|
|
@@ -23,15 +23,25 @@ import java.net.InetSocketAddress; |
|
|
|
import java.security.KeyPair; |
|
|
|
import java.security.KeyPairGenerator; |
|
|
|
import java.text.MessageFormat; |
|
|
|
import java.util.ArrayList; |
|
|
|
import java.util.List; |
|
|
|
import java.util.Locale; |
|
|
|
import java.util.concurrent.atomic.AtomicBoolean; |
|
|
|
|
|
|
|
import org.apache.sshd.SshServer; |
|
|
|
import org.apache.sshd.common.NamedFactory; |
|
|
|
import org.apache.sshd.common.io.IoServiceFactoryFactory; |
|
|
|
import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory; |
|
|
|
import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory; |
|
|
|
import org.apache.sshd.common.keyprovider.FileKeyPairProvider; |
|
|
|
import org.apache.sshd.common.util.SecurityUtils; |
|
|
|
import org.apache.sshd.server.auth.CachingPublicKeyAuthenticator; |
|
|
|
import org.apache.sshd.server.UserAuth; |
|
|
|
import org.apache.sshd.server.auth.UserAuthKeyboardInteractive; |
|
|
|
import org.apache.sshd.server.auth.UserAuthPassword; |
|
|
|
import org.apache.sshd.server.auth.UserAuthPublicKey; |
|
|
|
import org.apache.sshd.server.auth.gss.GSSAuthenticator; |
|
|
|
import org.apache.sshd.server.auth.gss.UserAuthGSS; |
|
|
|
import org.bouncycastle.openssl.PEMWriter; |
|
|
|
import org.eclipse.jgit.internal.JGitText; |
|
|
|
import org.slf4j.Logger; |
|
|
@@ -120,7 +130,49 @@ public class SshDaemon { |
|
|
|
} else { |
|
|
|
addr = new InetSocketAddress(bindInterface, port); |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
//Will do GSS ? |
|
|
|
GSSAuthenticator gssAuthenticator = null; |
|
|
|
if(settings.getBoolean(Keys.git.sshWithKrb5, false)) { |
|
|
|
gssAuthenticator = new GSSAuthenticator(); |
|
|
|
String keytabString = settings.getString(Keys.git.sshKrb5Keytab, |
|
|
|
""); |
|
|
|
if(! keytabString.isEmpty()) { |
|
|
|
gssAuthenticator.setKeytabFile(keytabString); |
|
|
|
} |
|
|
|
String servicePrincipalName = settings.getString(Keys.git.sshKrb5ServicePrincipalName, |
|
|
|
""); |
|
|
|
if(! servicePrincipalName.isEmpty()) { |
|
|
|
gssAuthenticator.setServicePrincipalName(servicePrincipalName); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
//Sort the authenticators for sshd |
|
|
|
List<NamedFactory<UserAuth>> userAuthFactories = new ArrayList<>(); |
|
|
|
String sshAuthenticatorsOrderString = settings.getString(Keys.git.sshAuthenticatorsOrder, |
|
|
|
"password,keyboard-interactive,publickey"); |
|
|
|
for(String authenticator: sshAuthenticatorsOrderString.split(",")) { |
|
|
|
String authenticatorName = authenticator.trim().toLowerCase(Locale.US); |
|
|
|
switch (authenticatorName) { |
|
|
|
case "gssapi-with-mic": |
|
|
|
if(gssAuthenticator != null) { |
|
|
|
userAuthFactories.add(new UserAuthGSS.Factory()); |
|
|
|
} |
|
|
|
break; |
|
|
|
case "publickey": |
|
|
|
userAuthFactories.add(new UserAuthPublicKey.Factory()); |
|
|
|
break; |
|
|
|
case "password": |
|
|
|
userAuthFactories.add(new UserAuthPassword.Factory()); |
|
|
|
break; |
|
|
|
case "keyboard-interactive": |
|
|
|
userAuthFactories.add(new UserAuthKeyboardInteractive.Factory()); |
|
|
|
break; |
|
|
|
default: |
|
|
|
log.error("Unknown ssh authenticator: '{}'", authenticatorName); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
// Create the SSH server |
|
|
|
sshd = SshServer.setUpDefaultServer(); |
|
|
|
sshd.setPort(addr.getPort()); |
|
|
@@ -128,6 +180,10 @@ public class SshDaemon { |
|
|
|
sshd.setKeyPairProvider(hostKeyPairProvider); |
|
|
|
sshd.setPublickeyAuthenticator(new CachingPublicKeyAuthenticator(keyAuthenticator)); |
|
|
|
sshd.setPasswordAuthenticator(new UsernamePasswordAuthenticator(gitblit)); |
|
|
|
if(gssAuthenticator != null) { |
|
|
|
sshd.setGSSAuthenticator(gssAuthenticator); |
|
|
|
} |
|
|
|
sshd.setUserAuthFactories(userAuthFactories); |
|
|
|
sshd.setSessionFactory(new SshServerSessionFactory()); |
|
|
|
sshd.setFileSystemFactory(new DisabledFilesystemFactory()); |
|
|
|
sshd.setTcpipForwardingFilter(new NonForwardingFilter()); |