[Fusionforge-commits] FusionForge branch 6.0 updated. f34a552c7295b0da31e4579ba88327a80e318563

Sylvain Beucler beuc-inria at fusionforge.org
Wed Feb 18 14:20:10 CET 2015


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, 6.0 has been updated
       via  f34a552c7295b0da31e4579ba88327a80e318563 (commit)
       via  db3cfd5349b3ec41ec2b2481cd0d497ebed403a2 (commit)
       via  ef9b40857907a1af2c0ee04a6b78d055121103f0 (commit)
      from  c5e4847ff7aaebe70eb4777d9eaf8b37884c45c3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f34a552c7295b0da31e4579ba88327a80e318563
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Wed Feb 18 14:18:42 2015 +0100

    scmsvn: prepare access to viewvc with user privileges (not secure/auth'd yet)

diff --git a/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc b/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc
index 508f5fc..669edfc 100644
--- a/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc
+++ b/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc
@@ -6,6 +6,7 @@
 </IfModule>
 
 ScriptAlias /anonscm/viewvc {core/source_path}/plugins/scmsvn/cgi-bin/viewvc.cgi
+ScriptAliasMatch ^/authscm/[^/]+/viewvc(.*) {core/source_path}/plugins/scmsvn/cgi-bin/viewvc.cgi$1
 <Directory {core/source_path}/plugins/scmsvn/cgi-bin/>
   <IfVersion >= 2.3>
     Require all granted
diff --git a/src/plugins/scmsvn/etc/httpd.conf.d/vhost-scm-plugin-scmsvn.inc b/src/plugins/scmsvn/etc/httpd.conf.d/vhost-scm-plugin-scmsvn.inc
index e0e1c96..fe33bf2 100644
--- a/src/plugins/scmsvn/etc/httpd.conf.d/vhost-scm-plugin-scmsvn.inc
+++ b/src/plugins/scmsvn/etc/httpd.conf.d/vhost-scm-plugin-scmsvn.inc
@@ -1,2 +1,4 @@
-SetEnvIf Request_URI ^/authscm/([^/]+)/svn/ ITKUID=$1
-SetEnvIf Request_URI ^/authscm/([^/]+)/svn/([^/]+)/ ITKGID=$2
+SetEnvIf Request_URI ^/authscm/([^/]+)/svn/ ITKUID=$1 ITKGID=$1
+SetEnvIf Request_URI ^/authscm/([^/]+)/viewvc/ ITKUID=$1 ITKGID=$1
+# Note: when setting ITKUID, the user's groups (project memberships) are added
+# Note: it's important to set ITKGID otherwise it stays 'www-data' and privilege separation is broken
diff --git a/src/www/scm/viewvc.php b/src/www/scm/viewvc.php
index 83bb7c5..4fa6cca 100644
--- a/src/www/scm/viewvc.php
+++ b/src/www/scm/viewvc.php
@@ -86,11 +86,17 @@ if (!forge_check_perm('scm', $Group->getID(), 'read')) {
 	exit_permission_denied('scm');
 }
 
+$unix_name = $Group->getUnixName();
+$u = session_get_user();
 if ($external_scm) {
-	$server_script = '/anonscm/viewvc/';
+	if ($Group->enableAnonSCM())
+		$server_script = '/anonscm/viewvc';
+	else
+		$server_script = '/authscm/'.$u->getUnixName().'/viewvc';
 	// pass the parameters passed to this script to the remote script in the same fashion
-	$script_url = "http://" . $scm_box . '/' . $server_script
-		. @$_SERVER['PATH_INFO'] . '?' . $_SERVER["QUERY_STRING"];
+	$script_url = "http://" . $scm_box . $server_script
+		. (isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : '/')
+		. '?' . $_SERVER["QUERY_STRING"];
 	$ch = curl_init();
 	curl_setopt($ch, CURLOPT_HEADER, true);
 	curl_setopt($ch, CURLOPT_URL, $script_url);
@@ -98,8 +104,6 @@ if ($external_scm) {
 	$content = curl_exec($ch);
 	curl_close($ch);
 } else {
-	$unix_name = $Group->getUnixName();
-
 	// Call to ViewCVS CGI locally (see viewcvs_utils.php)
 
 	// see what type of plugin this project if using
@@ -147,6 +151,7 @@ if (!isset($_GET['view'])) {
 	$_GET['view'] = 'none';
 }
 
+// echo "script_url=$script_url<br />";
 switch ($_GET['view']) {
 	case 'tar':
 	case 'co':

commit db3cfd5349b3ec41ec2b2481cd0d497ebed403a2
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Wed Feb 18 14:17:50 2015 +0100

    scmsvn: prevent forge_get_config from returning garbage (auto-compressed output)

diff --git a/src/plugins/scmsvn/cgi-bin/viewvc.cgi b/src/plugins/scmsvn/cgi-bin/viewvc.cgi
index dc5831a..bc24232 100755
--- a/src/plugins/scmsvn/cgi-bin/viewvc.cgi
+++ b/src/plugins/scmsvn/cgi-bin/viewvc.cgi
@@ -28,6 +28,10 @@ for pat in CONF_GLOBS:
     break
 #CONF_PATHNAME = os.path.dirname(__filename__) + '/viewvc.conf'
 
+#print "Content-type: text/plain\n\n";
+#print os.popen('id').read()
+#print os.environ
+#sys.exit(0)
 
 import sapi
 import viewvc
@@ -35,9 +39,13 @@ import viewvc
 server = sapi.CgiServer()
 cfg = viewvc.load_config(CONF_PATHNAME, server)
 
+# Get repo path from FusionForge config
+# couldn't find any way to disable compression in forge_get_config/PHP >(
+if 'HTTP_ACCEPT_ENCODING' in os.environ: del os.environ['HTTP_ACCEPT_ENCODING']
 repos_path = os.popen('forge_get_config repos_path scmsvn').read().rstrip()  # '/srv/svn'
 cfg.general.root_parents = [repos_path+': svn']
 
+
 os.environ['SCRIPT_NAME'] = '/scm/viewvc.php'
 cfg.general.address = 'root@' + os.environ['HTTP_HOST']
 cfg.options.docroot = '/scm/viewvc/docroot';

commit ef9b40857907a1af2c0ee04a6b78d055121103f0
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Wed Feb 18 14:13:34 2015 +0100

    itk: limit UID/GID range to FusionForge users

diff --git a/src/templates/httpd.conf.d/20-vhosts-scm.conf b/src/templates/httpd.conf.d/20-vhosts-scm.conf
index 7b7579b..d70527b 100644
--- a/src/templates/httpd.conf.d/20-vhosts-scm.conf
+++ b/src/templates/httpd.conf.d/20-vhosts-scm.conf
@@ -17,3 +17,8 @@
   Include {core/config_path}/httpd.conf.d/log.inc
   Include {core/config_path}/httpd.conf.d/ssl-on-scm.inc
 </VirtualHost>
+
+# Limit UID/GID range to FusionForge (not system) users
+# cf. common/include/system/pgsql.class.php
+LimitUIDRange 20000 99999
+LimitGIDRange 10000 99999

-----------------------------------------------------------------------

Summary of changes:
 src/plugins/scmsvn/cgi-bin/viewvc.cgi                   |    8 ++++++++
 src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc   |    1 +
 .../scmsvn/etc/httpd.conf.d/vhost-scm-plugin-scmsvn.inc |    6 ++++--
 src/templates/httpd.conf.d/20-vhosts-scm.conf           |    5 +++++
 src/www/scm/viewvc.php                                  |   15 ++++++++++-----
 5 files changed, 28 insertions(+), 7 deletions(-)


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list