Line data    Source code

       1             : // Copyright (C) 2020 The Android Open Source Project
       2             : //
       3             : // Licensed under the Apache License, Version 2.0 (the "License");
       4             : // you may not use this file except in compliance with the License.
       5             : // You may obtain a copy of the License at
       6             : //
       7             : // http://www.apache.org/licenses/LICENSE-2.0
       8             : //
       9             : // Unless required by applicable law or agreed to in writing, software
      10             : // distributed under the License is distributed on an "AS IS" BASIS,
      11             : // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      12             : // See the License for the specific language governing permissions and
      13             : // limitations under the License.
      14             : 
      15             : package com.google.gerrit.sshd;
      16             : 
      17             : import com.google.common.flogger.FluentLogger;
      18             : import com.google.gerrit.extensions.events.AccountActivationListener;
      19             : import com.google.gerrit.server.CurrentUser;
      20             : import com.google.gerrit.sshd.BaseCommand.Failure;
      21             : import com.google.inject.Inject;
      22             : import java.io.IOException;
      23             : 
      24             : /** Closes open SSH connections upon account deactivation. */
      25             : public class InactiveAccountDisconnector implements AccountActivationListener {
      26           0 :   private static final FluentLogger logger = FluentLogger.forEnclosingClass();
      27             : 
      28             :   private final SshDaemon sshDaemon;
      29             : 
      30             :   @Inject
      31           0 :   InactiveAccountDisconnector(SshDaemon sshDaemon) {
      32           0 :     this.sshDaemon = sshDaemon;
      33           0 :   }
      34             : 
      35             :   @Override
      36             :   public void onAccountDeactivated(int id) {
      37             :     try {
      38           0 :       SshUtil.forEachSshSession(
      39             :           sshDaemon,
      40             :           (sshId, sshSession, abstractSession, ioSession) -> {
      41           0 :             CurrentUser sessionUser = sshSession.getUser();
      42           0 :             if (sessionUser.isIdentifiedUser() && sessionUser.getAccountId().get() == id) {
      43           0 :               logger.atInfo().log(
      44             :                   "Disconnecting SSH session %s because user %s(%d) got deactivated",
      45           0 :                   abstractSession, sessionUser.getLoggableName(), id);
      46             :               try {
      47           0 :                 abstractSession.disconnect(-1, "user deactivated");
      48           0 :               } catch (IOException e) {
      49           0 :                 logger.atWarning().withCause(e).log(
      50             :                     "Failure while deactivating session %s", abstractSession);
      51           0 :               }
      52             :             }
      53           0 :           });
      54           0 :     } catch (Failure e) {
      55             :       // Ssh Daemon no longer running. Since we're only disconnecting connections anyways, this is
      56             :       // most likely ok, so we log only at info level.
      57           0 :       logger.atInfo().withCause(e).log("Failure while disconnecting deactivated account %d", id);
      58           0 :     }
      59           0 :   }
      60             : }