Example 1 with SshDaemonClient
use of com.gitblit.transport.ssh.SshDaemonClient in project gitblit by gitblit.
the class GitDispatcher method setContext.
@Override
public void setContext(SshCommandContext context) {
super.setContext(context);
IGitblit gitblit = context.getGitblit();
repositoryResolver = new RepositoryResolver<SshDaemonClient>(gitblit);
uploadPackFactory = new GitblitUploadPackFactory<SshDaemonClient>(gitblit);
receivePackFactory = new GitblitReceivePackFactory<SshDaemonClient>(gitblit);
}
Also used :
IGitblit(com.gitblit.manager.IGitblit)
SshDaemonClient(com.gitblit.transport.ssh.SshDaemonClient)
Example 2 with SshDaemonClient
use of com.gitblit.transport.ssh.SshDaemonClient in project gitblit by gitblit.
the class RepositoryResolver method isExportOk.
/**
* Check if this repository can be served by the requested client connection.
*/
@Override
protected boolean isExportOk(X req, String repositoryName, Repository db) throws IOException {
RepositoryModel model = gitblit.getRepositoryModel(repositoryName);
UserModel user = UserModel.ANONYMOUS;
String scheme = null;
String origin = null;
if (req instanceof GitDaemonClient) {
// git daemon request
// this is an anonymous/unauthenticated protocol
GitDaemonClient client = (GitDaemonClient) req;
scheme = "git";
origin = client.getRemoteAddress().toString();
} else if (req instanceof HttpServletRequest) {
// http/https request
HttpServletRequest client = (HttpServletRequest) req;
scheme = client.getScheme();
origin = client.getRemoteAddr();
user = gitblit.authenticate(client);
if (user == null) {
user = UserModel.ANONYMOUS;
}
} else if (req instanceof SshDaemonClient) {
// ssh is always authenticated
SshDaemonClient client = (SshDaemonClient) req;
user = client.getUser();
}
if (user.canClone(model)) {
// user can access this git repo
logger.debug(MessageFormat.format("{0}:// access of {1} by {2} from {3} PERMITTED", scheme, repositoryName, user.username, origin));
return true;
}
// user can not access this git repo
logger.warn(MessageFormat.format("{0}:// access of {1} by {2} from {3} DENIED", scheme, repositoryName, user.username, origin));
return false;
}
Also used :
UserModel(com.gitblit.models.UserModel)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
RepositoryModel(com.gitblit.models.RepositoryModel)
SshDaemonClient(com.gitblit.transport.ssh.SshDaemonClient)
GitDaemonClient(com.gitblit.transport.git.GitDaemonClient)
Example 3 with SshDaemonClient
use of com.gitblit.transport.ssh.SshDaemonClient in project gitblit by gitblit.
the class RepositoryResolver method open.
/**
* Open the repository and inject the repository name into the settings.
*/
@Override
public Repository open(final X req, final String name) throws RepositoryNotFoundException, ServiceNotEnabledException {
Repository repo = super.open(req, name);
// retrieve the repository name from the pack factories or the hooks.
if (req instanceof HttpServletRequest) {
// http/https request
HttpServletRequest client = (HttpServletRequest) req;
client.setAttribute("gitblitRepositoryName", name);
} else if (req instanceof GitDaemonClient) {
// git request
GitDaemonClient client = (GitDaemonClient) req;
client.setRepositoryName(name);
} else if (req instanceof SshDaemonClient) {
SshDaemonClient client = (SshDaemonClient) req;
client.setRepositoryName(name);
}
return repo;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Repository(org.eclipse.jgit.lib.Repository)
SshDaemonClient(com.gitblit.transport.ssh.SshDaemonClient)
GitDaemonClient(com.gitblit.transport.git.GitDaemonClient)
Example 4 with SshDaemonClient
use of com.gitblit.transport.ssh.SshDaemonClient in project gitblit by gitblit.
the class GitblitReceivePackFactory method create.
