githubFork/gitblit.git - Solinfo Gitblit

			@@ -23,15 +23,25 @@
			import java.security.KeyPair;
			import java.security.KeyPairGenerator;
			import java.text.MessageFormat;
			import java.util.ArrayList;
			import java.util.List;
			import java.util.Locale;
			import java.util.concurrent.atomic.AtomicBoolean;

			import org.apache.sshd.SshServer;
			import org.apache.sshd.common.NamedFactory;
			import org.apache.sshd.common.io.IoServiceFactoryFactory;
			import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
			import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
			import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
			import org.apache.sshd.common.util.SecurityUtils;
			import org.apache.sshd.server.auth.CachingPublicKeyAuthenticator;
			import org.apache.sshd.server.UserAuth;
			import org.apache.sshd.server.auth.UserAuthKeyboardInteractive;
			import org.apache.sshd.server.auth.UserAuthPassword;
			import org.apache.sshd.server.auth.UserAuthPublicKey;
			import org.apache.sshd.server.auth.gss.GSSAuthenticator;
			import org.apache.sshd.server.auth.gss.UserAuthGSS;
			import org.bouncycastle.openssl.PEMWriter;
			import org.eclipse.jgit.internal.JGitText;
			import org.slf4j.Logger;
			@@ -121,6 +131,48 @@
			addr = new InetSocketAddress(bindInterface, port);
			}

			//Will do GSS ?
			GSSAuthenticator gssAuthenticator = null;
			if(settings.getBoolean(Keys.git.sshWithKrb5, false)) {
			gssAuthenticator = new GSSAuthenticator();
			String keytabString = settings.getString(Keys.git.sshKrb5Keytab,
			"");
			if(! keytabString.isEmpty()) {
			gssAuthenticator.setKeytabFile(keytabString);
			}
			String servicePrincipalName = settings.getString(Keys.git.sshKrb5ServicePrincipalName,
			"");
			if(! servicePrincipalName.isEmpty()) {
			gssAuthenticator.setServicePrincipalName(servicePrincipalName);
			}
			}

			//Sort the authenticators for sshd
			List<NamedFactory<UserAuth>> userAuthFactories = new ArrayList<>();
			String sshAuthenticatorsOrderString = settings.getString(Keys.git.sshAuthenticatorsOrder,
			"password,keyboard-interactive,publickey");
			for(String authenticator: sshAuthenticatorsOrderString.split(",")) {
			String authenticatorName = authenticator.trim().toLowerCase(Locale.US);
			switch (authenticatorName) {
			case "gssapi-with-mic":
			if(gssAuthenticator != null) {
			userAuthFactories.add(new UserAuthGSS.Factory());
			}
			break;
			case "publickey":
			userAuthFactories.add(new UserAuthPublicKey.Factory());
			break;
			case "password":
			userAuthFactories.add(new UserAuthPassword.Factory());
			break;
			case "keyboard-interactive":
			userAuthFactories.add(new UserAuthKeyboardInteractive.Factory());
			break;
			default:
			log.error("Unknown ssh authenticator: '{}'", authenticatorName);
			}
			}

			// Create the SSH server
			sshd = SshServer.setUpDefaultServer();
			sshd.setPort(addr.getPort());
			@@ -128,6 +180,10 @@
			sshd.setKeyPairProvider(hostKeyPairProvider);
			sshd.setPublickeyAuthenticator(new CachingPublicKeyAuthenticator(keyAuthenticator));
			sshd.setPasswordAuthenticator(new UsernamePasswordAuthenticator(gitblit));
			if(gssAuthenticator != null) {
			sshd.setGSSAuthenticator(gssAuthenticator);
			}
			sshd.setUserAuthFactories(userAuthFactories);
			sshd.setSessionFactory(new SshServerSessionFactory());
			sshd.setFileSystemFactory(new DisabledFilesystemFactory());
			sshd.setTcpipForwardingFilter(new NonForwardingFilter());