From 13331ae61c7f08b4a202a531e005915147467bd8 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 10 Apr 2014 18:58:09 -0400
Subject: [PATCH] Exclude SSH repository urls from anonymous users

---
 src/main/java/com/gitblit/transport/ssh/SshDaemon.java |  133 ++++++++++++--------------------------------
 1 files changed, 37 insertions(+), 96 deletions(-)

diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
index de57f5f..9628cb8 100644
--- a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
@@ -21,32 +21,22 @@
 import java.text.MessageFormat;
 import java.util.concurrent.atomic.AtomicBoolean;
 
-import javax.inject.Singleton;
-
 import org.apache.sshd.SshServer;
+import org.apache.sshd.common.io.IoServiceFactoryFactory;
+import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
+import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
 import org.apache.sshd.server.keyprovider.PEMGeneratorHostKeyProvider;
 import org.eclipse.jgit.internal.JGitText;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.gitblit.Constants;
 import com.gitblit.IStoredSettings;
 import com.gitblit.Keys;
-import com.gitblit.git.GitblitReceivePackFactory;
-import com.gitblit.git.GitblitUploadPackFactory;
-import com.gitblit.git.RepositoryResolver;
 import com.gitblit.manager.IGitblit;
-import com.gitblit.transport.ssh.commands.CreateRepository;
-import com.gitblit.transport.ssh.commands.DispatchCommand;
-import com.gitblit.transport.ssh.commands.Receive;
-import com.gitblit.transport.ssh.commands.Upload;
-import com.gitblit.transport.ssh.commands.VersionCommand;
+import com.gitblit.transport.ssh.commands.SshCommandFactory;
 import com.gitblit.utils.IdGenerator;
 import com.gitblit.utils.StringUtils;
-import com.gitblit.utils.WorkQueue;
-
-import dagger.Module;
-import dagger.ObjectGraph;
-import dagger.Provides;
 
 /**
  * Manager for the ssh transport. Roughly analogous to the
@@ -58,6 +48,10 @@
 public class SshDaemon {
 
 	private final Logger log = LoggerFactory.getLogger(SshDaemon.class);
+
+	public static enum SshSessionBackend {
+		MINA, NIO2
+	}
 
 	/**
 	 * 22: IANA assigned port number for ssh. Note that this is a distinct
@@ -73,7 +67,6 @@
 
 	private final IGitblit gitblit;
 	private final SshServer sshd;
-	private final ObjectGraph injector;
 
 	/**
 	 * Construct the Gitblit SSH daemon.
@@ -82,15 +75,20 @@
 	 */
 	public SshDaemon(IGitblit gitblit, IdGenerator idGenerator) {
 		this.gitblit = gitblit;
-		this.injector = ObjectGraph.create(new SshModule());
-		
+
 		IStoredSettings settings = gitblit.getSettings();
 		int port = settings.getInteger(Keys.git.sshPort, 0);
 		String bindInterface = settings.getString(Keys.git.sshBindInterface,
 				"localhost");
 
-		IKeyManager keyManager = getKeyManager();
-		
+		String sshBackendStr = settings.getString(Keys.git.sshBackend,
+				SshSessionBackend.NIO2.name());
+		SshSessionBackend backend = SshSessionBackend.valueOf(sshBackendStr);
+		System.setProperty(IoServiceFactoryFactory.class.getName(),
+		    backend == SshSessionBackend.MINA
+		    	? MinaServiceFactoryFactory.class.getName()
+		    	: Nio2ServiceFactoryFactory.class.getName());
+
 		InetSocketAddress addr;
 		if (StringUtils.isEmpty(bindInterface)) {
 			addr = new InetSocketAddress(port);
@@ -98,38 +96,24 @@
 			addr = new InetSocketAddress(bindInterface, port);
 		}
 
+		File hostKeyStore = new File(gitblit.getBaseFolder(), HOST_KEY_STORE);
+		CachingPublicKeyAuthenticator keyAuthenticator =
+				new CachingPublicKeyAuthenticator(gitblit.getPublicKeyManager(), gitblit);
+
 		sshd = SshServer.setUpDefaultServer();
 		sshd.setPort(addr.getPort());
 		sshd.setHost(addr.getHostName());
-		sshd.setKeyPairProvider(new PEMGeneratorHostKeyProvider(new File(
-				gitblit.getBaseFolder(), HOST_KEY_STORE).getPath()));
-		sshd.setPublickeyAuthenticator(new SshKeyAuthenticator(keyManager, gitblit));
-		sshd.setPasswordAuthenticator(new SshPasswordAuthenticator(gitblit));
-		sshd.setSessionFactory(new SshSessionFactory(idGenerator));
+		sshd.setKeyPairProvider(new PEMGeneratorHostKeyProvider(hostKeyStore.getPath()));
+		sshd.setPublickeyAuthenticator(keyAuthenticator);
+		sshd.setPasswordAuthenticator(new UsernamePasswordAuthenticator(gitblit));
+		sshd.setSessionFactory(new SshServerSessionFactory());
 		sshd.setFileSystemFactory(new DisabledFilesystemFactory());
-		sshd.setForwardingFilter(new NonForwardingFilter());
+		sshd.setTcpipForwardingFilter(new NonForwardingFilter());
+		sshd.setCommandFactory(new SshCommandFactory(gitblit, idGenerator));
+		sshd.setShellFactory(new WelcomeShell(settings));
 
