[sshd] access to identity in custom shell?

[Frank van der Kleij <kl...@hotmail.com>]

Hi,
I am trying to integrate my custom shell (that is based on Apache Commons VFS) in the sshd server. It starts to take form but I have some trouble.
I have created a custom PasswordAuthenticator that I give a path that points to a Virtual File System. When it authenticates the user it returns a handle to a FileObject that represents the root directory as Identity.
I also created a custom ShellFactory and custom Shell. In my shell I should initialize the current directory by giving it a FileObject that contains the authentication information. 
So I would need to have access to the Identity created during the authentication for this. Through the Environment given at the start of the shell I can have access to the username but that is not enough. Would it be possible to add the Identity object to the Environment? Are there better solutions?
Thanks,
Frank  
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

RE: [sshd] access to identity in custom shell?

[Frank van der Kleij <kl...@hotmail.com>]

So the most symmetrical solution would be to pass the ServerSession to the PasswordAuthenticator and to have a SessionAware on the ShellFactory. Passing around the Identity would be done using session attributes.
Not touching the PasswordAuthenticator interface but letting the UserAuthPassword store the Identity in the ServerSession would be less invasive, but would force the Identity concept onto everybody.
For me the Identity concept could be a little stronger in the model, but it seems no one else needs it.
I'll work on the symmetrical solution and propose it as a patch when finished.
Thanks


_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Re: [sshd] access to identity in custom shell?

[Shawn Pearce <so...@google.com>]

On Sun, Jul 12, 2009 at 05:47, Frank van der Kleij<kl...@hotmail.com> wrote:
> I am trying to integrate my custom shell (that is based on Apache Commons VFS) in the sshd server. It starts to take form but I have some trouble.
> I have created a custom PasswordAuthenticator that I give a path that points to a Virtual File System. When it authenticates the user it returns a handle to a FileObject that represents the root directory as Identity.
> I also created a custom ShellFactory and custom Shell. In my shell I should initialize the current directory by giving it a FileObject that contains the authentication information.
> So I would need to have access to the Identity created during the authentication for this. Through the Environment given at the start of the shell I can have access to the username but that is not enough. Would it be possible to add the Identity object to the Environment? Are there better solutions?

Huh.

So there really isn't a great way to do this right now.  The returned
Identity object is apparently discarded by the server; its only used
to indicate null (invalid auth) and not-null (valid auth), which makes
one wonder why it is an object and not a boolean.

The API for PublickeyAuthenticator is better defined in my opinion, it
returns boolean, but accepts a ServerSession, which you can attach
attributes to through the AttributeKey and setAttribute methods.  At
least in a Command you can also implement SessionAware and receive
access to the ServerSession, and pull out the attribute object set by
the PublickeyAuthenticator.  Unfortunately there is no equivalent for
Shell, though one could add a reference to the ServerSession into the
Environment object.