public abstract class AbstractServerSession extends AbstractSession implements ServerSession
ServerSession
related methodsAbstractCloseable.State
SessionHeartbeatController.HeartbeatType
AttributeRepository.AttributeKey<T>
Modifier and Type | Field and Description |
---|---|
private java.net.SocketAddress |
clientAddress |
private GSSAuthenticator |
gssAuthenticator |
private HostBasedAuthenticator |
hostBasedAuthenticator |
private HostKeyCertificateProvider |
hostKeyCertificateProvider |
private KeyboardInteractiveAuthenticator |
interactiveAuthenticator |
private KeyPairProvider |
keyPairProvider |
private PasswordAuthenticator |
passwordAuthenticator |
private ServerProxyAcceptor |
proxyAcceptor |
private PublickeyAuthenticator |
publickeyAuthenticator |
private java.util.List<UserAuthFactory> |
userAuthFactories |
channelListenerProxy, channelListeners, clientProposal, clientVersion, currentService, decodeLock, decoderBuffer, decoderLength, decoderState, encodeLock, firstKexPacketFollows, globalRequestSeqo, ignorePacketDataLength, ignorePacketsCount, ignorePacketsFrequency, ignorePacketsVariance, inBlocksCount, inBytesCount, inCipher, inCipherSize, inCompression, inMac, inMacResult, inMacSize, inPacketsCount, kex, kexFutureHolder, kexState, lastKeyTimeValue, maxRekeyBlocks, maxRekeyBytes, maxRekeyInterval, maxRekyPackets, negotiationResult, outBlocksCount, outBytesCount, outCipher, outCipherSize, outCompression, outMac, outMacSize, outPacketsCount, pendingGlobalRequest, pendingPackets, random, requestLock, seqi, seqo, serverProposal, serverVersion, SESSION, sessionId, sessionListenerProxy, sessionListeners, tunnelListenerProxy, tunnelListeners, uncompressBuffer, unmodClientProposal, unmodNegotiationResult, unmodServerProposal
authNanoStart, idleNanoStart, sessionLock
closeFuture, futureLock, state
log
DEFAULT_SSH_VERSION_PREFIX, FALLBACK_SSH_VERSION_PREFIX, MAX_VERSION_LINE_LENGTH
DEFAULT_CONNECTION_HEARTBEAT_INTERVAL, SESSION_HEARTBEAT_INTERVAL, SESSION_HEARTBEAT_TYPE
EMPTY
CLOSE_WAIT_TIMEOUT, DEFAULT_CLOSE_WAIT_TIMEOUT
NONE
AUTH_METHODS, AUTO_WELCOME_BANNER_VALUE, DEFAULT_BANNER_PHASE, DEFAULT_MAX_AUTH_REQUESTS, DEFAULT_USER_AUTH_GSS_FACTORY, DEFAULT_USER_AUTH_KB_INTERACTIVE_FACTORY, DEFAULT_USER_AUTH_PASSWORD_FACTORY, DEFAULT_USER_AUTH_PUBLIC_KEY_FACTORY, DEFAULT_WELCOME_BANNER_LANGUAGE, MAX_AUTH_REQUESTS, WELCOME_BANNER, WELCOME_BANNER_CHARSET, WELCOME_BANNER_LANGUAGE, WELCOME_BANNER_PHASE
Modifier | Constructor and Description |
---|---|
protected |
AbstractServerSession(ServerFactoryManager factoryManager,
IoSession ioSession) |
Modifier and Type | Method and Description |
---|---|
protected void |
checkKeys()
Indicates the the key exchange is completed and the exchanged keys can now be verified - e.g., client can verify
the server's key
|
int |
getActiveSessionCountForUser(java.lang.String userName)
Retrieve the current number of sessions active for a given username.
