From 05f229883c4e15e044c5c103acf69265cfb8806e Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 05 Jun 2014 08:38:35 -0400
Subject: [PATCH] Add a basic SSH public key management UI

---
 src/main/java/com/gitblit/manager/ServicesManager.java |  151 +++++++++++++++++++++++++++++++++++++++++++++++--
 1 files changed, 143 insertions(+), 8 deletions(-)

diff --git a/src/main/java/com/gitblit/manager/ServicesManager.java b/src/main/java/com/gitblit/manager/ServicesManager.java
index d04b277..3721578 100644
--- a/src/main/java/com/gitblit/manager/ServicesManager.java
+++ b/src/main/java/com/gitblit/manager/ServicesManager.java
@@ -16,6 +16,7 @@
 package com.gitblit.manager;
 
 import java.io.IOException;
+import java.net.URI;
 import java.text.MessageFormat;
 import java.util.Arrays;
 import java.util.Date;
@@ -24,21 +25,29 @@
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.gitblit.Constants.AccessPermission;
+import com.gitblit.Constants.AccessRestrictionType;
 import com.gitblit.Constants.FederationToken;
-import com.gitblit.Gitblit;
 import com.gitblit.IStoredSettings;
 import com.gitblit.Keys;
 import com.gitblit.fanout.FanoutNioService;
 import com.gitblit.fanout.FanoutService;
 import com.gitblit.fanout.FanoutSocketService;
-import com.gitblit.git.GitDaemon;
 import com.gitblit.models.FederationModel;
+import com.gitblit.models.RepositoryModel;
+import com.gitblit.models.UserModel;
 import com.gitblit.service.FederationPullService;
+import com.gitblit.transport.git.GitDaemon;
+import com.gitblit.transport.ssh.SshDaemon;
+import com.gitblit.utils.IdGenerator;
 import com.gitblit.utils.StringUtils;
 import com.gitblit.utils.TimeUtils;
+import com.gitblit.utils.WorkQueue;
 
 /**
  * Services manager manages long-running services/processes that either have no
@@ -48,7 +57,7 @@
  * @author James Moger
  *
  */
-public class ServicesManager implements IServicesManager {
+public class ServicesManager implements IManager {
 
 	private final Logger logger = LoggerFactory.getLogger(getClass());
 
@@ -56,15 +65,24 @@
 
 	private final IStoredSettings settings;
 
-	private final Gitblit gitblit;
+	private final IGitblit gitblit;
+
+	private final IdGenerator idGenerator;
+
+	private final WorkQueue workQueue;
 
 	private FanoutService fanoutService;
 
 	private GitDaemon gitDaemon;
 
-	public ServicesManager(Gitblit gitblit) {
+	private SshDaemon sshDaemon;
+
+	public ServicesManager(IGitblit gitblit) {
 		this.settings = gitblit.getSettings();
 		this.gitblit = gitblit;
+		int defaultThreadPoolSize = settings.getInteger(Keys.execution.defaultThreadPoolSize, 1);
+		this.idGenerator = new IdGenerator();
+		this.workQueue = new WorkQueue(idGenerator, defaultThreadPoolSize);
 	}
 
 	@Override
@@ -72,6 +90,7 @@
 		configureFederation();
 		configureFanout();
 		configureGitDaemon();
+		configureSshDaemon();
 
 		return this;
 	}
@@ -85,7 +104,29 @@
 		if (gitDaemon != null) {
 			gitDaemon.stop();
 		}
+		if (sshDaemon != null) {
+			sshDaemon.stop();
+		}
+		workQueue.stop();
 		return this;
+	}
+
+	public boolean isServingRepositories() {
+		return isServingHTTP()
+				|| isServingGIT()
+				|| isServingSSH();
+	}
+
+	public boolean isServingHTTP() {
+		return settings.getBoolean(Keys.git.enableGitServlet, true);
+	}
+
+	public boolean isServingGIT() {
+		return gitDaemon != null && gitDaemon.isRunning();
+	}
+
+	public boolean isServingSSH() {
+		return sshDaemon != null && sshDaemon.isRunning();
 	}
 
 	protected void configureFederation() {
@@ -133,6 +174,20 @@
 		}
 	}
 
+	protected void configureSshDaemon() {
+		int port = settings.getInteger(Keys.git.sshPort, 0);
+		String bindInterface = settings.getString(Keys.git.sshBindInterface, "localhost");
+		if (port > 0) {
+			try {
+				sshDaemon = new SshDaemon(gitblit, workQueue);
+				sshDaemon.start();
+			} catch (IOException e) {
+				sshDaemon = null;
+				logger.error(MessageFormat.format("Failed to start SSH daemon on {0}:{1,number,0}", bindInterface, port), e);
+			}
+		}
+	}
+
 	protected void configureFanout() {
 		// startup Fanout PubSub service
 		if (settings.getInteger(Keys.fanout.port, 0) > 0) {
@@ -163,14 +218,95 @@
 		}
 	}
 
