SshDaemon: Use channel id tracking for unknown reference handler
Extend the functionality of the `DefaultUnknownChannelReferenceHandler`
by tracking the initialized channels identifiers and being lenient only
if command is received for a channel that was initialized in the past.
The code is borrowed from the Apache SSHD Mina project's sshd-contrib
sub-project, moved to the com.google.gerrit.sshd package and run
through google-java-format utility. Slf4j logger was also replaced with
flogger. See this issue: [1] and this CL for more details: [2].
For more safety, protect this experimental feature behind undocumented
configuration option, but enable this option per default.
[1] https://issues.apache.org/jira/browse/SSHD-942
[2] 11b33dee37
Feature: Issue 11572
Change-Id: Ib41c94fc43aca7c4916d40128f03b643cee66d9a
This commit is contained in:
David Ostrovsky
committed by
David Ostrovsky
David Ostrovsky
parent
757709ec82
commit
47a7fc77f4
@@ -0,0 +1,90 @@
|
|||||||
|
/*
|
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
* or more contributor license agreements. See the NOTICE file
|
||||||
|
* distributed with this work for additional information
|
||||||
|
* regarding copyright ownership. The ASF licenses this file
|
||||||
|
* to you under the Apache License, Version 2.0 (the
|
||||||
|
* "License"); you may not use this file except in compliance
|
||||||
|
* with the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This file is based on sshd-contrib Apache SSHD Mina project. Original commit:
|
||||||
|
* https://github.com/apache/mina-sshd/commit/11b33dee37b5b9c71a40a8a98a42007e3687131e
|
||||||
|
*/
|
||||||
|
package com.google.gerrit.sshd;
|
||||||
|
|
||||||
|
import com.google.common.flogger.FluentLogger;
|
||||||
|
import java.io.IOException;
|
||||||
|
import org.apache.sshd.common.AttributeRepository.AttributeKey;
|
||||||
|
import org.apache.sshd.common.SshConstants;
|
||||||
|
import org.apache.sshd.common.channel.Channel;
|
||||||
|
import org.apache.sshd.common.channel.ChannelListener;
|
||||||
|
import org.apache.sshd.common.channel.exception.SshChannelNotFoundException;
|
||||||
|
import org.apache.sshd.common.session.ConnectionService;
|
||||||
|
import org.apache.sshd.common.session.Session;
|
||||||
|
import org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler;
|
||||||
|
import org.apache.sshd.common.util.buffer.Buffer;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Makes sure that the referenced "unknown" channel identifier is one that was assigned in
|
||||||
|
* the past. <B>Note:</B> it relies on the fact that the default {@code ConnectionService}
|
||||||
|
* implementation assigns channels identifiers in ascending order.
|
||||||
|
*
|
||||||
|
* @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
|
||||||
|
*/
|
||||||
|
public class ChannelIdTrackingUnknownChannelReferenceHandler
|
||||||
|
extends DefaultUnknownChannelReferenceHandler implements ChannelListener {
|
||||||
|
private static final FluentLogger logger = FluentLogger.forEnclosingClass();
|
||||||
|
public static final AttributeKey<Integer> LAST_CHANNEL_ID_KEY = new AttributeKey<>();
|
||||||
|
|
||||||
|
public static final ChannelIdTrackingUnknownChannelReferenceHandler TRACKER =
|
||||||
|
new ChannelIdTrackingUnknownChannelReferenceHandler();
|
||||||
|
|
||||||
|
public ChannelIdTrackingUnknownChannelReferenceHandler() {
|
||||||
|
super();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void channelInitialized(Channel channel) {
|
||||||
|
int channelId = channel.getId();
|
||||||
|
Session session = channel.getSession();
|
||||||
|
Integer lastTracked = session.setAttribute(LAST_CHANNEL_ID_KEY, channelId);
|
||||||
|
logger.atFine().log(
|
||||||
|
"channelInitialized(%s) updated last tracked channel ID %s => %s",
|
||||||
|
channel, lastTracked, channelId);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Channel handleUnknownChannelCommand(
|
||||||
|
ConnectionService service, byte cmd, int channelId, Buffer buffer) throws IOException {
|
||||||
|
Session session = service.getSession();
|
||||||
|
Integer lastTracked = session.getAttribute(LAST_CHANNEL_ID_KEY);
|
||||||
|
if ((lastTracked != null) && (channelId <= lastTracked.intValue())) {
|
||||||
|
// Use TRACE level in order to avoid messages flooding
|
||||||
|
logger.atFinest().log(
|
||||||
|
"handleUnknownChannelCommand(%s) apply default handling for %s on channel=%s (lastTracked=%s)",
|
||||||
|
session, SshConstants.getCommandMessageName(cmd), channelId, lastTracked);
|
||||||
|
return super.handleUnknownChannelCommand(service, cmd, channelId, buffer);
|
||||||
|
}
|
||||||
|
|
||||||
|
throw new SshChannelNotFoundException(
|
||||||
|
channelId,
|
||||||
|
"Received "
|
||||||
|
+ SshConstants.getCommandMessageName(cmd)
|
||||||
|
+ " on unassigned channel "
|
||||||
|
+ channelId
|
||||||
|
+ " (last assigned="
|
||||||
|
+ lastTracked
|
||||||
|
+ ")");
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -209,6 +209,7 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
|
|||||||
final boolean enableCompression = cfg.getBoolean("sshd", "enableCompression", false);
|
final boolean enableCompression = cfg.getBoolean("sshd", "enableCompression", false);
|
||||||
|
|
||||||
SshSessionBackend backend = cfg.getEnum("sshd", null, "backend", SshSessionBackend.NIO2);
|
SshSessionBackend backend = cfg.getEnum("sshd", null, "backend", SshSessionBackend.NIO2);
|
||||||
|
boolean channelIdTracking = cfg.getBoolean("sshd", "enableChannelIdTracking", true);
|
||||||
|
|
||||||
System.setProperty(
|
System.setProperty(
|
||||||
IoServiceFactoryFactory.class.getName(),
|
IoServiceFactoryFactory.class.getName(),
|
||||||
@@ -222,7 +223,7 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
|
|||||||
initMacs(cfg);
|
initMacs(cfg);
|
||||||
initSignatures();
|
initSignatures();
|
||||||
initChannels();
|
initChannels();
|
||||||
initUnknownChannelReferenceHandler();
|
initUnknownChannelReferenceHandler(channelIdTracking);
|
||||||
initForwarding();
|
initForwarding();
|
||||||
initFileSystemFactory();
|
initFileSystemFactory();
|
||||||
initSubsystems();
|
initSubsystems();
|
||||||
@@ -653,8 +654,11 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
|
|||||||
setChannelFactories(ServerBuilder.DEFAULT_CHANNEL_FACTORIES);
|
setChannelFactories(ServerBuilder.DEFAULT_CHANNEL_FACTORIES);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void initUnknownChannelReferenceHandler() {
|
private void initUnknownChannelReferenceHandler(boolean enableChannelIdTracking) {
|
||||||
setUnknownChannelReferenceHandler(DefaultUnknownChannelReferenceHandler.INSTANCE);
|
setUnknownChannelReferenceHandler(
|
||||||
|
enableChannelIdTracking
|
||||||
|
? ChannelIdTrackingUnknownChannelReferenceHandler.TRACKER
|
||||||
|
: DefaultUnknownChannelReferenceHandler.INSTANCE);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void initSubsystems() {
|
private void initSubsystems() {
|
||||||
|
|||||||
Reference in New Issue
Block a user