[apacheGH-445] Added StrictKexTest

Author: Lyor Goldstein

CHANGES.md

@@ -38,7 +38,7 @@
 
 ### [GH-445 - Terrapin attack mitigation](https://github.com/apache/mina-sshd/issues/429)
 
-There is a **new** `CoreModuleProperties` property that controls the mitigation for the [Terrapin attach](https://terrapin-attack.com/) via what is known as
+There is a **new** `CoreModuleProperties` property that controls the mitigation for the [Terrapin attack](https://terrapin-attack.com/) via what is known as
 "strict-KEX" (see [OpenSSH PROTOCOL - 1.9 transport: strict key exchange extension](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL)).
 It is **disabled** by default due to its experimental nature and possible interoperability issues, so users who wish to use this feature must turn it on *explicitly*.
 
@@ -56,7 +56,18 @@ Provide (read-only) public access to internal session state values related to KE
 * *getSessionKexDetails*
 * *getSessionCountersDetails*
 
+### Added `SessionListener#sessionPeerIdentificationSent` callback
+
+Invoked after successful or failed attempt to send client/server identification to peer. The callback provides the failure error if such occurred.
+
 ## Potential compatibility issues
 
+### Added finite wait time for default implementation of `ClientSession#executeRemoteCommand`
+
+* `CoreModuleProperties#EXEC_CHANNEL_OPEN_TIMEOUT` - default = 30 seconds.
+* `CoreModuleProperties#EXEC_CHANNEL_CMD_TIMEOUT` - default = 30 seconds.
+
+This may cause failures for code that was running long execution commands using the default method implementations.
+
 ## Major Code Re-factoring
 

docs/standards.md

@@ -1,6 +1,7 @@
 # Supported standards
 
 ## Reference implementation documentation
+
 * [RFC 4251 - The Secure Shell (SSH) Protocol Architecture](https://tools.ietf.org/html/rfc4251)
 * [RFC 4252 - The Secure Shell (SSH) Authentication Protocol](https://tools.ietf.org/html/rfc4252)
 * [RFC 4253 - The Secure Shell (SSH) Transport Layer Protocol](https://tools.ietf.org/html/rfc4253)
@@ -31,10 +32,26 @@
 * [Key Exchange (KEX) Method Updates and Recommendations for Secure Shell](https://tools.ietf.org/html/draft-ietf-curdle-ssh-kex-sha2-03)
 
 ## *OpenSSH*
+
 * [OpenSSH support for U2F/FIDO security keys](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.u2f)
     * **Note:** the server side supports these keys by default. The client side requires specific initialization
 * [OpenSSH public-key certificate authentication system for use by SSH](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys)
 * [OpenSSH 1.9 transport: strict key exchange extension](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL)
+* [(Some) OpenSSH SFTP extensions](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL)
+
+**Note:** some implementations may be limited to client-side - i.e., we provide a capability for the client to detect if the server
+supports the extension and then use it, but our server does not publish it as being supported.
+
+| Section | Extension                  | Client | Server |
+| ------- | -------------------------- | ------ | ------ |
+| 4.3     | `[email protected]` | Yes    | Yes    |
+| 4.4     | `[email protected]`      | Yes    | Yes    |
+| 4.4     | `[email protected]`     | Yes    | Yes    |
+| 4.5     | `[email protected]`     | Yes    | Yes    |
+| 4.6     | `[email protected]`        | Yes    | Yes    |
+| 4.7     | `[email protected]`     | Yes    | Yes    |
+| 4.8     | `[email protected]`       | Yes    | Yes    |
+| 4.10    | `copy-data`                | Yes    | Yes    |
 
 ## SFTP version 3-6 + extensions
 
@@ -49,7 +66,6 @@
 * `copy-file`, `copy-data` - [DRAFT 00 - sections 6, 7](https://tools.ietf.org/id/draft-ietf-secsh-filexfer-extensions-00.txt)
 * `space-available` - [DRAFT 09 - section 9.2](https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-09#section-9.2)
 * `filename-charset`, `filename-translation-control` - [DRAFT 13 - section 6](https://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-6) - only client side
-* Several [OpenSSH SFTP extensions](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL)
 
