[SSHD-892] Inform user about possible session disconnect prior to disconnecting and...
authorLyor Goldstein <lgoldstein@apache.org>
Sun, 10 Feb 2019 14:28:39 +0000 (16:28 +0200)
committerLyor Goldstein <lgoldstein@apache.org>
Tue, 12 Feb 2019 08:17:19 +0000 (10:17 +0200)
14 files changed:
CHANGES.md
docs/event-listeners.md
sshd-core/src/main/java/org/apache/sshd/client/session/AbstractClientSession.java
sshd-core/src/main/java/org/apache/sshd/common/FactoryManager.java
sshd-core/src/main/java/org/apache/sshd/common/helpers/AbstractFactoryManager.java
sshd-core/src/main/java/org/apache/sshd/common/session/Session.java
sshd-core/src/main/java/org/apache/sshd/common/session/SessionDisconnectHandler.java [new file with mode: 0644]
sshd-core/src/main/java/org/apache/sshd/common/session/SessionDisconnectHandlerManager.java [new file with mode: 0644]
sshd-core/src/main/java/org/apache/sshd/common/session/helpers/AbstractSession.java
sshd-core/src/main/java/org/apache/sshd/common/session/helpers/SessionHelper.java
sshd-core/src/main/java/org/apache/sshd/server/session/AbstractServerSession.java
sshd-core/src/main/java/org/apache/sshd/server/session/ServerUserAuthService.java
sshd-core/src/test/java/org/apache/sshd/common/session/helpers/AbstractSessionTest.java
sshd-core/src/test/java/org/apache/sshd/server/ServerTest.java

index 739b760..3ae98eb 100644 (file)
@@ -7,7 +7,13 @@
 * The `ChannelSession` provides a mechanism for supporting non-standard extended data (a.k.a. STDERR data)
 in a similar manner as the "regular" data. Please read the relevant section in the main documentation page.
 
+* The user can use a registered `SessionDisconnectHandler` in order be informed and also intervene in cases
+where the code decides to disconnect the session due to various protocol or configuration parameters violations.
+
 ## Behavioral changes and enhancements
 
 * [SSHD-882](https://issues.apache.org/jira/browse/SSHD-882) - Provide hooks to allow users to register a consumer
 for STDERR data sent via the `ChannelSession` - especially for the SFTP subsystem.
+
+* [SSHD=892](https://issues.apache.org/jira/browse/SSHD-882) - Inform user about possible session disconnect prior
+to disconnecting and allow intervention via `SessionDisconnectHandler`.
index 5436763..3b9beef 100644 (file)
@@ -158,6 +158,15 @@ message received in the session as well.
 rather than being accumulated. However, one can use the `EventListenerUtils` and create a cumulative listener - see how
 `SessionListener` or `ChannelListener` proxies were implemented.
 
+### `SessionDisconnectHandler`
+
+This handler can be registered in order to monitor session disconnect initiated by the internal code due to various
+protocol requirements - e.g., unknown service, idle timeout, etc.. In many cases the implementor can intervene and
+cancel the disconnect by handling the problem somehow and then signaling to the code that there is no longer any need
+to disconnect. The handler can be registered globally at the `SshClient/Server` instance or per-session (via a `SessionListener`).
+
+**NOTE:** this handler is non-cumulative - i.e., setting it replaces any existing previous handler instance.
+
 ### `SignalListener`
 
 Informs about signal requests as described in [RFC 4254 - section 6.9](https://tools.ietf.org/html/rfc4254#section-6.9), break requests
index 57485ad..aebdd2c 100644 (file)
@@ -61,6 +61,7 @@ import org.apache.sshd.common.kex.KexState;
 import org.apache.sshd.common.keyprovider.KeyIdentityProvider;
 import org.apache.sshd.common.session.ConnectionService;
 import org.apache.sshd.common.session.SessionContext;
+import org.apache.sshd.common.session.SessionDisconnectHandler;
 import org.apache.sshd.common.session.helpers.AbstractConnectionService;
 import org.apache.sshd.common.session.helpers.AbstractSession;
 import org.apache.sshd.common.util.GenericUtils;
@@ -373,7 +374,16 @@ public abstract class AbstractClientSession extends AbstractSession implements C
     }
 
     @Override
-    public void startService(String name) throws Exception {
+    public void startService(String name, Buffer buffer) throws Exception {
+        SessionDisconnectHandler handler = getSessionDisconnectHandler();
+        if ((handler != null)
+                && handler.handleUnsupportedServiceDisconnectReason(this, SshConstants.SSH_MSG_SERVICE_REQUEST, name, buffer)) {
+            if (log.isDebugEnabled()) {
+                log.debug("startService({}) ignore unknown service={} by handler", this, name);
+            }
+            return;
+        }
+
         throw new IllegalStateException("Starting services is not supported on the client side: " + name);
     }
 
index e9fa80e..d6bb13e 100644 (file)
@@ -37,6 +37,7 @@ import org.apache.sshd.common.kex.KexFactoryManager;
 import org.apache.sshd.common.random.Random;
 import org.apache.sshd.common.session.ConnectionService;
 import org.apache.sshd.common.session.ReservedSessionMessagesManager;
+import org.apache.sshd.common.session.SessionDisconnectHandlerManager;
 import org.apache.sshd.common.session.SessionListenerManager;
 import org.apache.sshd.common.session.UnknownChannelReferenceHandlerManager;
 import org.apache.sshd.server.forward.AgentForwardingFilter;
@@ -54,6 +55,7 @@ public interface FactoryManager
         extends KexFactoryManager,
                 SessionListenerManager,
                 ReservedSessionMessagesManager,
+                SessionDisconnectHandlerManager,
                 ChannelListenerManager,
                 ChannelStreamPacketWriterResolverManager,
                 UnknownChannelReferenceHandlerManager,
index 16c563f..6549572 100644 (file)
@@ -56,6 +56,7 @@ import org.apache.sshd.common.kex.AbstractKexFactoryManager;
 import org.apache.sshd.common.random.Random;
 import org.apache.sshd.common.session.ConnectionService;
 import org.apache.sshd.common.session.ReservedSessionMessagesHandler;
+import org.apache.sshd.common.session.SessionDisconnectHandler;
 import org.apache.sshd.common.session.SessionListener;
 import org.apache.sshd.common.session.UnknownChannelReferenceHandler;
 import org.apache.sshd.common.session.helpers.AbstractSessionFactory;
@@ -94,6 +95,7 @@ public abstract class AbstractFactoryManager extends AbstractKexFactoryManager i
     private final Map<AttributeRepository.AttributeKey<?>, Object> attributes = new ConcurrentHashMap<>();
     private PropertyResolver parentResolver = SyspropsMapWrapper.SYSPROPS_RESOLVER;
     private ReservedSessionMessagesHandler reservedSessionMessagesHandler;
+    private SessionDisconnectHandler sessionDisconnectHandler;
     private ChannelStreamPacketWriterResolver channelStreamPacketWriterResolver;
     private UnknownChannelReferenceHandler unknownChannelReferenceHandler;
     private IoServiceEventListener eventListener;
@@ -310,6 +312,16 @@ public abstract class AbstractFactoryManager extends AbstractKexFactoryManager i
     }
 
