Gitblit devel
parent: 7b6c1bda | patch | commit | ignore whitespace
James Moger
2015-10-05 be49ef9b1b2ab0ee251085efd5930b6f99bbced9 
Address review comments
3 files modified
27 ■■■■■ changed files
src/main/distrib/data/defaults.properties 5 ●●●●● patch | view | raw | blame | history
src/main/java/com/gitblit/transport/ssh/SshDaemon.java 2 ●●● patch | view | raw | blame | history
src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java 20 ●●●●● patch | view | raw | blame | history 
 src/main/distrib/data/defaults.properties


@@ -148,10 +148,11 @@


# SINCE 1.7.0


git.sshKrb5Keytab = ""




# Strip domain from kerberos usernamae.


# Strip the domain suffix from a kerberos username.


# e.g. james@bigbox would be "james"


#


# SINCE 1.7.0


git.sshKrb5StripDomain = "true"


git.sshKrb5StripDomain = true




# The service principal name to be used for Kerberos5.  The default is host/hostname.


#




 src/main/java/com/gitblit/transport/ssh/SshDaemon.java


@@ -133,7 +133,7 @@


        //Will do GSS ?


        GSSAuthenticator gssAuthenticator = null;


        if(settings.getBoolean(Keys.git.sshWithKrb5, false)) {


            gssAuthenticator = new SshKrbAuthenticator(gitblit, settings.getBoolean(Keys.git.sshKrb5StripDomain, false));


            gssAuthenticator = new SshKrbAuthenticator(gitblit, settings);


            String keytabString = settings.getString(Keys.git.sshKrb5Keytab,


                    "");


            if(! keytabString.isEmpty()) {




 src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java


@@ -15,29 +15,34 @@


 */


package com.gitblit.transport.ssh;




import com.gitblit.manager.IAuthenticationManager;


import com.gitblit.models.UserModel;


import java.util.Locale;




import org.apache.sshd.server.auth.gss.GSSAuthenticator;


import org.apache.sshd.server.session.ServerSession;


import org.slf4j.Logger;


import org.slf4j.LoggerFactory;




import com.gitblit.IStoredSettings;


import com.gitblit.Keys;


import com.gitblit.manager.IAuthenticationManager;


import com.gitblit.models.UserModel;




public class SshKrbAuthenticator extends GSSAuthenticator {


	




    protected final Logger log = LoggerFactory.getLogger(getClass());


    protected final IAuthenticationManager authManager;


    protected final boolean stripDomain;




    public SshKrbAuthenticator(IAuthenticationManager authManager, boolean stripDomain) {


    public SshKrbAuthenticator(IAuthenticationManager authManager, IStoredSettings settings) {


        this.authManager = authManager;


        this.stripDomain = stripDomain;


        this.stripDomain = settings.getBoolean(Keys.git.sshKrb5StripDomain, false);


        log.info("registry {}", authManager);


    }




    @Override


    public boolean validateIdentity(ServerSession session, String identity) {


        log.info("identify with kerberos {}", identity);


        SshDaemonClient client = (SshDaemonClient)session.getAttribute(SshDaemonClient.KEY);


        SshDaemonClient client = session.getAttribute(SshDaemonClient.KEY);


        if (client.getUser() != null) {


            log.info("{} has already authenticated!", identity);


            return true;


@@ -45,8 +50,9 @@


        String username = identity.toLowerCase(Locale.US);


        if (stripDomain) {


            int p = username.indexOf('@');


            if (p > 0)


            if (p > 0) {


                username = username.substring(0, p);


            }


        }


        UserModel user = authManager.authenticate(username);


        if (user != null) {