 ## Miscellaneous
 

sshd-checkstyle-suppressions.xml

@@ -6,6 +6,6 @@
 <suppressions>
     <suppress files="[\\/]*\.txt" checks="[a-zA-Z0-9]*"/>
     <suppress files="[\\/]*\.properties" checks="[a-zA-Z0-9]*"/>
-    <!-- Imported file that we want to keep as-is -->
+		<!-- Imported file that we want to keep as-is -->
     <suppress files="[\\/]*BCrypt.java" checks="[a-zA-Z0-9]*"/>
 </suppressions>

sshd-common/src/test/java/org/apache/sshd/util/test/JUnitTestSupport.java

@@ -703,7 +703,7 @@ public static void outputDebugMessage(String format, Object o) {
 
     public static void outputDebugMessage(String format, Object... args) {
         if (OUTPUT_DEBUG_MESSAGES) {
-            outputDebugMessage(String.format(format, args));
+            outputDebugMessage(GenericUtils.isEmpty(args) ? format : String.format(format, args));
         }
     }
 
@@ -713,6 +713,24 @@ public static void outputDebugMessage(Object message) {
         }
     }
 
+    public static void failWithWrittenErrorMessage(String format, Object... args) {
+        failWithWrittenErrorMessage(GenericUtils.isEmpty(args) ? format : String.format(format, args));
+    }
+
+    public static void failWithWrittenErrorMessage(Object message) {
+        writeErrorMessage(message);
+        fail(Objects.toString(message));
+    }
+
+    public static void writeErrorMessage(String format, Object... args) {
+        writeErrorMessage(GenericUtils.isEmpty(args) ? format : String.format(format, args));
+    }
+
+    public static void writeErrorMessage(Object message) {
+        System.err.append("===[ERROR]=== ").println(message);
+        System.err.flush();
+    }
+
     /* ---------------------------------------------------------------------------- */
 
     public static void replaceJULLoggers() {

sshd-core/src/main/java/org/apache/sshd/client/session/ClientSession.java

@@ -59,6 +59,7 @@
 import org.apache.sshd.common.util.io.output.NoCloseOutputStream;
 import org.apache.sshd.common.util.io.output.NullOutputStream;
 import org.apache.sshd.common.util.net.SshdSocketAddress;
+import org.apache.sshd.core.CoreModuleProperties;
 
 /**
  * <P>
@@ -304,10 +305,12 @@ default void executeRemoteCommand(
              ClientChannel channel = createExecChannel(command)) {
             channel.setOut(channelOut);
             channel.setErr(channelErr);
-            channel.open().await(); // TODO use verify and a configurable timeout
 
-            // TODO use a configurable timeout
-            Collection<ClientChannelEvent> waitMask = channel.waitFor(REMOTE_COMMAND_WAIT_EVENTS, 0L);
+            Duration openTimeout = CoreModuleProperties.EXEC_CHANNEL_OPEN_TIMEOUT.getRequired(channel);
+            channel.open().verify(openTimeout);
+
+            Duration execTimeout = CoreModuleProperties.EXEC_CHANNEL_CMD_TIMEOUT.getRequired(channel);
+            Collection<ClientChannelEvent> waitMask = channel.waitFor(REMOTE_COMMAND_WAIT_EVENTS, execTimeout);
             if (waitMask.contains(ClientChannelEvent.TIMEOUT)) {
                 throw new SocketTimeoutException("Failed to retrieve command result in time: " + command);
             }

sshd-core/src/main/java/org/apache/sshd/client/session/ClientSessionImpl.java

@@ -74,6 +74,7 @@ public class ClientSessionImpl extends AbstractClientSession {
 
     public ClientSessionImpl(ClientFactoryManager client, IoSession ioSession) throws Exception {
         super(client, ioSession);
+
         if (log.isDebugEnabled()) {
             log.debug("Client session created: {}", ioSession);
         }

sshd-core/src/main/java/org/apache/sshd/common/session/SessionListener.java

@@ -103,6 +103,22 @@ default void sessionPeerIdentificationLine(
         // ignored
     }
 
