Fix disabling of git ssh 'download' scheme within DefaultCommandModule
Without this fix, corporate /global gerrit users (like ours) can still
use ssh despite the latter commands being disabled by instance admins.
That keeps the ssh door wide open, while only the http one shall work.
(Such deployments are then unable to restrain ssh traffic.)
Change Daemon and WebAppInitializer so they construct
DefaultCommandModule with the DownloadConfig singleton.
DefaultCommandModule can then use the latter to skip the binding of the
git ssh (receive and upload) commands, if ssh [download] scheme is
not enabled in gerrit.config.
Change-Id: Ica4e0ffeea1f34bc5411b6863a90fb0450c9e874
diff --git a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java
index 2b9af2f..feb07e1 100644
--- a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java
+++ b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java
@@ -47,6 +47,7 @@
import com.google.gerrit.server.config.AuthConfigModule;
import com.google.gerrit.server.config.CanonicalWebUrlModule;
import com.google.gerrit.server.config.CanonicalWebUrlProvider;
+import com.google.gerrit.server.config.DownloadConfig;
import com.google.gerrit.server.config.GerritGlobalModule;
import com.google.gerrit.server.config.GerritServerConfig;
import com.google.gerrit.server.config.MasterNodeStartup;
@@ -396,8 +397,8 @@
if (!test) {
modules.add(new SshHostKeyModule());
}
- modules.add(new DefaultCommandModule(slave));
-
+ modules.add(new DefaultCommandModule(slave,
+ sysInjector.getInstance(DownloadConfig.class)));
return sysInjector.createChildInjector(modules);
}
diff --git a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/DefaultCommandModule.java b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/DefaultCommandModule.java
index f75eb2b..4347d83 100644
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/DefaultCommandModule.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/DefaultCommandModule.java
@@ -14,6 +14,8 @@
package com.google.gerrit.sshd.commands;
+import com.google.gerrit.reviewdb.client.AccountGeneralPreferences.DownloadScheme;
+import com.google.gerrit.server.config.DownloadConfig;
import com.google.gerrit.sshd.CommandModule;
import com.google.gerrit.sshd.CommandName;
import com.google.gerrit.sshd.Commands;
@@ -23,8 +25,11 @@
/** Register the commands a Gerrit server supports. */
public class DefaultCommandModule extends CommandModule {
- public DefaultCommandModule(boolean slave) {
+ private final DownloadConfig downloadConfig;
+
+ public DefaultCommandModule(boolean slave, DownloadConfig downloadCfg) {
slaveMode = slave;
+ downloadConfig = downloadCfg;
}
@Override
@@ -68,8 +73,10 @@
command("scp").to(ScpCommand.class);
// Honor the legacy hyphenated forms as aliases for the non-hyphenated forms
- command("git-upload-pack").to(Commands.key(git, "upload-pack"));
- command(git, "upload-pack").to(Upload.class);
+ if (sshEnabled()) {
+ command("git-upload-pack").to(Commands.key(git, "upload-pack"));
+ command(git, "upload-pack").to(Upload.class);
+ }
command("suexec").to(SuExec.class);
listener().to(ShowCaches.StartupListener.class);
@@ -78,10 +85,13 @@
command(gerrit, CreateGroupCommand.class);
command(gerrit, CreateProjectCommand.class);
command(gerrit, AdminQueryShell.class);
+
if (!slaveMode) {
- command("git-receive-pack").to(Commands.key(git, "receive-pack"));
- command("gerrit-receive-pack").to(Commands.key(git, "receive-pack"));
- command(git, "receive-pack").to(Commands.key(gerrit, "receive-pack"));
+ if (sshEnabled()) {
+ command("git-receive-pack").to(Commands.key(git, "receive-pack"));
+ command("gerrit-receive-pack").to(Commands.key(git, "receive-pack"));
+ command(git, "receive-pack").to(Commands.key(gerrit, "receive-pack"));
+ }
command(gerrit, "test-submit").toProvider(
new DispatchCommandProvider(testSubmit));
}
@@ -107,4 +117,10 @@
alias(logging, "ls", ListLoggingLevelCommand.class);
alias(logging, "set", SetLoggingLevelCommand.class);
}
+
+ private boolean sshEnabled() {
+ return downloadConfig.getDownloadSchemes().contains(DownloadScheme.SSH)
+ || downloadConfig.getDownloadSchemes().contains(
+ DownloadScheme.DEFAULT_DOWNLOADS);
+ }
}
diff --git a/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java b/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java
index b365e76..addac98 100644
--- a/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java
+++ b/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java
@@ -31,6 +31,7 @@
import com.google.gerrit.server.config.AuthConfig;
import com.google.gerrit.server.config.AuthConfigModule;
import com.google.gerrit.server.config.CanonicalWebUrlModule;
+import com.google.gerrit.server.config.DownloadConfig;
import com.google.gerrit.server.config.GerritGlobalModule;
import com.google.gerrit.server.config.GerritServerConfig;
import com.google.gerrit.server.config.GerritServerConfigModule;
@@ -329,7 +330,8 @@
final List<Module> modules = new ArrayList<>();
modules.add(sysInjector.getInstance(SshModule.class));
modules.add(new SshHostKeyModule());
- modules.add(new DefaultCommandModule(false));
+ modules.add(new DefaultCommandModule(false,
+ sysInjector.getInstance(DownloadConfig.class)));
return sysInjector.createChildInjector(modules);
}