|
java.net.SocketAddress |
getClientAddress() |
protected ConnectionService |
getConnectionService() |
ServerFactoryManager |
getFactoryManager() |
GSSAuthenticator |
getGSSAuthenticator()
Retrieve the
GSSAuthenticator to be used by the SSH server. |
HostBasedAuthenticator |
getHostBasedAuthenticator()
Retrieve the
HostBasedAuthenticator to be used by the SSH server. |
java.security.KeyPair |
getHostKey() |
HostKeyCertificateProvider |
getHostKeyCertificateProvider() |
long |
getId() |
KeyboardInteractiveAuthenticator |
getKeyboardInteractiveAuthenticator()
Retrieve the
KeyboardInteractiveAuthenticator to be used by the SSH server. |
KeyPairProvider |
getKeyPairProvider()
Retrieve the
KeyPairProvider that will be used to find the host key to use on the server side or the
user key on the client side. |
PasswordAuthenticator |
getPasswordAuthenticator()
Retrieve the
PasswordAuthenticator to be used by the SSH server. |
PublickeyAuthenticator |
getPublickeyAuthenticator()
Retrieve the
PublickeyAuthenticator to be used by SSH server. |
ServerProxyAcceptor |
getServerProxyAcceptor() |
java.util.List<UserAuthFactory> |
getUserAuthFactories()
Retrieve the list of named factories for
UserAuth objects. |
protected void |
handleServiceAccept(java.lang.String serviceName,
Buffer buffer) |
protected boolean |
handleServiceRequest(java.lang.String serviceName,
Buffer buffer) |
protected boolean |
readIdentification(Buffer buffer)
Read the other side identification.
|
protected void |
receiveKexInit(java.util.Map<KexProposalOption,java.lang.String> proposal,
byte[] seed) |
protected java.lang.String |
resolveAvailableSignaturesProposal(FactoryManager proposedManager) |
protected java.lang.String |
resolveEmptySignaturesProposal(java.lang.Iterable<java.lang.String> supported,
java.lang.Iterable<java.lang.String> provided)
Called by
resolveAvailableSignaturesProposal(FactoryManager) if none of the provided keys is supported -
last chance for the derived implementation to do something |
protected byte[] |
sendKexInit(java.util.Map<KexProposalOption,java.lang.String> proposal)
Send the key exchange initialization packet.
|
protected IoWriteFuture |
sendServerIdentification(java.lang.String... headerLines)
Sends the server identification + any extra header lines
|
void |
setClientAddress(java.net.SocketAddress clientAddress) |
void |
setGSSAuthenticator(GSSAuthenticator gssAuthenticator) |
void |
setHostBasedAuthenticator(HostBasedAuthenticator hostBasedAuthenticator) |
void |
setHostKeyCertificateProvider(HostKeyCertificateProvider hostKeyCertificateProvider) |
protected void |
setKexSeed(byte... seed) |
void |
setKeyboardInteractiveAuthenticator(KeyboardInteractiveAuthenticator interactiveAuthenticator) |
void |
setKeyPairProvider(KeyPairProvider keyPairProvider) |
void |
setPasswordAuthenticator(PasswordAuthenticator passwordAuthenticator) |
void |
setPublickeyAuthenticator(PublickeyAuthenticator publickeyAuthenticator) |
void |
setServerProxyAcceptor(ServerProxyAcceptor proxyAcceptor) |
void |
setUserAuthFactories(java.util.List<UserAuthFactory> userAuthFactories) |
IoWriteFuture |
signalAuthenticationSuccess(java.lang.String username,
java.lang.String authService,
Buffer buffer) |
void |
startService(java.lang.String name,
Buffer buffer) |
addChannelListener, addPortForwardingEventListener, addSessionListener, appendOutgoingMac, attachSession, checkRekey, comparePreferredKexProposalOption, createBuffer, decode, doHandleMessage, doInvokeUnimplementedMessageHandler, doKexNegotiation, doWritePacket, encode, encryptOutgoingBuffer, enqueuePendingPacket, getChannelListenerProxy, getCipherInformation, getClientKexData, getClientKexProposals, getClientVersion, getCompressionInformation, getInnerCloseable, getKex, getKexNegotiationResult, getKexState, getMacInformation, getNegotiatedKexParameter, getPortForwardingEventListenerProxy, getServerKexData, getServerKexProposals, getServerVersion, getService, getServices, getSession, getSession, getSessionId, getSessionListenerProxy, handleFirstKexPacketFollows, handleKexExtension, handleKexInit, handleKexMessage, handleMessage, handleNewCompression, handleNewKeys, handleServiceAccept, handleServiceRequest, isRekeyBlocksCountExceeded, isRekeyDataSizeExceeded, isRekeyPacketCountsExceeded, isRekeyRequired, isRekeyTimeIntervalExceeded, messageReceived, negotiate, notImplemented, preClose, prepareBuffer, preProcessEncodeBuffer, receiveKexInit, receiveKexInit, receiveNewKeys, reExchangeKeys, refreshConfiguration, removeChannelListener, removePortForwardingEventListener, removeSessionListener, request, requestFailure, requestNewKeysExchange, requestSuccess, resolveAvailableSignaturesProposal, resolveIgnoreBufferDataLength, resolveOutputPacket, resolveSessionKexProposal, sendKexInit, sendNewKeys, sendPendingPackets, setClientKexData, setNegotiationResult, setServerKexData, signalRequestFailure, validateIncomingMac, validateKexState, validateTargetBuffer, writePacket
attributeKeys, calculateNextIgnorePacketCount, checkAuthenticationTimeout, checkForTimeouts, checkIdleTimeout, clearAttributes, computeAttributeIfAbsent, createProposal, disconnect, doInvokeDebugMessageHandler, doInvokeIgnoreMessageHandler, doReadIdentification, exceptionCaught, getAttribute, getAttributesCount, getAuthTimeout, getAuthTimeoutStart, getBoundLocalPortForward, getBoundRemotePortForward, getChannelStreamPacketWriterResolver, getForwardingFilter, getIdleTimeout, getIdleTimeoutStart, getIoSession, getLocalForwardsBindings, getParentPropertyResolver, getProperties, getRemoteForwardsBindings, getReservedSessionMessagesHandler, getSessionDisconnectHandler, getStartedLocalPortForwards, getStartedRemotePortForwards, getTimeoutStatus, getUnknownChannelReferenceHandler, getUsername, handleDebug, handleDisconnect, handleDisconnect, handleIgnore, handleUnimplemented, invokeSessionSignaller, isAuthenticated, isLocalPortForwardingStartedForPort, isRemotePortForwardingStartedForPort, isServerSession, mergeProposals, removeAttribute, resetAuthTimeout, resetIdleTimeout, resizeKey, resolveChannelStreamPacketWriterResolver, resolveIdentificationString, resolvePeerAddress, resolveReservedSessionMessagesHandler, resolveUnknownChannelReferenceHandler, sendDebugMessage, sendIdentification, sendIgnoreMessage, sendNotImplemented, setAttribute, setAuthenticated, setChannelStreamPacketWriterResolver, setReservedSessionMessagesHandler, setSessionDisconnectHandler, setUnknownChannelReferenceHandler, setUsername, signalDisconnect, signalDisconnect, signalExceptionCaught, signalExceptionCaught, signalNegotiationEnd, signalNegotiationEnd, signalNegotiationStart, signalNegotiationStart, signalPeerIdentificationReceived, signalPeerIdentificationReceived, signalSessionClosed, signalSessionClosed, signalSessionCreated, signalSessionCreated, signalSessionEstablished, signalSessionEstablished, signalSessionEvent, signalSessionEvent, toString, writePacket
getCipherFactories, getCompressionFactories, getDelegate, getKexExtensionHandler, getKeyExchangeFactories, getMacFactories, getSignatureFactories, resolveEffectiveFactories, resolveEffectiveProvider, setCipherFactories, setCompressionFactories, setKexExtensionHandler, setKeyExchangeFactories, setMacFactories, setSignatureFactories
doCloseGracefully, doCloseImmediately
addCloseFutureListener, builder, close, getFutureLock, isClosed, isClosing, removeCloseFutureListener
getSimplifiedLogger
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
createBuffer, createBuffer, disconnect, exceptionCaught, getAuthTimeout, getAuthTimeoutStart, getIdleTimeout, getIdleTimeoutStart, getIoSession, getKex, getLocalAddress, getRemoteAddress, getService, getTimeoutStatus, prepareBuffer, reExchangeKeys, request, request, request, resetAuthTimeout, resetIdleTimeout, resolveAttribute, resolveAttribute, sendDebugMessage, sendIgnoreMessage, setAuthenticated, writePacket, writePacket, writePacket