+    /**
+     * Identification sent to peer
+     *
+     * @param session    The {@link Session} instance
+     * @param version    The resolved identification version
+     * @param extraLines Extra data preceding the identification to be sent. <B>Note:</B> the list is modifiable only if
+     *                   this is a server session. The user may modify it based on the peer.
+     * @param error      {@code null} if sending was successful
+     * @see              <A HREF="https://tools.ietf.org/html/rfc4253#section-4.2">RFC 4253 - section 4.2 - Protocol
+     *                   Version Exchange</A>
+     */
+    default void sessionPeerIdentificationSent(
+            Session session, String version, List<String> extraLines, Throwable error) {
+        // ignored
+    }
+
     /**
      * The peer's identification version was received
      *

sshd-core/src/main/java/org/apache/sshd/common/session/helpers/AbstractSession.java

@@ -113,7 +113,7 @@
  *
  * @author <a href="mailto:[email protected]">Apache MINA SSHD Project</a>
  */
-@SuppressWarnings("checkstyle:MethodCount")
+@SuppressWarnings("checkstyle:MethodCount") // Number of methods exceeds max. allowed
 public abstract class AbstractSession extends SessionHelper {
     /**
      * Name of the property where this session is stored in the attributes of the underlying MINA session. See
@@ -601,7 +601,8 @@ protected void doHandleMessage(Buffer buffer) throws Exception {
                 && CoreModuleProperties.USE_STRICT_KEX.getRequired(this)
                 && (cmd != SshConstants.SSH_MSG_KEXINIT)) {
             log.error("doHandleMessage({}) invalid 1st message: {}", this, SshConstants.getCommandMessageName(cmd));
-            throw new SshException(SshConstants.SSH2_DISCONNECT_PROTOCOL_ERROR, "Strict KEX Error");
+            disconnect(SshConstants.SSH2_DISCONNECT_PROTOCOL_ERROR, "Strict KEX Error");
+            return;
         }
 
         if (log.isDebugEnabled()) {

sshd-core/src/main/java/org/apache/sshd/common/session/helpers/SessionHelper.java

@@ -49,6 +49,7 @@
 import org.apache.sshd.common.channel.throttle.ChannelStreamWriterResolverManager;
 import org.apache.sshd.common.digest.Digest;
 import org.apache.sshd.common.forward.Forwarder;
+import org.apache.sshd.common.future.SshFutureListener;
 import org.apache.sshd.common.io.IoSession;
 import org.apache.sshd.common.io.IoWriteFuture;
 import org.apache.sshd.common.kex.AbstractKexFactoryManager;
@@ -77,6 +78,7 @@
 /**
  * Contains split code in order to make {@link AbstractSession} class smaller
  */
+@SuppressWarnings("checkstyle:MethodCount") // Number of methods exceeds max. allowed
 public abstract class SessionHelper extends AbstractKexFactoryManager implements Session {
 
     // Session timeout measurements
@@ -628,6 +630,31 @@ protected void signalSendIdentification(SessionListener listener, String version
         listener.sessionPeerIdentificationSend(this, version, extraLines);
     }
 
+    protected void signalIdentificationSent(String version, List<String> extraLines, Throwable error) throws Exception {
+        try {
+            invokeSessionSignaller(l -> {
+                signalIdentificationSent(l, version, extraLines, error);
+                return null;
+            });
+        } catch (Throwable err) {
+            Throwable e = ExceptionUtils.peelException(err);
+            if (e instanceof Exception) {
+                throw (Exception) e;
+            } else {
+                throw new RuntimeSshException(e);
+            }
+        }
+    }
+
+    protected void signalIdentificationSent(
+            SessionListener listener, String version, List<String> extraLines, Throwable err) throws Exception {
+        if (listener == null) {
+            return;
+        }
+
+        listener.sessionPeerIdentificationSent(this, version, extraLines, err);
+    }
+
     protected void signalReadPeerIdentificationLine(String line, List<String> extraLines) throws Exception {
         try {
             invokeSessionSignaller(l -> {
@@ -833,28 +860,45 @@ protected IoWriteFuture sendIdentification(String version, List<String> extraLin
         ReservedSessionMessagesHandler handler = getReservedSessionMessagesHandler();
         IoWriteFuture future = (handler == null) ? null : handler.sendIdentification(this, version, extraLines);
         boolean debugEnabled = log.isDebugEnabled();
-        if (future != null) {
+        if (future == null) {
+            String ident = version;
+            if (GenericUtils.size(extraLines) > 0) {
+                ident = GenericUtils.join(extraLines, "\r\n") + "\r\n" + version;
+            }
+
+            if (debugEnabled) {
+                log.debug("sendIdentification({}): {}",
+                        this, ident.replace('\r', '|').replace('\n', '|'));
+            }
+
+            IoSession networkSession = getIoSession();
+            byte[] data = (ident + "\r\n").getBytes(StandardCharsets.UTF_8);
+            future = networkSession.writeBuffer(new ByteArrayBuffer(data));
+        } else {
             if (debugEnabled) {
                 log.debug("sendIdentification({})[{}] sent {} lines via reserved handler",
                         this, version, GenericUtils.size(extraLines));
             }
-
-            return future;
         }
 