     @Override
+    public SessionDisconnectHandler getSessionDisconnectHandler() {
+        return sessionDisconnectHandler;
+    }
+
+    @Override
+    public void setSessionDisconnectHandler(SessionDisconnectHandler sessionDisconnectHandler) {
+        this.sessionDisconnectHandler = sessionDisconnectHandler;
+    }
+
+    @Override
     public ChannelStreamPacketWriterResolver getChannelStreamPacketWriterResolver() {
         return channelStreamPacketWriterResolver;
     }
index 90f2885..3c7f26e 100644 (file)
@@ -57,6 +57,7 @@ public interface Session
                 KexFactoryManager,
                 SessionListenerManager,
                 ReservedSessionMessagesManager,
+                SessionDisconnectHandlerManager,
                 ChannelListenerManager,
                 ChannelStreamPacketWriterResolverManager,
                 PortForwardingEventListenerManager,
@@ -304,9 +305,10 @@ public interface Session
 
     /**
      * @param name Service name
+     * @param buffer Extra information provided when the service start request was received
      * @throws Exception If failed to start it
      */
-    void startService(String name) throws Exception;
+    void startService(String name, Buffer buffer) throws Exception;
 
     @Override
     default <T> T resolveAttribute(AttributeRepository.AttributeKey<T> key) {
diff --git a/sshd-core/src/main/java/org/apache/sshd/common/session/SessionDisconnectHandler.java b/sshd-core/src/main/java/org/apache/sshd/common/session/SessionDisconnectHandler.java
new file mode 100644 (file)
index 0000000..d1e7dab
--- /dev/null
@@ -0,0 +1,132 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.sshd.common.session;
+
+import java.io.IOException;
+
+import org.apache.sshd.common.Service;
+import org.apache.sshd.common.session.Session.TimeoutStatus;
+import org.apache.sshd.common.util.buffer.Buffer;
+import org.apache.sshd.server.ServerFactoryManager;
+
+/**
+ * Invoked when the internal session code decides it should disconnect
+ * a session due to some consideration. Usually allows intervening in
+ * the decision and even canceling it.
+ *
+ * @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
+ */
+public interface SessionDisconnectHandler {
+    /**
+     * Invoked when an internal timeout has expired (e.g., authentication, idle).
+     *
+     * @param session The session whose timeout has expired
+     * @param timeoutStatus The expired timeout
+     * @return {@code true} if expired timeout should be reset (i.e., no disconnect).
+     * If {@code false} then session will disconnect due to the expired timeout
+     * @throws IOException If failed to handle the event
+     */
+    default boolean handleTimeoutDisconnectReason(
+            Session session, TimeoutStatus timeoutStatus)
+                throws IOException {
+        return false;
+    }
+
+    /**
+     * Called to inform that the maximum allowed concurrent sessions threshold
+     * has been exceeded. <B>Note:</B> when handler is invoked the session is
+     * not yet marked as having been authenticated, nor has the authentication
+     * success been acknowledged to the peer.
+     *
+     * @param session The session that caused the excess
+     * @param service The {@link Service} instance through which the request was received
+     * @param username The authenticated username that is associated with the session.
+     * @param currentSessionCount The current sessions count
+     * @param maxSessionCount The maximum allowed sessions count
+     * @return {@code true} if accept the exceeding session regardless of the
+     * threshold. If {@code false} then exceeding session will be disconnected
+     * @throws IOException If failed to handle the event, <B>Note:</B> choosing
+     * to ignore this disconnect reason does not reset the current concurrent sessions
+     * counter in any way - i.e., the handler will be re-invoked every time the
+     * threshold is exceeded.
+     * @see ServerFactoryManager#MAX_CONCURRENT_SESSIONS
+     */
+    default boolean handleSessionsCountDisconnectReason(
+            Session session, Service service, String username, int currentSessionCount, int maxSessionCount)
+                throws IOException {
+        return false;
+    }
+
+    /**
+     * Invoked when a request has been made related to an unknown SSH
+     * service as described in <A HREF="https://tools.ietf.org/html/rfc4253#section-10">RFC 4253 - section 10</A>.
+     *
+     * @param session The session through which the command was received
+     * @param cmd The service related command
+     * @param serviceName The service name
+     * @param buffer Any extra data received in the packet containing the request
+     * @return {@code true} if disregard the request (e.g., the handler handled it)
+     * @throws IOException If failed to handle the request
+     */
+    default boolean handleUnsupportedServiceDisconnectReason(
+            Session session, int cmd, String serviceName, Buffer buffer)
+                throws IOException {
+        return false;
+    }
+
+    /**
+     * Invoked if the number of authentication attempts exceeded the maximum allowed
+     *
+     * @param session The session being authenticated
+     * @param service The {@link Service} instance through which the request was received
+     * @param serviceName The authentication service name
+     * @param method The authentication method name
+     * @param user The authentication username
+     * @param currentAuthCount The authentication attempt count
+     * @param maxAuthCount The maximum allowed attempts
+     * @return {@code true} if OK to ignore the exceeded attempt count and
+     * allow more attempts. <B>Note:</B> choosing to ignore this disconnect reason does
+     * not reset the current count - i.e., it will be re-invoked on the next attempt.
+     * @throws IOException If failed to handle the event
+     */
+    default boolean handleAuthCountDisconnectReason(
+            Session session, Service service, String serviceName, String method, String user, int currentAuthCount, int maxAuthCount)
+                throws IOException {
+        return false;
+    }
+
+    /**
+     * Invoked if the authentication parameters changed in mid-authentication process.
+     *
+     * @param session The session being authenticated
+     * @param service The {@link Service} instance through which the request was received
+     * @param authUser The original username being authenticated
+     * @param username The requested username
+     * @param authService The original authentication service name
+     * @param serviceName The requested service name
+     * @return {@code true} if OK to ignore the change
+     * @throws IOException If failed to handle the event
+     */
+    default boolean handleAuthParamsDisconnectReason(
+            Session session, Service service, String authUser, String username, String authService, String serviceName)
+                throws IOException {
+        return false;
+    }
+}
diff --git a/sshd-core/src/main/java/org/apache/sshd/common/session/SessionDisconnectHandlerManager.java b/sshd-core/src/main/java/org/apache/sshd/common/session/SessionDisconnectHandlerManager.java
new file mode 100644 (file)
index 0000000..d75fee4
--- /dev/null
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.sshd.common.session;
+
+/**
+ * TODO Add javadoc
+ *
+ * @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
+ */
+public interface SessionDisconnectHandlerManager {
+    SessionDisconnectHandler getSessionDisconnectHandler();
+
+    void setSessionDisconnectHandler(SessionDisconnectHandler handler);
+}
index e582039..b949d6a 100644 (file)
@@ -483,7 +483,7 @@ public abstract class AbstractSession extends SessionHelper {
         validateKexState(SshConstants.SSH_MSG_SERVICE_REQUEST, KexState.DONE);
 