+	public String getGitDaemonUrl(HttpServletRequest request, UserModel user, RepositoryModel repository) {
+		if (gitDaemon != null) {
+			String bindInterface = settings.getString(Keys.git.daemonBindInterface, "localhost");
+			if (bindInterface.equals("localhost")
+					&& (!request.getServerName().equals("localhost") && !request.getServerName().equals("127.0.0.1"))) {
+				// git daemon is bound to localhost and the request is from elsewhere
+				return null;
+			}
+			if (user.canClone(repository)) {
+				String hostname = getHostname(request);
+				String url = gitDaemon.formatUrl(hostname, repository.name);
+				return url;
+			}
+		}
+		return null;
+	}
+
+	public AccessPermission getGitDaemonAccessPermission(UserModel user, RepositoryModel repository) {
+		if (gitDaemon != null && user.canClone(repository)) {
+			AccessPermission gitDaemonPermission = user.getRepositoryPermission(repository).permission;
+			if (gitDaemonPermission.atLeast(AccessPermission.CLONE)) {
+				if (repository.accessRestriction.atLeast(AccessRestrictionType.CLONE)) {
+					// can not authenticate clone via anonymous git protocol
+					gitDaemonPermission = AccessPermission.NONE;
+				} else if (repository.accessRestriction.atLeast(AccessRestrictionType.PUSH)) {
+					// can not authenticate push via anonymous git protocol
+					gitDaemonPermission = AccessPermission.CLONE;
+				} else {
+					// normal user permission
+				}
+			}
+			return gitDaemonPermission;
+		}
+		return AccessPermission.NONE;
+	}
+
+	public String getSshDaemonUrl(HttpServletRequest request, UserModel user, RepositoryModel repository) {
+		if (user == null || UserModel.ANONYMOUS.equals(user)) {
+			// SSH always requires authentication - anonymous access prohibited
+			return null;
+		}
+		if (sshDaemon != null) {
+			String bindInterface = settings.getString(Keys.git.sshBindInterface, "localhost");
+			if (bindInterface.equals("localhost")
+					&& (!request.getServerName().equals("localhost") && !request.getServerName().equals("127.0.0.1"))) {
+				// ssh daemon is bound to localhost and the request is from elsewhere
+				return null;
+			}
+			if (user.canClone(repository)) {
+				String hostname = getHostname(request);
+				String url = sshDaemon.formatUrl(user.username, hostname, repository.name);
+				return url;
+			}
+		}
+		return null;
+	}
+
+
+	/**
+	 * Extract the hostname from the canonical url or return the
+	 * hostname from the servlet request.
+	 *
+	 * @param request
+	 * @return
+	 */
+	protected String getHostname(HttpServletRequest request) {
+		String hostname = request.getServerName();
+		String canonicalUrl = gitblit.getSettings().getString(Keys.web.canonicalUrl, null);
+		if (!StringUtils.isEmpty(canonicalUrl)) {
+			try {
+				URI uri = new URI(canonicalUrl);
+				String host = uri.getHost();
+				if (!StringUtils.isEmpty(host) && !"localhost".equals(host)) {
+					hostname = host;
+				}
+			} catch (Exception e) {
+			}
+		}
+		return hostname;
+	}
+
 	private class FederationPuller extends FederationPullService {
 
 		public FederationPuller(FederationModel registration) {
-			super(Arrays.asList(registration));
+			super(gitblit, Arrays.asList(registration));
 		}
 
 		public FederationPuller(List<FederationModel> registrations) {
-			super(registrations);
+			super(gitblit, registrations);
 		}
 
 		@Override
@@ -183,6 +319,5 @@
 					"Next pull of {0} @ {1} scheduled for {2,date,yyyy-MM-dd HH:mm}",
 					registration.name, registration.url, registration.nextPull));
 		}
-
 	}
 }

--
Gitblit v1.9.1