From 7baf2e4cd2ef8082b74937e26de75b01e630b5d4 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 17 Apr 2014 12:00:35 -0400
Subject: [PATCH] Expose JGit 3.x receive pack settings as Gitblit settings

---
 src/main/java/com/gitblit/git/GitblitReceivePack.java |   11 +++++++++++
 releases.moxie                                        |    5 +++++
 src/main/distrib/data/gitblit.properties              |   41 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 57 insertions(+), 0 deletions(-)

diff --git a/releases.moxie b/releases.moxie
index 15d333d..cd2cfaa 100644
--- a/releases.moxie
+++ b/releases.moxie
@@ -43,6 +43,7 @@
     - Added beginnings of a plugin framework for extending Gitblit (issue-381, ticket-23)
     - Added a French translation (pr-163)
     - Added a setting to control what transports may be used for pushes
+    - Expose JGit 3.x receive pack settings (issue-408)
     dependencyChanges:
     - Java 7
     - Jetty 9.1.4
@@ -64,6 +65,10 @@
     - { name: 'realm.ldap.bindpattern', defaultValue: ' ' }
     - { name: 'tickets.closeOnPushCommitMessageRegex', defaultValue: '(?:fixes|closes)[\\s-]+#?(\\d+)' }
     - { name: 'git.acceptedPushTransports', defaultValue: ' ' }
+    - { name: 'git.checkReceivedObjects', defaultValue: 'true' }
+    - { name: 'git.checkReferencedObjectsAreReachable', defaultValue: 'true' }
+    - { name: 'git.maxObjectSizeLimit', defaultValue: '0' }
+    - { name: 'git.maxPackSizeLimit', defaultValue: '-1' }
     - { name: 'git.sshPort', defaultValue: '29418' }
     - { name: 'git.sshBindInterface', defaultValue: ' ' }
     - { name: 'git.sshKeysManager', defaultValue: 'com.gitblit.transport.ssh.FileKeyManager' }
diff --git a/src/main/distrib/data/gitblit.properties b/src/main/distrib/data/gitblit.properties
index beeb965..3215094 100644
--- a/src/main/distrib/data/gitblit.properties
+++ b/src/main/distrib/data/gitblit.properties
@@ -126,6 +126,8 @@
 
 # SSH backend NIO2|MINA.
 #
+# The Apache Mina project recommends using the NIO2 backend.
+#
 # SINCE 1.5.0
 git.sshBackend = NIO2
 
@@ -483,6 +485,45 @@
 # RESTART REQUIRED
 git.packedGitMmap = false
 
+# Validate all received (pushed) objects are valid.
+#
+# SINCE 1.5.0
+git.checkReceivedObjects = true
+
+# Validate all referenced but not supplied objects are reachable.
+#
+# If enabled, Gitblit will verify that references to objects not contained
+# within the received pack are already reachable through at least one other
+# reference advertised to clients.
+#
+# This feature is useful when Gitblit doesn't trust the client to not provide a
+# forged SHA-1 reference to an object, in an attempt to access parts of the DAG
+# that they aren't allowed to see and which have been hidden from them via the
+# configured AdvertiseRefsHook or RefFilter.
+#
+# Enabling this feature may imply at least some, if not all, of the same functionality
+# performed by git.checkReceivedObjects. 
+#
+# SINCE 1.5.0
+git.checkReferencedObjectsAreReachable = true
+
+# Set the maximum allowed Git object size.
+#
+# If an object is larger than the given size the pack-parsing will throw an exception
+# aborting the receive-pack operation.  The default value, 0, disables maximum
+# object size checking.
+#
+# SINCE 1.5.0
+git.maxObjectSizeLimit = 0
+
+# Set the maximum allowed pack size.
+#
+# A pack exceeding this size will be rejected. The default value, -1, disables
+# maximum pack size checking.
+#
+# SINCE 1.5.0
+git.maxPackSizeLimit = -1
+
 # Use the Gitblit patch receive pack for processing contributions and tickets.
 # This allows the user to push a patch using the familiar Gerrit syntax:
 #
diff --git a/src/main/java/com/gitblit/git/GitblitReceivePack.java b/src/main/java/com/gitblit/git/GitblitReceivePack.java
index 0cc4198..61f2d67 100644
--- a/src/main/java/com/gitblit/git/GitblitReceivePack.java
+++ b/src/main/java/com/gitblit/git/GitblitReceivePack.java
@@ -119,6 +119,17 @@
 		setAllowDeletes(user.canDeleteRef(repository));
 		setAllowNonFastForwards(user.canRewindRef(repository));
 
+		int maxObjectSz = settings.getInteger(Keys.git.maxObjectSizeLimit, -1);
+		if (maxObjectSz >= 0) {
+			setMaxObjectSizeLimit(maxObjectSz);
+		}
+		int maxPackSz = settings.getInteger(Keys.git.maxPackSizeLimit, -1);
+		if (maxPackSz >= 0) {
+			setMaxPackSizeLimit(maxPackSz);
+		}
+		setCheckReceivedObjects(settings.getBoolean(Keys.git.checkReceivedObjects, true));
+		setCheckReferencedObjectsAreReachable(settings.getBoolean(Keys.git.checkReferencedObjectsAreReachable, true));
+
 		// setup pre and post receive hook
 		setPreReceiveHook(this);
 		setPostReceiveHook(this);

--
Gitblit v1.9.1