         try {
-            startService(serviceName);
+            startService(serviceName, buffer);
         } catch (Throwable e) {
             if (debugEnabled) {
                 log.debug("handleServiceRequest({}) Service {} rejected: {} = {}",
index b2f16dd..a996d6d 100644 (file)
@@ -61,6 +61,7 @@ import org.apache.sshd.common.session.ConnectionService;
 import org.apache.sshd.common.session.ReservedSessionMessagesHandler;
 import org.apache.sshd.common.session.Session;
 import org.apache.sshd.common.session.SessionContext;
+import org.apache.sshd.common.session.SessionDisconnectHandler;
 import org.apache.sshd.common.session.SessionListener;
 import org.apache.sshd.common.session.UnknownChannelReferenceHandler;
 import org.apache.sshd.common.util.GenericUtils;
@@ -99,6 +100,7 @@ public abstract class SessionHelper extends AbstractKexFactoryManager implements
     private final AtomicReference<TimeoutStatus> timeoutStatus = new AtomicReference<>(TimeoutStatus.NoTimeout);
 
     private ReservedSessionMessagesHandler reservedSessionMessagesHandler;
+    private SessionDisconnectHandler sessionDisconnectHandler;
     private UnknownChannelReferenceHandler unknownChannelReferenceHandler;
     private ChannelStreamPacketWriterResolver channelStreamPacketWriterResolver;
 
@@ -238,6 +240,25 @@ public abstract class SessionHelper extends AbstractKexFactoryManager implements
             return;
         }
 
+        SessionDisconnectHandler handler = getSessionDisconnectHandler();
+        if ((handler != null) && handler.handleTimeoutDisconnectReason(this, status)) {
+            if (log.isDebugEnabled()) {
+                log.debug("checkForTimeouts({}) cancel {} due to handler intervention", this, status);
+            }
+
+            switch(status) {
+                case AuthTimeout:
+                    resetAuthTimeout();
+                    break;
+                case IdleTimeout:
+                    resetIdleTimeout();
+                    break;
+
+                default:    // ignored
+            }
+            return;
+        }
+
         if (log.isDebugEnabled()) {
             log.debug("checkForTimeouts({}) disconnect - reason={}", this, status);
         }
@@ -330,6 +351,17 @@ public abstract class SessionHelper extends AbstractKexFactoryManager implements
         reservedSessionMessagesHandler = handler;
     }
 
+    @Override
+    public SessionDisconnectHandler getSessionDisconnectHandler() {
+        return resolveEffectiveProvider(SessionDisconnectHandler.class,
+            sessionDisconnectHandler, getFactoryManager().getSessionDisconnectHandler());
+    }
+
+    @Override
+    public void setSessionDisconnectHandler(SessionDisconnectHandler sessionDisconnectHandler) {
+        this.sessionDisconnectHandler = sessionDisconnectHandler;
+    }
+
     protected void handleIgnore(Buffer buffer) throws Exception {
         // malformed ignore message - ignore (even though we don't have to, but we can be tolerant in this case)
         if (!buffer.isValidMessageStructure(byte[].class)) {
index 2a5209c..523f16a 100644 (file)
@@ -46,6 +46,7 @@ import org.apache.sshd.common.kex.KexState;
 import org.apache.sshd.common.keyprovider.KeyPairProvider;
 import org.apache.sshd.common.session.ConnectionService;
 import org.apache.sshd.common.session.SessionContext;
+import org.apache.sshd.common.session.SessionDisconnectHandler;
 import org.apache.sshd.common.session.helpers.AbstractSession;
 import org.apache.sshd.common.util.GenericUtils;
 import org.apache.sshd.common.util.ValidateUtils;
@@ -227,7 +228,7 @@ public abstract class AbstractServerSession extends AbstractSession implements S
     }
 
     @Override
-    public void startService(String name) throws Exception {
+    public void startService(String name, Buffer buffer) throws Exception {
         FactoryManager factoryManager = getFactoryManager();
         currentService = ServiceFactory.create(
             factoryManager.getServiceFactories(),
@@ -240,6 +241,16 @@ public abstract class AbstractServerSession extends AbstractSession implements S
          *      appropriate SSH_MSG_DISCONNECT message and MUST disconnect.
          */
         if (currentService == null) {
+            SessionDisconnectHandler handler = getSessionDisconnectHandler();
+            if ((handler != null)
+                    && handler.handleUnsupportedServiceDisconnectReason(
+                            this, SshConstants.SSH_MSG_SERVICE_REQUEST, name, buffer)) {
+                if (log.isDebugEnabled()) {
+                    log.debug("startService({}) ignore unknown service={} by handler", this, name);
+                }
+                return;
+            }
+
             throw new SshException(SshConstants.SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE, "Unknown service: " + name);
         }
     }
@@ -247,6 +258,17 @@ public abstract class AbstractServerSession extends AbstractSession implements S
     @Override
     protected void handleServiceAccept(String serviceName, Buffer buffer) throws Exception {
         super.handleServiceAccept(serviceName, buffer);
+
+        SessionDisconnectHandler handler = getSessionDisconnectHandler();
+        if ((handler != null)
+                && handler.handleUnsupportedServiceDisconnectReason(
+                        this, SshConstants.SSH_MSG_SERVICE_ACCEPT, serviceName, buffer)) {
+            if (log.isDebugEnabled()) {
+                log.debug("handleServiceAccept({}) ignore unknown service={} by handler", this, serviceName);
+            }
+            return;
+        }
+
         // TODO: can services be initiated by the server-side ?
         disconnect(SshConstants.SSH2_DISCONNECT_PROTOCOL_ERROR, "Unsupported packet: SSH_MSG_SERVICE_ACCEPT for " + serviceName);
     }
index d6f6d51..1e45bbd 100644 (file)
@@ -47,6 +47,7 @@ import org.apache.sshd.common.SshException;
 import org.apache.sshd.common.config.keys.KeyRandomArt;
 import org.apache.sshd.common.io.IoWriteFuture;
 import org.apache.sshd.common.session.Session;
+import org.apache.sshd.common.session.SessionDisconnectHandler;
 import org.apache.sshd.common.util.GenericUtils;
 import org.apache.sshd.common.util.NumberUtils;
 import org.apache.sshd.common.util.ValidateUtils;
@@ -173,20 +174,35 @@ public class ServerUserAuthService extends AbstractCloseable implements Service,
                       session, username, service, method);
             }
 