getCipherInformation, getClientKexProposals, getClientVersion, getCompressionInformation, getKexNegotiationResult, getKexState, getMacInformation, getNegotiatedKexParameter, getServerKexProposals, getServerVersion, getSessionId, isAuthenticated, isDataIntegrityTransport, isSecureSessionTransport, isServerSession, isValidVersionPrefix
disableSessionHeartbeat, getSessionHeartbeatInterval, getSessionHeartbeatType, setSessionHeartbeat, setSessionHeartbeat
getBoolean, getBooleanProperty, getCharset, getInteger, getIntProperty, getLong, getLongProperty, getObject, getParentPropertyResolver, getProperties, getString, getStringProperty
clearAttributes, computeAttributeIfAbsent, removeAttribute, setAttribute
attributeKeys, getAttribute, getAttributesCount, ofAttributesMap, ofKeyValuePair
addCloseFutureListener, close, close, close, getMaxCloseWaitTime, isClosed, isClosing, isOpen, removeCloseFutureListener
setUsername
getUsername
getCipherFactories, getCipherFactoriesNameList, getCipherFactoriesNames, getCompressionFactories, getCompressionFactoriesNameList, getCompressionFactoriesNames, getKeyExchangeFactories, getMacFactories, getMacFactoriesNameList, getMacFactoriesNames, setCipherFactories, setCipherFactoriesNameList, setCipherFactoriesNames, setCipherFactoriesNames, setCompressionFactories, setCompressionFactoriesNameList, setCompressionFactoriesNames, setCompressionFactoriesNames, setKeyExchangeFactories, setMacFactories, setMacFactoriesNameList, setMacFactoriesNames, setMacFactoriesNames
getSignatureFactories, getSignatureFactories, getSignatureFactoriesNameList, getSignatureFactoriesNames, resolveSignatureFactories, setSignatureFactories, setSignatureFactoriesNameList, setSignatureFactoriesNames, setSignatureFactoriesNames
getKexExtensionHandler, setKexExtensionHandler
addSessionListener, getSessionListenerProxy, removeSessionListener
getReservedSessionMessagesHandler, setReservedSessionMessagesHandler
getSessionDisconnectHandler, setSessionDisconnectHandler
addChannelListener, getChannelListenerProxy, removeChannelListener
getChannelStreamPacketWriterResolver, resolveChannelStreamPacketWriter, resolveChannelStreamPacketWriterResolver, setChannelStreamPacketWriterResolver
addPortForwardingEventListener, getPortForwardingEventListenerProxy, removePortForwardingEventListener
getUnknownChannelReferenceHandler, resolveUnknownChannelReferenceHandler, setUnknownChannelReferenceHandler
getBoundLocalPortForward, getBoundRemotePortForward, getLocalForwardsBindings, getRemoteForwardsBindings, getStartedLocalPortForwards, getStartedRemotePortForwards, isLocalPortForwardingStartedForPort, isRemotePortForwardingStartedForPort
calculatePadLength, writePacket
resolveUserAuthFactories, resolveUserAuthFactories, setUserAuthFactoriesNames
getUserAuthFactoriesNameList, getUserAuthFactoriesNames, setUserAuthFactoriesNameList, setUserAuthFactoriesNames
private ServerProxyAcceptor proxyAcceptor
private java.net.SocketAddress clientAddress
private PasswordAuthenticator passwordAuthenticator
private PublickeyAuthenticator publickeyAuthenticator
private KeyboardInteractiveAuthenticator interactiveAuthenticator
private GSSAuthenticator gssAuthenticator
private HostBasedAuthenticator hostBasedAuthenticator
private java.util.List<UserAuthFactory> userAuthFactories
private KeyPairProvider keyPairProvider
private HostKeyCertificateProvider hostKeyCertificateProvider
protected AbstractServerSession(ServerFactoryManager factoryManager, IoSession ioSession)
public ServerFactoryManager getFactoryManager()
getFactoryManager
in interface FactoryManagerHolder
getFactoryManager
in interface ServerSession
getFactoryManager
in class SessionHelper
FactoryManager
public ServerProxyAcceptor getServerProxyAcceptor()
getServerProxyAcceptor
in interface ServerProxyAcceptorHolder
public void setServerProxyAcceptor(ServerProxyAcceptor proxyAcceptor)
setServerProxyAcceptor
in interface ServerProxyAcceptorHolder
public java.net.SocketAddress getClientAddress()
getClientAddress
in interface ServerSession
SocketAddress
of the remote client. If no proxy wrapping was used then this is the same as
the IoSession#getRemoteAddress()
. Otherwise, it indicates the real client's address that was
