[Fusionforge-commits] FusionForge branch Branch_5_1 updated. acd90ac5fd7d7c0356661bf27de493cb6576e198

Thorsten Glaser mirabilos at fusionforge.org
Wed Feb 27 09:38:54 CET 2013


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, Branch_5_1 has been updated
       via  acd90ac5fd7d7c0356661bf27de493cb6576e198 (commit)
       via  9cae1ad87cb9f8465d303e327acaada1b95f28c0 (commit)
      from  871c173388a6d2f4f3787bde30c035ac010b2708 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit acd90ac5fd7d7c0356661bf27de493cb6576e198
Author: Thorsten Glaser <tg at mirbsd.org>
Date:   Wed Feb 27 09:33:16 2013 +0100

    use util_randbytes() to get six random bytes
    
    it’s computationally, and on the kernel pool, much cheaper than
    openssl_random_pseudo_bytes() which initialises the OpenSSL pool,
    which eats more bytes from the kernel pool

diff --git a/src/common/include/utils.php b/src/common/include/utils.php
index d30aa38..a72a4f6 100644
--- a/src/common/include/utils.php
+++ b/src/common/include/utils.php
@@ -1614,7 +1614,7 @@ function util_create_file_with_contents($path, $contents) {
 function util_mkdtemp($suffix = '', $prefix = 'tmp') {
 	$tempdir = sys_get_temp_dir();
 	for ($i=0; $i<5; $i++) {
-		$id = strtr(base64_encode(openssl_random_pseudo_bytes(6)), '+/', '-_');
+		$id = strtr(base64_encode(util_randbytes(6)), '+/', '-_');
 		$path = "{$tempdir}/{$prefix}{$id}{$suffix}";
 		if (mkdir($path, 0700)) {
 			return $path;

commit 9cae1ad87cb9f8465d303e327acaada1b95f28c0
Author: Thorsten Glaser <tg at mirbsd.org>
Date:   Wed Feb 27 09:26:55 2013 +0100

    use posix_initgroups() to get the user’s group vector
    
    calling 'su' inside createUserRepo() isn’t going to work because
    that function is already run with reduced privilegues; instead,
    if the old user is root use posix_initgroups() to switch the
    group vector to the new user’s and restore root’s later (if the
    old user is not root, we have no way to do that anyway as, in
    my tests, posix_initgroups() only works if the current EUID is
    0); posix_getgroups() can be used to save the old group list,
    but there is no posix_setgroups(), so we need to use this way

diff --git a/src/common/include/utils.php b/src/common/include/utils.php
index 268a016..d30aa38 100644
--- a/src/common/include/utils.php
+++ b/src/common/include/utils.php
@@ -1640,12 +1640,16 @@ function util_sudo_effective_user($username, $function, $params=array()) {
 	if ($userinfo === False) {
 		return False;
 	}
-	if (posix_setegid($userinfo['gid']) && posix_seteuid($userinfo['uid'])) {
+	if (posix_setegid($userinfo['gid']) &&
+	    ($saved_euid != 0 || posix_initgroups($username, $userinfo['gid'])) &&
+	    posix_seteuid($userinfo['uid'])) {
 		$function($params);
 	}
 
 	posix_setegid($saved_egid);
 	posix_seteuid($saved_euid);
+	if ($saved_euid == 0)
+		posix_initgroups("root", 0);
 }
 
 // Local Variables:
diff --git a/src/plugins/scmgit/common/GitPlugin.class.php b/src/plugins/scmgit/common/GitPlugin.class.php
index 6acffea..ce2ce70 100644
--- a/src/plugins/scmgit/common/GitPlugin.class.php
+++ b/src/plugins/scmgit/common/GitPlugin.class.php
@@ -280,7 +280,7 @@ class GitPlugin extends SCMPlugin {
 		$root = $params['root'];
 
 		$repodir = $root . '/users/' .  $user_name . '.git' ;
-		system("su - $user_name -c 'chgrp $unix_group $repodir'");
+		chgrp($repodir, $unix_group);
 		if ($project->enableAnonSCM()) {
 			chmod ($repodir, 02755);
 		} else {

-----------------------------------------------------------------------

Summary of changes:
 src/common/include/utils.php                  |    8 ++++++--
 src/plugins/scmgit/common/GitPlugin.class.php |    2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list