-            if (this.authUserName == null || this.authService == null) {
+            if ((this.authUserName == null) || (this.authService == null)) {
                 this.authUserName = username;
                 this.authService = service;
             } else if (this.authUserName.equals(username) && this.authService.equals(service)) {
                 nbAuthRequests++;
                 if (nbAuthRequests > maxAuthRequests) {
-                    session.disconnect(SshConstants.SSH2_DISCONNECT_PROTOCOL_ERROR,
-                        "Too many authentication failures: " + nbAuthRequests);
-                    return;
+                    SessionDisconnectHandler handler = session.getSessionDisconnectHandler();
+                    if ((handler == null)
+                            || (!handler.handleAuthCountDisconnectReason(
+                                    session, this, service, method, username, nbAuthRequests, maxAuthRequests))) {
+                        session.disconnect(SshConstants.SSH2_DISCONNECT_PROTOCOL_ERROR,
+                            "Too many authentication failures: " + nbAuthRequests);
+                        return;
+                    }
                 }
             } else {
-                session.disconnect(SshConstants.SSH2_DISCONNECT_PROTOCOL_ERROR,
-                    "Change of username or service is not allowed (" + this.authUserName + ", " + this.authService + ") -> ("
-                        + username + ", " + service + ")");
+                SessionDisconnectHandler handler = session.getSessionDisconnectHandler();
+                if ((handler != null)
+                        && handler.handleAuthParamsDisconnectReason(
+                            session, this, this.authUserName, username, this.authService, service)) {
+                    if (debugEnabled) {
+                        log.debug("process({}) ignore mismatched authentication parameters: user={}/{}, service={}/{}",
+                                session, this.authUserName, username, this.authService, service);
+                    }
+                } else {
+                    session.disconnect(SshConstants.SSH2_DISCONNECT_PROTOCOL_ERROR,
+                        "Change of username or service is not allowed (" + this.authUserName + ", " + this.authService + ") -> ("
+                            + username + ", " + service + ")");
+                }
                 return;
             }
 
@@ -287,7 +303,7 @@ public class ServerUserAuthService extends AbstractCloseable implements Service,
         boolean debugEnabled = log.isDebugEnabled();
         if (debugEnabled) {
             log.debug("handleAuthenticationSuccess({}@{}) {}",
-                  username, session, SshConstants.getCommandMessageName(cmd));
+                username, session, SshConstants.getCommandMessageName(cmd));
         }
 
         boolean success = false;
@@ -303,9 +319,19 @@ public class ServerUserAuthService extends AbstractCloseable implements Service,
             if (maxSessionCount != null) {
                 int currentSessionCount = session.getActiveSessionCountForUser(username);
                 if (currentSessionCount >= maxSessionCount) {
-                    session.disconnect(SshConstants.SSH2_DISCONNECT_TOO_MANY_CONNECTIONS,
-                        "Too many concurrent connections (" + currentSessionCount + ") - max. allowed: " + maxSessionCount);
-                    return;
+                    SessionDisconnectHandler handler = session.getSessionDisconnectHandler();
+                    if ((handler == null)
+                            || (!handler.handleSessionsCountDisconnectReason(
+                                    session, this, username, currentSessionCount, maxSessionCount))) {
+                        session.disconnect(SshConstants.SSH2_DISCONNECT_TOO_MANY_CONNECTIONS,
+                            "Too many concurrent connections (" + currentSessionCount + ") - max. allowed: " + maxSessionCount);
+                        return;
+                    } else {
+                        if (debugEnabled) {
+                            log.debug("handleAuthenticationSuccess({}@{}) ignore {}/{} sessions count due to handler intervention",
+                                username, session, currentSessionCount, maxSessionCount);
+                        }
+                    }
                 }
             }
 
@@ -313,11 +339,11 @@ public class ServerUserAuthService extends AbstractCloseable implements Service,
                 sendWelcomeBanner(session);
             }
 
-            buffer = session.createBuffer(SshConstants.SSH_MSG_USERAUTH_SUCCESS, Byte.SIZE);
-            session.writePacket(buffer);
+            Buffer response = session.createBuffer(SshConstants.SSH_MSG_USERAUTH_SUCCESS, Byte.SIZE);
+            session.writePacket(response);
             session.setUsername(username);
             session.setAuthenticated();
-            session.startService(authService);
+            session.startService(authService, buffer);
             session.resetIdleTimeout();
             log.info("Session {}@{} authenticated", username, session.getIoSession().getRemoteAddress());
         } else {
@@ -330,10 +356,10 @@ public class ServerUserAuthService extends AbstractCloseable implements Service,
                 log.debug("handleAuthenticationSuccess({}@{}) remaining methods={}", username, session, remaining);
             }
 
-            buffer = session.createBuffer(SshConstants.SSH_MSG_USERAUTH_FAILURE, remaining.length() + Byte.SIZE);
-            buffer.putString(remaining);
-            buffer.putBoolean(true);    // partial success ...
-            session.writePacket(buffer);
+            Buffer response = session.createBuffer(SshConstants.SSH_MSG_USERAUTH_FAILURE, remaining.length() + Byte.SIZE);
+            response.putString(remaining);
+            response.putBoolean(true);    // partial success ...
+            session.writePacket(response);
         }
 
         try {
index 770dca8..f06fa1e 100644 (file)
@@ -460,7 +460,7 @@ public class AbstractSessionTest extends BaseTestSupport {
         }
 
