commit | author | age
|
75ebd3
|
1 |
/* |
DO |
2 |
* Copyright 2014 gitblit.com. |
|
3 |
* |
|
4 |
* Licensed under the Apache License, Version 2.0 (the "License"); you may not |
|
5 |
* use this file except in compliance with the License. You may obtain a copy of |
|
6 |
* the License at |
|
7 |
* |
|
8 |
* http://www.apache.org/licenses/LICENSE-2.0 |
|
9 |
* |
|
10 |
* Unless required by applicable law or agreed to in writing, software |
|
11 |
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
|
12 |
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
|
13 |
* License for the specific language governing permissions and limitations under |
|
14 |
* the License. |
|
15 |
*/ |
|
16 |
package com.gitblit.transport.ssh; |
|
17 |
|
|
18 |
import java.security.PublicKey; |
|
19 |
import java.util.List; |
|
20 |
import java.util.Locale; |
|
21 |
|
d41034
|
22 |
import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator; |
75ebd3
|
23 |
import org.apache.sshd.server.session.ServerSession; |
DO |
24 |
import org.slf4j.Logger; |
|
25 |
import org.slf4j.LoggerFactory; |
|
26 |
|
|
27 |
import com.gitblit.manager.IAuthenticationManager; |
|
28 |
import com.gitblit.models.UserModel; |
|
29 |
import com.google.common.base.Preconditions; |
|
30 |
|
|
31 |
/** |
56b3f3
|
32 |
* Authenticates an SSH session against a public key. |
245836
|
33 |
* |
75ebd3
|
34 |
*/ |
7a273c
|
35 |
public class SshKeyAuthenticator implements PublickeyAuthenticator { |
75ebd3
|
36 |
|
DO |
37 |
protected final Logger log = LoggerFactory.getLogger(getClass()); |
|
38 |
|
245836
|
39 |
protected final IPublicKeyManager keyManager; |
75ebd3
|
40 |
|
DO |
41 |
protected final IAuthenticationManager authManager; |
|
42 |
|
7a273c
|
43 |
public SshKeyAuthenticator(IPublicKeyManager keyManager, IAuthenticationManager authManager) { |
75ebd3
|
44 |
this.keyManager = keyManager; |
DO |
45 |
this.authManager = authManager; |
|
46 |
} |
|
47 |
|
|
48 |
@Override |
f6196b
|
49 |
public boolean authenticate(String username, PublicKey suppliedKey, ServerSession session) { |
75ebd3
|
50 |
SshDaemonClient client = session.getAttribute(SshDaemonClient.KEY); |
DO |
51 |
Preconditions.checkState(client.getUser() == null); |
|
52 |
username = username.toLowerCase(Locale.US); |
bcc8a0
|
53 |
List<SshKey> keys = keyManager.getKeys(username); |
521cb6
|
54 |
if (keys.isEmpty()) { |
JM |
55 |
log.info("{} has not added any public keys for ssh authentication", username); |
75ebd3
|
56 |
return false; |
DO |
57 |
} |
|
58 |
|
521cb6
|
59 |
SshKey pk = new SshKey(suppliedKey); |
JM |
60 |
log.debug("auth supplied {}", pk.getFingerprint()); |
|
61 |
|
bcc8a0
|
62 |
for (SshKey key : keys) { |
521cb6
|
63 |
log.debug("auth compare to {}", key.getFingerprint()); |
81583a
|
64 |
if (key.getPublicKey().equals(suppliedKey)) { |
75ebd3
|
65 |
UserModel user = authManager.authenticate(username, key); |
DO |
66 |
if (user != null) { |
|
67 |
client.setUser(user); |
8d96b9
|
68 |
client.setKey(key); |
75ebd3
|
69 |
return true; |
DO |
70 |
} |
|
71 |
} |
|
72 |
} |
|
73 |
|
521cb6
|
74 |
log.warn("could not authenticate {} for SSH using the supplied public key", username); |
75ebd3
|
75 |
return false; |
DO |
76 |
} |
|
77 |
} |