| commit | author | age | ||
| e97c01 | 1 | /* |
| FB | 2 | * Copyright 2015 gitblit.com. |
| 3 | * | |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
| 5 | * you may not use this file except in compliance with the License. | |
| 6 | * You may obtain a copy of the License at | |
| 7 | * | |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
| 9 | * | |
| 10 | * Unless required by applicable law or agreed to in writing, software | |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, | |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 13 | * See the License for the specific language governing permissions and | |
| 14 | * limitations under the License. | |
| 15 | */ | |
| 16 | package com.gitblit.transport.ssh; | |
| 17 | ||
| 18 | import com.gitblit.manager.IAuthenticationManager; | |
| 19 | import com.gitblit.models.UserModel; | |
| 20 | import java.util.Locale; | |
| 21 | import org.apache.sshd.server.auth.gss.GSSAuthenticator; | |
| 22 | import org.apache.sshd.server.session.ServerSession; | |
| 23 | import org.slf4j.Logger; | |
| 24 | import org.slf4j.LoggerFactory; | |
| 25 | ||
| 26 | public class SshKrbAuthenticator extends GSSAuthenticator { | |
| 27 | ||
| 28 | protected final Logger log = LoggerFactory.getLogger(getClass()); | |
| 29 | protected final IAuthenticationManager authManager; | |
| 7b6c1b | 30 | protected final boolean stripDomain; |
| e97c01 | 31 | |
| 7b6c1b | 32 | public SshKrbAuthenticator(IAuthenticationManager authManager, boolean stripDomain) { |
| e97c01 | 33 | this.authManager = authManager; |
| 7b6c1b | 34 | this.stripDomain = stripDomain; |
| VF | 35 | log.info("registry {}", authManager); |
| e97c01 | 36 | } |
| FB | 37 | |
| 38 | public boolean validateIdentity(ServerSession session, String identity) { | |
| 39 | log.info("identify with kerberos {}", identity); | |
| 40 | SshDaemonClient client = (SshDaemonClient)session.getAttribute(SshDaemonClient.KEY); | |
| 41 | if (client.getUser() != null) { | |
| 42 | log.info("{} has already authenticated!", identity); | |
| 43 | return true; | |
| 44 | } | |
| 45 | String username = identity.toLowerCase(Locale.US); | |
| 7b6c1b | 46 | if (stripDomain) { |
| VF | 47 | int p = username.indexOf('@'); |
| 48 | if (p > 0) | |
| 49 | username = username.substring(0, p); | |
| 50 | } | |
| e97c01 | 51 | UserModel user = authManager.authenticate(username); |
| FB | 52 | if (user != null) { |
| 53 | client.setUser(user); | |
| 54 | return true; | |
| 55 | } | |
| 56 | log.warn("could not authenticate {} for SSH", username); | |
| 57 | return false; | |
| 58 | } | |
| 59 | } | |
