| | |
|---|
| | | import java.util.Locale; |
|---|
| | | import java.util.concurrent.atomic.AtomicBoolean; |
|---|
| | | |
|---|
| | | import org.apache.sshd.SshServer; |
|---|
| | | import org.apache.sshd.common.NamedFactory; |
|---|
| | | import org.apache.sshd.common.io.IoServiceFactoryFactory; |
|---|
| | | import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory; |
|---|
| | | import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory; |
|---|
| | | import org.apache.sshd.common.keyprovider.FileKeyPairProvider; |
|---|
| | | import org.apache.sshd.common.util.SecurityUtils; |
|---|
| | | import org.apache.sshd.server.SshServer; |
|---|
| | | import org.apache.sshd.server.auth.CachingPublicKeyAuthenticator; |
|---|
| | | import org.apache.sshd.server.UserAuth; |
|---|
| | | import org.apache.sshd.server.auth.UserAuthKeyboardInteractive; |
|---|
| | | import org.apache.sshd.server.auth.UserAuthPassword; |
|---|
| | | import org.apache.sshd.server.auth.UserAuthPublicKey; |
|---|
| | | import org.apache.sshd.server.auth.UserAuth; |
|---|
| | | import org.apache.sshd.server.auth.UserAuthKeyboardInteractiveFactory; |
|---|
| | | import org.apache.sshd.server.auth.UserAuthPasswordFactory; |
|---|
| | | import org.apache.sshd.server.auth.UserAuthPublicKeyFactory; |
|---|
| | | import org.apache.sshd.server.auth.gss.GSSAuthenticator; |
|---|
| | | import org.apache.sshd.server.auth.gss.UserAuthGSS; |
|---|
| | | import org.apache.sshd.server.auth.gss.UserAuthGSSFactory; |
|---|
| | | import org.bouncycastle.openssl.PEMWriter; |
|---|
| | | import org.eclipse.jgit.internal.JGitText; |
|---|
| | | import org.slf4j.Logger; |
|---|
| | |
|---|
| | | } else { |
|---|
| | | addr = new InetSocketAddress(bindInterface, port); |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | //Will do GSS ? |
|---|
| | | GSSAuthenticator gssAuthenticator = null; |
|---|
| | | if(settings.getBoolean(Keys.git.sshWithKrb5, false)) { |
|---|
| | | gssAuthenticator = new GSSAuthenticator(); |
|---|
| | | gssAuthenticator = new SshKrbAuthenticator(gitblit, settings.getBoolean(Keys.git.sshKrb5StripDomain, false)); |
|---|
| | | String keytabString = settings.getString(Keys.git.sshKrb5Keytab, |
|---|
| | | ""); |
|---|
| | | if(! keytabString.isEmpty()) { |
|---|
| | |
|---|
| | | ""); |
|---|
| | | if(! servicePrincipalName.isEmpty()) { |
|---|
| | | gssAuthenticator.setServicePrincipalName(servicePrincipalName); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | //Sort the authenticators for sshd |
|---|
| | | List<NamedFactory<UserAuth>> userAuthFactories = new ArrayList<>(); |
|---|
| | | String sshAuthenticatorsOrderString = settings.getString(Keys.git.sshAuthenticatorsOrder, |
|---|
| | |
|---|
| | | switch (authenticatorName) { |
|---|
| | | case "gssapi-with-mic": |
|---|
| | | if(gssAuthenticator != null) { |
|---|
| | | userAuthFactories.add(new UserAuthGSS.Factory()); |
|---|
| | | userAuthFactories.add(new UserAuthGSSFactory()); |
|---|
| | | } |
|---|
| | | break; |
|---|
| | | case "publickey": |
|---|
| | | userAuthFactories.add(new UserAuthPublicKey.Factory()); |
|---|
| | | userAuthFactories.add(new UserAuthPublicKeyFactory()); |
|---|
| | | break; |
|---|
| | | case "password": |
|---|
| | | userAuthFactories.add(new UserAuthPassword.Factory()); |
|---|
| | | userAuthFactories.add(new UserAuthPasswordFactory()); |
|---|
| | | break; |
|---|
| | | case "keyboard-interactive": |
|---|
| | | userAuthFactories.add(new UserAuthKeyboardInteractive.Factory()); |
|---|
| | | userAuthFactories.add(new UserAuthKeyboardInteractiveFactory()); |
|---|
| | | break; |
|---|
| | | default: |
|---|
| | | log.error("Unknown ssh authenticator: '{}'", authenticatorName); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | // Create the SSH server |
|---|
| | | sshd = SshServer.setUpDefaultServer(); |
|---|
| | | sshd.setPort(addr.getPort()); |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | public String formatUrl(String gituser, String servername, String repository) { |
|---|
| | | if (sshd.getPort() == DEFAULT_PORT) { |
|---|
| | | IStoredSettings settings = gitblit.getSettings(); |
|---|
| | | |
|---|
| | | int port = sshd.getPort(); |
|---|
| | | int displayPort = settings.getInteger(Keys.git.sshAdvertisedPort, port); |
|---|
| | | String displayServername = settings.getString(Keys.git.sshAdvertisedHost, ""); |
|---|
| | | if(displayServername.isEmpty()) { |
|---|
| | | displayServername = servername; |
|---|
| | | } |
|---|
| | | if (displayPort == DEFAULT_PORT) { |
|---|
| | | // standard port |
|---|
| | | return MessageFormat.format("ssh://{0}@{1}/{2}", gituser, servername, |
|---|
| | | return MessageFormat.format("ssh://{0}@{1}/{2}", gituser, displayServername, |
|---|
| | | repository); |
|---|
| | | } else { |
|---|
| | | // non-standard port |
|---|
| | | return MessageFormat.format("ssh://{0}@{1}:{2,number,0}/{3}", |
|---|
| | | gituser, servername, sshd.getPort(), repository); |
|---|
| | | gituser, displayServername, displayPort, repository); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | try { |
|---|
| | | ((SshCommandFactory) sshd.getCommandFactory()).stop(); |
|---|
| | | sshd.stop(); |
|---|
| | | } catch (InterruptedException e) { |
|---|
| | | } catch (IOException e) { |
|---|
| | | log.error("SSH Daemon stop interrupted", e); |
|---|
| | | } |
|---|
| | | } |
|---|
