
* This method is specific to the client or server side, but both should call
- * {@link #doReadIdentification(org.apache.sshd.common.util.Buffer)} and
+ * {@link #doReadIdentification(org.apache.sshd.common.util.Buffer,boolean)} and
* store the result in the needed property.
*
* @param buffer the buffer containing the remote identification
@@ -826,7 +826,7 @@ public abstract class AbstractSession extends CloseableUtils.AbstractInnerClosea
* @param buffer the buffer containing the identification string
* @return the remote identification or <code>null</code> if more data is needed
*/
- protected String doReadIdentification(Buffer buffer) {
+ protected String doReadIdentification(Buffer buffer, boolean server) {
byte[] data = new byte[256];
for (;;) {
int rpos = buffer.rpos();
@@ -855,7 +855,7 @@ public abstract class AbstractSession extends CloseableUtils.AbstractInnerClosea
data[pos++] = b;
}
String str = new String(data, 0, pos);
- if (str.startsWith("SSH-")) {
+ if (server || str.startsWith("SSH-")) {
return str;
}
if (buffer.rpos() > 16 * 1024) {
http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/709aa932/sshd-core/src/main/java/org/apache/sshd/server/session/ServerSession.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/main/java/org/apache/sshd/server/session/ServerSession.java b/sshd-core/src/main/java/org/apache/sshd/server/session/ServerSession.java
index 377171c..4799c69 100644
--- a/sshd-core/src/main/java/org/apache/sshd/server/session/ServerSession.java
+++ b/sshd-core/src/main/java/org/apache/sshd/server/session/ServerSession.java
@@ -28,7 +28,9 @@ import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.ServiceFactory;
import org.apache.sshd.common.SshConstants;
import org.apache.sshd.common.SshException;
+import org.apache.sshd.common.future.SshFutureListener;
import org.apache.sshd.common.io.IoSession;
+import org.apache.sshd.common.io.IoWriteFuture;
import org.apache.sshd.common.session.AbstractSession;
import org.apache.sshd.common.util.Buffer;
import org.apache.sshd.server.ServerFactoryManager;
@@ -52,8 +54,6 @@ public class ServerSession extends AbstractSession {
maxKeyInterval = getLongProperty(ServerFactoryManager.REKEY_TIME_LIMIT, maxKeyInterval);
log.info("Server session created from {}", ioSession.getRemoteAddress());
sendServerIdentification();
- kexState.set(KEX_STATE_INIT);
- sendKexInit();
}
public String getNegotiated(int index) {
@@ -150,14 +150,23 @@ public class ServerSession extends AbstractSession {
}
protected boolean readIdentification(Buffer buffer) throws IOException {
- clientVersion = doReadIdentification(buffer);
+ clientVersion = doReadIdentification(buffer, true);
if (clientVersion == null) {
return false;
}
log.debug("Client version string: {}", clientVersion);
if (!clientVersion.startsWith("SSH-2.0-")) {
- throw new SshException(SshConstants.SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED,
- "Unsupported protocol version: " + clientVersion);
+ String msg = "Unsupported protocol version: " + clientVersion;
+ ioSession.write(new Buffer((msg + "\n").getBytes())).addListener(new SshFutureListener<IoWriteFuture>() {
+ @Override
+ public void operationComplete(IoWriteFuture future) {
+ close(true);
+ }
+ });
+ throw new SshException(msg);
+ } else {
+ kexState.set(KEX_STATE_INIT);
+ sendKexInit();
}
return true;
}
http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/709aa932/sshd-core/src/test/java/org/apache/sshd/AbstractSessionTest.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/test/java/org/apache/sshd/AbstractSessionTest.java b/sshd-core/src/test/java/org/apache/sshd/AbstractSessionTest.java
index 5a919ea..38a4018 100644
--- a/sshd-core/src/test/java/org/apache/sshd/AbstractSessionTest.java
+++ b/sshd-core/src/test/java/org/apache/sshd/AbstractSessionTest.java
@@ -113,7 +113,7 @@ public class AbstractSessionTest extends BaseTest {
return false;
}
public String doReadIdentification(Buffer buffer) {
- return super.doReadIdentification(buffer);
+ return super.doReadIdentification(buffer, false);
}
@Override
protected void sendKexInit() throws IOException {