-        String ident = version;
-        if (GenericUtils.size(extraLines) > 0) {
-            ident = GenericUtils.join(extraLines, "\r\n") + "\r\n" + version;
-        }
+        future.addListener(new SshFutureListener<IoWriteFuture>() {
+            @Override
+            public void operationComplete(IoWriteFuture future) {
+                try {
+                    signalIdentificationSent(version, extraLines, future.getException());
+                } catch (Throwable err) {
+                    Throwable e = ExceptionUtils.peelException(err);
+                    if (e instanceof RuntimeException) {
+                        throw (RuntimeException) e;
+                    } else {
+                        throw new RuntimeSshException(e);
+                    }
 
-        if (debugEnabled) {
-            log.debug("sendIdentification({}): {}",
-                    this, ident.replace('\r', '|').replace('\n', '|'));
-        }
+                }
+            }
+        });
 
-        IoSession networkSession = getIoSession();
-        byte[] data = (ident + "\r\n").getBytes(StandardCharsets.UTF_8);
-        return networkSession.writeBuffer(new ByteArrayBuffer(data));
+        return future;
     }
 
     /**

sshd-core/src/main/java/org/apache/sshd/core/CoreModuleProperties.java

@@ -61,6 +61,21 @@ public final class CoreModuleProperties {
     public static final Property<Duration> CHANNEL_OPEN_TIMEOUT
             = Property.duration("ssh-agent-server-channel-open-timeout", Duration.ofSeconds(30));
 
+    /**
+     * Value that can be set on the {@link org.apache.sshd.common.FactoryManager} the session or the channel to
+     * configure the channel open timeout value (millis) for executing a remote command using default implementation.
+     */
+    public static final Property<Duration> EXEC_CHANNEL_OPEN_TIMEOUT
+            = Property.duration("ssh-exec-channel-open-timeout", Duration.ofSeconds(30));
+
+    /**
+     * Value that can be set on the {@link org.apache.sshd.common.FactoryManager} the session or the channel to
+     * configure the channel command execution timeout value (millis) for executing a remote command using default
+     * implementation. By default it waits <U>forever</U> for the command execution to complete.
+     */
+    public static final Property<Duration> EXEC_CHANNEL_CMD_TIMEOUT
+            = Property.duration("ssh-exec-channel-cmd-timeout", Duration.ofSeconds(0));
+
     /**
      * Value used to configure the type of proxy forwarding channel to be used. See also
      * https://tools.ietf.org/html/draft-ietf-secsh-agent-02

sshd-core/src/test/java/org/apache/sshd/client/ClientTest.java

@@ -1510,7 +1510,6 @@ public void testKeyboardInteractiveInSessionUserInteractiveFailure() throws Exce
         CoreModuleProperties.PASSWORD_PROMPTS.set(client, maxPrompts);
         AtomicInteger numberOfRequests = new AtomicInteger();
         UserAuthKeyboardInteractiveFactory auth = new UserAuthKeyboardInteractiveFactory() {
-
             @Override
             public UserAuthKeyboardInteractive createUserAuth(ClientSession session) throws IOException {
                 return new UserAuthKeyboardInteractive() {