Bump SSHD version to 1.2.0

This version fixed some regressions from 1.0 release, most notably, mina backend is fixed again: [1], [2]. It was reported, though, that this backend is suffering from connection leaks: [3], [4]. Due to [5] we can now remove GerritServerSession, because we can register listener for the CloseFuture directly on ServerSession. Update to minor API changes: [6]. Particularly, Command#destroy() throws now Exception, that gets propagated into runtime exception. [1] https://issues.apache.org/jira/browse/SSHD-626 [2] https://issues.apache.org/jira/browse/SSHD-639 [3] https://issues.apache.org/jira/browse/SSHD-595 [4] https://issues.apache.org/jira/browse/DIRMINA-1021 [5] https://issues.apache.org/jira/browse/SSHD-652 [6] 97b73947d5 Change-Id: Ic0e0819b5ddd1bf96cd82f3a142bf1b3375a564a
2016-04-05 01:22:49 +02:00 · 2016-04-05 01:22:49 +02:00 · c0a9d010d4
commit c0a9d010d4
parent eed48f56ee
11 changed files with 38 additions and 54 deletions
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/AliasCommand.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/AliasCommand.java
@ -14,6 +14,7 @@

 package com.google.gerrit.sshd;

+import com.google.common.base.Throwables;
 import com.google.common.collect.Lists;
 import com.google.common.util.concurrent.Atomics;
 import com.google.gerrit.extensions.annotations.RequiresCapability;
@ -95,7 +96,11 @@ public class AliasCommand extends BaseCommand {
  public void destroy() {
    Command cmd = atomicCmd.getAndSet(null);
    if (cmd != null) {
+      try {
        cmd.destroy();
+      } catch (Exception e) {
+        Throwables.propagate(e);
+      }
    }
  }

--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/CachingPublicKeyAuthenticator.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/CachingPublicKeyAuthenticator.java
@ -19,7 +19,7 @@ import com.google.inject.Singleton;

@Singleton
 public class CachingPublicKeyAuthenticator
-    extends org.apache.sshd.server.auth.CachingPublicKeyAuthenticator {
+    extends org.apache.sshd.server.auth.pubkey.CachingPublicKeyAuthenticator {

  @Inject
  public CachingPublicKeyAuthenticator(DatabasePubKeyAuth authenticator) {
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/DispatchCommand.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/DispatchCommand.java
@ -15,6 +15,7 @@
 package com.google.gerrit.sshd;

 import com.google.common.base.Strings;
+import com.google.common.base.Throwables;
 import com.google.common.collect.Sets;
 import com.google.common.util.concurrent.Atomics;
 import com.google.gerrit.extensions.restapi.AuthException;
@ -133,7 +134,11 @@ final class DispatchCommand extends BaseCommand {
  public void destroy() {
    Command cmd = atomicCmd.getAndSet(null);
    if (cmd != null) {
+      try {
        cmd.destroy();
+      } catch (Exception e) {
+        Throwables.propagate(e);
+      }
    }
  }

