From e9872c8ca4d9af41794a851f2f81ed21c65bb85b Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 10 Apr 2014 19:01:30 -0400
Subject: [PATCH] Allow specifying accepted PUSH transports

---
 src/main/java/com/gitblit/git/GitblitReceivePackFactory.java |   46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 46 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java b/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java
index 41e348b..afda23b 100644
--- a/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java
+++ b/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java
@@ -15,6 +15,9 @@
  */
 package com.gitblit.git;
 
+import java.util.HashSet;
+import java.util.Set;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.eclipse.jgit.lib.PersonIdent;
@@ -26,6 +29,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.gitblit.Constants.Transport;
 import com.gitblit.IStoredSettings;
 import com.gitblit.Keys;
 import com.gitblit.manager.IGitblit;
@@ -66,6 +70,7 @@
 		String origin = "";
 		String gitblitUrl = "";
 		int timeout = 0;
+		Transport transport = null;
 
 		if (req instanceof HttpServletRequest) {
 			// http/https request may or may not be authenticated
@@ -82,6 +87,13 @@
 					user = u;
 				}
 			}
+
+			// determine the transport
+			if ("http".equals(client.getScheme())) {
+				transport = Transport.HTTP;
+			} else if ("https".equals(client.getScheme())) {
+				transport = Transport.HTTPS;
+			}
 		} else if (req instanceof GitDaemonClient) {
 			// git daemon request is always anonymous
 			GitDaemonClient client = (GitDaemonClient) req;
@@ -90,12 +102,20 @@
 
 			// set timeout from Git daemon
 			timeout = client.getDaemon().getTimeout();
+
+			transport = Transport.GIT;
 		} else if (req instanceof SshDaemonClient) {
 			// SSH request is always authenticated
 			SshDaemonClient client = (SshDaemonClient) req;
 			repositoryName = client.getRepositoryName();
 			origin = client.getRemoteAddress().toString();
 			user = client.getUser();
+
+			transport = Transport.SSH;
+		}
+
+		if (!acceptPush(transport)) {
+			throw new ServiceNotAuthorizedException();
 		}
 
 		boolean allowAnonymousPushes = settings.getBoolean(Keys.git.allowAnonymousPushes, false);
@@ -125,4 +145,30 @@
 
 		return rp;
 	}
+
+	protected boolean acceptPush(Transport byTransport) {
+		if (byTransport == null) {
+			logger.info("Unknown transport, push rejected!");
+			return false;
+		}
+
+		Set<Transport> transports = new HashSet<Transport>();
+		for (String value : gitblit.getSettings().getStrings(Keys.git.acceptedPushTransports)) {
+			Transport transport = Transport.fromString(value);
+			if (transport == null) {
+				logger.info(String.format("Ignoring unknown registered transport %s", value));
+				continue;
+			}
+
+			transports.add(transport);
+		}
+
+		if (transports.isEmpty()) {
+			// no transports are explicitly specified, all are acceptable
+			return true;
+		}
+
+		// verify that the transport is permitted
+		return transports.contains(byTransport);
+	}
 }
\ No newline at end of file

--
Gitblit v1.9.1