         @Override
-        public void startService(String name) throws Exception {
+        public void startService(String name, Buffer buffer) throws Exception {
             // ignored
         }
 
index c874714..fefd7b1 100644 (file)
@@ -60,7 +60,9 @@ import org.apache.sshd.common.channel.WindowClosedException;
 import org.apache.sshd.common.io.IoSession;
 import org.apache.sshd.common.kex.KexProposalOption;
 import org.apache.sshd.common.session.Session;
+import org.apache.sshd.common.session.Session.TimeoutStatus;
 import org.apache.sshd.common.session.SessionContext;
+import org.apache.sshd.common.session.SessionDisconnectHandler;
 import org.apache.sshd.common.session.SessionListener;
 import org.apache.sshd.common.session.helpers.AbstractConnectionService;
 import org.apache.sshd.common.session.helpers.AbstractSession;
@@ -199,24 +201,64 @@ public class ServerTest extends BaseTestSupport {
         final long testAuthTimeout = TimeUnit.SECONDS.toMillis(5L);
         PropertyResolverUtils.updateProperty(sshd, FactoryManager.AUTH_TIMEOUT, testAuthTimeout);
 
+        AtomicReference<TimeoutStatus> timeoutHolder = new AtomicReference<>();
+        sshd.setSessionDisconnectHandler(new SessionDisconnectHandler() {
+            @Override
+            public boolean handleTimeoutDisconnectReason(Session session, TimeoutStatus timeoutStatus)
+                    throws IOException {
+                outputDebugMessage("Session %s timeout reported: %s", session, timeoutStatus);
+                TimeoutStatus prev = timeoutHolder.getAndSet(timeoutStatus);
+                if (prev != null) {
+                    throw new StreamCorruptedException("Multiple timeout disconnects: " + timeoutStatus + " / " + prev);
+                }
+                return false;
+            }
+
+            @Override
+            public String toString() {
+                return SessionDisconnectHandler.class.getSimpleName() + "[" + getCurrentTestName() + "]";
+            }
+        });
         sshd.start();
         client.start();
-        try (ClientSession s = client.connect(getCurrentTestName(), TEST_LOCALHOST, sshd.getPort()).verify(7L, TimeUnit.SECONDS).getSession()) {
-            Collection<ClientSession.ClientSessionEvent> res = s.waitFor(EnumSet.of(ClientSession.ClientSessionEvent.CLOSED), 2L * testAuthTimeout);
-            assertTrue("Session should be closed: " + res,
-                       res.containsAll(EnumSet.of(ClientSession.ClientSessionEvent.CLOSED, ClientSession.ClientSessionEvent.WAIT_AUTH)));
+        Collection<ClientSession.ClientSessionEvent> res;
+        try (ClientSession s = client.connect(getCurrentTestName(), TEST_LOCALHOST, sshd.getPort())
+                .verify(7L, TimeUnit.SECONDS)
+                .getSession()) {
+            res = s.waitFor(EnumSet.of(ClientSession.ClientSessionEvent.CLOSED), 2L * testAuthTimeout);
         } finally {
             client.stop();
         }
+
+        assertTrue("Session should be closed: " + res,
+            res.containsAll(EnumSet.of(ClientSession.ClientSessionEvent.CLOSED, ClientSession.ClientSessionEvent.WAIT_AUTH)));
+        assertSame("Mismatched timeout status reported", TimeoutStatus.AuthTimeout, timeoutHolder.getAndSet(null));
     }
 
     @Test
     public void testIdleTimeout() throws Exception {
-        final CountDownLatch latch = new CountDownLatch(1);
-        TestEchoShell.latch = new CountDownLatch(1);
         final long testIdleTimeout = 2500L;
         PropertyResolverUtils.updateProperty(sshd, FactoryManager.IDLE_TIMEOUT, testIdleTimeout);
+        AtomicReference<TimeoutStatus> timeoutHolder = new AtomicReference<>();
+        CountDownLatch latch = new CountDownLatch(1);
+        TestEchoShell.latch = new CountDownLatch(1);
+        sshd.setSessionDisconnectHandler(new SessionDisconnectHandler() {
+            @Override
+            public boolean handleTimeoutDisconnectReason(Session session, TimeoutStatus timeoutStatus)
+                    throws IOException {
+                outputDebugMessage("Session %s timeout reported: %s", session, timeoutStatus);
+                TimeoutStatus prev = timeoutHolder.getAndSet(timeoutStatus);
+                if (prev != null) {
+                    throw new StreamCorruptedException("Multiple timeout disconnects: " + timeoutStatus + " / " + prev);
+                }
+                return false;
+            }
 
+            @Override
+            public String toString() {
+                return SessionDisconnectHandler.class.getSimpleName() + "[" + getCurrentTestName() + "]";
+            }
+        });
         sshd.addSessionListener(new SessionListener() {
             @Override
             public void sessionCreated(Session session) {
@@ -235,7 +277,8 @@ public class ServerTest extends BaseTestSupport {
             }
 
             @Override
-            public void sessionDisconnect(Session session, int reason, String msg, String language, boolean initiator) {
+            public void sessionDisconnect(
+                    Session session, int reason, String msg, String language, boolean initiator) {
                 outputDebugMessage("Session %s disconnected (sender=%s): reason=%d, message=%s",
                     session, initiator, reason, msg);
             }
@@ -245,6 +288,11 @@ public class ServerTest extends BaseTestSupport {
                 outputDebugMessage("Session closed: %s", session);
                 latch.countDown();
             }
+
+            @Override
+            public String toString() {
+                return SessionListener.class.getSimpleName() + "[" + getCurrentTestName() + "]";
+            }
         });
 
         TestChannelListener channelListener = new TestChannelListener(getCurrentTestName());
@@ -252,6 +300,7 @@ public class ServerTest extends BaseTestSupport {
         sshd.start();
 
         client.start();
+        Collection<ClientSession.ClientSessionEvent> res;
         try (ClientSession s = createTestClientSession(sshd);
              ChannelShell shell = s.createShellChannel();
              ByteArrayOutputStream out = new ByteArrayOutputStream();
@@ -263,16 +312,16 @@ public class ServerTest extends BaseTestSupport {
             assertTrue("No changes in activated channels", channelListener.waitForActiveChannelsChange(5L, TimeUnit.SECONDS));
             assertTrue("No changes in open channels", channelListener.waitForOpenChannelsChange(5L, TimeUnit.SECONDS));
 
-            Collection<ClientSession.ClientSessionEvent> res =
-                s.waitFor(EnumSet.of(ClientSession.ClientSessionEvent.CLOSED), 2L * testIdleTimeout);
-            assertTrue("Session should be closed and authenticated: " + res,
-                res.containsAll(EnumSet.of(ClientSession.ClientSessionEvent.CLOSED, ClientSession.ClientSessionEvent.AUTHED)));
+            res = s.waitFor(EnumSet.of(ClientSession.ClientSessionEvent.CLOSED), 2L * testIdleTimeout);
         } finally {
             client.stop();
         }
 
