From 92ae83de6b4f5401a1007bbb26e2f01168e9d6cb Mon Sep 17 00:00:00 2001 From: James Moger <james.moger@gitblit.com> Date: Mon, 05 Oct 2015 07:57:12 -0400 Subject: [PATCH] Revert manual specification of ssh user auth factories --- src/main/java/com/gitblit/transport/ssh/SshDaemon.java | 57 ++------------------------------------------------------- 1 files changed, 2 insertions(+), 55 deletions(-) diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java index b6fae25..5a94c9a 100644 --- a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java +++ b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java @@ -23,24 +23,14 @@ import java.security.KeyPair; import java.security.KeyPairGenerator; import java.text.MessageFormat; -import java.util.ArrayList; -import java.util.List; -import java.util.Locale; import java.util.concurrent.atomic.AtomicBoolean; -import org.apache.sshd.common.NamedFactory; import org.apache.sshd.common.io.IoServiceFactoryFactory; import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory; import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory; import org.apache.sshd.common.util.SecurityUtils; import org.apache.sshd.server.SshServer; import org.apache.sshd.server.auth.CachingPublicKeyAuthenticator; -import org.apache.sshd.server.auth.UserAuth; -import org.apache.sshd.server.auth.UserAuthKeyboardInteractiveFactory; -import org.apache.sshd.server.auth.UserAuthPasswordFactory; -import org.apache.sshd.server.auth.UserAuthPublicKeyFactory; -import org.apache.sshd.server.auth.gss.GSSAuthenticator; -import org.apache.sshd.server.auth.gss.UserAuthGSSFactory; import org.bouncycastle.openssl.PEMWriter; import org.eclipse.jgit.internal.JGitText; import org.slf4j.Logger; @@ -130,48 +120,6 @@ addr = new InetSocketAddress(bindInterface, port); } - //Will do GSS ? - GSSAuthenticator gssAuthenticator = null; - if(settings.getBoolean(Keys.git.sshWithKrb5, false)) { - gssAuthenticator = new SshKrbAuthenticator(gitblit); - String keytabString = settings.getString(Keys.git.sshKrb5Keytab, - ""); - if(! keytabString.isEmpty()) { - gssAuthenticator.setKeytabFile(keytabString); - } - String servicePrincipalName = settings.getString(Keys.git.sshKrb5ServicePrincipalName, - ""); - if(! servicePrincipalName.isEmpty()) { - gssAuthenticator.setServicePrincipalName(servicePrincipalName); - } - } - - //Sort the authenticators for sshd - List<NamedFactory<UserAuth>> userAuthFactories = new ArrayList<>(); - String sshAuthenticatorsOrderString = settings.getString(Keys.git.sshAuthenticatorsOrder, - "password,keyboard-interactive,publickey"); - for(String authenticator: sshAuthenticatorsOrderString.split(",")) { - String authenticatorName = authenticator.trim().toLowerCase(Locale.US); - switch (authenticatorName) { - case "gssapi-with-mic": - if(gssAuthenticator != null) { - userAuthFactories.add(new UserAuthGSSFactory()); - } - break; - case "publickey": - userAuthFactories.add(new UserAuthPublicKeyFactory()); - break; - case "password": - userAuthFactories.add(new UserAuthPasswordFactory()); - break; - case "keyboard-interactive": - userAuthFactories.add(new UserAuthKeyboardInteractiveFactory()); - break; - default: - log.error("Unknown ssh authenticator: '{}'", authenticatorName); - } - } - // Create the SSH server sshd = SshServer.setUpDefaultServer(); sshd.setPort(addr.getPort()); @@ -179,10 +127,9 @@ sshd.setKeyPairProvider(hostKeyPairProvider); sshd.setPublickeyAuthenticator(new CachingPublicKeyAuthenticator(keyAuthenticator)); sshd.setPasswordAuthenticator(new UsernamePasswordAuthenticator(gitblit)); - if(gssAuthenticator != null) { - sshd.setGSSAuthenticator(gssAuthenticator); + if (settings.getBoolean(Keys.git.sshWithKrb5, false)) { + sshd.setGSSAuthenticator(new SshKrbAuthenticator(settings, gitblit)); } - sshd.setUserAuthFactories(userAuthFactories); sshd.setSessionFactory(new SshServerSessionFactory()); sshd.setFileSystemFactory(new DisabledFilesystemFactory()); sshd.setTcpipForwardingFilter(new NonForwardingFilter()); -- Gitblit v1.9.1