@Override
public ReceivePack create(X req, Repository db) throws ServiceNotEnabledException, ServiceNotAuthorizedException {
UserModel user = UserModel.ANONYMOUS;
String repositoryName = "";
String origin = "";
String gitblitUrl = "";
int timeout = 0;
Transport transport = null;
if (req instanceof HttpServletRequest) {
// http/https request may or may not be authenticated
HttpServletRequest client = (HttpServletRequest) req;
repositoryName = client.getAttribute("gitblitRepositoryName").toString();
origin = client.getRemoteHost();
gitblitUrl = HttpUtils.getGitblitURL(client);
// determine pushing user
String username = client.getRemoteUser();
if (!StringUtils.isEmpty(username)) {
UserModel u = gitblit.getUserModel(username);
if (u != null) {
user = u;
}
}
// determine the transport
if ("http".equals(client.getScheme())) {
transport = Transport.HTTP;
} else if ("https".equals(client.getScheme())) {
transport = Transport.HTTPS;
}
} else if (req instanceof GitDaemonClient) {
// git daemon request is always anonymous
GitDaemonClient client = (GitDaemonClient) req;
repositoryName = client.getRepositoryName();
origin = client.getRemoteAddress().getHostAddress();
// set timeout from Git daemon
timeout = client.getDaemon().getTimeout();
transport = Transport.GIT;
} else if (req instanceof SshDaemonClient) {
// SSH request is always authenticated
SshDaemonClient client = (SshDaemonClient) req;
repositoryName = client.getRepositoryName();
origin = client.getRemoteAddress().toString();
user = client.getUser();
transport = Transport.SSH;
}
if (!acceptPush(transport)) {
throw new ServiceNotAuthorizedException();
}
boolean allowAnonymousPushes = settings.getBoolean(Keys.git.allowAnonymousPushes, false);
if (!allowAnonymousPushes && UserModel.ANONYMOUS.equals(user)) {
// prohibit anonymous pushes
throw new ServiceNotEnabledException();
}
String url = settings.getString(Keys.web.canonicalUrl, null);
if (StringUtils.isEmpty(url)) {
url = gitblitUrl;
}
final RepositoryModel repository = gitblit.getRepositoryModel(repositoryName);
// Determine which receive pack to use for pushes
final GitblitReceivePack rp;
if (gitblit.getTicketService().isAcceptingNewPatchsets(repository)) {
rp = new PatchsetReceivePack(gitblit, db, repository, user);
} else {
rp = new GitblitReceivePack(gitblit, db, repository, user);
}
rp.setGitblitUrl(url);
rp.setRefLogIdent(new PersonIdent(user.username, user.username + "@" + origin));
rp.setTimeout(timeout);
return rp;
}
Also used :
SshDaemonClient(com.gitblit.transport.ssh.SshDaemonClient)
RepositoryModel(com.gitblit.models.RepositoryModel)
GitDaemonClient(com.gitblit.transport.git.GitDaemonClient)
UserModel(com.gitblit.models.UserModel)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServiceNotEnabledException(org.eclipse.jgit.transport.resolver.ServiceNotEnabledException)
PersonIdent(org.eclipse.jgit.lib.PersonIdent)
Transport(com.gitblit.Constants.Transport)
ServiceNotAuthorizedException(org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException)
Example 5 with SshDaemonClient
use of com.gitblit.transport.ssh.SshDaemonClient in project gitblit by gitblit.
the class SshKerberosAuthenticationTest method testUserManager.
@Test
public void testUserManager() {
IRuntimeManager rm = Mockito.mock(IRuntimeManager.class);
//Build an UserManager that can build a UserModel
IUserManager im = Mockito.mock(IUserManager.class);
Mockito.doAnswer(new Answer<Object>() {
@Override
public Object answer(InvocationOnMock invocation) {
Object[] args = invocation.getArguments();
String user = (String) args[0];
return new UserModel(user);
}
}).when(im).getUserModel(Mockito.anyString());
AuthenticationManager am = new AuthenticationManager(rm, im);
GSSAuthenticator gssAuthenticator = new SshKrbAuthenticator(new MemorySettings(), am);
ServerSession session = Mockito.mock(ServerSession.class);
//Build an SshDaemonClient that can set and get the UserModel
final UserModelWrapper umw = new UserModelWrapper();
SshDaemonClient client = Mockito.mock(SshDaemonClient.class);
Mockito.when(client.getUser()).thenReturn(umw.um);
Mockito.doAnswer(new Answer<Object>() {
@Override
public Object answer(InvocationOnMock invocation) {
Object[] args = invocation.getArguments();
UserModel um = (UserModel) args[0];
umw.um = um;
return null;
}
}).when(client).setUser(Mockito.any(UserModel.class));
Mockito.when(session.getAttribute(SshDaemonClient.KEY)).thenReturn(client);
Assert.assertTrue(gssAuthenticator.validateIdentity(session, "jhappy"));
}
Also used :
GSSAuthenticator(org.apache.sshd.server.auth.gss.GSSAuthenticator)
ServerSession(org.apache.sshd.server.session.ServerSession)
IUserManager(com.gitblit.manager.IUserManager)
SshDaemonClient(com.gitblit.transport.ssh.SshDaemonClient)
SshKrbAuthenticator(com.gitblit.transport.ssh.SshKrbAuthenticator)
IRuntimeManager(com.gitblit.manager.IRuntimeManager)
UserModel(com.gitblit.models.UserModel)
AuthenticationManager(com.gitblit.manager.AuthenticationManager)
InvocationOnMock(org.mockito.invocation.InvocationOnMock)
MemorySettings(com.gitblit.tests.mock.MemorySettings)
Test(org.junit.Test)
Aggregations
SshDaemonClient (com.gitblit.transport.ssh.SshDaemonClient)5
UserModel (com.gitblit.models.UserModel)3
GitDaemonClient (com.gitblit.transport.git.GitDaemonClient)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)3
RepositoryModel (com.gitblit.models.RepositoryModel)2
Transport (com.gitblit.Constants.Transport)1
AuthenticationManager (com.gitblit.manager.AuthenticationManager)1
IGitblit (com.gitblit.manager.IGitblit)1
IRuntimeManager (com.gitblit.manager.IRuntimeManager)1
IUserManager (com.gitblit.manager.IUserManager)1
MemorySettings (com.gitblit.tests.mock.MemorySettings)1
SshKrbAuthenticator (com.gitblit.transport.ssh.SshKrbAuthenticator)1
GSSAuthenticator (org.apache.sshd.server.auth.gss.GSSAuthenticator)1
ServerSession (org.apache.sshd.server.session.ServerSession)1
PersonIdent (org.eclipse.jgit.lib.PersonIdent)1
Repository (org.eclipse.jgit.lib.Repository)1
ServiceNotAuthorizedException (org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException)1
ServiceNotEnabledException (org.eclipse.jgit.transport.resolver.ServiceNotEnabledException)1
Test (org.junit.Test)1
InvocationOnMock (org.mockito.invocation.InvocationOnMock)1
