This is an automated email from the ASF dual-hosted git repository.
lgoldstein pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit 9a541c1d21fb3f8d85c9c3635d64533beab4a1f5
Author: Lyor Goldstein <lgoldst...@apache.org>
AuthorDate: Thu Jul 28 20:50:08 2022 +0300
[SSHD-1283] Added configuration property to control whether ScpShell is
enabled
---
CHANGES.md | 12 +++++++++++-
docs/changes/2.9.0.md | 2 --
docs/scp.md | 4 +++-
.../main/java/org/apache/sshd/scp/ScpModuleProperties.java | 9 +++++++++
.../java/org/apache/sshd/scp/server/ScpCommandFactory.java | 9 +++++++--
5 files changed, 30 insertions(+), 6 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 9b9e09e3c..3df8df18f 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -18,10 +18,20 @@
# Planned for next version
-## Bug fixes
+# Bug fixes
* [SSHD-1281](https://issues.apache.org/jira/browse/SSHD-1281)
ClientSession.auth().verify() is terminated with timeout
* [SSHD-1285](https://issues.apache.org/jira/browse/SSHD-1285) 2.9.0 release
broken on Java 8
* [SSHD-1288](https://issues.apache.org/jira/browse/SSHD-1288) SFTP: fix
reading files that are being written
* [SSHD-1289](https://issues.apache.org/jira/browse/SSHD-1289) Deadlock during
session exit
* [SSHD-1290](https://issues.apache.org/jira/browse/SSHD-1290) Better logging
in ChannelAsyncOutputStream
+
+## Major code re-factoring
+
+## Potential compatibility issues
+
+## Minor code helpers
+
+## Behavioral changes and enhancements
+
+* [SSHD-1283](https://issues.apache.org/jira/browse/SSHD-1283) Added
configuration property to control whether *ScpShell* is enabled (default=true).
diff --git a/docs/changes/2.9.0.md b/docs/changes/2.9.0.md
index 2c70ae7c5..a826d6fda 100644
--- a/docs/changes/2.9.0.md
+++ b/docs/changes/2.9.0.md
@@ -74,8 +74,6 @@ There are several exceptions to this rule:
Was originally in *HostConfigEntry*.
-## Minor code helpers
-
## Behavioral changes and enhancements
* [SSHD-966](https://issues.apache.org/jira/browse/SSHD-966) Deadlock on
disconnection at the end of key-exchange
diff --git a/docs/scp.md b/docs/scp.md
index d04ecd735..117a6e606 100644
--- a/docs/scp.md
+++ b/docs/scp.md
@@ -202,7 +202,9 @@ sshd.setShellFactory(factory);
```
-**Note:** a similar result can be achieved if activating SSHD from the command
line by specifying `-o ShellFactory=scp`
+**Note:** a similar result can be achieved if activating SSHD from the command
line by specifying `-o ShellFactory=scp`. In any case, even if the
+shell is configured, it can be enabled/disabled via setting the
`scp-enable-scp-shell` property to the desired value (default=*true*) - on the
server,
+the session or even the specific channel (as with any other property). This
way, one can control the shell's availability per-session.
### Text encoding/decoding
diff --git
a/sshd-scp/src/main/java/org/apache/sshd/scp/ScpModuleProperties.java
b/sshd-scp/src/main/java/org/apache/sshd/scp/ScpModuleProperties.java
index 8c3a2e969..5fe6d88ff 100644
--- a/sshd-scp/src/main/java/org/apache/sshd/scp/ScpModuleProperties.java
+++ b/sshd-scp/src/main/java/org/apache/sshd/scp/ScpModuleProperties.java
@@ -66,6 +66,15 @@ public final class ScpModuleProperties {
public static final Property<Boolean> PROP_AUTO_SYNC_FILE_ON_WRITE
= Property.bool("scp-auto-sync-on-write", true);
+ /**
+ * Whether to provide an {@code ScpShell} instance if <I>WinSCP</I> client
detected or at all
+ *
+ * @see <A
HREF="https://issues.apache.org/jira/browse/SSHD-1009";>SSHD-1009</A>
+ * @see <A
HREF="https://issues.apache.org/jira/browse/SSHD-1283";>SSHD-1283</A>
+ */
+ public static final Property<Boolean> ENABLE_SCP_SHELL
+ = Property.bool("scp-enable-scp-shell", true);
+
/**
* Used to indicate the {@link Charset} (or its name) for encoding
returned textual responses from the
* {@code ScpShell} - extracted from the channel session when shell
initialized.
diff --git
a/sshd-scp/src/main/java/org/apache/sshd/scp/server/ScpCommandFactory.java
b/sshd-scp/src/main/java/org/apache/sshd/scp/server/ScpCommandFactory.java
index 569bf8aef..ecaba2fda 100644
--- a/sshd-scp/src/main/java/org/apache/sshd/scp/server/ScpCommandFactory.java
+++ b/sshd-scp/src/main/java/org/apache/sshd/scp/server/ScpCommandFactory.java
@@ -29,6 +29,7 @@ import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.ObjectBuilder;
import org.apache.sshd.common.util.threads.CloseableExecutorService;
import org.apache.sshd.common.util.threads.ManagedExecutorServiceSupplier;
+import org.apache.sshd.scp.ScpModuleProperties;
import org.apache.sshd.scp.common.ScpFileOpener;
import org.apache.sshd.scp.common.ScpFileOpenerHolder;
import org.apache.sshd.scp.common.ScpHelper;
@@ -251,8 +252,8 @@ public class ScpCommandFactory
public ShellFactory selectShellFactory(ChannelSession channelSession)
throws IOException {
SessionContext session = channelSession.getSessionContext();
String clientVersion = session.getClientVersion();
- // SSHD-1009
- if (clientVersion.contains("WinSCP")) {
+ // SSHD-1009 + SSHD-1283
+ if (ScpModuleProperties.ENABLE_SCP_SHELL.getRequired(channelSession)
&& clientVersion.contains("WinSCP")) {
return this;
}
@@ -263,6 +264,10 @@ public class ScpCommandFactory
public Command createShell(ChannelSession channel) throws IOException {
ShellFactory factory = selectShellFactory(channel);
if ((factory == this) || (factory == null)) {
+ if (!ScpModuleProperties.ENABLE_SCP_SHELL.getRequired(channel)) {
+ throw new IOException("SCP shell is disabled");
+ }
+
return new ScpShell(
channel,
resolveExecutorService(),
