opendev/gerrit
Code Issues Proposed changes

Merge branch 'stable-2.11'

Browse Source 
* stable-2.11:
  Update 2.11 release notes
  Revert "Revert "SSH: Simplify CachingPublicKeyAuthenticator implementation""
  Update 2.11 release notes
  SshDaemon: Add implementation of InsecureBouncyCastleRandom.random()
  Fix formatting in documentation about review labels
  Remove stripping # in login redirect
  Ensure that AccountLoader sets username if requested
  Workaround Guice bug "getPathInfo not decoded"

Change-Id: I9615fe2305b47a8ff232a47982651ea00a423263
This commit is contained in:
David Pursehouse 2015-04-08 11:39:34 +09:00
commit f838e8dc0b
8 changed files with 73 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Documentation/config-labels.txt
View File

@ -340,6 +340,7 @@ user permissions. Assume the configuration below.
====
Upon clicking the Reply button:
* Administrators have all scores (-3..+3) available, -3 is set as the default.
* Project Owners have limited scores (-2..+2) available, -2 is set as the default.
* Registered Users have limited scores (-1..+1) available, -1 is set as the default.

33
ReleaseNotes/ReleaseNotes-2.11.txt
View File

@ -367,6 +367,10 @@ Allow projects to be configured to create a new change for every uploaded commit
link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.11/config-gerrit.html#container.daemonOpt[
options to pass to the daemon].
* Allow to configure
link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.11/config-gerrit.html#sshd.rekeyBytesLimit[
SSHD rekey parameters].
Daemon
~~~~~~
@ -388,9 +392,12 @@ a change message on the created change.
* Don't send 'new patch set' notification emails for trivial rebases.
ssh
SSH
~~~
* link:https://code.google.com/p/gerrit/issues/detail?id=2797[Issue 2797]:
Add support for ECDSA based public key authentication.
* Add new commands
link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.11/cmd-logging-ls-level.html[
`logging ls-level`] and
@ -530,6 +537,21 @@ was stuck in the draft state.
* link:https://code.google.com/p/gerrit/issues/detail?id=3249[Issue 3249]:
Fix server error when checking mergeability of a change.
* Workaround Guice bug "getPathInfo not decoded".
+
Due to link:https://github.com/google/guice/issues/745[Guice issue 745], cloning
of a repository with a space in its name was impossible.
* Print proper names for tasks in output of `show-queue` command.
+
Some tasks were not displayed with the proper name.
SSH
~~~
* Prevent double authentication for the same public key.
Secondary Index / Search
~~~~~~~~~~~~~~~~~~~~~~~~
@ -578,6 +600,9 @@ documented.
Web UI
~~~~~~
* link:http://code.google.com/p/gerrit/issues/detail?id=3044[Issue 3044]:
Remove stripping `#` in login redirect.
Change Screen
^^^^^^^^^^^^^
@ -818,6 +843,8 @@ Upgrades
* Update ASM to 5.0.3.
* Update Bouncycastle to 1.51.
* Update CodeMirror to 4.10.0-6-gd0a2dda.
* Update Guava to 18.0.
@ -832,10 +859,12 @@ Upgrades
* Update Jetty to 9.2.9.v20150224.
* Update JGit to 3.6.2.201501210735-r.40-g23ad3a3.
* Update JGit to 3.7.0.201502260915-r.58-g65c379e.
* Update Lucene to 4.10.2.
* Update Parboiled to 1.1.7.
* Update Pegdown to 1.4.2.
* Update SSHD to 0.14.0.

9
gerrit-httpd/src/main/java/com/google/gerrit/httpd/GitOverHttpServlet.java
View File

@ -63,6 +63,8 @@ import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException;
import org.eclipse.jgit.transport.resolver.UploadPackFactory;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
@ -156,6 +158,13 @@ public class GitOverHttpServlet extends GitServlet {
public Repository open(HttpServletRequest req, String projectName)
throws RepositoryNotFoundException, ServiceNotAuthorizedException,
ServiceNotEnabledException {
try {
// TODO: remove this code when Guice fixes its issue 745
