From eecaad8b8e2c447429c31a01d49260ddd6b4ee03 Mon Sep 17 00:00:00 2001
From: Paul Martin <paul@paulsputer.com>
Date: Sat, 16 Apr 2016 17:35:32 -0400
Subject: [PATCH] Proof of concept #1026

---
 src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java |   36 ++++++++++++++++++++++++++++++------
 1 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java b/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
index 8170c93..b6d233c 100644
--- a/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
@@ -15,32 +15,56 @@
  */
 package com.gitblit.transport.ssh;
 
-import com.gitblit.manager.IAuthenticationManager;
-import com.gitblit.models.UserModel;
 import java.util.Locale;
+
 import org.apache.sshd.server.auth.gss.GSSAuthenticator;
 import org.apache.sshd.server.session.ServerSession;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.gitblit.IStoredSettings;
+import com.gitblit.Keys;
+import com.gitblit.manager.IAuthenticationManager;
+import com.gitblit.models.UserModel;
+
 public class SshKrbAuthenticator extends GSSAuthenticator {
-	
+
 	protected final Logger log = LoggerFactory.getLogger(getClass());
 	protected final IAuthenticationManager authManager;
+	protected final boolean stripDomain;
 
-	public SshKrbAuthenticator(IAuthenticationManager authManager) {
+
+	public SshKrbAuthenticator(IStoredSettings settings, IAuthenticationManager authManager) {
 		this.authManager = authManager;
-		log.info("registry  {}", authManager);
+
+		String keytabString = settings.getString(Keys.git.sshKrb5Keytab, "");
+		if(! keytabString.isEmpty()) {
+			setKeytabFile(keytabString);
+		}
+
+		String servicePrincipalName = settings.getString(Keys.git.sshKrb5ServicePrincipalName, "");
+		if(! servicePrincipalName.isEmpty()) {
+			setServicePrincipalName(servicePrincipalName);
+		}
+
+		this.stripDomain = settings.getBoolean(Keys.git.sshKrb5StripDomain, false);
 	}
 
+	@Override
 	public boolean validateIdentity(ServerSession session, String identity) {
 		log.info("identify with kerberos {}", identity);
-		SshDaemonClient client = (SshDaemonClient)session.getAttribute(SshDaemonClient.KEY);
+		SshDaemonClient client = session.getAttribute(SshDaemonClient.KEY);
 		if (client.getUser() != null) {
 			log.info("{} has already authenticated!", identity);
 			return true;
 		}
 		String username = identity.toLowerCase(Locale.US);
+		if (stripDomain) {
+			int p = username.indexOf('@');
+			if (p > 0) {
+				username = username.substring(0, p);
+			}
+		}
 		UserModel user = authManager.authenticate(username);
 		if (user != null) {
 			client.setUser(user);

--
Gitblit v1.9.1