| commit | author | age | ||
| e97c01 | 1 | /* |
| FB | 2 | * Copyright 2015 gitblit.com. |
| 3 | * | |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
| 5 | * you may not use this file except in compliance with the License. | |
| 6 | * You may obtain a copy of the License at | |
| 7 | * | |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
| 9 | * | |
| 10 | * Unless required by applicable law or agreed to in writing, software | |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, | |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 13 | * See the License for the specific language governing permissions and | |
| 14 | * limitations under the License. | |
| 15 | */ | |
| 16 | package com.gitblit.transport.ssh; | |
| 17 | ||
| 18 | import java.util.Locale; | |
| be49ef | 19 | |
| e97c01 | 20 | import org.apache.sshd.server.auth.gss.GSSAuthenticator; |
| FB | 21 | import org.apache.sshd.server.session.ServerSession; |
| 22 | import org.slf4j.Logger; | |
| 23 | import org.slf4j.LoggerFactory; | |
| 24 | ||
| be49ef | 25 | import com.gitblit.IStoredSettings; |
| JM | 26 | import com.gitblit.Keys; |
| 27 | import com.gitblit.manager.IAuthenticationManager; | |
| 28 | import com.gitblit.models.UserModel; | |
| 29 | ||
| e97c01 | 30 | public class SshKrbAuthenticator extends GSSAuthenticator { |
| be49ef | 31 | |
| e97c01 | 32 | protected final Logger log = LoggerFactory.getLogger(getClass()); |
| FB | 33 | protected final IAuthenticationManager authManager; |
| 7b6c1b | 34 | protected final boolean stripDomain; |
| e97c01 | 35 | |
| be49ef | 36 | public SshKrbAuthenticator(IAuthenticationManager authManager, IStoredSettings settings) { |
| e97c01 | 37 | this.authManager = authManager; |
| be49ef | 38 | this.stripDomain = settings.getBoolean(Keys.git.sshKrb5StripDomain, false); |
| 7b6c1b | 39 | log.info("registry {}", authManager); |
| e97c01 | 40 | } |
| FB | 41 | |
| be49ef | 42 | @Override |
| e97c01 | 43 | public boolean validateIdentity(ServerSession session, String identity) { |
| FB | 44 | log.info("identify with kerberos {}", identity); |
| be49ef | 45 | SshDaemonClient client = session.getAttribute(SshDaemonClient.KEY); |
| e97c01 | 46 | if (client.getUser() != null) { |
| FB | 47 | log.info("{} has already authenticated!", identity); |
| 48 | return true; | |
| 49 | } | |
| 50 | String username = identity.toLowerCase(Locale.US); | |
| 7b6c1b | 51 | if (stripDomain) { |
| VF | 52 | int p = username.indexOf('@'); |
| be49ef | 53 | if (p > 0) { |
| 7b6c1b | 54 | username = username.substring(0, p); |
| be49ef | 55 | } |
| 7b6c1b | 56 | } |
| e97c01 | 57 | UserModel user = authManager.authenticate(username); |
| FB | 58 | if (user != null) { |
| 59 | client.setUser(user); | |
| 60 | return true; | |
| 61 | } | |
| 62 | log.warn("could not authenticate {} for SSH", username); | |
| 63 | return false; | |
| 64 | } | |
| 65 | } | |
