[
https://issues.apache.org/jira/browse/SSHD-1042?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17165630#comment-17165630
]
Thomas Wolf commented on SSHD-1042:
-----------------------------------
[~shahbazsbaig], please don't post log excerpts as images; post the logs as
text.
The "Command Limiting Policy" appears to be a [feature of the IBM Sterling B2B
Integrator|https://www.ibm.com/support/knowledgecenter/SS3JSW_6.0.1/integrating/integrating/integrator/CommandLimitPolicy.html].
Probably the same as OpenSSH's {{internal-sftp -P readdir}}, combined with a
{{Match}} directive. "NativeFilesystemProviderBase" appears to be a class from
that SB2Bi sftp server that check this "Command Limiting Policy".
It looks like there's a team that tries to replace maverick by Apache MINA sshd
inside SB2Bi. It also looks like this is a problem inside that SB2Bi; somehow
the maverick implementation appears to be wired up such that it doesn't close
the server-side session, while with sshd it gets closed. I _do_ notice that
maverick has its own {{PermissionDeniedException}} which is _not_ an
{{IOException}}. Perhaps that explains why that NativeFilesystemProviderBase
doesn't close the session with maverick.
In any case I think the reporter [~shahbazsbaig] will need to debug this more
closely in their application. It doesn't look like a problem of Apache sshd but
of how it's used by that application.
> Command Limiting Policy SSH_FXP_READDIR closing connection
> ----------------------------------------------------------
>
> Key: SSHD-1042
> URL: https://issues.apache.org/jira/browse/SSHD-1042
> Project: MINA SSHD
> Issue Type: New Feature
> Reporter: Shahbaz
> Priority: Major
> Attachments: apache rmdir.PNG, maverick filesystem.PNG
>
>
> *This are the below commands which prevent the execution of process for the
> user at instance level relating to permission of open, read, write, opendir,
> readdir, remove, rename, makedir, removedir respectively.*
> *SSH_FXP_OPEN*
> *SSH_FXP_READ*
> *SSH_FXP_WRITE*
> *SSH_FXP_OPENDIR*
> *SSH_FXP_READDIR*
> *SSH_FXP_REMOVE*
> *SSH_FXP_RENAME*
> *SSH_FXP_MKDIR*
> *SSH_FXP_RMDIR*
> *But the command for* *SSH_FXP_READDIR is not executed as it directly closes
> the connection. This connection is closed because while throwing the
> exception it directly calls destroy method from filesystem. Is there any
> workaround to inhibit its execution when we extend sftpsubsytem class where
> exception is thrown.***
> *While reading the directory when SH_FXP_READDIR is applied, the operation is
> interrupted, as it evokes the destroy function to close the connection
> directly when an IOException is thrown. The issue is how can we make sure the
> destroy function is not called, when exception is thrown in a class which
> extends SFTPSubsystem.*
>
>
>
> *Below attached are the images which shows how destroy is invoked in both
> maverick and apache case.*
>
>
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]