Allow to strip domain from kerberos usernames

diff --git a/src/main/distrib/data/defaults.properties b/src/main/distrib/data/defaults.properties
index d4ebcc394364bed106941282e183a77f0053d5a1..764e9a66c53b9d2094ffaad17964a03e7146a0ed 100644 (file)
--- a/src/main/distrib/data/defaults.properties
+++ b/src/main/distrib/data/defaults.properties
@@ -148,6 +148,11 @@ git.sshWithKrb5 = "false"
 # SINCE 1.7.0
 git.sshKrb5Keytab = ""
 
+# Strip domain from kerberos usernamae.
+#
+# SINCE 1.7.0
+git.sshKrb5StripDomain = "true"
+
 # The service principal name to be used for Kerberos5.  The default is host/hostname.
 #
 # SINCE 1.7.0

diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
index b6fae25ee6a194180d3051560b4d644bc951967f..65d1558adc2dd2988e24375c777137e2481eb385 100644 (file)
--- a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
@@ -133,7 +133,7 @@ public class SshDaemon {
                //Will do GSS ?
                GSSAuthenticator gssAuthenticator = null;
                if(settings.getBoolean(Keys.git.sshWithKrb5, false)) {
-                       gssAuthenticator = new SshKrbAuthenticator(gitblit);
+                       gssAuthenticator = new SshKrbAuthenticator(gitblit, settings.getBoolean(Keys.git.sshKrb5StripDomain, false));
                        String keytabString = settings.getString(Keys.git.sshKrb5Keytab,
                                        "");
                        if(! keytabString.isEmpty()) {

diff --git a/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java b/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
index 8170c934f94553f757eda7c8e1da6d44565b5192..638c718eaa661f531791aebefc5b4854aba1585c 100644 (file)
--- a/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
@@ -27,10 +27,12 @@ public class SshKrbAuthenticator extends GSSAuthenticator {
        
        protected final Logger log = LoggerFactory.getLogger(getClass());
        protected final IAuthenticationManager authManager;
+       protected final boolean stripDomain;
 
-       public SshKrbAuthenticator(IAuthenticationManager authManager) {
+       public SshKrbAuthenticator(IAuthenticationManager authManager, boolean stripDomain) {
                this.authManager = authManager;
-               log.info("registry  {}", authManager);
+               this.stripDomain = stripDomain;
+               log.info("registry {}", authManager);
        }
 
        public boolean validateIdentity(ServerSession session, String identity) {
@@ -41,6 +43,11 @@ public class SshKrbAuthenticator extends GSSAuthenticator {
                        return true;
                }
                String username = identity.toLowerCase(Locale.US);
+               if (stripDomain) {
+                       int p = username.indexOf('@');
+                       if (p > 0)
+                               username = username.substring(0, p);
+               }
                UserModel user = authManager.authenticate(username);
                if (user != null) {
                        client.setUser(user);