opendev/gerrit
Code Issues Proposed changes

Update Apache SSHD to 2.4

Browse Source 
Change-Id: If15bbf1a25b9125f08b38077b01ba52245080d70
This commit is contained in:
David Ostrovsky
2020-03-07 08:21:47 +01:00
parent 14dc9850db
commit 3cb2456406
2 changed files with 19 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
java/com/google/gerrit/sshd/SshDaemon.java
View File

@@ -67,6 +67,7 @@ import java.util.concurrent.atomic.AtomicInteger;
import org.apache.mina.transport.socket.SocketSessionConfig; import org.apache.mina.transport.socket.SocketSessionConfig;
import org.apache.sshd.common.BaseBuilder; import org.apache.sshd.common.BaseBuilder;
import org.apache.sshd.common.NamedFactory; import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.cipher.Cipher; import org.apache.sshd.common.cipher.Cipher;
import org.apache.sshd.common.compression.BuiltinCompressions; import org.apache.sshd.common.compression.BuiltinCompressions;
import org.apache.sshd.common.compression.Compression; import org.apache.sshd.common.compression.Compression;
@@ -79,7 +80,7 @@ import org.apache.sshd.common.io.IoSession;
import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory; import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
import org.apache.sshd.common.io.mina.MinaSession; import org.apache.sshd.common.io.mina.MinaSession;
import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory; import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
import org.apache.sshd.common.kex.KeyExchange; import org.apache.sshd.common.kex.KeyExchangeFactory;
import org.apache.sshd.common.keyprovider.KeyPairProvider; import org.apache.sshd.common.keyprovider.KeyPairProvider;
import org.apache.sshd.common.mac.Mac; import org.apache.sshd.common.mac.Mac;
import org.apache.sshd.common.random.Random; import org.apache.sshd.common.random.Random;
@@ -92,7 +93,7 @@ import org.apache.sshd.common.util.net.SshdSocketAddress;
import org.apache.sshd.common.util.security.SecurityUtils; import org.apache.sshd.common.util.security.SecurityUtils;
import org.apache.sshd.server.ServerBuilder; import org.apache.sshd.server.ServerBuilder;
import org.apache.sshd.server.SshServer; import org.apache.sshd.server.SshServer;
import org.apache.sshd.server.auth.UserAuth; import org.apache.sshd.server.auth.UserAuthFactory;
import org.apache.sshd.server.auth.gss.GSSAuthenticator; import org.apache.sshd.server.auth.gss.GSSAuthenticator;
import org.apache.sshd.server.auth.gss.UserAuthGSSFactory; import org.apache.sshd.server.auth.gss.UserAuthGSSFactory;
import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator; import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
@@ -438,11 +439,9 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
return r.toString(); return r.toString();
} }
@SuppressWarnings("unchecked")
private void initKeyExchanges(Config cfg) { private void initKeyExchanges(Config cfg) {
List<NamedFactory<KeyExchange>> a = ServerBuilder.setUpDefaultKeyExchanges(true); List<KeyExchangeFactory> a = ServerBuilder.setUpDefaultKeyExchanges(true);
setKeyExchangeFactories( setKeyExchangeFactories(filter(cfg, "kex", a.toArray(new KeyExchangeFactory[a.size()])));
filter(cfg, "kex", (NamedFactory<KeyExchange>[]) a.toArray(new NamedFactory<?>[a.size()])));
} }
private void initProviderBouncyCastle(Config cfg) { private void initProviderBouncyCastle(Config cfg) {
@@ -554,17 +553,16 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
} }
@SafeVarargs @SafeVarargs
private static <T> List<NamedFactory<T>> filter( private static <T extends NamedResource> List<T> filter(Config cfg, String key, T... avail) {
final Config cfg, String key, NamedFactory<T>... avail) { List<T> def = new ArrayList<>();
final ArrayList<NamedFactory<T>> def = new ArrayList<>(); for (T n : avail) {
for (NamedFactory<T> n : avail) {
if (n == null) { if (n == null) {
break; break;
} }
def.add(n); def.add(n);
} }
final String[] want = cfg.getStringList("sshd", null, key); String[] want = cfg.getStringList("sshd", null, key);
if (want == null || want.length == 0) { if (want == null || want.length == 0) {
return def; return def;
} }
@@ -583,9 +581,9 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
def.clear(); def.clear();
} }
final NamedFactory<T> n = find(name, avail); T n = find(name, avail);
if (n == null) { if (n == null) {
final StringBuilder msg = new StringBuilder(); StringBuilder msg = new StringBuilder();
msg.append("sshd.").append(key).append(" = ").append(name).append(" unsupported; only "); msg.append("sshd.").append(key).append(" = ").append(name).append(" unsupported; only ");
for (int i = 0; i < avail.length; i++) { for (int i = 0; i < avail.length; i++) {
if (avail[i] == null) { if (avail[i] == null) {
@@ -611,8 +609,8 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
} }
@SafeVarargs @SafeVarargs
private static <T> NamedFactory<T> find(String name, NamedFactory<T>... avail) { private static <T extends NamedResource> T find(String name, T... avail) {
for (NamedFactory<T> n : avail) { for (T n : avail) {
if (n != null && name.equals(n.getName())) { if (n != null && name.equals(n.getName())) {
return n; return n;
} }
@@ -621,8 +619,7 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
} }
private void initSignatures() { private void initSignatures() {
setSignatureFactories( setSignatureFactories(ServerBuilder.setUpDefaultSignatureFactories(false));
NamedFactory.setUpBuiltinFactories(false, ServerBuilder.DEFAULT_SIGNATURE_PREFERENCE));
} }
private void initCompression(boolean enableCompression) { private void initCompression(boolean enableCompression) {
@@ -669,7 +666,7 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
final GSSAuthenticator kerberosAuthenticator, final GSSAuthenticator kerberosAuthenticator,
String kerberosKeytab, String kerberosKeytab,
String kerberosPrincipal) { String kerberosPrincipal) {
List<NamedFactory<UserAuth>> authFactories = new ArrayList<>(); List<UserAuthFactory> authFactories = new ArrayList<>();
if (kerberosKeytab != null) { if (kerberosKeytab != null) {
authFactories.add(UserAuthGSSFactory.INSTANCE); authFactories.add(UserAuthGSSFactory.INSTANCE);
logger.atInfo().log("Enabling kerberos with keytab %s", kerberosKeytab); logger.atInfo().log("Enabling kerberos with keytab %s", kerberosKeytab);

