From 7b6c1bdaba9877397ffdaf0c8641196cfb060c39 Mon Sep 17 00:00:00 2001
From: Vitaliy Filippov <vitalif@yourcmc.ru>
Date: Mon, 1 Jun 2015 23:36:49 +0300
Subject: [PATCH] Allow to strip domain from kerberos usernames

---
 src/main/distrib/data/defaults.properties             |  5 +++++
 .../java/com/gitblit/transport/ssh/SshDaemon.java     |  2 +-
 .../gitblit/transport/ssh/SshKrbAuthenticator.java    | 11 +++++++++--
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/main/distrib/data/defaults.properties b/src/main/distrib/data/defaults.properties
index d4ebcc39..764e9a66 100644
--- a/src/main/distrib/data/defaults.properties
+++ b/src/main/distrib/data/defaults.properties
@@ -148,6 +148,11 @@ git.sshWithKrb5 = "false"
 # SINCE 1.7.0
 git.sshKrb5Keytab = ""
 
+# Strip domain from kerberos usernamae.
+#
+# SINCE 1.7.0
+git.sshKrb5StripDomain = "true"
+
 # The service principal name to be used for Kerberos5.  The default is host/hostname.
 #
 # SINCE 1.7.0
diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
index b6fae25e..65d1558a 100644
--- a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
@@ -133,7 +133,7 @@ public class SshDaemon {
 		//Will do GSS ?
 		GSSAuthenticator gssAuthenticator = null;
 		if(settings.getBoolean(Keys.git.sshWithKrb5, false)) {
-			gssAuthenticator = new SshKrbAuthenticator(gitblit);
+			gssAuthenticator = new SshKrbAuthenticator(gitblit, settings.getBoolean(Keys.git.sshKrb5StripDomain, false));
 			String keytabString = settings.getString(Keys.git.sshKrb5Keytab,
 					"");
 			if(! keytabString.isEmpty()) {
diff --git a/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java b/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
index 8170c934..638c718e 100644
--- a/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
@@ -27,10 +27,12 @@ public class SshKrbAuthenticator extends GSSAuthenticator {
 	
 	protected final Logger log = LoggerFactory.getLogger(getClass());
 	protected final IAuthenticationManager authManager;
+	protected final boolean stripDomain;
 
-	public SshKrbAuthenticator(IAuthenticationManager authManager) {
+	public SshKrbAuthenticator(IAuthenticationManager authManager, boolean stripDomain) {
 		this.authManager = authManager;
-		log.info("registry  {}", authManager);
+		this.stripDomain = stripDomain;
+		log.info("registry {}", authManager);
 	}
 
 	public boolean validateIdentity(ServerSession session, String identity) {
@@ -41,6 +43,11 @@ public class SshKrbAuthenticator extends GSSAuthenticator {
 			return true;
 		}
 		String username = identity.toLowerCase(Locale.US);
+		if (stripDomain) {
+			int p = username.indexOf('@');
+			if (p > 0)
+				username = username.substring(0, p);
+		}
 		UserModel user = authManager.authenticate(username);
 		if (user != null) {
 			client.setUser(user);
-- 
2.39.5