diff options
Diffstat (limited to 'src/main')
6 files changed, 51 insertions, 85 deletions
diff --git a/src/main/distrib/data/defaults.properties b/src/main/distrib/data/defaults.properties index 5db68836..4606f5fc 100644 --- a/src/main/distrib/data/defaults.properties +++ b/src/main/distrib/data/defaults.properties @@ -138,33 +138,27 @@ git.sshKeysManager = com.gitblit.transport.ssh.FileKeyManager # SINCE 1.5.0 git.sshKeysFolder= ${baseFolder}/ssh -# Use kerberos5 (GSS) authentication +# Use Kerberos5 (GSS) authentication # # SINCE 1.7.0 -git.sshWithKrb5 = "false" +git.sshWithKrb5 = false -# The path to a kerberos 5 keytab. +# The path to a Kerberos 5 keytab. # # SINCE 1.7.0 -git.sshKrb5Keytab = "" +git.sshKrb5Keytab = -# Strip the domain suffix from a kerberos username. -# e.g. james@bigbox would be "james" +# The service principal name to be used for Kerberos5. +# The default is host/hostname. # # SINCE 1.7.0 -git.sshKrb5StripDomain = true +git.sshKrb5ServicePrincipalName = -# The service principal name to be used for Kerberos5. The default is host/hostname. -# -# SINCE 1.7.0 -git.sshKrb5ServicePrincipalName = "" - -# A comma-separated list of authentication method. They will be tried in -# the given order. Possible values are -# "gssapi-with-mic", "publickey", "keyboard-interactive" or "password" +# Strip the domain suffix from a kerberos username. +# e.g. james@bigbox would be "james" # # SINCE 1.7.0 -git.sshAuthenticatorsOrder = "password,keyboard-interactive,publickey" +git.sshKrb5StripDomain = true # SSH backend NIO2|MINA. # diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java index e9333ce9..5a94c9a3 100644 --- a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java +++ b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java @@ -23,24 +23,14 @@ import java.net.InetSocketAddress; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.text.MessageFormat; -import java.util.ArrayList; -import java.util.List; -import java.util.Locale; import java.util.concurrent.atomic.AtomicBoolean; -import org.apache.sshd.common.NamedFactory; import org.apache.sshd.common.io.IoServiceFactoryFactory; import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory; import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory; import org.apache.sshd.common.util.SecurityUtils; import org.apache.sshd.server.SshServer; import org.apache.sshd.server.auth.CachingPublicKeyAuthenticator; -import org.apache.sshd.server.auth.UserAuth; -import org.apache.sshd.server.auth.UserAuthKeyboardInteractiveFactory; -import org.apache.sshd.server.auth.UserAuthPasswordFactory; -import org.apache.sshd.server.auth.UserAuthPublicKeyFactory; -import org.apache.sshd.server.auth.gss.GSSAuthenticator; -import org.apache.sshd.server.auth.gss.UserAuthGSSFactory; import org.bouncycastle.openssl.PEMWriter; import org.eclipse.jgit.internal.JGitText; import org.slf4j.Logger; @@ -130,48 +120,6 @@ public class SshDaemon { addr = new InetSocketAddress(bindInterface, port); } - //Will do GSS ? - GSSAuthenticator gssAuthenticator = null; - if(settings.getBoolean(Keys.git.sshWithKrb5, false)) { - gssAuthenticator = new SshKrbAuthenticator(gitblit, settings); - String keytabString = settings.getString(Keys.git.sshKrb5Keytab, - ""); - if(! keytabString.isEmpty()) { - gssAuthenticator.setKeytabFile(keytabString); - } - String servicePrincipalName = settings.getString(Keys.git.sshKrb5ServicePrincipalName, - ""); - if(! servicePrincipalName.isEmpty()) { - gssAuthenticator.setServicePrincipalName(servicePrincipalName); - } - } - - //Sort the authenticators for sshd - List<NamedFactory<UserAuth>> userAuthFactories = new ArrayList<>(); - String sshAuthenticatorsOrderString = settings.getString(Keys.git.sshAuthenticatorsOrder, - "password,keyboard-interactive,publickey"); - for(String authenticator: sshAuthenticatorsOrderString.split(",")) { - String authenticatorName = authenticator.trim().toLowerCase(Locale.US); - switch (authenticatorName) { - case "gssapi-with-mic": - if(gssAuthenticator != null) { - userAuthFactories.add(new UserAuthGSSFactory()); - } - break; - case "publickey": - userAuthFactories.add(new UserAuthPublicKeyFactory()); - break; - case "password": - userAuthFactories.add(new UserAuthPasswordFactory()); - break; - case "keyboard-interactive": - userAuthFactories.add(new UserAuthKeyboardInteractiveFactory()); - break; - default: - log.error("Unknown ssh authenticator: '{}'", authenticatorName); - } - } - // Create the SSH server sshd = SshServer.setUpDefaultServer(); sshd.setPort(addr.getPort()); @@ -179,10 +127,9 @@ public class SshDaemon { sshd.setKeyPairProvider(hostKeyPairProvider); sshd.setPublickeyAuthenticator(new CachingPublicKeyAuthenticator(keyAuthenticator)); sshd.setPasswordAuthenticator(new UsernamePasswordAuthenticator(gitblit)); - if(gssAuthenticator != null) { - sshd.setGSSAuthenticator(gssAuthenticator); + if (settings.getBoolean(Keys.git.sshWithKrb5, false)) { + sshd.setGSSAuthenticator(new SshKrbAuthenticator(settings, gitblit)); } - sshd.setUserAuthFactories(userAuthFactories); sshd.setSessionFactory(new SshServerSessionFactory()); sshd.setFileSystemFactory(new DisabledFilesystemFactory()); sshd.setTcpipForwardingFilter(new NonForwardingFilter()); diff --git a/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java b/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java index 375aa71c..b6d233cf 100644 --- a/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java +++ b/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java @@ -33,10 +33,21 @@ public class SshKrbAuthenticator extends GSSAuthenticator { protected final IAuthenticationManager authManager; protected final boolean stripDomain; - public SshKrbAuthenticator(IAuthenticationManager authManager, IStoredSettings settings) { + + public SshKrbAuthenticator(IStoredSettings settings, IAuthenticationManager authManager) { this.authManager = authManager; + + String keytabString = settings.getString(Keys.git.sshKrb5Keytab, ""); + if(! keytabString.isEmpty()) { + setKeytabFile(keytabString); + } + + String servicePrincipalName = settings.getString(Keys.git.sshKrb5ServicePrincipalName, ""); + if(! servicePrincipalName.isEmpty()) { + setServicePrincipalName(servicePrincipalName); + } + this.stripDomain = settings.getBoolean(Keys.git.sshKrb5StripDomain, false); - log.info("registry {}", authManager); } @Override diff --git a/src/main/java/com/gitblit/wicket/GitBlitWebApp.properties b/src/main/java/com/gitblit/wicket/GitBlitWebApp.properties index d0374200..d8027548 100644 --- a/src/main/java/com/gitblit/wicket/GitBlitWebApp.properties +++ b/src/main/java/com/gitblit/wicket/GitBlitWebApp.properties @@ -763,4 +763,5 @@ gb.imgdiffSubtract = Subtract (black = identical) gb.deleteRepositoryHeader = Delete Repository gb.deleteRepositoryDescription = Deleted repositories will be unrecoverable. gb.show_whitespace = show whitespace -gb.ignore_whitespace = ignore whitespace
\ No newline at end of file +gb.ignore_whitespace = ignore whitespace +gb.allRepositories = All Repositories
\ No newline at end of file diff --git a/src/main/java/com/gitblit/wicket/pages/LuceneSearchPage.html b/src/main/java/com/gitblit/wicket/pages/LuceneSearchPage.html index 91a6ef43..d62b7b22 100644 --- a/src/main/java/com/gitblit/wicket/pages/LuceneSearchPage.html +++ b/src/main/java/com/gitblit/wicket/pages/LuceneSearchPage.html @@ -24,6 +24,7 @@ <div class="span3">
<h3><wicket:message key="gb.repositories"></wicket:message></h3>
<select wicket:id="repositories" ></select>
+ <label><input type="checkbox" wicket:id="allrepos" /> <span><wicket:message key="gb.allRepositories"></wicket:message></span></label> </div>
<div class="span9" style="margin-left:10px">
<div>
diff --git a/src/main/java/com/gitblit/wicket/pages/LuceneSearchPage.java b/src/main/java/com/gitblit/wicket/pages/LuceneSearchPage.java index 4d4545a5..b2fd9037 100644 --- a/src/main/java/com/gitblit/wicket/pages/LuceneSearchPage.java +++ b/src/main/java/com/gitblit/wicket/pages/LuceneSearchPage.java @@ -17,11 +17,14 @@ package com.gitblit.wicket.pages; import java.text.MessageFormat;