--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/GerritServerSession.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/GerritServerSession.java
@ -1,34 +0,0 @@
-// Copyright (C) 2013 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package com.google.gerrit.sshd;
-
-import org.apache.sshd.common.future.CloseFuture;
-import org.apache.sshd.common.future.SshFutureListener;
-import org.apache.sshd.common.io.IoSession;
-import org.apache.sshd.server.ServerFactoryManager;
-import org.apache.sshd.server.session.ServerSessionImpl;
-
-/* Expose addition of close session listeners */
-class GerritServerSession extends ServerSessionImpl {
-
-  GerritServerSession(ServerFactoryManager server,
-      IoSession ioSession) throws Exception {
-    super(server, ioSession);
-  }
-
-  void addCloseSessionListener(SshFutureListener<CloseFuture> l) {
-    closeFuture.addListener(l);
-  }
-}
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java
@ -43,7 +43,6 @@ import com.jcraft.jsch.JSchException;
 import org.apache.mina.transport.socket.SocketSessionConfig;
 import org.apache.sshd.common.BaseBuilder;
 import org.apache.sshd.common.NamedFactory;
-import org.apache.sshd.common.SshdSocketAddress;
 import org.apache.sshd.common.channel.RequestHandler;
 import org.apache.sshd.common.cipher.Cipher;
 import org.apache.sshd.common.compression.BuiltinCompressions;
@ -64,26 +63,27 @@ import org.apache.sshd.common.mac.Mac;
 import org.apache.sshd.common.random.JceRandomFactory;
 import org.apache.sshd.common.random.Random;
 import org.apache.sshd.common.random.SingletonRandomFactory;
-import org.apache.sshd.common.session.AbstractSession;
 import org.apache.sshd.common.session.ConnectionService;
 import org.apache.sshd.common.session.Session;
 import org.apache.sshd.common.util.SecurityUtils;
 import org.apache.sshd.common.util.buffer.Buffer;
 import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
+import org.apache.sshd.common.util.net.SshdSocketAddress;
 import org.apache.sshd.server.Command;
 import org.apache.sshd.server.CommandFactory;
 import org.apache.sshd.server.ServerBuilder;
 import org.apache.sshd.server.SshServer;
 import org.apache.sshd.server.auth.UserAuth;
-import org.apache.sshd.server.auth.UserAuthPublicKeyFactory;
 import org.apache.sshd.server.auth.gss.GSSAuthenticator;
 import org.apache.sshd.server.auth.gss.UserAuthGSSFactory;
 import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
+import org.apache.sshd.server.auth.pubkey.UserAuthPublicKeyFactory;
 import org.apache.sshd.server.forward.ForwardingFilter;
 import org.apache.sshd.server.global.CancelTcpipForwardHandler;
 import org.apache.sshd.server.global.KeepAliveHandler;
 import org.apache.sshd.server.global.NoMoreSessionsHandler;
 import org.apache.sshd.server.global.TcpipForwardHandler;
+import org.apache.sshd.server.session.ServerSessionImpl;
 import org.apache.sshd.server.session.SessionFactory;
 import org.bouncycastle.crypto.prng.RandomGenerator;
 import org.bouncycastle.crypto.prng.VMPCRandomGenerator;
@ -262,9 +262,9 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
          .setRate()
          .setUnit("failures"));

-    setSessionFactory(new SessionFactory() {
+    setSessionFactory(new SessionFactory(this) {
      @Override
-      protected AbstractSession createSession(final IoSession io)
+      protected ServerSessionImpl createSession(final IoSession io)
          throws Exception {
        connected.incrementAndGet();
        sessionsCreated.increment();
@ -277,7 +277,7 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
          }
        }

-        GerritServerSession s = (GerritServerSession)super.createSession(io);
+        ServerSessionImpl s = super.createSession(io);
        int id = idGenerator.next();
        SocketAddress peer = io.getRemoteAddress();
        final SshSession sd = new SshSession(id, peer);
@ -285,7 +285,7 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {

        // Log a session close without authentication as a failure.
        //
-        s.addCloseSessionListener(new SshFutureListener<CloseFuture>() {
+        s.addCloseFutureListener(new SshFutureListener<CloseFuture>() {
          @Override
          public void operationComplete(CloseFuture future) {
            connected.decrementAndGet();
@ -299,9 +299,9 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
      }

