[
https://issues.apache.org/jira/browse/SSHD-203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13552791#comment-13552791
]
Andrew C commented on SSHD-203:
-------------------------------
This should solve my immediate problem (once the git repos are settled I will
apply and test). However, looking at my code (which is now kind of working!)
and SSHD-205 I suspect there's a better more invasive solution.
Since my service is custom, instead of overloading ServerSession and looking
for events, I should be registering my own service with SshServer. To sketch
the idea out:
- add an SshService factory to SshServer that maps a service name onto a
service. The table would include ssh-userauth (rfc4252), and ssh-connection
(rfc4254), and my custom service
- separate ssh-userauth and ssh-connection from ServerSession so that they are
are standalone services, and the latter just worries about the transport
(rfc4253)
- when the transport receives SSH_MSG_SERVICE_REQUEST, it could then
instantiate the requested service and pass non-transport requests along to it
- ssh-userauth, once authentication has finished, would also instantiate the
requested service (passing it the authenticated user credentials) and update
ServerSession
My custom service would then see the following events from ServerSession /
ssh-userauth
- authenticated / requested when instantiated (or perhaps a separate explicit
message)
- a separate closed message when ServerSession sees the connection dropped
et.al.
Once the git repo is up, I might just play with the idea. It is very invasive.
> SSH server doesn't know when auth completed
> -------------------------------------------
>
> Key: SSHD-203
> URL: https://issues.apache.org/jira/browse/SSHD-203
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 0.8.0
> Environment: Windows
> Reporter: Andrew C
> Assignee: Guillaume Nodet
>
> To the best of my knowledge, there's no way, in a customised SSH server, to
> detect when the client connection's auth has successfully completed. As a
> hack I came up with:
> public class RelaySshSession extends ServerSession {
> private final RelayService relayService;
> public RelaySshSession(RelayService relayService, SshServer server,
> IoSession sshIoSession) throws Exception {
> super(server, sshIoSession);
> this.relayService = relayService;
> }
> @Override
> public CloseFuture close(boolean immediately) {
> relayService.unbind(this);
> return super.close(immediately);
> }
> private boolean authorized = false;
> @Override
> public WriteFuture writePacket(Buffer buffer) throws IOException {
> if (!this.authorized) {
> byte[] bytes = buffer.array();
> if (bytes.length > 5 && bytes[5] ==
> SshConstants.Message.SSH_MSG_USERAUTH_SUCCESS.toByte()) {
> // need to send the auth packet before starting network
> session so that the
> // local service packets always follow the service.
> WriteFuture writeFuture = super.writePacket(buffer);
> // Tell the server side to start.
> relayService.bind(this);
> this.authorized = true;
> return writeFuture;
> }
> }
> return super.writePacket(buffer);
> }
> }
> As an example for why this might be useful, consider a dispatcher that
> accepts multiple clients. As long as any client is active the custom server
> send dispatch messages.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
