Allow plugins to intercept ssh command creation

Add a new interface, SshCreateCommandInterceptor, which is bound as
a dynamic item. A plugin may implement this interface to intercept
creation of ssh commands and override them with the plugin's own.

This is useful for example to allow a plugin to block execution of
certain ssh commands.

Change-Id: Id44e225f900da918db23921803e14edd4f2350ee

gerrit-sshd/src/main/java/com/google/gerrit/sshd/CommandFactoryProvider.java

@@ -17,6 +17,7 @@ package com.google.gerrit.sshd;
 import com.google.common.util.concurrent.Atomics;
 import com.google.common.util.concurrent.ThreadFactoryBuilder;
 import com.google.gerrit.extensions.events.LifecycleListener;
+import com.google.gerrit.extensions.registration.DynamicItem;
 import com.google.gerrit.reviewdb.server.ReviewDb;
 import com.google.gerrit.server.config.GerritServerConfig;
 import com.google.gerrit.server.git.WorkQueue;
@@ -57,6 +58,7 @@ class CommandFactoryProvider implements Provider<CommandFactory>, LifecycleListe
   private final ScheduledExecutorService startExecutor;
   private final ExecutorService destroyExecutor;
   private final SchemaFactory<ReviewDb> schemaFactory;
+  private final DynamicItem<SshCreateCommandInterceptor> createCommandInterceptor;
 
   @Inject
   CommandFactoryProvider(
@@ -65,11 +67,13 @@ class CommandFactoryProvider implements Provider<CommandFactory>, LifecycleListe
       final WorkQueue workQueue,
       final SshLog l,
       final SshScope s,
-      SchemaFactory<ReviewDb> sf) {
+      SchemaFactory<ReviewDb> sf,
+      DynamicItem<SshCreateCommandInterceptor> i) {
     dispatcher = d;
     log = l;
     sshScope = s;
     schemaFactory = sf;
+    createCommandInterceptor = i;
 
     int threads = cfg.getInt("sshd", "commandStartThreads", 2);
     startExecutor = workQueue.createQueue(threads, "SshCommandStart");
@@ -94,7 +98,12 @@ class CommandFactoryProvider implements Provider<CommandFactory>, LifecycleListe
     return new CommandFactory() {
       @Override
       public Command createCommand(final String requestCommand) {
-        return new Trampoline(requestCommand);
+        String c = requestCommand;
+        SshCreateCommandInterceptor interceptor = createCommandInterceptor.get();
+        if (interceptor != null) {
+          c = interceptor.intercept(c);
+        }
+        return new Trampoline(c);
       }
     };
   }

gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshCreateCommandInterceptor.java

@@ -0,0 +1,26 @@
+// Copyright (C) 2018 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.sshd;
+
+public interface SshCreateCommandInterceptor {
+
+  /**
+   * Intrcept SSH command creation
+   *
+   * @param in command name passed in to command instance creation machinery
+   * @return intercepted command name
+   */
+  String intercept(String in);
+}

gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshModule.java

@@ -17,6 +17,7 @@ package com.google.gerrit.sshd;
 import static com.google.gerrit.extensions.registration.PrivateInternals_DynamicTypes.registerInParentInjectors;
 import static com.google.inject.Scopes.SINGLETON;
 
+import com.google.gerrit.extensions.registration.DynamicItem;
 import com.google.gerrit.lifecycle.LifecycleModule;
 import com.google.gerrit.server.PeerDaemonUser;
 import com.google.gerrit.server.RemotePeer;
@@ -94,6 +95,7 @@ public class SshModule extends LifecycleModule {
         .annotatedWith(UniqueAnnotations.create())
         .to(SshPluginStarterCallback.class);
 
+    DynamicItem.itemOf(binder(), SshCreateCommandInterceptor.class);
     listener().toInstance(registerInParentInjectors());
     listener().to(SshLog.class);
     listener().to(SshDaemon.class);