Require branch deletion permission for pushes over HTTP

Since smart HTTP can perform a branch deletion over HTTP requests, we need to disambiguate web requests from the web UI from HTTP requests coming from a git client tool such as git push. Moving all git commands into the AccessPath.GIT category and making a different category for the web UI allows us to tell these apart, so we can correctly require delete branch permission when removing a branch through a git command. This is a safety feature to prevent project owners from accidentally creating or deleting branches over git push, even though they can do this through the web UI without additional access controls. Bug: issue 393 Change-Id: I14cc68e31f5263913f5d9715a8f2241b5766bf23 Signed-off-by: Shawn O. Pearce <sop@google.com> Reviewed-by: Nico Sallembien <nsallembien@google.com>
2010-01-29 10:29:38 -08:00
parent f6a13f4eed
commit 53b0e7ffb5
9 changed files with 89 additions and 22 deletions
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/DatabasePasswordAuth.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/DatabasePasswordAuth.java
@@ -105,11 +105,12 @@ class DatabasePasswordAuth implements PasswordAuthenticator {

  private IdentifiedUser createUser(final SshSession sd,
      final AccountState state) {
-    return userFactory.create(AccessPath.SSH, new Provider<SocketAddress>() {
-      @Override
-      public SocketAddress get() {
-        return sd.getRemoteAddress();
-      }
-    }, state.getAccount().getId());
+    return userFactory.create(AccessPath.SSH_COMMAND,
+        new Provider<SocketAddress>() {
+          @Override
+          public SocketAddress get() {
+            return sd.getRemoteAddress();
+          }
+        }, state.getAccount().getId());
  }
 }
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/DatabasePubKeyAuth.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/DatabasePubKeyAuth.java
@@ -184,12 +184,13 @@ class DatabasePubKeyAuth implements PublickeyAuthenticator {

  private IdentifiedUser createUser(final SshSession sd,
      final SshKeyCacheEntry key) {
-    return userFactory.create(AccessPath.SSH, new Provider<SocketAddress>() {
-      @Override
-      public SocketAddress get() {
-        return sd.getRemoteAddress();
-      }
-    }, key.getAccount());
+    return userFactory.create(AccessPath.SSH_COMMAND,
+        new Provider<SocketAddress>() {
+          @Override
+          public SocketAddress get() {
+            return sd.getRemoteAddress();
+          }
+        }, key.getAccount());
  }

  private SshKeyCacheEntry find(final Iterable<SshKeyCacheEntry> keyList,
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SuExec.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SuExec.java
@@ -114,7 +114,7 @@ public final class SuExec extends BaseCommand {
    }

    return new SshSession(session.get(), peer, userFactory.create(
-        AccessPath.SSH, new Provider<SocketAddress>() {
+        AccessPath.SSH_COMMAND, new Provider<SocketAddress>() {
          @Override
          public SocketAddress get() {
            return peer;