| commit | author | age | ||
| e97c01 | 1 | /* |
| FB | 2 | * Copyright 2015 gitblit.com. |
| 3 | * | |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
| 5 | * you may not use this file except in compliance with the License. | |
| 6 | * You may obtain a copy of the License at | |
| 7 | * | |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
| 9 | * | |
| 10 | * Unless required by applicable law or agreed to in writing, software | |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, | |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 13 | * See the License for the specific language governing permissions and | |
| 14 | * limitations under the License. | |
| 15 | */ | |
| 16 | package com.gitblit.transport.ssh; | |
| 17 | ||
| 18 | import java.util.Locale; | |
| 92ae83 | 19 | |
| e97c01 | 20 | import org.apache.sshd.server.auth.gss.GSSAuthenticator; |
| FB | 21 | import org.apache.sshd.server.session.ServerSession; |
| 22 | import org.slf4j.Logger; | |
| 23 | import org.slf4j.LoggerFactory; | |
| 24 | ||
| 92ae83 | 25 | import com.gitblit.IStoredSettings; |
| JM | 26 | import com.gitblit.Keys; |
| 27 | import com.gitblit.manager.IAuthenticationManager; | |
| 28 | import com.gitblit.models.UserModel; | |
| 29 | ||
| e97c01 | 30 | public class SshKrbAuthenticator extends GSSAuthenticator { |
| 92ae83 | 31 | |
| e97c01 | 32 | protected final Logger log = LoggerFactory.getLogger(getClass()); |
| FB | 33 | protected final IAuthenticationManager authManager; |
| 34 | ||
| 92ae83 | 35 | public SshKrbAuthenticator(IStoredSettings settings, IAuthenticationManager authManager) { |
| e97c01 | 36 | this.authManager = authManager; |
| 92ae83 | 37 | |
| JM | 38 | String keytabString = settings.getString(Keys.git.sshKrb5Keytab, ""); |
| 39 | if(! keytabString.isEmpty()) { | |
| 40 | setKeytabFile(keytabString); | |
| 41 | } | |
| 42 | ||
| 43 | String servicePrincipalName = settings.getString(Keys.git.sshKrb5ServicePrincipalName, ""); | |
| 44 | if(! servicePrincipalName.isEmpty()) { | |
| 45 | setServicePrincipalName(servicePrincipalName); | |
| 46 | } | |
| e97c01 | 47 | } |
| FB | 48 | |
| 92ae83 | 49 | @Override |
| e97c01 | 50 | public boolean validateIdentity(ServerSession session, String identity) { |
| FB | 51 | log.info("identify with kerberos {}", identity); |
| 92ae83 | 52 | SshDaemonClient client = session.getAttribute(SshDaemonClient.KEY); |
| e97c01 | 53 | if (client.getUser() != null) { |
| FB | 54 | log.info("{} has already authenticated!", identity); |
| 55 | return true; | |
| 56 | } | |
| 57 | String username = identity.toLowerCase(Locale.US); | |
| 58 | UserModel user = authManager.authenticate(username); | |
| 59 | if (user != null) { | |
| 60 | client.setUser(user); | |
| 61 | return true; | |
| 62 | } | |
| 63 | log.warn("could not authenticate {} for SSH", username); | |
| 64 | return false; | |
| 65 | } | |
| 66 | } | |
