commit | author | age
|
e97c01
|
1 |
/* |
FB |
2 |
* Copyright 2015 gitblit.com. |
|
3 |
* |
|
4 |
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
5 |
* you may not use this file except in compliance with the License. |
|
6 |
* You may obtain a copy of the License at |
|
7 |
* |
|
8 |
* http://www.apache.org/licenses/LICENSE-2.0 |
|
9 |
* |
|
10 |
* Unless required by applicable law or agreed to in writing, software |
|
11 |
* distributed under the License is distributed on an "AS IS" BASIS, |
|
12 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
13 |
* See the License for the specific language governing permissions and |
|
14 |
* limitations under the License. |
|
15 |
*/ |
|
16 |
package com.gitblit.transport.ssh; |
|
17 |
|
|
18 |
import com.gitblit.manager.IAuthenticationManager; |
|
19 |
import com.gitblit.models.UserModel; |
|
20 |
import java.util.Locale; |
|
21 |
import org.apache.sshd.server.auth.gss.GSSAuthenticator; |
|
22 |
import org.apache.sshd.server.session.ServerSession; |
|
23 |
import org.slf4j.Logger; |
|
24 |
import org.slf4j.LoggerFactory; |
|
25 |
|
|
26 |
public class SshKrbAuthenticator extends GSSAuthenticator { |
|
27 |
|
|
28 |
protected final Logger log = LoggerFactory.getLogger(getClass()); |
|
29 |
protected final IAuthenticationManager authManager; |
7b6c1b
|
30 |
protected final boolean stripDomain; |
e97c01
|
31 |
|
7b6c1b
|
32 |
public SshKrbAuthenticator(IAuthenticationManager authManager, boolean stripDomain) { |
e97c01
|
33 |
this.authManager = authManager; |
7b6c1b
|
34 |
this.stripDomain = stripDomain; |
VF |
35 |
log.info("registry {}", authManager); |
e97c01
|
36 |
} |
FB |
37 |
|
|
38 |
public boolean validateIdentity(ServerSession session, String identity) { |
|
39 |
log.info("identify with kerberos {}", identity); |
|
40 |
SshDaemonClient client = (SshDaemonClient)session.getAttribute(SshDaemonClient.KEY); |
|
41 |
if (client.getUser() != null) { |
|
42 |
log.info("{} has already authenticated!", identity); |
|
43 |
return true; |
|
44 |
} |
|
45 |
String username = identity.toLowerCase(Locale.US); |
7b6c1b
|
46 |
if (stripDomain) { |
VF |
47 |
int p = username.indexOf('@'); |
|
48 |
if (p > 0) |
|
49 |
username = username.substring(0, p); |
|
50 |
} |
e97c01
|
51 |
UserModel user = authManager.authenticate(username); |
FB |
52 |
if (user != null) { |
|
53 |
client.setUser(user); |
|
54 |
return true; |
|
55 |
} |
|
56 |
log.warn("could not authenticate {} for SSH", username); |
|
57 |
return false; |
|
58 |
} |
|
59 |
} |