Search in sources :

Example 1 with SshDaemonClient

use of com.gitblit.transport.ssh.SshDaemonClient in project gitblit by gitblit.

the class GitDispatcher method setContext.

@Override
public void setContext(SshCommandContext context) {
    super.setContext(context);
    IGitblit gitblit = context.getGitblit();
    repositoryResolver = new RepositoryResolver<SshDaemonClient>(gitblit);
    uploadPackFactory = new GitblitUploadPackFactory<SshDaemonClient>(gitblit);
    receivePackFactory = new GitblitReceivePackFactory<SshDaemonClient>(gitblit);
}
Also used : IGitblit(com.gitblit.manager.IGitblit) SshDaemonClient(com.gitblit.transport.ssh.SshDaemonClient)

Example 2 with SshDaemonClient

use of com.gitblit.transport.ssh.SshDaemonClient in project gitblit by gitblit.

the class RepositoryResolver method isExportOk.

/**
	 * Check if this repository can be served by the requested client connection.
	 */
@Override
protected boolean isExportOk(X req, String repositoryName, Repository db) throws IOException {
    RepositoryModel model = gitblit.getRepositoryModel(repositoryName);
    UserModel user = UserModel.ANONYMOUS;
    String scheme = null;
    String origin = null;
    if (req instanceof GitDaemonClient) {
        // git daemon request
        // this is an anonymous/unauthenticated protocol
        GitDaemonClient client = (GitDaemonClient) req;
        scheme = "git";
        origin = client.getRemoteAddress().toString();
    } else if (req instanceof HttpServletRequest) {
        // http/https request
        HttpServletRequest client = (HttpServletRequest) req;
        scheme = client.getScheme();
        origin = client.getRemoteAddr();
        user = gitblit.authenticate(client);
        if (user == null) {
            user = UserModel.ANONYMOUS;
        }
    } else if (req instanceof SshDaemonClient) {
        // ssh is always authenticated
        SshDaemonClient client = (SshDaemonClient) req;
        user = client.getUser();
    }
    if (user.canClone(model)) {
        // user can access this git repo
        logger.debug(MessageFormat.format("{0}:// access of {1} by {2} from {3} PERMITTED", scheme, repositoryName, user.username, origin));
        return true;
    }
    // user can not access this git repo
    logger.warn(MessageFormat.format("{0}:// access of {1} by {2} from {3} DENIED", scheme, repositoryName, user.username, origin));
    return false;
}
Also used : UserModel(com.gitblit.models.UserModel) HttpServletRequest(javax.servlet.http.HttpServletRequest) RepositoryModel(com.gitblit.models.RepositoryModel) SshDaemonClient(com.gitblit.transport.ssh.SshDaemonClient) GitDaemonClient(com.gitblit.transport.git.GitDaemonClient)

Example 3 with SshDaemonClient

use of com.gitblit.transport.ssh.SshDaemonClient in project gitblit by gitblit.

the class RepositoryResolver method open.

/**
	 * Open the repository and inject the repository name into the settings.
	 */
@Override
public Repository open(final X req, final String name) throws RepositoryNotFoundException, ServiceNotEnabledException {
    Repository repo = super.open(req, name);
    // retrieve the repository name from the pack factories or the hooks.
    if (req instanceof HttpServletRequest) {
        // http/https request
        HttpServletRequest client = (HttpServletRequest) req;
        client.setAttribute("gitblitRepositoryName", name);
    } else if (req instanceof GitDaemonClient) {
        // git request
        GitDaemonClient client = (GitDaemonClient) req;
        client.setRepositoryName(name);
    } else if (req instanceof SshDaemonClient) {
        SshDaemonClient client = (SshDaemonClient) req;
        client.setRepositoryName(name);
    }
    return repo;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Repository(org.eclipse.jgit.lib.Repository) SshDaemonClient(com.gitblit.transport.ssh.SshDaemonClient) GitDaemonClient(com.gitblit.transport.git.GitDaemonClient)

Example 4 with SshDaemonClient

use of com.gitblit.transport.ssh.SshDaemonClient in project gitblit by gitblit.

the class GitblitReceivePackFactory method create.