somehow transmitted via the proxy meta-datapublic void setClientAddress(java.net.SocketAddress clientAddress)
public PasswordAuthenticator getPasswordAuthenticator()
ServerAuthenticationManager
PasswordAuthenticator
to be used by the SSH server. If no authenticator has been
configured (i.e. this method returns null
), then client authentication requests based on passwords will
be rejected.getPasswordAuthenticator
in interface ServerAuthenticationManager
PasswordAuthenticator
or null
public void setPasswordAuthenticator(PasswordAuthenticator passwordAuthenticator)
setPasswordAuthenticator
in interface ServerAuthenticationManager
public PublickeyAuthenticator getPublickeyAuthenticator()
ServerAuthenticationManager
PublickeyAuthenticator
to be used by SSH server. If no authenticator has been
configured (i.e. this method returns null
), then client authentication requests based on keys will be
rejected.getPublickeyAuthenticator
in interface ServerAuthenticationManager
PublickeyAuthenticator
or null
public void setPublickeyAuthenticator(PublickeyAuthenticator publickeyAuthenticator)
setPublickeyAuthenticator
in interface ServerAuthenticationManager
public KeyboardInteractiveAuthenticator getKeyboardInteractiveAuthenticator()
ServerAuthenticationManager
KeyboardInteractiveAuthenticator
to be used by the SSH server. If no authenticator has
been configured (i.e. this method returns null
), then client authentication requests based on this method
will be rejected.getKeyboardInteractiveAuthenticator
in interface ServerAuthenticationManager
KeyboardInteractiveAuthenticator
or null
public void setKeyboardInteractiveAuthenticator(KeyboardInteractiveAuthenticator interactiveAuthenticator)
setKeyboardInteractiveAuthenticator
in interface ServerAuthenticationManager
public GSSAuthenticator getGSSAuthenticator()
ServerAuthenticationManager
GSSAuthenticator
to be used by the SSH server. If no authenticator has been configured
(i.e. this method returns null
), then client authentication requests based on gssapi will be rejected.getGSSAuthenticator
in interface ServerAuthenticationManager
GSSAuthenticator
or null
public void setGSSAuthenticator(GSSAuthenticator gssAuthenticator)
setGSSAuthenticator
in interface ServerAuthenticationManager
public HostBasedAuthenticator getHostBasedAuthenticator()
ServerAuthenticationManager
HostBasedAuthenticator
to be used by the SSH server. If no authenticator has been configured
(i.e. this method returns null
), then client authentication requests based on this method will be
rejected.getHostBasedAuthenticator
in interface ServerAuthenticationManager
HostBasedAuthenticator
or null
public void setHostBasedAuthenticator(HostBasedAuthenticator hostBasedAuthenticator)
setHostBasedAuthenticator
in interface ServerAuthenticationManager
public java.util.List<UserAuthFactory> getUserAuthFactories()
UserAuthFactoriesManager
UserAuth
objects.getUserAuthFactories
in interface UserAuthFactoriesManager<ServerSession,UserAuth,UserAuthFactory>
UserAuth
factories, never null
/emptypublic void setUserAuthFactories(java.util.List<UserAuthFactory> userAuthFactories)
setUserAuthFactories
in interface UserAuthFactoriesManager<ServerSession,UserAuth,UserAuthFactory>
public KeyPairProvider getKeyPairProvider()
KeyPairProviderHolder
KeyPairProvider
that will be used to find the host key to use on the server side or the
user key on the client side.getKeyPairProvider
in interface KeyPairProviderHolder
KeyPairProvider
, never null
public HostKeyCertificateProvider getHostKeyCertificateProvider()
getHostKeyCertificateProvider
in interface ServerAuthenticationManager
HostKeyCertificateProvider
if available, null as defaultpublic void setHostKeyCertificateProvider(HostKeyCertificateProvider hostKeyCertificateProvider)
setHostKeyCertificateProvider
in interface ServerAuthenticationManager
public void setKeyPairProvider(KeyPairProvider keyPairProvider)
setKeyPairProvider
in interface KeyPairProviderHolder
