blob: c28a2ed68dec5525a498c51949c80a276d343580 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
/*
* Copyright 2014 gitblit.com.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package com.gitblit.transport.ssh;
import java.security.PublicKey;
import java.util.List;
import java.util.Locale;
import org.apache.sshd.server.PublickeyAuthenticator;
import org.apache.sshd.server.session.ServerSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.gitblit.manager.IAuthenticationManager;
import com.gitblit.models.UserModel;
import com.google.common.base.Preconditions;
/**
* Authenticates an SSH session against a public key.
*
*/
public class SshKeyAuthenticator implements PublickeyAuthenticator {
protected final Logger log = LoggerFactory.getLogger(getClass());
protected final IPublicKeyManager keyManager;
protected final IAuthenticationManager authManager;
public SshKeyAuthenticator(IPublicKeyManager keyManager, IAuthenticationManager authManager) {
this.keyManager = keyManager;
this.authManager = authManager;
}
@Override
public boolean authenticate(String username, PublicKey suppliedKey, ServerSession session) {
SshDaemonClient client = session.getAttribute(SshDaemonClient.KEY);
Preconditions.checkState(client.getUser() == null);
username = username.toLowerCase(Locale.US);
List<SshKey> keys = keyManager.getKeys(username);
if (keys.isEmpty()) {
log.info("{} has not added any public keys for ssh authentication", username);
return false;
}
SshKey pk = new SshKey(suppliedKey);
log.debug("auth supplied {}", pk.getFingerprint());
for (SshKey key : keys) {
log.debug("auth compare to {}", key.getFingerprint());
if (key.getPublicKey().equals(suppliedKey)) {
UserModel user = authManager.authenticate(username, key);
if (user != null) {
client.setUser(user);
client.setKey(key);
return true;
}
}
}
log.warn("could not authenticate {} for SSH using the supplied public key", username);
return false;
}
}
|
