From 13331ae61c7f08b4a202a531e005915147467bd8 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 10 Apr 2014 18:58:09 -0400
Subject: [PATCH] Exclude SSH repository urls from anonymous users

---
 src/main/java/com/gitblit/transport/ssh/SshDaemon.java |   70 ++++++++++++++++++----------------
 1 files changed, 37 insertions(+), 33 deletions(-)

diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
index 42ee67a..9628cb8 100644
--- a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
@@ -22,27 +22,25 @@
 import java.util.concurrent.atomic.AtomicBoolean;
 
 import org.apache.sshd.SshServer;
+import org.apache.sshd.common.io.IoServiceFactoryFactory;
+import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
+import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
 import org.apache.sshd.server.keyprovider.PEMGeneratorHostKeyProvider;
 import org.eclipse.jgit.internal.JGitText;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.gitblit.Constants;
 import com.gitblit.IStoredSettings;
 import com.gitblit.Keys;
-import com.gitblit.git.GitblitReceivePackFactory;
-import com.gitblit.git.GitblitUploadPackFactory;
-import com.gitblit.git.RepositoryResolver;
 import com.gitblit.manager.IGitblit;
-import com.gitblit.transport.ssh.commands.CreateRepository;
-import com.gitblit.transport.ssh.commands.DispatchCommand;
-import com.gitblit.transport.ssh.commands.VersionCommand;
+import com.gitblit.transport.ssh.commands.SshCommandFactory;
 import com.gitblit.utils.IdGenerator;
 import com.gitblit.utils.StringUtils;
-import com.gitblit.utils.WorkQueue;
 
 /**
  * Manager for the ssh transport. Roughly analogous to the
- * {@link com.gitblit.git.GitDaemon} class.
+ * {@link com.gitblit.transport.git.GitDaemon} class.
  *
  * @author Eric Myhre
  *
@@ -50,6 +48,10 @@
 public class SshDaemon {
 
 	private final Logger log = LoggerFactory.getLogger(SshDaemon.class);
+
+	public static enum SshSessionBackend {
+		MINA, NIO2
+	}
 
 	/**
 	 * 22: IANA assigned port number for ssh. Note that this is a distinct
@@ -63,11 +65,7 @@
 
 	private final AtomicBoolean run;
 
-	@SuppressWarnings("unused")
 	private final IGitblit gitblit;
-
-	private final IdGenerator idGenerator;
-
 	private final SshServer sshd;
 
 	/**
@@ -77,12 +75,19 @@
 	 */
 	public SshDaemon(IGitblit gitblit, IdGenerator idGenerator) {
 		this.gitblit = gitblit;
-		this.idGenerator = idGenerator;
 
 		IStoredSettings settings = gitblit.getSettings();
 		int port = settings.getInteger(Keys.git.sshPort, 0);
 		String bindInterface = settings.getString(Keys.git.sshBindInterface,
 				"localhost");
+
+		String sshBackendStr = settings.getString(Keys.git.sshBackend,
+				SshSessionBackend.NIO2.name());
+		SshSessionBackend backend = SshSessionBackend.valueOf(sshBackendStr);
+		System.setProperty(IoServiceFactoryFactory.class.getName(),
+		    backend == SshSessionBackend.MINA
+		    	? MinaServiceFactoryFactory.class.getName()
+		    	: Nio2ServiceFactoryFactory.class.getName());
 
 		InetSocketAddress addr;
 		if (StringUtils.isEmpty(bindInterface)) {
@@ -91,29 +96,24 @@
 			addr = new InetSocketAddress(bindInterface, port);
 		}
 
+		File hostKeyStore = new File(gitblit.getBaseFolder(), HOST_KEY_STORE);
+		CachingPublicKeyAuthenticator keyAuthenticator =
+				new CachingPublicKeyAuthenticator(gitblit.getPublicKeyManager(), gitblit);
+
 		sshd = SshServer.setUpDefaultServer();
 		sshd.setPort(addr.getPort());
 		sshd.setHost(addr.getHostName());
-		sshd.setKeyPairProvider(new PEMGeneratorHostKeyProvider(new File(
-				gitblit.getBaseFolder(), HOST_KEY_STORE).getPath()));
-		sshd.setPublickeyAuthenticator(new SshKeyAuthenticator(gitblit));
-		sshd.setPasswordAuthenticator(new SshPasswordAuthenticator(gitblit));
-		sshd.setSessionFactory(new SshSessionFactory(idGenerator));
+		sshd.setKeyPairProvider(new PEMGeneratorHostKeyProvider(hostKeyStore.getPath()));
+		sshd.setPublickeyAuthenticator(keyAuthenticator);
+		sshd.setPasswordAuthenticator(new UsernamePasswordAuthenticator(gitblit));
+		sshd.setSessionFactory(new SshServerSessionFactory());
 		sshd.setFileSystemFactory(new DisabledFilesystemFactory());
-		sshd.setForwardingFilter(new NonForwardingFilter());
+		sshd.setTcpipForwardingFilter(new NonForwardingFilter());
+		sshd.setCommandFactory(new SshCommandFactory(gitblit, idGenerator));
+		sshd.setShellFactory(new WelcomeShell(settings));
 
-		DispatchCommand dispatcher = new DispatchCommand();
-		dispatcher.registerCommand(CreateRepository.class);
-		dispatcher.registerCommand(VersionCommand.class);
-
-		SshCommandFactory commandFactory = new SshCommandFactory(
-				new RepositoryResolver<SshSession>(gitblit),
-				new GitblitUploadPackFactory<SshSession>(gitblit),
-				new GitblitReceivePackFactory<SshSession>(gitblit),
-				new WorkQueue(idGenerator),
-				dispatcher);
-
-		sshd.setCommandFactory(commandFactory);
+		String version = Constants.getGitBlitVersion() + " (" + sshd.getVersion() + ")";
+		sshd.getProperties().put(SshServer.SERVER_IDENTIFICATION, version);
 
 		run = new AtomicBoolean(false);
 	}
@@ -146,9 +146,12 @@
 		sshd.start();
 		run.set(true);
 
+		String sshBackendStr = gitblit.getSettings().getString(Keys.git.sshBackend,
+				SshSessionBackend.NIO2.name());
+
 		log.info(MessageFormat.format(
-				"SSH Daemon is listening on {0}:{1,number,0}",
-				sshd.getHost(), sshd.getPort()));
+				"SSH Daemon ({0}) is listening on {1}:{2,number,0}",
+				sshBackendStr, sshd.getHost(), sshd.getPort()));
 	}
 
 	/** @return true if this daemon is receiving connections. */
@@ -163,6 +166,7 @@
 			run.set(false);
 
 			try {
+				((SshCommandFactory) sshd.getCommandFactory()).stop();
 				sshd.stop();
 			} catch (InterruptedException e) {
 				log.error("SSH Daemon stop interrupted", e);

--
Gitblit v1.9.1