From 2e141ff31dedaa6dfefc4af47eda803d8dbb3eff Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 01 Sep 2015 08:49:02 -0400
Subject: [PATCH] Fix #909: Add missing SLFJ dependencies in Manager build

---
 src/main/java/com/gitblit/transport/ssh/SshDaemon.java |   80 +++++++++++++++++++++++++++++++++++++---
 1 files changed, 74 insertions(+), 6 deletions(-)

diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
index 7c51290..68a2e90 100644
--- a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
@@ -23,14 +23,25 @@
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.text.MessageFormat;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Locale;
 import java.util.concurrent.atomic.AtomicBoolean;
 
 import org.apache.sshd.SshServer;
+import org.apache.sshd.common.NamedFactory;
 import org.apache.sshd.common.io.IoServiceFactoryFactory;
 import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
 import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
 import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
 import org.apache.sshd.common.util.SecurityUtils;
+import org.apache.sshd.server.UserAuth;
+import org.apache.sshd.server.auth.CachingPublicKeyAuthenticator;
+import org.apache.sshd.server.auth.UserAuthKeyboardInteractive;
+import org.apache.sshd.server.auth.UserAuthPassword;
+import org.apache.sshd.server.auth.UserAuthPublicKey;
+import org.apache.sshd.server.auth.gss.GSSAuthenticator;
+import org.apache.sshd.server.auth.gss.UserAuthGSS;
 import org.bouncycastle.openssl.PEMWriter;
 import org.eclipse.jgit.internal.JGitText;
 import org.slf4j.Logger;
@@ -85,6 +96,9 @@
 
 		// Ensure that Bouncy Castle is our JCE provider
 		SecurityUtils.setRegisterBouncyCastle(true);
+		if (SecurityUtils.isBouncyCastleRegistered()) {
+			log.debug("BouncyCastle is registered as a JCE provider");
+		}
 
 		// Generate host RSA and DSA keypairs and create the host keypair provider
 		File rsaKeyStore = new File(gitblit.getBaseFolder(), "ssh-rsa-hostkey.pem");
@@ -95,8 +109,8 @@
 		hostKeyPairProvider.setFiles(new String [] { rsaKeyStore.getPath(), dsaKeyStore.getPath(), dsaKeyStore.getPath() });
 
 		// Client public key authenticator
-		CachingPublicKeyAuthenticator keyAuthenticator =
-				new CachingPublicKeyAuthenticator(gitblit.getPublicKeyManager(), gitblit);
+		SshKeyAuthenticator keyAuthenticator =
+				new SshKeyAuthenticator(gitblit.getPublicKeyManager(), gitblit);
 
 		// Configure the preferred SSHD backend
 		String sshBackendStr = settings.getString(Keys.git.sshBackend,
@@ -117,13 +131,59 @@
 			addr = new InetSocketAddress(bindInterface, port);
 		}
 
+		//Will do GSS ?
+		GSSAuthenticator gssAuthenticator = null;
+		if(settings.getBoolean(Keys.git.sshWithKrb5, false)) {
+			gssAuthenticator = new SshKrbAuthenticator(gitblit);
+			String keytabString = settings.getString(Keys.git.sshKrb5Keytab,
+					"");
+			if(! keytabString.isEmpty()) {
+				gssAuthenticator.setKeytabFile(keytabString);
+			}
+			String servicePrincipalName = settings.getString(Keys.git.sshKrb5ServicePrincipalName,
+					"");
+			if(! servicePrincipalName.isEmpty()) {
+				gssAuthenticator.setServicePrincipalName(servicePrincipalName);
+			}
+		}
+
+		//Sort the authenticators for sshd
+		List<NamedFactory<UserAuth>> userAuthFactories = new ArrayList<>();
+		String sshAuthenticatorsOrderString = settings.getString(Keys.git.sshAuthenticatorsOrder,
+				"password,keyboard-interactive,publickey");
+		for(String authenticator: sshAuthenticatorsOrderString.split(",")) {
+			String authenticatorName = authenticator.trim().toLowerCase(Locale.US);
+			switch (authenticatorName) {
+			case "gssapi-with-mic":
+				if(gssAuthenticator != null) {
+					userAuthFactories.add(new UserAuthGSS.Factory());
+				}
+				break;
+			case "publickey":
+				userAuthFactories.add(new UserAuthPublicKey.Factory());
+				break;
+			case "password":
+				userAuthFactories.add(new UserAuthPassword.Factory());
+				break;
+			case "keyboard-interactive":
+				userAuthFactories.add(new UserAuthKeyboardInteractive.Factory());
+				break;
+			default:
+				log.error("Unknown ssh authenticator: '{}'", authenticatorName);
+			}
+		}
+
 		// Create the SSH server
 		sshd = SshServer.setUpDefaultServer();
 		sshd.setPort(addr.getPort());
 		sshd.setHost(addr.getHostName());
 		sshd.setKeyPairProvider(hostKeyPairProvider);
-		sshd.setPublickeyAuthenticator(keyAuthenticator);
+		sshd.setPublickeyAuthenticator(new CachingPublicKeyAuthenticator(keyAuthenticator));
 		sshd.setPasswordAuthenticator(new UsernamePasswordAuthenticator(gitblit));
+		if(gssAuthenticator != null) {
+			sshd.setGSSAuthenticator(gssAuthenticator);
+		}
+		sshd.setUserAuthFactories(userAuthFactories);
 		sshd.setSessionFactory(new SshServerSessionFactory());
 		sshd.setFileSystemFactory(new DisabledFilesystemFactory());
 		sshd.setTcpipForwardingFilter(new NonForwardingFilter());
@@ -140,14 +200,22 @@
 	}
 
 	public String formatUrl(String gituser, String servername, String repository) {
-		if (sshd.getPort() == DEFAULT_PORT) {
+		IStoredSettings settings = gitblit.getSettings();
+
+		int port = sshd.getPort();
+		int displayPort = settings.getInteger(Keys.git.sshAdvertisedPort, port);
+		String displayServername = settings.getString(Keys.git.sshAdvertisedHost, "");
+		if(displayServername.isEmpty()) {
+			displayServername = servername;
+		}
+		if (displayPort == DEFAULT_PORT) {
 			// standard port
-			return MessageFormat.format("{0}@{1}/{2}", gituser, servername,
+			return MessageFormat.format("ssh://{0}@{1}/{2}", gituser, displayServername,
 					repository);
 		} else {
 			// non-standard port
 			return MessageFormat.format("ssh://{0}@{1}:{2,number,0}/{3}",
-					gituser, servername, sshd.getPort(), repository);
+					gituser, displayServername, displayPort, repository);
 		}
 	}
 

--
Gitblit v1.9.1