+        assertTrue("Session should be closed and authenticated: " + res,
+            res.containsAll(EnumSet.of(ClientSession.ClientSessionEvent.CLOSED, ClientSession.ClientSessionEvent.AUTHED)));
         assertTrue("Session latch not signalled in time", latch.await(1L, TimeUnit.SECONDS));
         assertTrue("Shell latch not signalled in time", TestEchoShell.latch.await(1L, TimeUnit.SECONDS));
+        assertSame("Mismatched timeout status", TimeoutStatus.IdleTimeout, timeoutHolder.getAndSet(null));
     }
 
     /*
@@ -284,16 +333,14 @@ public class ServerTest extends BaseTestSupport {
      */
     @Test
     public void testServerIdleTimeoutWithForce() throws Exception {
-        final CountDownLatch latch = new CountDownLatch(1);
-
-        sshd.setCommandFactory(StreamCommand::new);
-
         final long idleTimeoutValue = TimeUnit.SECONDS.toMillis(5L);
         PropertyResolverUtils.updateProperty(sshd, FactoryManager.IDLE_TIMEOUT, idleTimeoutValue);
 
         final long disconnectTimeoutValue = TimeUnit.SECONDS.toMillis(2L);
         PropertyResolverUtils.updateProperty(sshd, FactoryManager.DISCONNECT_TIMEOUT, disconnectTimeoutValue);
 
+        CountDownLatch latch = new CountDownLatch(1);
+        sshd.setCommandFactory(StreamCommand::new);
         sshd.addSessionListener(new SessionListener() {
             @Override
             public void sessionCreated(Session session) {
@@ -315,6 +362,11 @@ public class ServerTest extends BaseTestSupport {
                 outputDebugMessage("Session closed: %s", session);
                 latch.countDown();
             }
+
+            @Override
+            public String toString() {
+                return SessionListener.class.getSimpleName() + "[" + getCurrentTestName() + "]";
+            }
         });
 
         TestChannelListener channelListener = new TestChannelListener(getCurrentTestName());
@@ -386,7 +438,7 @@ public class ServerTest extends BaseTestSupport {
             }
         });
 
-        final Semaphore sigSem = new Semaphore(0, true);
+        Semaphore sigSem = new Semaphore(0, true);
         client.addSessionListener(new SessionListener() {
             @Override
             public void sessionCreated(Session session) {
@@ -415,10 +467,17 @@ public class ServerTest extends BaseTestSupport {
             public void sessionClosed(Session session) {
                 outputDebugMessage("Session closed: %s", session);
             }
+
+            @Override
+            public String toString() {
+                return SessionListener.class.getSimpleName() + "[" + getCurrentTestName() + "]";
+            }
         });
 
         client.start();
-        try (ClientSession s = client.connect(getCurrentTestName(), TEST_LOCALHOST, sshd.getPort()).verify(7L, TimeUnit.SECONDS).getSession()) {
+        try (ClientSession s = client.connect(getCurrentTestName(), TEST_LOCALHOST, sshd.getPort())
+                .verify(7L, TimeUnit.SECONDS)
+                .getSession()) {
             assertTrue("Failed to receive signal on time", sigSem.tryAcquire(11L, TimeUnit.SECONDS));
         } finally {
             client.stop();
@@ -458,7 +517,7 @@ public class ServerTest extends BaseTestSupport {
             }
         });
 
-        final Semaphore sigSem = new Semaphore(0, true);
+        Semaphore sigSem = new Semaphore(0, true);
         client.addSessionListener(new SessionListener() {
             @Override
             public void sessionCreated(Session session) {
@@ -479,11 +538,18 @@ public class ServerTest extends BaseTestSupport {
             public void sessionClosed(Session session) {
                 sigSem.release();
             }
+
+            @Override
+            public String toString() {
+                return SessionListener.class.getSimpleName() + "[" + getCurrentTestName() + "]";
+            }
         });
 
         client.start();
         try {
-            try (ClientSession s = client.connect(getCurrentTestName(), TEST_LOCALHOST, sshd.getPort()).verify(7L, TimeUnit.SECONDS).getSession()) {
+            try (ClientSession s = client.connect(getCurrentTestName(), TEST_LOCALHOST, sshd.getPort())
+                    .verify(7L, TimeUnit.SECONDS)
+                    .getSession()) {
                 assertTrue("Session closing not signalled on time", sigSem.tryAcquire(5L, TimeUnit.SECONDS));
                 for (boolean incoming : new boolean[]{true, false}) {
                     assertNull("Unexpected compression information for incoming=" + incoming, s.getCompressionInformation(incoming));
@@ -497,7 +563,7 @@ public class ServerTest extends BaseTestSupport {
 
     @Test
     public void testKexCompletedEvent() throws Exception {
-        final AtomicInteger serverEventCount = new AtomicInteger(0);
+        AtomicInteger serverEventCount = new AtomicInteger(0);
         sshd.addSessionListener(new SessionListener() {
             @Override
             public void sessionEvent(Session session, Event event) {
@@ -505,10 +571,15 @@ public class ServerTest extends BaseTestSupport {
                     serverEventCount.incrementAndGet();
                 }
             }
+
+            @Override
+            public String toString() {
+                return SessionListener.class.getSimpleName() + "[" + getCurrentTestName() + "]";
+            }
         });
         sshd.start();
 
-        final AtomicInteger clientEventCount = new AtomicInteger(0);
+        AtomicInteger clientEventCount = new AtomicInteger(0);
         client.addSessionListener(new SessionListener() {
             @Override
             public void sessionEvent(Session session, Event event) {
@@ -516,6 +587,11 @@ public class ServerTest extends BaseTestSupport {
                     clientEventCount.incrementAndGet();
                 }
             }
+
+            @Override
+            public String toString() {
+                return SessionListener.class.getSimpleName() + "[" + getCurrentTestName() + "]";
+            }
         });
         client.start();
 
@@ -530,7 +606,7 @@ public class ServerTest extends BaseTestSupport {
 
     @Test   // see SSHD-645
     public void testChannelStateChangeNotifications() throws Exception {
-        final Semaphore exitSignal = new Semaphore(0);
+        Semaphore exitSignal = new Semaphore(0);
         sshd.setCommandFactory(command -> new Command() {
             private ExitCallback cb;
 
@@ -568,7 +644,7 @@ public class ServerTest extends BaseTestSupport {
         sshd.start();
         client.start();
 
