diff options
| author | Fabrice Bacchella <fbacchella@spamcop.net> | 2015-05-25 23:02:13 +0200 |
|---|---|---|
| committer | Fabrice Bacchella <fbacchella@spamcop.net> | 2015-05-26 23:42:07 +0200 |
| commit | e97c01c140841667b1fa50a9ffa41bb60952e4ec (patch) | |
| tree | 8d990126c3192038267c32cec303989c04f7556e /src/main/java/com/gitblit/transport | |
| parent | 79922557bf5a716fcb758e2437b36714e51368e5 (diff) | |
| download | gitblit-e97c01c140841667b1fa50a9ffa41bb60952e4ec.tar.gz gitblit-e97c01c140841667b1fa50a9ffa41bb60952e4ec.zip | |
Invalid kerberos patches, works now and with a test.
Diffstat (limited to 'src/main/java/com/gitblit/transport')
| -rw-r--r-- | src/main/java/com/gitblit/transport/ssh/SshDaemon.java | 2 | ||||
| -rw-r--r-- | src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java | 52 |
2 files changed, 53 insertions, 1 deletions
diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java index ec7d7c36..0ff5c284 100644 --- a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java +++ b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java @@ -134,7 +134,7 @@ public class SshDaemon { //Will do GSS ? GSSAuthenticator gssAuthenticator = null; if(settings.getBoolean(Keys.git.sshWithKrb5, false)) { - gssAuthenticator = new GSSAuthenticator(); + gssAuthenticator = new SshKrbAuthenticator(gitblit); String keytabString = settings.getString(Keys.git.sshKrb5Keytab, ""); if(! keytabString.isEmpty()) { diff --git a/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java b/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java new file mode 100644 index 00000000..8170c934 --- /dev/null +++ b/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java @@ -0,0 +1,52 @@ +/* + * Copyright 2015 gitblit.com. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.gitblit.transport.ssh; + +import com.gitblit.manager.IAuthenticationManager; +import com.gitblit.models.UserModel; +import java.util.Locale; +import org.apache.sshd.server.auth.gss.GSSAuthenticator; +import org.apache.sshd.server.session.ServerSession; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class SshKrbAuthenticator extends GSSAuthenticator { + + protected final Logger log = LoggerFactory.getLogger(getClass()); + protected final IAuthenticationManager authManager; + + public SshKrbAuthenticator(IAuthenticationManager authManager) { + this.authManager = authManager; + log.info("registry {}", authManager); + } + + public boolean validateIdentity(ServerSession session, String identity) { + log.info("identify with kerberos {}", identity); + SshDaemonClient client = (SshDaemonClient)session.getAttribute(SshDaemonClient.KEY); + if (client.getUser() != null) { + log.info("{} has already authenticated!", identity); + return true; + } + String username = identity.toLowerCase(Locale.US); + UserModel user = authManager.authenticate(username); + if (user != null) { + client.setUser(user); + return true; + } + log.warn("could not authenticate {} for SSH", username); + return false; + } +} |