001/*
002 * Copyright (C) 2012 eXo Platform SAS.
003 *
004 * This is free software; you can redistribute it and/or modify it
005 * under the terms of the GNU Lesser General Public License as
006 * published by the Free Software Foundation; either version 2.1 of
007 * the License, or (at your option) any later version.
008 *
009 * This software is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * You should have received a copy of the GNU Lesser General Public
015 * License along with this software; if not, write to the Free
016 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
017 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
018 */
019package org.crsh.ssh.term;
020
021import org.apache.sshd.SshServer;
022import org.apache.sshd.common.KeyPairProvider;
023import org.apache.sshd.common.NamedFactory;
024import org.apache.sshd.common.Session;
025import org.apache.sshd.server.Command;
026import org.apache.sshd.server.PasswordAuthenticator;
027import org.apache.sshd.server.PublickeyAuthenticator;
028import org.apache.sshd.server.ServerFactoryManager;
029import org.apache.sshd.server.session.ServerSession;
030import org.crsh.plugin.PluginContext;
031import org.crsh.auth.AuthenticationPlugin;
032import org.crsh.shell.ShellFactory;
033import org.crsh.ssh.term.scp.SCPCommandFactory;
034import org.crsh.ssh.term.subsystem.SubsystemFactoryPlugin;
035
036import java.nio.charset.Charset;
037import java.security.PublicKey;
038import java.util.ArrayList;
039import java.util.logging.Level;
040import java.util.logging.Logger;
041
042/**
043 * Interesting stuff here : http://gerrit.googlecode.com/git-history/4b9e5e7fb9380cfadd28d7ffe3dc496dc06f5892/gerrit-sshd/src/main/java/com/google/gerrit/sshd/DatabasePubKeyAuth.java
044 */
045public class SSHLifeCycle {
046
047  /** . */
048  public static final Session.AttributeKey<String> USERNAME = new Session.AttributeKey<java.lang.String>();
049
050  /** . */
051  public static final Session.AttributeKey<String> PASSWORD = new Session.AttributeKey<java.lang.String>();
052
053  /** . */
054  private final Logger log = Logger.getLogger(SSHLifeCycle.class.getName());
055
056  /** . */
057  private final PluginContext context;
058
059  /** . */
060  private final int port;
061
062  /** . */
063  private final int idleTimeout;
064
065  /** . */
066  private final int authTimeout;
067
068  /** . */
069  private final Charset encoding;
070
071  /** . */
072  private final KeyPairProvider keyPairProvider;
073
074  /** . */
075  private final ArrayList<AuthenticationPlugin> authenticationPlugins;
076
077  /** . */
078  private SshServer server;
079
080  /** . */
081  private Integer localPort;
082
083  public SSHLifeCycle(
084      PluginContext context,
085      Charset encoding,
086      int port,
087      int idleTimeout,
088      int authTimeout,
089      KeyPairProvider keyPairProvider,
090      ArrayList<AuthenticationPlugin> authenticationPlugins) {
091    this.authenticationPlugins = authenticationPlugins;
092    this.context = context;
093    this.encoding = encoding;
094    this.port = port;
095    this.idleTimeout = idleTimeout;
096    this.authTimeout = authTimeout;
097    this.keyPairProvider = keyPairProvider;
098  }
099
100  public Charset getEncoding() {
101    return encoding;
102  }
103
104  public int getPort() {
105    return port;
106  }
107
108  public int getIdleTimeout() {
109    return idleTimeout;
110  }
111
112  public int getAuthTimeout() {
113    return authTimeout;
114  }
115
116
117  /**
118   * Returns the local part after the ssh server has been succesfully bound or null. This is useful when
119   * the port is chosen at random by the system.
120   *
121   * @return the local port
122   */
123  public Integer getLocalPort() {
124          return localPort;
125  }
126  
127  public KeyPairProvider getKeyPairProvider() {
128    return keyPairProvider;
129  }
130
131  public void init() {
132    try {
133      ShellFactory factory = context.getPlugin(ShellFactory.class);
134
135      //
136      SshServer server = SshServer.setUpDefaultServer();
137      server.setPort(port);
138
139      if (this.idleTimeout > 0) {
140        server.getProperties().put(ServerFactoryManager.IDLE_TIMEOUT, String.valueOf(this.idleTimeout));
141      }
142      if (this.authTimeout > 0) {
143        server.getProperties().put(ServerFactoryManager.AUTH_TIMEOUT, String.valueOf(this.authTimeout));
144      }
145
146      server.setShellFactory(new CRaSHCommandFactory(factory, encoding));
147      server.setCommandFactory(new SCPCommandFactory(context));
148      server.setKeyPairProvider(keyPairProvider);
149
150      //
151      ArrayList<NamedFactory<Command>> namedFactoryList = new ArrayList<NamedFactory<Command>>(0);
152      for (SubsystemFactoryPlugin plugin : context.getPlugins(SubsystemFactoryPlugin.class)) {
153        namedFactoryList.add(plugin.getFactory());
154      }
155      server.setSubsystemFactories(namedFactoryList);
156
157      //
158      for (AuthenticationPlugin authenticationPlugin : authenticationPlugins) {
159        if (server.getPasswordAuthenticator() == null && authenticationPlugin.getCredentialType().equals(String.class)) {
160          server.setPasswordAuthenticator(new PasswordAuthenticator() {
161            public boolean authenticate(String _username, String _password, ServerSession session) {
162              if (genericAuthenticate(String.class, _username, _password)) {
163                // We store username and password in session for later reuse
164                session.setAttribute(USERNAME, _username);
165                session.setAttribute(PASSWORD, _password);
166                return true;
167              } else {
168                return false;
169              }
170            }
171          });
172        }
173
174        if (server.getPublickeyAuthenticator() == null && authenticationPlugin.getCredentialType().equals(PublicKey.class)) {
175          server.setPublickeyAuthenticator(new PublickeyAuthenticator() {
176            public boolean authenticate(String username, PublicKey key, ServerSession session) {
177              return genericAuthenticate(PublicKey.class, username, key);
178            }
179          });
180        }
181      }
182
183      //
184      log.log(Level.INFO, "About to start CRaSSHD");
185      server.start();
186      localPort = server.getPort();
187      log.log(Level.INFO, "CRaSSHD started on port " + localPort);
188
189      //
190      this.server = server;
191    }
192    catch (Throwable e) {
193      log.log(Level.SEVERE, "Could not start CRaSSHD", e);
194    }
195  }
196
197  public void destroy() {
198    if (server != null) {
199      try {
200        server.stop();
201      }
202      catch (InterruptedException e) {
203        log.log(Level.FINE, "Got an interruption when stopping server", e);
204      }
205    }
206  }
207
208  private <T> boolean genericAuthenticate(Class<T> type, String username, T credential) {
209    for (AuthenticationPlugin authenticationPlugin : authenticationPlugins) {
210      if (authenticationPlugin.getCredentialType().equals(type)) {
211        try {
212          log.log(Level.FINE, "Using authentication plugin " + authenticationPlugin + " to authenticate user " + username);
213          @SuppressWarnings("unchecked")
214          AuthenticationPlugin<T> authPlugin = (AuthenticationPlugin<T>) authenticationPlugin;
215          if (authPlugin.authenticate(username, credential)) {
216            return true;
217          }
218        } catch (Exception e) {
219          log.log(Level.SEVERE, "Exception authenticating user " + username + " in authentication plugin: " + authenticationPlugin, e);
220        }
221      }
222    }
223
224    return false;
225  }
226}