      @Override
-      protected AbstractSession doCreateSession(IoSession ioSession)
+      protected ServerSessionImpl doCreateSession(IoSession ioSession)
          throws Exception {
-        return new GerritServerSession(getServer(), ioSession);
+        return new ServerSessionImpl(getServer(), ioSession);
      }
    });
    setGlobalRequestHandlers(Arrays.<RequestHandler<ConnectionService>> asList(
@ -327,10 +327,9 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
  public synchronized void start() {
    if (daemonAcceptor == null && !listen.isEmpty()) {
      checkConfig();
-      if (sessionFactory == null) {
-        sessionFactory = createSessionFactory();
+      if (getSessionFactory() == null) {
+        setSessionFactory(createSessionFactory());
      }
-      sessionFactory.setServer(this);
      daemonAcceptor = createAcceptor();

      try {
@ -464,6 +463,11 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
      random.addSeedMaterial(1234);
    }

+    @Override
+    public String getName() {
+      return "InsecureBouncyCastleRandom";
+    }
+
    @Override
    public void fill(byte[] bytes, int start, int len) {
      random.nextBytes(bytes, start, len);
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshSession.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshSession.java
@ -17,7 +17,7 @@ package com.google.gerrit.sshd;
 import com.google.gerrit.server.AccessPath;
 import com.google.gerrit.server.CurrentUser;

-import org.apache.sshd.common.session.Session.AttributeKey;
+import org.apache.sshd.common.AttributeStore.AttributeKey;

 import java.net.InetAddress;
 import java.net.InetSocketAddress;
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshUtil.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshUtil.java
@ -136,8 +136,7 @@ public class SshUtil {
        sshScope.set(old);
      }

-      GerritServerSession s = (GerritServerSession) session;
-      s.addCloseSessionListener(
+      session.addCloseFutureListener(
          new SshFutureListener<CloseFuture>() {
            @Override
            public void operationComplete(CloseFuture future) {
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SuExec.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SuExec.java
@ -16,6 +16,7 @@ package com.google.gerrit.sshd;

 import static java.nio.charset.StandardCharsets.UTF_8;

+import com.google.common.base.Throwables;
 import com.google.common.util.concurrent.Atomics;
 import com.google.gerrit.reviewdb.client.Account;
 import com.google.gerrit.server.CurrentUser;
@ -151,7 +152,11 @@ public final class SuExec extends BaseCommand {
  public void destroy() {
    Command cmd = atomicCmd.getAndSet(null);
    if (cmd != null) {
+      try {
        cmd.destroy();
+      } catch (Exception e) {
+        Throwables.propagate(e);
+      }
    }
  }
 }
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/CloseConnection.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/CloseConnection.java
@ -28,7 +28,7 @@ import com.google.inject.Inject;
 import org.apache.sshd.common.future.CloseFuture;
 import org.apache.sshd.common.io.IoAcceptor;
 import org.apache.sshd.common.io.IoSession;
-import org.apache.sshd.common.session.AbstractSession;
+import org.apache.sshd.common.session.helpers.AbstractSession;
 import org.kohsuke.args4j.Argument;
 import org.kohsuke.args4j.Option;
 import org.slf4j.Logger;
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/ShowConnections.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/ShowConnections.java
@ -33,7 +33,7 @@ import org.apache.sshd.common.io.IoSession;
 import org.apache.sshd.common.io.mina.MinaAcceptor;
 import org.apache.sshd.common.io.mina.MinaSession;
 import org.apache.sshd.common.io.nio2.Nio2Acceptor;
-import org.apache.sshd.common.session.AbstractSession;
+import org.apache.sshd.common.session.helpers.AbstractSession;
 import org.apache.sshd.server.Environment;
 import org.kohsuke.args4j.Option;

--- a/lib/mina/BUCK
+++ b/lib/mina/BUCK
@ -8,8 +8,8 @@ EXCLUDE = [

 maven_jar(
  name = 'sshd',
-  id = 'org.apache.sshd:sshd-core:1.0.0',
-  sha1 = '448ae95811a993575cc465e1c60ef741632b2ce8',
+  id = 'org.apache.sshd:sshd-core:1.2.0',
+  sha1 = '4bc24a8228ba83dac832680366cf219da71dae8e',
  license = 'Apache2.0',
  deps = [':core'],
  exclude = EXCLUDE,