From 7b6c1bdaba9877397ffdaf0c8641196cfb060c39 Mon Sep 17 00:00:00 2001
From: Vitaliy Filippov <vitalif@yourcmc.ru>
Date: Thu, 01 Oct 2015 06:08:53 -0400
Subject: [PATCH] Allow to strip domain from kerberos usernames

---
 src/main/java/com/gitblit/transport/ssh/SshDaemon.java |   37 ++++++++++++++++++-------------------
 1 files changed, 18 insertions(+), 19 deletions(-)

diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
index 4756d96..65d1558 100644
--- a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
@@ -28,20 +28,19 @@
 import java.util.Locale;
 import java.util.concurrent.atomic.AtomicBoolean;
 
-import org.apache.sshd.SshServer;
 import org.apache.sshd.common.NamedFactory;
 import org.apache.sshd.common.io.IoServiceFactoryFactory;
 import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
 import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
-import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
 import org.apache.sshd.common.util.SecurityUtils;
+import org.apache.sshd.server.SshServer;
 import org.apache.sshd.server.auth.CachingPublicKeyAuthenticator;
-import org.apache.sshd.server.UserAuth;
-import org.apache.sshd.server.auth.UserAuthKeyboardInteractive;
-import org.apache.sshd.server.auth.UserAuthPassword;
-import org.apache.sshd.server.auth.UserAuthPublicKey;
+import org.apache.sshd.server.auth.UserAuth;
+import org.apache.sshd.server.auth.UserAuthKeyboardInteractiveFactory;
+import org.apache.sshd.server.auth.UserAuthPasswordFactory;
+import org.apache.sshd.server.auth.UserAuthPublicKeyFactory;
 import org.apache.sshd.server.auth.gss.GSSAuthenticator;
-import org.apache.sshd.server.auth.gss.UserAuthGSS;
+import org.apache.sshd.server.auth.gss.UserAuthGSSFactory;
 import org.bouncycastle.openssl.PEMWriter;
 import org.eclipse.jgit.internal.JGitText;
 import org.slf4j.Logger;
@@ -130,11 +129,11 @@
 		} else {
 			addr = new InetSocketAddress(bindInterface, port);
 		}
-		
+
 		//Will do GSS ?
 		GSSAuthenticator gssAuthenticator = null;
 		if(settings.getBoolean(Keys.git.sshWithKrb5, false)) {
-			gssAuthenticator = new SshKrbAuthenticator(gitblit);
+			gssAuthenticator = new SshKrbAuthenticator(gitblit, settings.getBoolean(Keys.git.sshKrb5StripDomain, false));
 			String keytabString = settings.getString(Keys.git.sshKrb5Keytab,
 					"");
 			if(! keytabString.isEmpty()) {
@@ -144,9 +143,9 @@
 					"");
 			if(! servicePrincipalName.isEmpty()) {
 				gssAuthenticator.setServicePrincipalName(servicePrincipalName);
-			}			
+			}
 		}
-		
+
 		//Sort the authenticators for sshd
 		List<NamedFactory<UserAuth>> userAuthFactories = new ArrayList<>();
 		String sshAuthenticatorsOrderString = settings.getString(Keys.git.sshAuthenticatorsOrder,
@@ -156,23 +155,23 @@
 			switch (authenticatorName) {
 			case "gssapi-with-mic":
 				if(gssAuthenticator != null) {
-					userAuthFactories.add(new UserAuthGSS.Factory());					
+					userAuthFactories.add(new UserAuthGSSFactory());
 				}
 				break;
 			case "publickey":
-				userAuthFactories.add(new UserAuthPublicKey.Factory());
+				userAuthFactories.add(new UserAuthPublicKeyFactory());
 				break;
 			case "password":
-				userAuthFactories.add(new UserAuthPassword.Factory());
+				userAuthFactories.add(new UserAuthPasswordFactory());
 				break;
 			case "keyboard-interactive":
-				userAuthFactories.add(new UserAuthKeyboardInteractive.Factory());
+				userAuthFactories.add(new UserAuthKeyboardInteractiveFactory());
 				break;
 			default:
 				log.error("Unknown ssh authenticator: '{}'", authenticatorName);
 			}
 		}
-		
+
 		// Create the SSH server
 		sshd = SshServer.setUpDefaultServer();
 		sshd.setPort(addr.getPort());
@@ -203,8 +202,8 @@
 		IStoredSettings settings = gitblit.getSettings();
 
 		int port = sshd.getPort();
-		int displayPort = settings.getInteger(Keys.git.sshDisplayPort, port);
-		String displayServername = settings.getString(Keys.git.sshDisplayHost, "");
+		int displayPort = settings.getInteger(Keys.git.sshAdvertisedPort, port);
+		String displayServername = settings.getString(Keys.git.sshAdvertisedHost, "");
 		if(displayServername.isEmpty()) {
 			displayServername = servername;
 		}
@@ -257,7 +256,7 @@
 			try {
 				((SshCommandFactory) sshd.getCommandFactory()).stop();
 				sshd.stop();
-			} catch (InterruptedException e) {
+			} catch (IOException e) {
 				log.error("SSH Daemon stop interrupted", e);
 			}
 		}

--
Gitblit v1.9.1