-        final Collection<String> stateChangeHints = new CopyOnWriteArrayList<>();
+        Collection<String> stateChangeHints = new CopyOnWriteArrayList<>();
         try (ClientSession s = createTestClientSession(sshd);
              ChannelExec shell = s.createExecChannel(getCurrentTestName())) {
             shell.addChannelListener(new ChannelListener() {
@@ -583,7 +659,7 @@ public class ServerTest extends BaseTestSupport {
 
             assertTrue("Timeout while wait for exit signal", exitSignal.tryAcquire(15L, TimeUnit.SECONDS));
             Collection<ClientChannelEvent> result =
-                    shell.waitFor(EnumSet.of(ClientChannelEvent.CLOSED), TimeUnit.SECONDS.toMillis(13L));
+                shell.waitFor(EnumSet.of(ClientChannelEvent.CLOSED), TimeUnit.SECONDS.toMillis(13L));
             assertFalse("Channel close timeout", result.contains(ClientChannelEvent.TIMEOUT));
 
             Integer status = shell.getExitStatus();
@@ -599,7 +675,7 @@ public class ServerTest extends BaseTestSupport {
 
     @Test
     public void testEnvironmentVariablesPropagationToServer() throws Exception {
-        final AtomicReference<Environment> envHolder = new AtomicReference<>(null);
+        AtomicReference<Environment> envHolder = new AtomicReference<>(null);
         sshd.setCommandFactory(command -> new Command() {
             private ExitCallback cb;
 
@@ -663,7 +739,7 @@ public class ServerTest extends BaseTestSupport {
             assertTrue("No changes in open channels", channelListener.waitForOpenChannelsChange(5L, TimeUnit.SECONDS));
 
             Collection<ClientChannelEvent> result =
-                    shell.waitFor(EnumSet.of(ClientChannelEvent.CLOSED), TimeUnit.SECONDS.toMillis(17L));
+                shell.waitFor(EnumSet.of(ClientChannelEvent.CLOSED), TimeUnit.SECONDS.toMillis(17L));
             assertFalse("Channel close timeout", result.contains(ClientChannelEvent.TIMEOUT));
 
             Integer status = shell.getExitStatus();
@@ -691,17 +767,20 @@ public class ServerTest extends BaseTestSupport {
     public void testImmediateAuthFailureOpcode() throws Exception {
         sshd.setPasswordAuthenticator(RejectAllPasswordAuthenticator.INSTANCE);
         sshd.setPublickeyAuthenticator(RejectAllPublickeyAuthenticator.INSTANCE);
-        final AtomicInteger challengeCount = new AtomicInteger(0);
+        AtomicInteger challengeCount = new AtomicInteger(0);
         sshd.setKeyboardInteractiveAuthenticator(new KeyboardInteractiveAuthenticator() {
             @Override
-            public InteractiveChallenge generateChallenge(ServerSession session, String username, String lang, String subMethods) {
+            public InteractiveChallenge generateChallenge(
+                    ServerSession session, String username, String lang, String subMethods) {
                 challengeCount.incrementAndGet();
                 outputDebugMessage("generateChallenge(%s@%s) count=%s", username, session, challengeCount);
                 return null;
             }
 
             @Override
-            public boolean authenticate(ServerSession session, String username, List<String> responses) throws Exception {
+            public boolean authenticate(
+                    ServerSession session, String username, List<String> responses)
+                        throws Exception {
                 return false;
             }
         });
@@ -709,11 +788,13 @@ public class ServerTest extends BaseTestSupport {
 
         // order is important
         String authMethods = GenericUtils.join(
-                Arrays.asList(UserAuthMethodFactory.KB_INTERACTIVE, UserAuthMethodFactory.PUBLIC_KEY, UserAuthMethodFactory.PUBLIC_KEY), ',');
+            Arrays.asList(UserAuthMethodFactory.KB_INTERACTIVE, UserAuthMethodFactory.PUBLIC_KEY, UserAuthMethodFactory.PUBLIC_KEY), ',');
         PropertyResolverUtils.updateProperty(client, ClientAuthenticationManager.PREFERRED_AUTHS, authMethods);
 
         client.start();
-        try (ClientSession session = client.connect(getCurrentTestName(), TEST_LOCALHOST, sshd.getPort()).verify(7L, TimeUnit.SECONDS).getSession()) {
+        try (ClientSession session = client.connect(getCurrentTestName(), TEST_LOCALHOST, sshd.getPort())
+                .verify(7L, TimeUnit.SECONDS)
+                .getSession()) {
             AuthFuture auth = session.auth();
             assertTrue("Failed to complete authentication on time", auth.await(17L, TimeUnit.SECONDS));
             assertFalse("Unexpected authentication success", auth.isSuccess());
@@ -728,20 +809,24 @@ public class ServerTest extends BaseTestSupport {
         sshd.setPasswordAuthenticator(RejectAllPasswordAuthenticator.INSTANCE);
         sshd.setPublickeyAuthenticator(RejectAllPublickeyAuthenticator.INSTANCE);
 
-        final InteractiveChallenge challenge = new InteractiveChallenge();
+        InteractiveChallenge challenge = new InteractiveChallenge();
         challenge.setInteractionInstruction(getCurrentTestName());
         challenge.setInteractionName(getClass().getSimpleName());
         challenge.setLanguageTag("il-heb");
         challenge.addPrompt(new PromptEntry("Password", false));
-        final AtomicInteger serverCount = new AtomicInteger(0);
+
+        AtomicInteger serverCount = new AtomicInteger(0);
         sshd.setKeyboardInteractiveAuthenticator(new KeyboardInteractiveAuthenticator() {
             @Override
-            public InteractiveChallenge generateChallenge(ServerSession session, String username, String lang, String subMethods) {
+            public InteractiveChallenge generateChallenge(
+                    ServerSession session, String username, String lang, String subMethods) {
                 return challenge;
             }
 
             @Override
-            public boolean authenticate(ServerSession session, String username, List<String> responses) throws Exception {
+            public boolean authenticate(
+                    ServerSession session, String username, List<String> responses)
+                        throws Exception {
                 outputDebugMessage("authenticate(%s@%s) count=%s", username, session, serverCount);
                 serverCount.incrementAndGet();
                 return false;
@@ -751,10 +836,10 @@ public class ServerTest extends BaseTestSupport {
 
         // order is important
         String authMethods = GenericUtils.join(
-                Arrays.asList(UserAuthMethodFactory.KB_INTERACTIVE, UserAuthMethodFactory.PUBLIC_KEY, UserAuthMethodFactory.PUBLIC_KEY), ',');
+            Arrays.asList(UserAuthMethodFactory.KB_INTERACTIVE, UserAuthMethodFactory.PUBLIC_KEY, UserAuthMethodFactory.PUBLIC_KEY), ',');
         PropertyResolverUtils.updateProperty(client, ClientAuthenticationManager.PREFERRED_AUTHS, authMethods);
-        final AtomicInteger clientCount = new AtomicInteger(0);
-        final String[] replies = {getCurrentTestName()};
+        AtomicInteger clientCount = new AtomicInteger(0);
+        String[] replies = {getCurrentTestName()};
         client.setUserInteraction(new UserInteraction() {
             @Override
             public boolean isInteractionAllowed(ClientSession session) {
@@ -762,7 +847,8 @@ public class ServerTest extends BaseTestSupport {
             }
 