-		DispatchCommand gitblitCmd = new DispatchCommand();
-		gitblitCmd.registerCommand(CreateRepository.class);
-		gitblitCmd.registerCommand(VersionCommand.class);
-
-		DispatchCommand gitCmd = new DispatchCommand();
-		gitCmd.registerCommand(Upload.class);
-		gitCmd.registerCommand(Receive.class);
-
-		DispatchCommand root = new DispatchCommand();
-		root.registerDispatcher("gitblit", gitblitCmd);
-		root.registerDispatcher("git", gitCmd);
-
-		root.setRepositoryResolver(new RepositoryResolver<SshSession>(gitblit));
-		root.setUploadPackFactory(new GitblitUploadPackFactory<SshSession>(gitblit));
-		root.setReceivePackFactory(new GitblitReceivePackFactory<SshSession>(gitblit));
-
-		SshCommandFactory commandFactory = new SshCommandFactory(
-				new WorkQueue(idGenerator),
-				root);
-
-		sshd.setCommandFactory(commandFactory);
+		String version = Constants.getGitBlitVersion() + " (" + sshd.getVersion() + ")";
+		sshd.getProperties().put(SshServer.SERVER_IDENTIFICATION, version);
 
 		run = new AtomicBoolean(false);
 	}
@@ -162,9 +146,12 @@
 		sshd.start();
 		run.set(true);
 
+		String sshBackendStr = gitblit.getSettings().getString(Keys.git.sshBackend,
+				SshSessionBackend.NIO2.name());
+
 		log.info(MessageFormat.format(
-				"SSH Daemon is listening on {0}:{1,number,0}",
-				sshd.getHost(), sshd.getPort()));
+				"SSH Daemon ({0}) is listening on {1}:{2,number,0}",
+				sshBackendStr, sshd.getHost(), sshd.getPort()));
 	}
 
 	/** @return true if this daemon is receiving connections. */
@@ -179,57 +166,11 @@
 			run.set(false);
 
 			try {
+				((SshCommandFactory) sshd.getCommandFactory()).stop();
 				sshd.stop();
 			} catch (InterruptedException e) {
 				log.error("SSH Daemon stop interrupted", e);
 			}
-		}
-	}
-	
-	protected IKeyManager getKeyManager() {
-		IKeyManager keyManager = null;
-		IStoredSettings settings = gitblit.getSettings();
-		String clazz = settings.getString(Keys.git.sshKeysManager, FileKeyManager.class.getName());
-		if (StringUtils.isEmpty(clazz)) {
-			clazz = FileKeyManager.class.getName();
-		}		
-		try {
-			Class<? extends IKeyManager> managerClass = (Class<? extends IKeyManager>) Class.forName(clazz);
-			keyManager = injector.get(managerClass).start();
-			if (keyManager.isReady()) {
-				log.info("{} is ready.", keyManager);
-			} else {
-				log.warn("{} is disabled.", keyManager);
-			}
-		} catch (Exception e) {
-			log.error("failed to create ssh key manager " + clazz, e);
-			keyManager = injector.get(NullKeyManager.class).start();
-		}
-		return keyManager;
-	}
-	
-	/**
-	 * A nested Dagger graph is used for constructor dependency injection of
-	 * complex classes.
-	 *
-	 * @author James Moger
-	 *
-	 */
-	@Module(
-			library = true,
-			injects = {
-					NullKeyManager.class,
-					FileKeyManager.class
-			}
-			)
-	class SshModule {
-
-		@Provides @Singleton NullKeyManager provideNullKeyManager() {
-			return new NullKeyManager();
-		}
-		
-		@Provides @Singleton FileKeyManager provideFileKeyManager() {
-			return new FileKeyManager(SshDaemon.this.gitblit);
 		}
 	}
 }

--
Gitblit v1.9.1