--- /dev/null
+/*
+ * Copyright 2014 gitblit.com.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package com.gitblit.transport.ssh;
+
+import java.security.PublicKey;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.apache.sshd.common.Session;
+import org.apache.sshd.common.SessionListener;
+import org.apache.sshd.server.PublickeyAuthenticator;
+import org.apache.sshd.server.session.ServerSession;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.gitblit.manager.IAuthenticationManager;
+import com.gitblit.models.UserModel;
+import com.google.common.base.Preconditions;
+
+/**
+ *
+ * @author Eric Myrhe
+ *
+ */
+public class CachingPublicKeyAuthenticator implements PublickeyAuthenticator,
+ SessionListener {
+
+ protected final Logger log = LoggerFactory.getLogger(getClass());
+
+ protected final IKeyManager keyManager;
+
+ protected final IAuthenticationManager authManager;
+
+ private final Map<ServerSession, Map<PublicKey, Boolean>> cache =
+ new ConcurrentHashMap<ServerSession, Map<PublicKey, Boolean>>();
+
+ public CachingPublicKeyAuthenticator(IKeyManager keyManager,
+ IAuthenticationManager authManager) {
+ this.keyManager = keyManager;
+ this.authManager = authManager;
+ }
+
+ @Override
+ public boolean authenticate(String username, PublicKey key,
+ ServerSession session) {
+ Map<PublicKey, Boolean> map = cache.get(session);
+ if (map == null) {
+ map = new HashMap<PublicKey, Boolean>();
+ cache.put(session, map);
+ session.addListener(this);
+ }
+ if (map.containsKey(key)) {
+ return map.get(key);
+ }
+ boolean result = doAuthenticate(username, key, session);
+ map.put(key, result);
+ return result;
+ }
+
+ private boolean doAuthenticate(String username, PublicKey suppliedKey,
+ ServerSession session) {
+ SshDaemonClient client = session.getAttribute(SshDaemonClient.KEY);
+ Preconditions.checkState(client.getUser() == null);
+ username = username.toLowerCase(Locale.US);
+ List<PublicKey> keys = keyManager.getKeys(username);
+ if (keys == null || keys.isEmpty()) {
+ log.info("{} has not added any public keys for ssh authentication",
+ username);
+ return false;
+ }
+
+ for (PublicKey key : keys) {
+ if (key.equals(suppliedKey)) {
+ UserModel user = authManager.authenticate(username, key);
+ if (user != null) {
+ client.setUser(user);
+ return true;
+ }
+ }
+ }
+
+ log.warn(
+ "could not authenticate {} for SSH using the supplied public key",
+ username);
+ return false;
+ }
+
+ public IKeyManager getKeyManager() {
+ return keyManager;
+ }
+
+ public void sessionCreated(Session session) {
+ }
+
+ public void sessionEvent(Session sesssion, Event event) {
+ }
+
+ public void sessionClosed(Session session) {
+ cache.remove(session);
+ }
+}
+++ /dev/null
-/*
- * Copyright 2014 gitblit.com.
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy of
- * the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- */
-package com.gitblit.transport.ssh;
-
-import java.security.PublicKey;
-import java.util.List;
-import java.util.Locale;
-
-import org.apache.sshd.server.PublickeyAuthenticator;
-import org.apache.sshd.server.session.ServerSession;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.gitblit.manager.IAuthenticationManager;
-import com.gitblit.models.UserModel;
-
-/**
- *
- * @author Eric Myrhe
- *
- */
-public class PublicKeyAuthenticator implements PublickeyAuthenticator {
-
- protected final Logger log = LoggerFactory.getLogger(getClass());
-
- protected final IKeyManager keyManager;
-
- protected final IAuthenticationManager authManager;
-
- public PublicKeyAuthenticator(IKeyManager keyManager, IAuthenticationManager authManager) {
- this.keyManager = keyManager;
- this.authManager = authManager;
- }
-
- @Override
- public boolean authenticate(String username, final PublicKey suppliedKey,
- final ServerSession session) {
- final SshDaemonClient client = session.getAttribute(SshDaemonClient.KEY);
-
- if (client.getUser() != null) {
- // TODO why do we re-authenticate?
