You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by tw...@apache.org on 2021/10/23 23:05:56 UTC
[mina-sshd] 04/05: [SSHD-1218] Use SSH agent only if allowed to
This is an automated email from the ASF dual-hosted git repository.
twolf pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit 12e0b3a6ce441827fdd27f9010f9b19853901744
Author: Thomas Wolf <tw...@apache.org>
AuthorDate: Sat Oct 23 23:43:48 2021 +0200
[SSHD-1218] Use SSH agent only if allowed to
If no default identities are to be used (which is determined by
HostConfigEntry.isIdentitiesOnly()), don't use the SSH agent in
publickey authentication.
---
sshd-core/src/main/java/org/apache/sshd/client/SshClient.java | 2 ++
.../org/apache/sshd/client/auth/pubkey/UserAuthPublicKey.java | 7 +++++++
.../apache/sshd/client/auth/pubkey/UserAuthPublicKeyIterator.java | 8 +++++---
3 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/sshd-core/src/main/java/org/apache/sshd/client/SshClient.java b/sshd-core/src/main/java/org/apache/sshd/client/SshClient.java
index a00954c..015ded1 100644
--- a/sshd-core/src/main/java/org/apache/sshd/client/SshClient.java
+++ b/sshd-core/src/main/java/org/apache/sshd/client/SshClient.java
@@ -51,6 +51,7 @@ import org.apache.sshd.client.auth.password.PasswordAuthenticationReporter;
import org.apache.sshd.client.auth.password.PasswordIdentityProvider;
import org.apache.sshd.client.auth.password.UserAuthPasswordFactory;
import org.apache.sshd.client.auth.pubkey.PublicKeyAuthenticationReporter;
+import org.apache.sshd.client.auth.pubkey.UserAuthPublicKey;
import org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyFactory;
import org.apache.sshd.client.config.hosts.HostConfigEntry;
import org.apache.sshd.client.config.hosts.HostConfigEntryResolver;
@@ -739,6 +740,7 @@ public class SshClient extends AbstractFactoryManager implements ClientFactoryMa
AbstractClientSession session = (AbstractClientSession) AbstractSession.getSession(ioSession);
session.setUsername(username);
session.setConnectAddress(address);
+ session.setAttribute(UserAuthPublicKey.USE_DEFAULT_IDENTITIES, Boolean.valueOf(useDefaultIdentities));
if (useDefaultIdentities) {
setupDefaultSessionIdentities(session, identities);
diff --git a/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKey.java b/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKey.java
index ec0d697..6ec8da5 100644
--- a/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKey.java
+++ b/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKey.java
@@ -34,6 +34,7 @@ import java.util.TreeSet;
import org.apache.sshd.client.auth.AbstractUserAuth;
import org.apache.sshd.client.auth.keyboard.UserInteraction;
import org.apache.sshd.client.session.ClientSession;
+import org.apache.sshd.common.AttributeRepository.AttributeKey;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.RuntimeSshException;
import org.apache.sshd.common.SshConstants;
@@ -57,6 +58,12 @@ import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
public class UserAuthPublicKey extends AbstractUserAuth implements SignatureFactoriesManager {
public static final String NAME = UserAuthPublicKeyFactory.NAME;
+ /**
+ * Is set on a {@link ClientSession} when it is created; if {@link Boolean#FALSE}, no agent or default identities
+ * shall be used.
+ */
+ public static final AttributeKey<Boolean> USE_DEFAULT_IDENTITIES = new AttributeKey<>();
+
protected final Deque<String> currentAlgorithms = new LinkedList<>();
protected Iterator<PublicKeyIdentity> keys;
diff --git a/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKeyIterator.java b/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKeyIterator.java
index 970aa7d..7240f55 100644
--- a/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKeyIterator.java
+++ b/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKeyIterator.java
@@ -56,9 +56,11 @@ public class UserAuthPublicKeyIterator extends AbstractKeyPairIterator<PublicKey
try {
Collection<Iterable<? extends PublicKeyIdentity>> identities = new ArrayList<>(2);
- Iterable<? extends PublicKeyIdentity> agentIds = initializeAgentIdentities(session);
- if (agentIds != null) {
- identities.add(agentIds);
+ if (Boolean.TRUE.equals(session.getAttribute(UserAuthPublicKey.USE_DEFAULT_IDENTITIES))) {
+ Iterable<? extends PublicKeyIdentity> agentIds = initializeAgentIdentities(session);
+ if (agentIds != null) {
+ identities.add(agentIds);
+ }
}
Iterable<? extends PublicKeyIdentity> sessionIds = initializeSessionIdentities(session, signatureFactories);