Revert manual specification of ssh user auth factories

2 files changed, 22 insertions, 61 deletions

diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
index b6fae25e..5a94c9a3 100644
--- a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
@@ -23,24 +23,14 @@ import java.net.InetSocketAddress;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.text.MessageFormat;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Locale;
 import java.util.concurrent.atomic.AtomicBoolean;
 
-import org.apache.sshd.common.NamedFactory;
 import org.apache.sshd.common.io.IoServiceFactoryFactory;
 import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
 import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
 import org.apache.sshd.common.util.SecurityUtils;
 import org.apache.sshd.server.SshServer;
 import org.apache.sshd.server.auth.CachingPublicKeyAuthenticator;
-import org.apache.sshd.server.auth.UserAuth;
-import org.apache.sshd.server.auth.UserAuthKeyboardInteractiveFactory;
-import org.apache.sshd.server.auth.UserAuthPasswordFactory;
-import org.apache.sshd.server.auth.UserAuthPublicKeyFactory;
-import org.apache.sshd.server.auth.gss.GSSAuthenticator;
-import org.apache.sshd.server.auth.gss.UserAuthGSSFactory;
 import org.bouncycastle.openssl.PEMWriter;
 import org.eclipse.jgit.internal.JGitText;
 import org.slf4j.Logger;
@@ -130,48 +120,6 @@ public class SshDaemon {
 			addr = new InetSocketAddress(bindInterface, port);
 		}
 
-		//Will do GSS ?
-		GSSAuthenticator gssAuthenticator = null;
-		if(settings.getBoolean(Keys.git.sshWithKrb5, false)) {
-			gssAuthenticator = new SshKrbAuthenticator(gitblit);
-			String keytabString = settings.getString(Keys.git.sshKrb5Keytab,
-					"");
-			if(! keytabString.isEmpty()) {
-				gssAuthenticator.setKeytabFile(keytabString);
-			}
-			String servicePrincipalName = settings.getString(Keys.git.sshKrb5ServicePrincipalName,
-					"");
-			if(! servicePrincipalName.isEmpty()) {
-				gssAuthenticator.setServicePrincipalName(servicePrincipalName);
-			}
-		}
-
-		//Sort the authenticators for sshd
-		List<NamedFactory<UserAuth>> userAuthFactories = new ArrayList<>();
-		String sshAuthenticatorsOrderString = settings.getString(Keys.git.sshAuthenticatorsOrder,
-				"password,keyboard-interactive,publickey");
-		for(String authenticator: sshAuthenticatorsOrderString.split(",")) {
-			String authenticatorName = authenticator.trim().toLowerCase(Locale.US);
-			switch (authenticatorName) {
-			case "gssapi-with-mic":
-				if(gssAuthenticator != null) {
-					userAuthFactories.add(new UserAuthGSSFactory());
-				}
-				break;
-			case "publickey":
-				userAuthFactories.add(new UserAuthPublicKeyFactory());
-				break;
-			case "password":
-				userAuthFactories.add(new UserAuthPasswordFactory());
-				break;
-			case "keyboard-interactive":
-				userAuthFactories.add(new UserAuthKeyboardInteractiveFactory());
-				break;
-			default:
-				log.error("Unknown ssh authenticator: '{}'", authenticatorName);
-			}
-		}
-
 		// Create the SSH server
 		sshd = SshServer.setUpDefaultServer();
 		sshd.setPort(addr.getPort());
@@ -179,10 +127,9 @@ public class SshDaemon {
 		sshd.setKeyPairProvider(hostKeyPairProvider);
 		sshd.setPublickeyAuthenticator(new CachingPublicKeyAuthenticator(keyAuthenticator));
 		sshd.setPasswordAuthenticator(new UsernamePasswordAuthenticator(gitblit));
-		if(gssAuthenticator != null) {
-			sshd.setGSSAuthenticator(gssAuthenticator);
+		if (settings.getBoolean(Keys.git.sshWithKrb5, false)) {
+			sshd.setGSSAuthenticator(new SshKrbAuthenticator(settings, gitblit));
 		}
-		sshd.setUserAuthFactories(userAuthFactories);
 		sshd.setSessionFactory(new SshServerSessionFactory());
 		sshd.setFileSystemFactory(new DisabledFilesystemFactory());
 		sshd.setTcpipForwardingFilter(new NonForwardingFilter());
diff --git a/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java b/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
index 8170c934..4afc00fc 100644
--- a/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
@@ -15,27 +15,41 @@
  */
 package com.gitblit.transport.ssh;
 
-import com.gitblit.manager.IAuthenticationManager;
-import com.gitblit.models.UserModel;
 import java.util.Locale;
+
 import org.apache.sshd.server.auth.gss.GSSAuthenticator;
 import org.apache.sshd.server.session.ServerSession;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.gitblit.IStoredSettings;
+import com.gitblit.Keys;
+import com.gitblit.manager.IAuthenticationManager;
+import com.gitblit.models.UserModel;
+
 public class SshKrbAuthenticator extends GSSAuthenticator {
-	
+
 	protected final Logger log = LoggerFactory.getLogger(getClass());
 	protected final IAuthenticationManager authManager;
 
-	public SshKrbAuthenticator(IAuthenticationManager authManager) {
+	public SshKrbAuthenticator(IStoredSettings settings, IAuthenticationManager authManager) {
 		this.authManager = authManager;
-		log.info("registry  {}", authManager);
+
+		String keytabString = settings.getString(Keys.git.sshKrb5Keytab, "");
+		if(! keytabString.isEmpty()) {
+			setKeytabFile(keytabString);
+		}
+
+		String servicePrincipalName = settings.getString(Keys.git.sshKrb5ServicePrincipalName, "");
+		if(! servicePrincipalName.isEmpty()) {
+			setServicePrincipalName(servicePrincipalName);
+		}
 	}
 
+	@Override
 	public boolean validateIdentity(ServerSession session, String identity) {
 		log.info("identify with kerberos {}", identity);
-		SshDaemonClient client = (SshDaemonClient)session.getAttribute(SshDaemonClient.KEY);
+		SshDaemonClient client = session.getAttribute(SshDaemonClient.KEY);
 		if (client.getUser() != null) {
 			log.info("{} has already authenticated!", identity);
 			return true;