Fix disabling of git ssh 'download' scheme within DefaultCommandModule

Without this fix, corporate /global gerrit users (like ours) can still use ssh despite the latter commands being disabled by instance admins. That keeps the ssh door wide open, while only the http one shall work. (Such deployments are then unable to restrain ssh traffic.) Change Daemon and WebAppInitializer so they construct DefaultCommandModule with the DownloadConfig singleton. DefaultCommandModule can then use the latter to skip the binding of the git ssh (receive and upload) commands, if ssh [download] scheme is not enabled in gerrit.config. Change-Id: Ica4e0ffeea1f34bc5411b6863a90fb0450c9e874
author: Marco Miller <marco.miller@ericsson.com> 2015-06-26 15:21:39 -0400
committer: Marco Miller <marco.miller@ericsson.com> 2015-06-30 11:10:05 -0400
commit: 44cf8868e3c442949c22693d45eb8d80cade217d (patch)
tree: 7af50c93596db8a6e5d48c9dedb538587044fc22
parent: 9b8240b0f67bf6c2f89b2437100265b0f825aa0e (diff)
3 files changed, 28 insertions, 9 deletions
diff --git a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java
index 2b9af2f9a4..feb07e13d7 100644
--- a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java
+++ b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java
@@ -47,6 +47,7 @@ import com.google.gerrit.server.config.AuthConfig;
 import com.google.gerrit.server.config.AuthConfigModule;
 import com.google.gerrit.server.config.CanonicalWebUrlModule;
 import com.google.gerrit.server.config.CanonicalWebUrlProvider;
+import com.google.gerrit.server.config.DownloadConfig;
 import com.google.gerrit.server.config.GerritGlobalModule;
 import com.google.gerrit.server.config.GerritServerConfig;
 import com.google.gerrit.server.config.MasterNodeStartup;
@@ -396,8 +397,8 @@ public class Daemon extends SiteProgram {
     if (!test) {
       modules.add(new SshHostKeyModule());
     }
-    modules.add(new DefaultCommandModule(slave));
-
+    modules.add(new DefaultCommandModule(slave,
+        sysInjector.getInstance(DownloadConfig.class)));
     return sysInjector.createChildInjector(modules);
   }
 
diff --git a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/DefaultCommandModule.java b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/DefaultCommandModule.java
index f75eb2b191..4347d832b9 100644
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/DefaultCommandModule.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/DefaultCommandModule.java
@@ -14,6 +14,8 @@
 
 package com.google.gerrit.sshd.commands;
 
+import com.google.gerrit.reviewdb.client.AccountGeneralPreferences.DownloadScheme;
+import com.google.gerrit.server.config.DownloadConfig;
 import com.google.gerrit.sshd.CommandModule;
 import com.google.gerrit.sshd.CommandName;
 import com.google.gerrit.sshd.Commands;
@@ -23,8 +25,11 @@ import com.google.gerrit.sshd.SuExec;
 
 /** Register the commands a Gerrit server supports. */
 public class DefaultCommandModule extends CommandModule {
-  public DefaultCommandModule(boolean slave) {
+  private final DownloadConfig downloadConfig;
+
+  public DefaultCommandModule(boolean slave, DownloadConfig downloadCfg) {
     slaveMode = slave;
+    downloadConfig = downloadCfg;
   }
 
   @Override
@@ -68,8 +73,10 @@ public class DefaultCommandModule extends CommandModule {
     command("scp").to(ScpCommand.class);
 
     // Honor the legacy hyphenated forms as aliases for the non-hyphenated forms
-    command("git-upload-pack").to(Commands.key(git, "upload-pack"));
-    command(git, "upload-pack").to(Upload.class);
+    if (sshEnabled()) {
+      command("git-upload-pack").to(Commands.key(git, "upload-pack"));
+      command(git, "upload-pack").to(Upload.class);
+    }
     command("suexec").to(SuExec.class);
     listener().to(ShowCaches.StartupListener.class);
 
@@ -78,10 +85,13 @@ public class DefaultCommandModule extends CommandModule {
     command(gerrit, CreateGroupCommand.class);
     command(gerrit, CreateProjectCommand.class);
     command(gerrit, AdminQueryShell.class);
+
     if (!slaveMode) {
-      command("git-receive-pack").to(Commands.key(git, "receive-pack"));
-      command("gerrit-receive-pack").to(Commands.key(git, "receive-pack"));
-      command(git, "receive-pack").to(Commands.key(gerrit, "receive-pack"));
+      if (sshEnabled()) {
+        command("git-receive-pack").to(Commands.key(git, "receive-pack"));
+        command("gerrit-receive-pack").to(Commands.key(git, "receive-pack"));
+        command(git, "receive-pack").to(Commands.key(gerrit, "receive-pack"));
+      }
       command(gerrit, "test-submit").toProvider(
           new DispatchCommandProvider(testSubmit));
     }
@@ -107,4 +117,10 @@ public class DefaultCommandModule extends CommandModule {
     alias(logging, "ls", ListLoggingLevelCommand.class);
     alias(logging, "set", SetLoggingLevelCommand.class);
   }
+
+  private boolean sshEnabled() {
+    return downloadConfig.getDownloadSchemes().contains(DownloadScheme.SSH)
+        || downloadConfig.getDownloadSchemes().contains(
+            DownloadScheme.DEFAULT_DOWNLOADS);
+  }
 }
diff --git a/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java b/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java
index b365e76ff6..addac98c48 100644
--- a/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java
+++ b/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java
@@ -31,6 +31,7 @@ import com.google.gerrit.server.cache.h2.DefaultCacheFactory;
 import com.google.gerrit.server.config.AuthConfig;
 import com.google.gerrit.server.config.AuthConfigModule;
 import com.google.gerrit.server.config.CanonicalWebUrlModule;
+import com.google.gerrit.server.config.DownloadConfig;
 import com.google.gerrit.server.config.GerritGlobalModule;
 import com.google.gerrit.server.config.GerritServerConfig;
 import com.google.gerrit.server.config.GerritServerConfigModule;
@@ -329,7 +330,8 @@ public class WebAppInitializer extends GuiceServletContextListener
     final List<Module> modules = new ArrayList<>();
     modules.add(sysInjector.getInstance(SshModule.class));
     modules.add(new SshHostKeyModule());
-    modules.add(new DefaultCommandModule(false));
+    modules.add(new DefaultCommandModule(false,
+        sysInjector.getInstance(DownloadConfig.class)));
     return sysInjector.createChildInjector(modules);
   }
author	Marco Miller <marco.miller@ericsson.com>	2015-06-26 15:21:39 -0400
committer	Marco Miller <marco.miller@ericsson.com>	2015-06-30 11:10:05 -0400
commit	44cf8868e3c442949c22693d45eb8d80cade217d (patch)
tree	7af50c93596db8a6e5d48c9dedb538587044fc22
parent	9b8240b0f67bf6c2f89b2437100265b0f825aa0e (diff)