- log.info("{} has already authenticated!", username);
- return true;
- }
-
- username = username.toLowerCase(Locale.US);
- List<PublicKey> keys = keyManager.getKeys(username);
- if (keys == null || keys.isEmpty()) {
- log.info("{} has not added any public keys for ssh authentication", username);
- return false;
- }
-
- for (PublicKey key : keys) {
- if (key.equals(suppliedKey)) {
- UserModel user = authManager.authenticate(username, key);
- if (user != null) {
- client.setUser(user);
- return true;
- }
- }
- }
-
- log.warn("could not authenticate {} for SSH using the supplied public key", username);
- return false;
- }
-
- public IKeyManager getKeyManager() {
- return keyManager;
- }
-}
private static final Logger logger = LoggerFactory.getLogger(SshCommandFactory.class);
private final IGitblit gitblit;
- private final PublicKeyAuthenticator keyAuthenticator;
+ private final CachingPublicKeyAuthenticator keyAuthenticator;
private final ScheduledExecutorService startExecutor;
- public SshCommandFactory(IGitblit gitblit, PublicKeyAuthenticator keyAuthenticator, IdGenerator idGenerator) {
+ public SshCommandFactory(IGitblit gitblit,
+ CachingPublicKeyAuthenticator keyAuthenticator,
+ IdGenerator idGenerator) {
this.gitblit = gitblit;
this.keyAuthenticator = keyAuthenticator;
}
}
+ @SuppressWarnings("unused")
private void onDestroy() {
synchronized (this) {
if (cmd != null) {
addr = new InetSocketAddress(bindInterface, port);
}
- PublicKeyAuthenticator keyAuthenticator = new PublicKeyAuthenticator(keyManager, gitblit);
+ CachingPublicKeyAuthenticator keyAuthenticator =
+ new CachingPublicKeyAuthenticator(keyManager, gitblit);
sshd = SshServer.setUpDefaultServer();
sshd.setPort(addr.getPort());
}
}
+ @SuppressWarnings("unchecked")
protected IKeyManager getKeyManager() {
IKeyManager keyManager = null;
IStoredSettings settings = gitblit.getSettings();
import java.io.UnsupportedEncodingException;
import java.util.List;
-import com.gitblit.transport.ssh.PublicKeyAuthenticator;
+import com.gitblit.transport.ssh.CachingPublicKeyAuthenticator;
import com.google.common.base.Charsets;
/**
return sshKeys;
}
- protected PublicKeyAuthenticator authenticator;
- public void setAuthenticator(PublicKeyAuthenticator authenticator) {
+ protected CachingPublicKeyAuthenticator authenticator;
+ public void setAuthenticator(CachingPublicKeyAuthenticator authenticator) {
this.authenticator = authenticator;
}
}
import com.gitblit.git.RepositoryResolver;
import com.gitblit.models.UserModel;
import com.gitblit.transport.ssh.CommandMetaData;
-import com.gitblit.transport.ssh.PublicKeyAuthenticator;
+import com.gitblit.transport.ssh.CachingPublicKeyAuthenticator;
import com.gitblit.transport.ssh.SshDaemonClient;
import com.gitblit.utils.cli.SubcommandHandler;
import com.google.common.base.Charsets;
this.gitblitReceivePackFactory = gitblitReceivePackFactory;
}
- private PublicKeyAuthenticator authenticator;
+ private CachingPublicKeyAuthenticator authenticator;
- public void setAuthenticator(PublicKeyAuthenticator authenticator) {
+ public void setAuthenticator(CachingPublicKeyAuthenticator authenticator) {
this.authenticator = authenticator;
}
}
projects / gitblit.git / commitdiff