githubFork/gitblit.git - Solinfo Gitblit

			@@ -23,25 +23,14 @@
			import java.security.KeyPair;
			import java.security.KeyPairGenerator;
			import java.text.MessageFormat;
			import java.util.ArrayList;
			import java.util.List;
			import java.util.Locale;
			import java.util.concurrent.atomic.AtomicBoolean;

			import org.apache.sshd.SshServer;
			import org.apache.sshd.common.NamedFactory;
			import org.apache.sshd.common.io.IoServiceFactoryFactory;
			import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
			import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
			import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
			import org.apache.sshd.common.util.SecurityUtils;
			import org.apache.sshd.server.UserAuth;
			import org.apache.sshd.server.SshServer;
			import org.apache.sshd.server.auth.CachingPublicKeyAuthenticator;
			import org.apache.sshd.server.auth.UserAuthKeyboardInteractive;
			import org.apache.sshd.server.auth.UserAuthPassword;
			import org.apache.sshd.server.auth.UserAuthPublicKey;
			import org.apache.sshd.server.auth.gss.GSSAuthenticator;
			import org.apache.sshd.server.auth.gss.UserAuthGSS;
			import org.bouncycastle.openssl.PEMWriter;
			import org.eclipse.jgit.internal.JGitText;
			import org.slf4j.Logger;
			@@ -131,48 +120,6 @@
			addr = new InetSocketAddress(bindInterface, port);
			}

			//Will do GSS ?
			GSSAuthenticator gssAuthenticator = null;
			if(settings.getBoolean(Keys.git.sshWithKrb5, false)) {
			gssAuthenticator = new SshKrbAuthenticator(gitblit);
			String keytabString = settings.getString(Keys.git.sshKrb5Keytab,
			"");
			if(! keytabString.isEmpty()) {
			gssAuthenticator.setKeytabFile(keytabString);
			}
			String servicePrincipalName = settings.getString(Keys.git.sshKrb5ServicePrincipalName,
			"");
			if(! servicePrincipalName.isEmpty()) {
			gssAuthenticator.setServicePrincipalName(servicePrincipalName);
			}
			}

			//Sort the authenticators for sshd
			List<NamedFactory<UserAuth>> userAuthFactories = new ArrayList<>();
			String sshAuthenticatorsOrderString = settings.getString(Keys.git.sshAuthenticatorsOrder,
			"password,keyboard-interactive,publickey");
			for(String authenticator: sshAuthenticatorsOrderString.split(",")) {
			String authenticatorName = authenticator.trim().toLowerCase(Locale.US);
			switch (authenticatorName) {
			case "gssapi-with-mic":
			if(gssAuthenticator != null) {
			userAuthFactories.add(new UserAuthGSS.Factory());
			}
			break;
			case "publickey":
			userAuthFactories.add(new UserAuthPublicKey.Factory());
			break;
			case "password":
			userAuthFactories.add(new UserAuthPassword.Factory());
			break;
			case "keyboard-interactive":
			userAuthFactories.add(new UserAuthKeyboardInteractive.Factory());
			break;
			default:
			log.error("Unknown ssh authenticator: '{}'", authenticatorName);
			}
			}

			// Create the SSH server
			sshd = SshServer.setUpDefaultServer();
			sshd.setPort(addr.getPort());
			@@ -180,10 +127,9 @@
			sshd.setKeyPairProvider(hostKeyPairProvider);
			sshd.setPublickeyAuthenticator(new CachingPublicKeyAuthenticator(keyAuthenticator));
			sshd.setPasswordAuthenticator(new UsernamePasswordAuthenticator(gitblit));
			if(gssAuthenticator != null) {
			sshd.setGSSAuthenticator(gssAuthenticator);
			if (settings.getBoolean(Keys.git.sshWithKrb5, false)) {
			sshd.setGSSAuthenticator(new SshKrbAuthenticator(settings, gitblit));
			}
			sshd.setUserAuthFactories(userAuthFactories);
			sshd.setSessionFactory(new SshServerSessionFactory());
			sshd.setFileSystemFactory(new DisabledFilesystemFactory());
			sshd.setTcpipForwardingFilter(new NonForwardingFilter());
			@@ -257,7 +203,7 @@
			try {
			((SshCommandFactory) sshd.getCommandFactory()).stop();
			sshd.stop();
			} catch (InterruptedException e) {
			} catch (IOException e) {
			log.error("SSH Daemon stop interrupted", e);
			}
			}