opendev/gerrit
Code Issues Proposed changes

SSHD: Prevent double authentication for the same public key

Browse Source 
Openssh client sends two requests, one without a key signature to verify
that the public key is acceptable and the second one with the signature
after having loaded the private key and signed some data for actual
verification.

To prevent that the PublickeyAuthenticator#authenticate is called twice
cache the authentication status for session and public key.  Implement
SessionListener to clean up the cache entry when session is destroyed.

This is a workaround for SSHD bug [1].

[1] https://issues.apache.org/jira/browse/SSHD-300

Inspired-By: Guillaume Nodet <gnodet@apache.org>
Change-Id: Ie8caebd6762125a754c46d821b3c7af2a10edd2b
This commit is contained in:
David Ostrovsky
2014-03-14 23:13:29 +01:00
committed by Shawn Pearce
parent 4e3db18a7d
commit a5959d2216
3 changed files with 83 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
gerrit-sshd/src/main/java/com/google/gerrit/sshd/CachingPublicKeyAuthenticator.java Normal file
View File

@@ -0,0 +1,72 @@
// Copyright (C) 2014 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.sshd;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import org.apache.sshd.common.Session;
import org.apache.sshd.common.SessionListener;
import org.apache.sshd.server.PublickeyAuthenticator;
import org.apache.sshd.server.session.ServerSession;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
@Singleton
public class CachingPublicKeyAuthenticator implements PublickeyAuthenticator,
SessionListener {
private final PublickeyAuthenticator authenticator;
private final Map<ServerSession, Map<PublicKey, Boolean>> sessionCache;
@Inject
public CachingPublicKeyAuthenticator(DatabasePubKeyAuth authenticator) {
this.authenticator = authenticator;
this.sessionCache = new ConcurrentHashMap<>();
}
@Override
public boolean authenticate(String username, PublicKey key,
ServerSession session) {
Map<PublicKey, Boolean> m = sessionCache.get(session);
if (m == null) {
m = new HashMap<>();
sessionCache.put(session, m);
session.addListener(this);
}
if (m.containsKey(key)) {
return m.get(key);
}
boolean r = authenticator.authenticate(username, key, session);
m.put(key, r);
return r;
}
@Override
public void sessionCreated(Session session) {
}
@Override
public void sessionEvent(Session sesssion, Event event) {
}
@Override
public void sessionClosed(Session session) {
sessionCache.remove(session);
}
}

20
gerrit-sshd/src/main/java/com/google/gerrit/sshd/DatabasePubKeyAuth.java
View File

@@ -14,13 +14,13 @@
package com.google.gerrit.sshd;
import com.google.common.base.Preconditions;
import com.google.gerrit.reviewdb.client.AccountSshKey;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.PeerDaemonUser;
import com.google.gerrit.server.config.GerritServerConfig;
import com.google.gerrit.server.config.SitePaths;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import org.apache.commons.codec.binary.Base64;
import org.apache.sshd.common.KeyPairProvider;
@@ -48,7 +48,6 @@ import java.util.Set;
/**
* Authenticates by public key through {@link AccountSshKey} entities.
*/
@Singleton
class DatabasePubKeyAuth implements PublickeyAuthenticator {
private static final Logger log =
LoggerFactory.getLogger(DatabasePubKeyAuth.class);
@@ -92,10 +91,11 @@ class DatabasePubKeyAuth implements PublickeyAuthenticator {
}
}
public boolean authenticate(String username,
final PublicKey suppliedKey, final ServerSession session) {
final SshSession sd = session.getAttribute(SshSession.KEY);
@Override
public boolean authenticate(String username, PublicKey suppliedKey,
ServerSession session) {
SshSession sd = session.getAttribute(SshSession.KEY);
Preconditions.checkState(sd.getCurrentUser() == null);
if (PeerDaemonUser.USER_NAME.equals(username)) {
if (myHostKeys.contains(suppliedKey)
|| getPeerKeys().contains(suppliedKey)) {
@@ -112,10 +112,10 @@ class DatabasePubKeyAuth implements PublickeyAuthenticator {
username = username.toLowerCase(Locale.US);
}
final Iterable<SshKeyCacheEntry> keyList = sshKeyCache.get(username);
final SshKeyCacheEntry key = find(keyList, suppliedKey);
Iterable<SshKeyCacheEntry> keyList = sshKeyCache.get(username);
SshKeyCacheEntry key = find(keyList, suppliedKey);
if (key == null) {
final String err;
String err;
if (keyList == SshKeyCacheImpl.NO_SUCH_USER) {
err = "user-not-found";
} else if (keyList == SshKeyCacheImpl.NO_KEYS) {
@@ -133,7 +133,7 @@ class DatabasePubKeyAuth implements PublickeyAuthenticator {
// security check to ensure there aren't two users sharing the same
// user name on the server.
//
for (final SshKeyCacheEntry otherKey : keyList) {
for (SshKeyCacheEntry otherKey : keyList) {
if (!key.getAccount().equals(otherKey.getAccount())) {
sd.authenticationError(username, "keys-cross-accounts");
return false;

2
gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshModule.java
View File

@@ -81,7 +81,7 @@ public class SshModule extends LifecycleModule {
bind(QueueProvider.class).to(CommandExecutorQueueProvider.class).in(SINGLETON);
bind(GSSAuthenticator.class).to(GerritGSSAuthenticator.class);
bind(PublickeyAuthenticator.class).to(DatabasePubKeyAuth.class);
bind(PublickeyAuthenticator.class).to(CachingPublicKeyAuthenticator.class);
bind(ModuleGenerator.class).to(SshAutoRegisterModuleGenerator.class);
bind(SshPluginStarterCallback.class);