aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLazar Kirchev2012-04-08 07:02:57 (EDT)
committerLazar Kirchev2012-04-08 07:02:57 (EDT)
commitb7f03fdfb8b04a9dbe8f40a7e7b5316b17c77801 (patch)
tree60ff81449974acac7558a361d812cdcdb1c6fa95
parentb4627b42ebf39cd0dacd35559e33ec58245b0b0a (diff)
downloadrt.equinox.bundles-b7f03fdfb8b04a9dbe8f40a7e7b5316b17c77801.zip
rt.equinox.bundles-b7f03fdfb8b04a9dbe8f40a7e7b5316b17c77801.tar.gz
rt.equinox.bundles-b7f03fdfb8b04a9dbe8f40a7e7b5316b17c77801.tar.bz2
Bug 366188 - Add support for 'authorized_keys' file to SSH console. The console will search for registered authenticator services only if this is explicitly specified by setting ssh.custom.publickeys.auth=true.v20120408-1102
-rw-r--r--bundles/org.eclipse.equinox.console.ssh/src/org/eclipse/equinox/console/ssh/SshServ.java55
1 files changed, 31 insertions, 24 deletions
diff --git a/bundles/org.eclipse.equinox.console.ssh/src/org/eclipse/equinox/console/ssh/SshServ.java b/bundles/org.eclipse.equinox.console.ssh/src/org/eclipse/equinox/console/ssh/SshServ.java
index 696cb8d..d41f699 100644
--- a/bundles/org.eclipse.equinox.console.ssh/src/org/eclipse/equinox/console/ssh/SshServ.java
+++ b/bundles/org.eclipse.equinox.console.ssh/src/org/eclipse/equinox/console/ssh/SshServ.java
@@ -44,6 +44,7 @@ public class SshServ extends Thread {
private static final String SSH_KEYSTORE_PROP = "ssh.server.keystore";
private static final String SSH_KEYSTORE_PROP_DEFAULT = "hostkey.ser";
private static final String SSH_AUTHORIZED_KEYS_FILE_PROP = "ssh.server.authorized_keys";
+ private static final String SSH_CUSTOM_PUBLIC_KEY_AUTHENTICATION = "ssh.custom.publickeys.auth";
private static final String EQUINOX_CONSOLE_DOMAIN = "equinox_console";
public SshServ(List<CommandProcessor> processors, BundleContext context, String host, int port) {
@@ -100,32 +101,38 @@ public class SshServ extends Thread {
AuthorizedKeysFileAuthenticator authenticator = new AuthorizedKeysFileAuthenticator();
authenticator.setAuthorizedKeysFile(authorizedKeysFile);
return authenticator;
- }
-
- // fall back to dynamic provider based on available OSGi services
- return new PublickeyAuthenticator() {
-
- @Override
- public boolean authenticate(String username, PublicKey key, ServerSession session) {
- // find available services
- try {
- for (ServiceReference<PublickeyAuthenticator> reference : context.getServiceReferences(PublickeyAuthenticator.class, null)) {
- PublickeyAuthenticator authenticator = null;
- try {
- authenticator = context.getService(reference);
- // first positive match wins; continue looking otherwise
- if(authenticator.authenticate(username, key, session))
- return true;
- } finally {
- if(null != authenticator)
- context.ungetService(reference);
+ }
+
+ final String customPublicKeysAuthentication = System.getProperty(SSH_CUSTOM_PUBLIC_KEY_AUTHENTICATION);
+
+ // fall back to dynamic provider based on available OSGi services only if explicitly specified
+ if ("true".equals(customPublicKeysAuthentication)) {
+ return new PublickeyAuthenticator() {
+
+ @Override
+ public boolean authenticate(String username, PublicKey key, ServerSession session) {
+ // find available services
+ try {
+ for (ServiceReference<PublickeyAuthenticator> reference : context.getServiceReferences(PublickeyAuthenticator.class, null)) {
+ PublickeyAuthenticator authenticator = null;
+ try {
+ authenticator = context.getService(reference);
+ // first positive match wins; continue looking otherwise
+ if(authenticator.authenticate(username, key, session))
+ return true;
+ } finally {
+ if(null != authenticator)
+ context.ungetService(reference);
+ }
}
+ } catch (InvalidSyntaxException e) {
+ // no filter is used
}
- } catch (InvalidSyntaxException e) {
- // no filter is used
+ return false;
}
- return false;
- }
- };
+ };
+ }
+
+ return null;
}
}