import java.util.ArrayList;
+import java.util.LinkedHashSet;
import java.util.List;
+import java.util.Set;
import org.apache.wicket.Component;
import org.apache.wicket.PageParameters;
import org.apache.wicket.markup.html.basic.Label;
+import org.apache.wicket.markup.html.form.CheckBox;
import org.apache.wicket.markup.html.form.ListMultipleChoice;
import org.apache.wicket.markup.html.form.TextField;
import org.apache.wicket.markup.html.panel.Fragment;
@@ -66,6 +69,15 @@ public class LuceneSearchPage extends RootPage { int page = 1;
int pageSize = app().settings().getInteger(Keys.web.itemsPerPage, 50);
+ // display user-accessible selections
+ UserModel user = GitBlitWebSession.get().getUser();
+ List<String> availableRepositories = new ArrayList<String>();
+ for (RepositoryModel model : app().repositories().getRepositoryModels(user)) {
+ if (model.hasCommits && !ArrayUtils.isEmpty(model.indexedBranches)) {
+ availableRepositories.add(model.name);
+ }
+ }
+
if (params != null) {
String repository = WicketUtils.getRepositoryName(params);
if (!StringUtils.isEmpty(repository)) {
@@ -79,6 +91,10 @@ public class LuceneSearchPage extends RootPage { List<String> list = StringUtils.getStringsFromValue(value);
repositories.addAll(list);
}
+ + if (params.containsKey("allrepos")) {
+ repositories.addAll(availableRepositories);
+ }
if (params.containsKey("query")) {
query = params.getString("query", "");
@@ -96,14 +112,6 @@ public class LuceneSearchPage extends RootPage { }
}
- // display user-accessible selections
- UserModel user = GitBlitWebSession.get().getUser();
- List<String> availableRepositories = new ArrayList<String>();
- for (RepositoryModel model : app().repositories().getRepositoryModels(user)) {
- if (model.hasCommits && !ArrayUtils.isEmpty(model.indexedBranches)) {
- availableRepositories.add(model.name);
- }
- }
boolean luceneEnabled = app().settings().getBoolean(Keys.web.allowLuceneIndexing, true);
if (luceneEnabled) {
if (availableRepositories.size() == 0) {
@@ -114,16 +122,18 @@ public class LuceneSearchPage extends RootPage { }
// enforce user-accessible repository selections
- ArrayList<String> searchRepositories = new ArrayList<String>();
+ Set<String> uniqueRepositories = new LinkedHashSet<String>();
for (String selectedRepository : repositories) {
if (availableRepositories.contains(selectedRepository)) {
- searchRepositories.add(selectedRepository);
+ uniqueRepositories.add(selectedRepository);
}
}
+ ArrayList<String> searchRepositories = new ArrayList<String>(uniqueRepositories);
// search form
final Model<String> queryModel = new Model<String>(query);
final Model<ArrayList<String>> repositoriesModel = new Model<ArrayList<String>>(searchRepositories);
+ final Model<Boolean> allreposModel = new Model<Boolean>(params != null && params.containsKey("allrepos"));
SessionlessForm<Void> form = new SessionlessForm<Void>("searchForm", getClass()) {
private static final long serialVersionUID = 1L;
@@ -135,13 +145,14 @@ public class LuceneSearchPage extends RootPage { error(getString("gb.undefinedQueryWarning"));
return;
}
- if (repositoriesModel.getObject().size() == 0) {
+ if (repositoriesModel.getObject().size() == 0 && !allreposModel.getObject()) {
error(getString("gb.noSelectedRepositoriesWarning"));
return;
}
PageParameters params = new PageParameters();
params.put("repositories", StringUtils.flattenStrings(repositoriesModel.getObject()));
params.put("query", queryModel.getObject());
+ params.put("allrepos", allreposModel.getObject());
LuceneSearchPage page = new LuceneSearchPage(params);
setResponsePage(page);
}
@@ -152,6 +163,7 @@ public class LuceneSearchPage extends RootPage { selections.setMaxRows(8);
form.add(selections.setEnabled(luceneEnabled));
form.add(new TextField<String>("query", queryModel).setEnabled(luceneEnabled));
+ form.add(new CheckBox("allrepos", allreposModel));
add(form.setEnabled(luceneEnabled));
// execute search
|