From 29e3289a377268b41b80a6c4fc87b410c2e3ef1b Mon Sep 17 00:00:00 2001
From: David Ostrovsky <david@ostrovsky.org>
Date: Sun, 9 Mar 2014 19:30:48 +0100
Subject: [PATCH] Protect reload plugin command with allow remote admin option

fd03350b9ea8af3cdf65fb8fb2367e333b252de4 introduced a new option
to disable remote plugin administration.

Require reloading plugins to be explicitly allowed with:

  plugins.allowRemoteAdmin = true

Change-Id: I2946202dd40af8b4197212fb15a488b166883d8a
---
 .../com/google/gerrit/sshd/commands/PluginReloadCommand.java   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/PluginReloadCommand.java b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/PluginReloadCommand.java
index 8449160a0e..4157515ffe 100644
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/PluginReloadCommand.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/PluginReloadCommand.java
@@ -41,6 +41,9 @@ final class PluginReloadCommand extends SshCommand {
 
   @Override
   protected void run() throws UnloggedFailure {
+    if (!loader.isRemoteAdminEnabled()) {
+      throw die("remote plugin administration is disabled");
+    }
     if (names == null || names.isEmpty()) {
       loader.rescan();
     } else {