diff options
author | Vitaliy Filippov <vitalif@yourcmc.ru> | 2015-06-01 23:36:49 +0300 |
---|---|---|
committer | Vitaliy Filippov <vitalif@yourcmc.ru> | 2015-10-01 13:08:53 +0300 |
commit | 7b6c1bdaba9877397ffdaf0c8641196cfb060c39 (patch) | |
tree | a3f221be497732d0c96926c750fec5cd50246f57 /src/main/java/com/gitblit/transport/ssh | |
parent | 7be48d8d14c74dfb10ba3d71f12a78505daf29a6 (diff) | |
download | gitblit-7b6c1bdaba9877397ffdaf0c8641196cfb060c39.tar.gz gitblit-7b6c1bdaba9877397ffdaf0c8641196cfb060c39.zip |
Allow to strip domain from kerberos usernames
Diffstat (limited to 'src/main/java/com/gitblit/transport/ssh')
-rw-r--r-- | src/main/java/com/gitblit/transport/ssh/SshDaemon.java | 2 | ||||
-rw-r--r-- | src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java | 11 |
2 files changed, 10 insertions, 3 deletions
diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java index b6fae25e..65d1558a 100644 --- a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java +++ b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java @@ -133,7 +133,7 @@ public class SshDaemon { //Will do GSS ? GSSAuthenticator gssAuthenticator = null; if(settings.getBoolean(Keys.git.sshWithKrb5, false)) { - gssAuthenticator = new SshKrbAuthenticator(gitblit); + gssAuthenticator = new SshKrbAuthenticator(gitblit, settings.getBoolean(Keys.git.sshKrb5StripDomain, false)); String keytabString = settings.getString(Keys.git.sshKrb5Keytab, ""); if(! keytabString.isEmpty()) { diff --git a/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java b/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java index 8170c934..638c718e 100644 --- a/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java +++ b/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java @@ -27,10 +27,12 @@ public class SshKrbAuthenticator extends GSSAuthenticator { protected final Logger log = LoggerFactory.getLogger(getClass()); protected final IAuthenticationManager authManager; + protected final boolean stripDomain; - public SshKrbAuthenticator(IAuthenticationManager authManager) { + public SshKrbAuthenticator(IAuthenticationManager authManager, boolean stripDomain) { this.authManager = authManager; - log.info("registry {}", authManager); + this.stripDomain = stripDomain; + log.info("registry {}", authManager); } public boolean validateIdentity(ServerSession session, String identity) { @@ -41,6 +43,11 @@ public class SshKrbAuthenticator extends GSSAuthenticator { return true; } String username = identity.toLowerCase(Locale.US); + if (stripDomain) { + int p = username.indexOf('@'); + if (p > 0) + username = username.substring(0, p); + } UserModel user = authManager.authenticate(username); if (user != null) { client.setUser(user); |