opendev/gerrit
Code Issues Proposed changes
Files
1efffb1212728dde7174ebac1cb199653e5a2df1
gerrit/java/com/google/gerrit/sshd/commands/ReceiveSlaveMode.java
Edwin Kempin 783c5a5516 Slave mode: Pass error message about disabled SSH receive command to client 
Gerrit slaves are read-only and hence pushing to them is disabled.
Pushes over SSH come in as git-receive-pack commands. For slaves this
command is mapped to an SSH Command class that fails immediately so that
pushes on slaves are disabled. This SSH Command class is also supposed
to provide a meaningful error message to the client (see change
Ia25012486b). However this didn't work:

1. A git-receive-pack command has the project name to which the push is
   done as argument:
   The SSH Command class that was bound for git-receive-pack commands on
   slaves didn't allow any argument. Hence the request already failed
   during the command parsing so that the bound SSH Command class was
   not executed.
2. When using JGit on client-side the exception message from the server
   didn't reach the client. On client side the error was always "Short
   read of block". Then the client checked whether the remote repository
   exists by fetching from it. For slaves this fetch works and then JGit
   returned "push not permitted" as error message to the callers.

To fix 1 the SSH Command class that is bound for git-receive-pack
commands on slaves now extends AbstractGitCommand which defines the
argument for the project name.

To fix 2 we write out a special ERR packet which allows to pass a
customized remote service error to the client.

The error message that we return from slaves when pushing is now
consistent between SSH and HTTP. In both cases we now throw a
ServiceNotEnabledException.

Change-Id: Id99e93d0127d58114b54b4deea7f5227b920c8e2
Signed-off-by: Edwin Kempin <ekempin@google.com>
2018-02-06 09:57:08 +01:00

36 lines
1.3 KiB
Java
Raw Blame History

// Copyright (C) 2018 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.sshd.commands;
import com.google.gerrit.sshd.AbstractGitCommand;
import java.io.IOException;
import org.eclipse.jgit.transport.PacketLineOut;
import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException;
/* Receive command when running in slave mode. */
public class ReceiveSlaveMode extends AbstractGitCommand {
@Override
protected void runImpl() throws UnloggedFailure, IOException {
ServiceNotEnabledException ex = new ServiceNotEnabledException();
PacketLineOut packetOut = new PacketLineOut(out);
packetOut.setFlushOnEnd(true);
packetOut.writeString("ERR " + ex.getMessage());
packetOut.end();
throw die(ex);
}
}
View Git Blame Copy Permalink