8
tools/nongoogle.bzl
View File

@@ -27,18 +27,18 @@ def declare_nongoogle_deps():
sha1 = "12d3de920c85a3667712877066f93e713c733977", sha1 = "12d3de920c85a3667712877066f93e713c733977",
) )
SSHD_VERS = "2.3.0" SSHD_VERS = "2.4.0"
maven_jar( maven_jar(
name = "sshd", name = "sshd",
artifact = "org.apache.sshd:sshd-core:" + SSHD_VERS, artifact = "org.apache.sshd:sshd-core:" + SSHD_VERS,
sha1 = "21aeea9deba96c9b81ea0935fa4fac61aa3cf646", sha1 = "102eefb7e195aae25096f54f2398e54cb0fe839c",
) )
maven_jar( maven_jar(
name = "sshd-common", name = "sshd-common",
artifact = "org.apache.sshd:sshd-common:" + SSHD_VERS, artifact = "org.apache.sshd:sshd-common:" + SSHD_VERS,
sha1 = "8b6e3baaa0d35b547696965eef3e62477f5e74c9", sha1 = "017be0597f41449518762fc529c707148007f4bc",
) )
maven_jar( maven_jar(
@@ -56,7 +56,7 @@ def declare_nongoogle_deps():
maven_jar( maven_jar(
name = "sshd-mina", name = "sshd-mina",
artifact = "org.apache.sshd:sshd-mina:" + SSHD_VERS, artifact = "org.apache.sshd:sshd-mina:" + SSHD_VERS,
sha1 = "55dc0830dfcbceba01f9460812ee454978a15fe8", sha1 = "8aa8715d07bd61ad8315df66d43c0c04b1b755c8",
) )
# elasticsearch-rest-client explicitly depends on this version # elasticsearch-rest-client explicitly depends on this version