@Override
public ReceivePack create(X req, Repository db) throws ServiceNotEnabledException, ServiceNotAuthorizedException {
    UserModel user = UserModel.ANONYMOUS;
    String repositoryName = "";
    String origin = "";
    String gitblitUrl = "";
    int timeout = 0;
    Transport transport = null;
    if (req instanceof HttpServletRequest) {
        // http/https request may or may not be authenticated
        HttpServletRequest client = (HttpServletRequest) req;
        repositoryName = client.getAttribute("gitblitRepositoryName").toString();
        origin = client.getRemoteHost();
        gitblitUrl = HttpUtils.getGitblitURL(client);
        // determine pushing user
        String username = client.getRemoteUser();
        if (!StringUtils.isEmpty(username)) {
            UserModel u = gitblit.getUserModel(username);
            if (u != null) {
                user = u;
            }
        }
        // determine the transport
        if ("http".equals(client.getScheme())) {
            transport = Transport.HTTP;
        } else if ("https".equals(client.getScheme())) {
            transport = Transport.HTTPS;
        }
    } else if (req instanceof GitDaemonClient) {
        // git daemon request is always anonymous
        GitDaemonClient client = (GitDaemonClient) req;
        repositoryName = client.getRepositoryName();
        origin = client.getRemoteAddress().getHostAddress();
        // set timeout from Git daemon
        timeout = client.getDaemon().getTimeout();
        transport = Transport.GIT;
    } else if (req instanceof SshDaemonClient) {
        // SSH request is always authenticated
        SshDaemonClient client = (SshDaemonClient) req;
        repositoryName = client.getRepositoryName();
        origin = client.getRemoteAddress().toString();
        user = client.getUser();
        transport = Transport.SSH;
    }
    if (!acceptPush(transport)) {
        throw new ServiceNotAuthorizedException();
    }
    boolean allowAnonymousPushes = settings.getBoolean(Keys.git.allowAnonymousPushes, false);
    if (!allowAnonymousPushes && UserModel.ANONYMOUS.equals(user)) {
        // prohibit anonymous pushes
        throw new ServiceNotEnabledException();
    }
    String url = settings.getString(Keys.web.canonicalUrl, null);
    if (StringUtils.isEmpty(url)) {
        url = gitblitUrl;
    }
    final RepositoryModel repository = gitblit.getRepositoryModel(repositoryName);
    // Determine which receive pack to use for pushes
    final GitblitReceivePack rp;
    if (gitblit.getTicketService().isAcceptingNewPatchsets(repository)) {
        rp = new PatchsetReceivePack(gitblit, db, repository, user);
    } else {
        rp = new GitblitReceivePack(gitblit, db, repository, user);
    }
    rp.setGitblitUrl(url);
    rp.setRefLogIdent(new PersonIdent(user.username, user.username + "@" + origin));
    rp.setTimeout(timeout);
    return rp;
}
Also used : SshDaemonClient(com.gitblit.transport.ssh.SshDaemonClient) RepositoryModel(com.gitblit.models.RepositoryModel) GitDaemonClient(com.gitblit.transport.git.GitDaemonClient) UserModel(com.gitblit.models.UserModel) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServiceNotEnabledException(org.eclipse.jgit.transport.resolver.ServiceNotEnabledException) PersonIdent(org.eclipse.jgit.lib.PersonIdent) Transport(com.gitblit.Constants.Transport) ServiceNotAuthorizedException(org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException)

Example 5 with SshDaemonClient

use of com.gitblit.transport.ssh.SshDaemonClient in project gitblit by gitblit.

the class SshKerberosAuthenticationTest method testUserManager.

@Test
public void testUserManager() {
    IRuntimeManager rm = Mockito.mock(IRuntimeManager.class);
    //Build an UserManager that can build a UserModel
    IUserManager im = Mockito.mock(IUserManager.class);
    Mockito.doAnswer(new Answer<Object>() {

        @Override
        public Object answer(InvocationOnMock invocation) {
            Object[] args = invocation.getArguments();
            String user = (String) args[0];
            return new UserModel(user);
        }
    }).when(im).getUserModel(Mockito.anyString());
    AuthenticationManager am = new AuthenticationManager(rm, im);
    GSSAuthenticator gssAuthenticator = new SshKrbAuthenticator(new MemorySettings(), am);
    ServerSession session = Mockito.mock(ServerSession.class);
    //Build an SshDaemonClient that can set and get the UserModel
    final UserModelWrapper umw = new UserModelWrapper();
    SshDaemonClient client = Mockito.mock(SshDaemonClient.class);
    Mockito.when(client.getUser()).thenReturn(umw.um);
    Mockito.doAnswer(new Answer<Object>() {

        @Override
        public Object answer(InvocationOnMock invocation) {
            Object[] args = invocation.getArguments();
            UserModel um = (UserModel) args[0];
            umw.um = um;
            return null;
        }
    }).when(client).setUser(Mockito.any(UserModel.class));
    Mockito.when(session.getAttribute(SshDaemonClient.KEY)).thenReturn(client);
    Assert.assertTrue(gssAuthenticator.validateIdentity(session, "jhappy"));
}
Also used : GSSAuthenticator(org.apache.sshd.server.auth.gss.GSSAuthenticator) ServerSession(org.apache.sshd.server.session.ServerSession) IUserManager(com.gitblit.manager.IUserManager) SshDaemonClient(com.gitblit.transport.ssh.SshDaemonClient) SshKrbAuthenticator(com.gitblit.transport.ssh.SshKrbAuthenticator) IRuntimeManager(com.gitblit.manager.IRuntimeManager) UserModel(com.gitblit.models.UserModel) AuthenticationManager(com.gitblit.manager.AuthenticationManager) InvocationOnMock(org.mockito.invocation.InvocationOnMock) MemorySettings(com.gitblit.tests.mock.MemorySettings) Test(org.junit.Test)

Aggregations

SshDaemonClient (com.gitblit.transport.ssh.SshDaemonClient)5 UserModel (com.gitblit.models.UserModel)3 GitDaemonClient (com.gitblit.transport.git.GitDaemonClient)3 HttpServletRequest (javax.servlet.http.HttpServletRequest)3 RepositoryModel (com.gitblit.models.RepositoryModel)2 Transport (com.gitblit.Constants.Transport)1 AuthenticationManager (com.gitblit.manager.AuthenticationManager)1 IGitblit (com.gitblit.manager.IGitblit)1 IRuntimeManager (com.gitblit.manager.IRuntimeManager)1 IUserManager (com.gitblit.manager.IUserManager)1 MemorySettings (com.gitblit.tests.mock.MemorySettings)1 SshKrbAuthenticator (com.gitblit.transport.ssh.SshKrbAuthenticator)1 GSSAuthenticator (org.apache.sshd.server.auth.gss.GSSAuthenticator)1 ServerSession (org.apache.sshd.server.session.ServerSession)1 PersonIdent (org.eclipse.jgit.lib.PersonIdent)1 Repository (org.eclipse.jgit.lib.Repository)1 ServiceNotAuthorizedException (org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException)1 ServiceNotEnabledException (org.eclipse.jgit.transport.resolver.ServiceNotEnabledException)1 Test (org.junit.Test)1 InvocationOnMock (org.mockito.invocation.InvocationOnMock)1