[mina-sshd] 04/05: [SSHD-1218] Use SSH agent only if allowed to

twolf Sat, 23 Oct 2021 16:05:58 -0700

This is an automated email from the ASF dual-hosted git repository.

twolf pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git


commit 12e0b3a6ce441827fdd27f9010f9b19853901744
Author: Thomas Wolf <tw...@apache.org>
AuthorDate: Sat Oct 23 23:43:48 2021 +0200

    [SSHD-1218] Use SSH agent only if allowed to
    
    If no default identities are to be used (which is determined by
    HostConfigEntry.isIdentitiesOnly()), don't use the SSH agent in
    publickey authentication.
---
 sshd-core/src/main/java/org/apache/sshd/client/SshClient.java     | 2 ++
 .../org/apache/sshd/client/auth/pubkey/UserAuthPublicKey.java     | 7 +++++++
 .../apache/sshd/client/auth/pubkey/UserAuthPublicKeyIterator.java | 8 +++++---
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/sshd-core/src/main/java/org/apache/sshd/client/SshClient.java 
b/sshd-core/src/main/java/org/apache/sshd/client/SshClient.java
index a00954c..015ded1 100644
--- a/sshd-core/src/main/java/org/apache/sshd/client/SshClient.java
+++ b/sshd-core/src/main/java/org/apache/sshd/client/SshClient.java
@@ -51,6 +51,7 @@ import 
org.apache.sshd.client.auth.password.PasswordAuthenticationReporter;
 import org.apache.sshd.client.auth.password.PasswordIdentityProvider;
 import org.apache.sshd.client.auth.password.UserAuthPasswordFactory;
 import org.apache.sshd.client.auth.pubkey.PublicKeyAuthenticationReporter;
+import org.apache.sshd.client.auth.pubkey.UserAuthPublicKey;
 import org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyFactory;
 import org.apache.sshd.client.config.hosts.HostConfigEntry;
 import org.apache.sshd.client.config.hosts.HostConfigEntryResolver;
@@ -739,6 +740,7 @@ public class SshClient extends AbstractFactoryManager 
implements ClientFactoryMa
         AbstractClientSession session = (AbstractClientSession) 
AbstractSession.getSession(ioSession);
         session.setUsername(username);
         session.setConnectAddress(address);
+        session.setAttribute(UserAuthPublicKey.USE_DEFAULT_IDENTITIES, 
Boolean.valueOf(useDefaultIdentities));
 
         if (useDefaultIdentities) {
             setupDefaultSessionIdentities(session, identities);
diff --git 
a/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKey.java
 
b/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKey.java
index ec0d697..6ec8da5 100644
--- 
a/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKey.java
+++ 
b/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKey.java
@@ -34,6 +34,7 @@ import java.util.TreeSet;
 import org.apache.sshd.client.auth.AbstractUserAuth;
 import org.apache.sshd.client.auth.keyboard.UserInteraction;
 import org.apache.sshd.client.session.ClientSession;
+import org.apache.sshd.common.AttributeRepository.AttributeKey;
 import org.apache.sshd.common.NamedFactory;
 import org.apache.sshd.common.RuntimeSshException;
 import org.apache.sshd.common.SshConstants;
@@ -57,6 +58,12 @@ import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
 public class UserAuthPublicKey extends AbstractUserAuth implements 
SignatureFactoriesManager {
     public static final String NAME = UserAuthPublicKeyFactory.NAME;
 
+    /**
+     * Is set on a {@link ClientSession} when it is created; if {@link 
Boolean#FALSE}, no agent or default identities
+     * shall be used.
+     */
+    public static final AttributeKey<Boolean> USE_DEFAULT_IDENTITIES = new 
AttributeKey<>();
+
     protected final Deque<String> currentAlgorithms = new LinkedList<>();
 
     protected Iterator<PublicKeyIdentity> keys;
diff --git 
a/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKeyIterator.java
 
b/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKeyIterator.java
index 970aa7d..7240f55 100644
--- 
a/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKeyIterator.java
+++ 
b/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKeyIterator.java
@@ -56,9 +56,11 @@ public class UserAuthPublicKeyIterator extends 
AbstractKeyPairIterator<PublicKey
 
         try {
             Collection<Iterable<? extends PublicKeyIdentity>> identities = new 
ArrayList<>(2);
-            Iterable<? extends PublicKeyIdentity> agentIds = 
initializeAgentIdentities(session);
-            if (agentIds != null) {
-                identities.add(agentIds);
+            if 
(Boolean.TRUE.equals(session.getAttribute(UserAuthPublicKey.USE_DEFAULT_IDENTITIES)))
 {
+                Iterable<? extends PublicKeyIdentity> agentIds = 
initializeAgentIdentities(session);
+                if (agentIds != null) {
+                    identities.add(agentIds);
+                }
             }
 
             Iterable<? extends PublicKeyIdentity> sessionIds = 
initializeSessionIdentities(session, signatureFactories);

[mina-sshd] 04/05: [SSHD-1218] Use SSH agent only if allowed to

Reply via email to