protected IoWriteFuture sendServerIdentification(java.lang.String... headerLines) throws java.io.IOException
headerLines
- Extra header lines to be prepended to the actual identification string - ignored if
null
/emptyIoWriteFuture
that can be used to be notified of identification data being written
successfully or failingjava.io.IOException
- If failed to send identificationprotected void checkKeys()
AbstractSession
checkKeys
in class AbstractSession
protected boolean handleServiceRequest(java.lang.String serviceName, Buffer buffer) throws java.lang.Exception
handleServiceRequest
in class AbstractSession
java.lang.Exception
public void startService(java.lang.String name, Buffer buffer) throws java.lang.Exception
startService
in interface Session
name
- Service namebuffer
- Extra information provided when the service start request was receivedjava.lang.Exception
- If failed to start itpublic IoWriteFuture signalAuthenticationSuccess(java.lang.String username, java.lang.String authService, Buffer buffer) throws java.lang.Exception
ServerSession
SSH_MSG_USERAUTH_SUCCESS
message.signalAuthenticationSuccess
in interface ServerSession
username
- The authenticated usernameauthService
- The service to startbuffer
- Any extra data received to use to start the serviceIoWriteFuture
that can be used to wait for the SSH_MSG_USERAUTH_SUCCESS
message send resultjava.lang.Exception
- if cannot handle the requestprotected void handleServiceAccept(java.lang.String serviceName, Buffer buffer) throws java.lang.Exception
handleServiceAccept
in class AbstractSession
java.lang.Exception
protected byte[] sendKexInit(java.util.Map<KexProposalOption,java.lang.String> proposal) throws java.io.IOException
AbstractSession
sendKexInit
in class AbstractSession
proposal
- our proposal for key exchange negotiationjava.io.IOException
- if an error occurred sending the packetprotected void setKexSeed(byte... seed)
setKexSeed
in class AbstractSession
seed
- The result of the KEXINIT handshake - required for correct session key establishmentprotected java.lang.String resolveAvailableSignaturesProposal(FactoryManager proposedManager) throws java.io.IOException, java.security.GeneralSecurityException
resolveAvailableSignaturesProposal
in class AbstractSession
proposedManager
- The FactoryManager
null
/empty if no proposaljava.io.IOException
- If failed to read/parse the keys datajava.security.GeneralSecurityException
- If failed to generate the keysprotected java.lang.String resolveEmptySignaturesProposal(java.lang.Iterable<java.lang.String> supported, java.lang.Iterable<java.lang.String> provided)
resolveAvailableSignaturesProposal(FactoryManager)
if none of the provided keys is supported -
last chance for the derived implementation to do somethingsupported
- The supported key types - may be null
/emptyprovided
- The available signature types - may be null
/emptynull
by defaultprotected boolean readIdentification(Buffer buffer) throws java.lang.Exception
AbstractSession
SessionHelper.doReadIdentification(Buffer, boolean)
and store the result in the needed property.readIdentification
in class AbstractSession
buffer
- The Buffer
containing the remote identificationtrue
if the identification has been fully read or false
if more data
is neededjava.lang.Exception
- if an error occurs such as a bad protocol version or unsuccessful KEX was involvedprotected void receiveKexInit(java.util.Map<KexProposalOption,java.lang.String> proposal, byte[] seed) throws java.io.IOException
receiveKexInit
in class AbstractSession
java.io.IOException
public java.security.KeyPair getHostKey()
getHostKey
in interface ServerSession
KeyPair
representing the current session's used keys on KEX - null
if not negotiated
yetpublic int getActiveSessionCountForUser(java.lang.String userName)
ServerSession
getActiveSessionCountForUser
in interface ServerSession
userName
- The name of the user - ignored if null
/emptySshSession
objects associated with the userpublic long getId()
IoSession
id.protected ConnectionService getConnectionService()
getConnectionService
in class SessionHelper