projectName = URLDecoder.decode(projectName, "UTF-8");
} catch (UnsupportedEncodingException e) {
// leave it encoded
}
while (projectName.endsWith("/")) {
projectName = projectName.substring(0, projectName.length() - 1);
}

5
gerrit-httpd/src/main/resources/com/google/gerrit/httpd/auth/container/LoginRedirect.html
View File

@ -7,10 +7,7 @@
var p = href.indexOf('#');
var token;
if (p >= 0) {
token = href.substring(p + 1);
if (token.length != 0 && token.charAt(0) == '/') {
token = token.substring(1);
}
token = href.substring(p);
href = href.substring(0, p);
} else {
token = '';

2
gerrit-server/src/main/java/com/google/gerrit/server/account/AccountState.java
View File

@ -73,7 +73,7 @@ public class AccountState {
return internalGroups;
}
private static String getUserName(Collection<AccountExternalId> ids) {
public static String getUserName(Collection<AccountExternalId> ids) {
for (AccountExternalId id : ids) {
if (id.isScheme(SCHEME_USERNAME)) {
return id.getSchemeRest();

4
gerrit-server/src/main/java/com/google/gerrit/server/account/InternalAccountDirectory.java
View File

@ -85,6 +85,10 @@ public class InternalAccountDirectory extends AccountDirectory {
if (!missing.isEmpty()) {
try {
for (Account account : db.get().accounts().get(missing.keySet())) {
if (options.contains(FillOptions.USERNAME)) {
account.setUserName(AccountState.getUserName(
db.get().accountExternalIds().byAccount(account.getId()).toList()));
}
for (AccountInfo info : missing.get(account.getId())) {
fill(info, account, options);
}

50
gerrit-sshd/src/main/java/com/google/gerrit/sshd/CachingPublicKeyAuthenticator.java
View File

@ -17,56 +17,12 @@ package com.google.gerrit.sshd;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import org.apache.sshd.common.Session;
import org.apache.sshd.common.SessionListener;
import org.apache.sshd.server.PublickeyAuthenticator;
import org.apache.sshd.server.session.ServerSession;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
@Singleton
public class CachingPublicKeyAuthenticator implements PublickeyAuthenticator,
SessionListener {
private final PublickeyAuthenticator authenticator;
private final Map<ServerSession, Map<PublicKey, Boolean>> sessionCache;
public class CachingPublicKeyAuthenticator
extends org.apache.sshd.server.auth.CachingPublicKeyAuthenticator {
@Inject
public CachingPublicKeyAuthenticator(DatabasePubKeyAuth authenticator) {
this.authenticator = authenticator;
this.sessionCache = new ConcurrentHashMap<>();
}
@Override
public boolean authenticate(String username, PublicKey key,
ServerSession session) {
Map<PublicKey, Boolean> m = sessionCache.get(session);
if (m == null) {
m = new HashMap<>();
sessionCache.put(session, m);
session.addListener(this);
}
if (m.containsKey(key)) {
return m.get(key);
}
boolean r = authenticator.authenticate(username, key, session);
m.put(key, r);
return r;
}
@Override
public void sessionCreated(Session session) {
}
@Override
public void sessionEvent(Session sesssion, Event event) {
}
@Override
public void sessionClosed(Session session) {
sessionCache.remove(session);
super(authenticator);
}
}

25
gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java
View File

@ -439,8 +439,29 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
@Override
public int random(int n) {
// TODO Auto-generated method stub
return 0;
if (n > 0) {
if ((n & -n) == n) {
return (int)((n * (long) next(31)) >> 31);
}
int bits, val;
do {
bits = next(31);
val = bits % n;
} while (bits - val + (n-1) < 0);
return val;
}
throw new IllegalArgumentException();
}
final protected int next(int numBits) {
int bytes = (numBits+7)/8;
byte next[] = new byte[bytes];
int ret = 0;
random.nextBytes(next);
for (int i = 0; i < bytes; i++) {
ret = (next[i] & 0xFF) | (ret << 8);
}
return ret >>> (bytes*8 - numBits);
}
}