             @Override
-            public String[] interactive(ClientSession session, String name, String instruction, String lang, String[] prompt, boolean[] echo) {
+            public String[] interactive(
+                    ClientSession session, String name, String instruction, String lang, String[] prompt, boolean[] echo) {
                 clientCount.incrementAndGet();
                 return replies;
             }
@@ -774,12 +860,16 @@ public class ServerTest extends BaseTestSupport {
         });
 
         client.start();
-        try (ClientSession session = client.connect(getCurrentTestName(), TEST_LOCALHOST, sshd.getPort()).verify(7L, TimeUnit.SECONDS).getSession()) {
+        try (ClientSession session = client.connect(getCurrentTestName(), TEST_LOCALHOST, sshd.getPort())
+                .verify(7L, TimeUnit.SECONDS)
+                .getSession()) {
             AuthFuture auth = session.auth();
             assertTrue("Failed to complete authentication on time", auth.await(17L, TimeUnit.SECONDS));
             assertFalse("Unexpected authentication success", auth.isSuccess());
-            assertEquals("Mismatched interactive server challenge calls", ClientAuthenticationManager.DEFAULT_PASSWORD_PROMPTS, serverCount.get());
-            assertEquals("Mismatched interactive client challenge calls", ClientAuthenticationManager.DEFAULT_PASSWORD_PROMPTS, clientCount.get());
+            assertEquals("Mismatched interactive server challenge calls",
+                ClientAuthenticationManager.DEFAULT_PASSWORD_PROMPTS, serverCount.get());
+            assertEquals("Mismatched interactive client challenge calls",
+                ClientAuthenticationManager.DEFAULT_PASSWORD_PROMPTS, clientCount.get());
         } finally {
             client.stop();
         }
@@ -789,8 +879,7 @@ public class ServerTest extends BaseTestSupport {
     public void testIdentificationStringsOverrides() throws Exception {
         String clientIdent = getCurrentTestName() + "-client";
         PropertyResolverUtils.updateProperty(client, ClientFactoryManager.CLIENT_IDENTIFICATION, clientIdent);
-        final String expClientIdent = SessionContext.DEFAULT_SSH_VERSION_PREFIX + clientIdent;
-
+        String expClientIdent = SessionContext.DEFAULT_SSH_VERSION_PREFIX + clientIdent;
         String serverIdent = getCurrentTestName() + "-server";
         PropertyResolverUtils.updateProperty(sshd, ServerFactoryManager.SERVER_IDENTIFICATION, serverIdent);
         String expServerIdent = SessionContext.DEFAULT_SSH_VERSION_PREFIX + serverIdent;
@@ -817,6 +906,11 @@ public class ServerTest extends BaseTestSupport {
             public void sessionClosed(Session session) {
                 // ignored
             }
+
+            @Override
+            public String toString() {
+                return SessionListener.class.getSimpleName() + "[" + getCurrentTestName() + "]";
+            }
         };
 
         sshd.addSessionListener(listener);
@@ -825,7 +919,9 @@ public class ServerTest extends BaseTestSupport {
         client.addSessionListener(listener);
         client.start();
 
-        try (ClientSession session = client.connect(getCurrentTestName(), TEST_LOCALHOST, sshd.getPort()).verify(7L, TimeUnit.SECONDS).getSession()) {
+        try (ClientSession session = client.connect(getCurrentTestName(), TEST_LOCALHOST, sshd.getPort())
+                .verify(7L, TimeUnit.SECONDS)
+                .getSession()) {
             session.addPasswordIdentity(getCurrentTestName());
             session.auth().verify(9L, TimeUnit.SECONDS);
             assertEquals("Mismatched client identification", expClientIdent, session.getClientVersion());
@@ -842,7 +938,7 @@ public class ServerTest extends BaseTestSupport {
                 getClass().getSimpleName(),
                 getCurrentTestName());
         PropertyResolverUtils.updateProperty(sshd, ServerFactoryManager.SERVER_EXTRA_IDENTIFICATION_LINES,
-                GenericUtils.join(expected, ServerFactoryManager.SERVER_EXTRA_IDENT_LINES_SEPARATOR));
+            GenericUtils.join(expected, ServerFactoryManager.SERVER_EXTRA_IDENT_LINES_SEPARATOR));
         sshd.start();
 
         AtomicReference<List<String>> actualHolder = new AtomicReference<>();
@@ -860,7 +956,8 @@ public class ServerTest extends BaseTestSupport {
             }
 
             @Override
-            public String[] interactive(ClientSession session, String name, String instruction, String lang, String[] prompt, boolean[] echo) {
+            public String[] interactive(
+                    ClientSession session, String name, String instruction, String lang, String[] prompt, boolean[] echo) {
                 return null;
             }
 
@@ -871,7 +968,9 @@ public class ServerTest extends BaseTestSupport {
         });
         client.start();
 
-        try (ClientSession session = client.connect(getCurrentTestName(), TEST_LOCALHOST, sshd.getPort()).verify(7L, TimeUnit.SECONDS).getSession()) {
+        try (ClientSession session = client.connect(getCurrentTestName(), TEST_LOCALHOST, sshd.getPort())
+                .verify(7L, TimeUnit.SECONDS)
+                .getSession()) {
             session.addPasswordIdentity(getCurrentTestName());
             session.auth().verify(9L, TimeUnit.SECONDS);
             assertTrue("No signal received in time", signal.tryAcquire(11L, TimeUnit.SECONDS));
@@ -885,7 +984,9 @@ public class ServerTest extends BaseTestSupport {
     }
 
     private ClientSession createTestClientSession(SshServer server) throws Exception {
-        ClientSession session = client.connect(getCurrentTestName(), TEST_LOCALHOST, server.getPort()).verify(7L, TimeUnit.SECONDS).getSession();
+        ClientSession session = client.connect(getCurrentTestName(), TEST_LOCALHOST, server.getPort())
+                .verify(7L, TimeUnit.SECONDS)
+                .getSession();
         try {
             session.addPasswordIdentity(getCurrentTestName());
             session.auth().verify(5L, TimeUnit.SECONDS);