diff options
| author | James Moger <james.moger@gitblit.com> | 2014-04-02 11:44:31 -0400 |
|---|---|---|
| committer | James Moger <james.moger@gitblit.com> | 2014-04-10 19:01:30 -0400 |
| commit | e9872c8ca4d9af41794a851f2f81ed21c65bb85b (patch) | |
| tree | a930742d0ba584e82c8aa617c65debee92d0196e /src/main/java/com/gitblit/git | |
| parent | f7e97712b5c4edd72cad1e8e54490de02a766224 (diff) | |
| download | gitblit-e9872c8ca4d9af41794a851f2f81ed21c65bb85b.tar.gz gitblit-e9872c8ca4d9af41794a851f2f81ed21c65bb85b.zip | |
Allow specifying accepted PUSH transports
Diffstat (limited to 'src/main/java/com/gitblit/git')
| -rw-r--r-- | src/main/java/com/gitblit/git/GitblitReceivePackFactory.java | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java b/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java index 41e348ba..afda23b0 100644 --- a/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java +++ b/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java @@ -15,6 +15,9 @@ */ package com.gitblit.git; +import java.util.HashSet; +import java.util.Set; + import javax.servlet.http.HttpServletRequest; import org.eclipse.jgit.lib.PersonIdent; @@ -26,6 +29,7 @@ import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import com.gitblit.Constants.Transport; import com.gitblit.IStoredSettings; import com.gitblit.Keys; import com.gitblit.manager.IGitblit; @@ -66,6 +70,7 @@ public class GitblitReceivePackFactory<X> implements ReceivePackFactory<X> { String origin = ""; String gitblitUrl = ""; int timeout = 0; + Transport transport = null; if (req instanceof HttpServletRequest) { // http/https request may or may not be authenticated @@ -82,6 +87,13 @@ public class GitblitReceivePackFactory<X> implements ReceivePackFactory<X> { user = u; } } + + // determine the transport + if ("http".equals(client.getScheme())) { + transport = Transport.HTTP; + } else if ("https".equals(client.getScheme())) { + transport = Transport.HTTPS; + } } else if (req instanceof GitDaemonClient) { // git daemon request is always anonymous GitDaemonClient client = (GitDaemonClient) req; @@ -90,12 +102,20 @@ public class GitblitReceivePackFactory<X> implements ReceivePackFactory<X> { // set timeout from Git daemon timeout = client.getDaemon().getTimeout(); + + transport = Transport.GIT; } else if (req instanceof SshDaemonClient) { // SSH request is always authenticated SshDaemonClient client = (SshDaemonClient) req; repositoryName = client.getRepositoryName(); origin = client.getRemoteAddress().toString(); user = client.getUser(); + + transport = Transport.SSH; + } + + if (!acceptPush(transport)) { + throw new ServiceNotAuthorizedException(); } boolean allowAnonymousPushes = settings.getBoolean(Keys.git.allowAnonymousPushes, false); @@ -125,4 +145,30 @@ public class GitblitReceivePackFactory<X> implements ReceivePackFactory<X> { return rp; } + + protected boolean acceptPush(Transport byTransport) { + if (byTransport == null) { + logger.info("Unknown transport, push rejected!"); + return false; + } + + Set<Transport> transports = new HashSet<Transport>(); + for (String value : gitblit.getSettings().getStrings(Keys.git.acceptedPushTransports)) { + Transport transport = Transport.fromString(value); + if (transport == null) { + logger.info(String.format("Ignoring unknown registered transport %s", value)); + continue; + } + + transports.add(transport); + } + + if (transports.isEmpty()) { + // no transports are explicitly specified, all are acceptable + return true; + } + + // verify that the transport is permitted + return transports.contains(byTransport); + } }
\ No newline at end of file |