[SSHD-1283] Added configuration property to control whether ScpShell …

…is enabled
onyas · Aug 17, 2022 · 9a541c1 · 9a541c1
1 parent a60d3fa
commit 9a541c1
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 6 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -18,10 +18,20 @@
 
 # Planned for next version
 
-## Bug fixes
+# Bug fixes
 
 * [SSHD-1281](https://issues.apache.org/jira/browse/SSHD-1281) ClientSession.auth().verify() is terminated with timeout
 * [SSHD-1285](https://issues.apache.org/jira/browse/SSHD-1285) 2.9.0 release broken on Java 8
 * [SSHD-1288](https://issues.apache.org/jira/browse/SSHD-1288) SFTP: fix reading files that are being written
 * [SSHD-1289](https://issues.apache.org/jira/browse/SSHD-1289) Deadlock during session exit
 * [SSHD-1290](https://issues.apache.org/jira/browse/SSHD-1290) Better logging in ChannelAsyncOutputStream
+
+## Major code re-factoring
+
+## Potential compatibility issues
+
+## Minor code helpers
+
+## Behavioral changes and enhancements
+
+* [SSHD-1283](https://issues.apache.org/jira/browse/SSHD-1283) Added configuration property to control whether *ScpShell* is enabled (default=true).
diff --git a/docs/changes/2.9.0.md b/docs/changes/2.9.0.md
@@ -74,8 +74,6 @@ There are several exceptions to this rule:
 
 Was originally in *HostConfigEntry*.
 
-## Minor code helpers
-
 ## Behavioral changes and enhancements
 
 * [SSHD-966](https://issues.apache.org/jira/browse/SSHD-966) Deadlock on disconnection at the end of key-exchange

diff --git a/docs/scp.md b/docs/scp.md
@@ -202,7 +202,9 @@ sshd.setShellFactory(factory);
 
 ```
 
-**Note:** a similar result can be achieved if activating SSHD from the command line by specifying `-o ShellFactory=scp`
+**Note:** a similar result can be achieved if activating SSHD from the command line by specifying `-o ShellFactory=scp`. In any case, even if the
+shell is configured, it can be enabled/disabled via setting the `scp-enable-scp-shell` property to the desired value (default=*true*) - on the server,
+the session or even the specific channel (as with any other property). This way, one can control the shell's availability per-session.
 
 ### Text encoding/decoding
 

diff --git a/sshd-scp/src/main/java/org/apache/sshd/scp/ScpModuleProperties.java b/sshd-scp/src/main/java/org/apache/sshd/scp/ScpModuleProperties.java
@@ -66,6 +66,15 @@ public final class ScpModuleProperties {
  public static final Property<Boolean> PROP_AUTO_SYNC_FILE_ON_WRITE
  = Property.bool("scp-auto-sync-on-write", true);
 
+ /**
+ * Whether to provide an {@code ScpShell} instance if <I>WinSCP</I> client detected or at all
+ *
+ * @see <A HREF="https://issues.apache.org/jira/browse/SSHD-1009">SSHD-1009</A>
+ * @see <A HREF="https://issues.apache.org/jira/browse/SSHD-1283">SSHD-1283</A>
+ */
+ public static final Property<Boolean> ENABLE_SCP_SHELL
+ = Property.bool("scp-enable-scp-shell", true);
+
  /**
  * Used to indicate the {@link Charset} (or its name) for encoding returned textual responses from the
  * {@code ScpShell} - extracted from the channel session when shell initialized.

diff --git a/sshd-scp/src/main/java/org/apache/sshd/scp/server/ScpCommandFactory.java b/sshd-scp/src/main/java/org/apache/sshd/scp/server/ScpCommandFactory.java
@@ -29,6 +29,7 @@
 import org.apache.sshd.common.util.ObjectBuilder;
 import org.apache.sshd.common.util.threads.CloseableExecutorService;
 import org.apache.sshd.common.util.threads.ManagedExecutorServiceSupplier;
+import org.apache.sshd.scp.ScpModuleProperties;
 import org.apache.sshd.scp.common.ScpFileOpener;
 import org.apache.sshd.scp.common.ScpFileOpenerHolder;
 import org.apache.sshd.scp.common.ScpHelper;
@@ -251,8 +252,8 @@ public void setDelegateShellFactory(ShellFactory delegateShellFactory) {
  public ShellFactory selectShellFactory(ChannelSession channelSession) throws IOException {
  SessionContext session = channelSession.getSessionContext();
  String clientVersion = session.getClientVersion();
- // SSHD-1009
- if (clientVersion.contains("WinSCP")) {
+ // SSHD-1009 + SSHD-1283
+ if (ScpModuleProperties.ENABLE_SCP_SHELL.getRequired(channelSession) && clientVersion.contains("WinSCP")) {
  return this;
  }
 
@@ -263,6 +264,10 @@ public ShellFactory selectShellFactory(ChannelSession channelSession) throws IOE
  public Command createShell(ChannelSession channel) throws IOException {
  ShellFactory factory = selectShellFactory(channel);
  if ((factory == this) || (factory == null)) {
+ if (!ScpModuleProperties.ENABLE_SCP_SHELL.getRequired(channel)) {
+ throw new IOException("SCP shell is disabled");
+ }
+
  return new ScpShell(
  channel,
  resolveExecutorService(),