LCOV - code coverage report
Current view: top level - sshd - GerritGSSAuthenticator.java (source / functions) Hit Total Coverage
Test: _coverage_report.dat Lines: 7 20 35.0 %
Date: 2022-11-19 15:00:39 Functions: 1 2 50.0 % 

          Line data    Source code
       1             : // Copyright (C) 2016 The Android Open Source Project
       2             : //
       3             : // Licensed under the Apache License, Version 2.0 (the "License");
       4             : // you may not use this file except in compliance with the License.
       5             : // You may obtain a copy of the License at
       6             : //
       7             : // http://www.apache.org/licenses/LICENSE-2.0
       8             : //
       9             : // Unless required by applicable law or agreed to in writing, software
      10             : // distributed under the License is distributed on an "AS IS" BASIS,
      11             : // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      12             : // See the License for the specific language governing permissions and
      13             : // limitations under the License.
      14             : 
      15             : package com.google.gerrit.sshd;
      16             : 
      17             : import com.google.gerrit.entities.Account;
      18             : import com.google.gerrit.server.IdentifiedUser;
      19             : import com.google.gerrit.server.IdentifiedUser.GenericFactory;
      20             : import com.google.gerrit.server.account.AccountCache;
      21             : import com.google.gerrit.server.account.AccountState;
      22             : import com.google.gerrit.server.config.GerritServerConfig;
      23             : import com.google.inject.Inject;
      24             : import com.google.inject.Singleton;
      25             : import java.util.Locale;
      26             : import java.util.Optional;
      27             : import org.apache.sshd.server.auth.gss.GSSAuthenticator;
      28             : import org.apache.sshd.server.session.ServerSession;
      29             : import org.eclipse.jgit.lib.Config;
      30             : 
      31             : /** Authenticates users with kerberos (gssapi-with-mic). */
      32             : @Singleton
      33             : class GerritGSSAuthenticator extends GSSAuthenticator {
      34             :   private final AccountCache accounts;
      35             :   private final SshScope sshScope;
      36             :   private final SshLog sshLog;
      37             :   private final GenericFactory userFactory;
      38             :   private final Config config;
      39             : 
      40             :   @Inject
      41             :   GerritGSSAuthenticator(
      42             :       AccountCache accounts,
      43             :       SshScope sshScope,
      44             :       SshLog sshLog,
      45             :       IdentifiedUser.GenericFactory userFactory,
      46          17 :       @GerritServerConfig Config config) {
      47          17 :     this.accounts = accounts;
      48          17 :     this.sshScope = sshScope;
      49          17 :     this.sshLog = sshLog;
      50          17 :     this.userFactory = userFactory;
      51          17 :     this.config = config;
      52          17 :   }
      53             : 
      54             :   @Override
      55             :   public boolean validateIdentity(ServerSession session, String identity) {
      56           0 :     SshSession sd = session.getAttribute(SshSession.KEY);
      57           0 :     int at = identity.indexOf('@');
      58             :     String username;
      59           0 :     if (at == -1) {
      60           0 :       username = identity;
      61             :     } else {
      62           0 :       username = identity.substring(0, at);
      63             :     }
      64           0 :     if (config.getBoolean("auth", "userNameToLowerCase", false)) {
      65           0 :       username = username.toLowerCase(Locale.US);
      66             :     }
      67             : 
      68           0 :     Optional<Account> account =
      69           0 :         accounts.getByUsername(username).map(AccountState::account).filter(Account::isActive);
      70           0 :     if (!account.isPresent()) {
      71           0 :       return false;
      72             :     }
      73             : 
      74           0 :     return SshUtil.success(
      75             :         username,
      76             :         session,
      77             :         sshScope,
      78             :         sshLog,
      79             :         sd,
      80           0 :         SshUtil.createUser(sd, userFactory, account.get().id()));
      81             :   }
      82             : }

Generated by: LCOV version 1.16+git.20220603.dfeb750