[Fusionforge-commits] FusionForge branch 6.0 updated. 79c2b02baab87224d82e5e084e0e1139c2ef481c

Sylvain Beucler beuc-inria at fusionforge.org
Wed Feb 18 15:49:27 CET 2015


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, 6.0 has been updated
       via  79c2b02baab87224d82e5e084e0e1139c2ef481c (commit)
      from  9bb37b26886e26932ee85f1f40245cc9074b1a86 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 79c2b02baab87224d82e5e084e0e1139c2ef481c
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Wed Feb 18 15:48:03 2015 +0100

    scmsvn: itk blocks sudo, so attempting to the idea to validate session cookie through a sudo'd wrapper can't be implemented :(
    [cgi:error] [pid XXXX] [client X.X.X.X:XXXXX] AH01215: sudo: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted

diff --git a/src/plugins/scmsvn/cgi-bin/viewvc.cgi b/src/plugins/scmsvn/cgi-bin/viewvc.cgi
index bc24232..f18f187 100755
--- a/src/plugins/scmsvn/cgi-bin/viewvc.cgi
+++ b/src/plugins/scmsvn/cgi-bin/viewvc.cgi
@@ -33,18 +33,32 @@ for pat in CONF_GLOBS:
 #print os.environ
 #sys.exit(0)
 
+
 import sapi
 import viewvc
 
 server = sapi.CgiServer()
 cfg = viewvc.load_config(CONF_PATHNAME, server)
 
+
+import subprocess
+
 # Get repo path from FusionForge config
 # couldn't find any way to disable compression in forge_get_config/PHP >(
 if 'HTTP_ACCEPT_ENCODING' in os.environ: del os.environ['HTTP_ACCEPT_ENCODING']
-repos_path = os.popen('forge_get_config repos_path scmsvn').read().rstrip()  # '/srv/svn'
+repos_path = subprocess.check_output(['forge_get_config', 'repos_path', 'scmsvn']).rstrip()
 cfg.general.root_parents = [repos_path+': svn']
 
+# Authentify request
+try:
+  p = subprocess.Popen(['sudo', 'forge_check_cookie'], stdin=subprocess.PIPE)
+  p.communicate(os.environ.get('HTTP_COOKIE', ''))
+  if p.returncode != 0:
+    raise Exception('Unauthorized')
+except Exception, e:
+  print "Content-type: text/plain\n\n";
+  print e
+  sys.exit(1)
 
 os.environ['SCRIPT_NAME'] = '/scm/viewvc.php'
 cfg.general.address = 'root@' + os.environ['HTTP_HOST']
diff --git a/src/www/scm/viewvc.php b/src/www/scm/viewvc.php
index 4fa6cca..9e9d59c 100644
--- a/src/www/scm/viewvc.php
+++ b/src/www/scm/viewvc.php
@@ -94,14 +94,20 @@ if ($external_scm) {
 	else
 		$server_script = '/authscm/'.$u->getUnixName().'/viewvc';
 	// pass the parameters passed to this script to the remote script in the same fashion
-	$script_url = "http://" . $scm_box . $server_script
+	$protocol = forge_get_config('use_ssl', 'scmsvn')? 'https://' : 'http://';
+	$script_url = $protocol . $scm_box . $server_script
 		. (isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : '/')
 		. '?' . $_SERVER["QUERY_STRING"];
 	$ch = curl_init();
 	curl_setopt($ch, CURLOPT_HEADER, true);
 	curl_setopt($ch, CURLOPT_URL, $script_url);
 	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+	curl_setopt($ch, CURLOPT_COOKIE, $_SERVER['HTTP_COOKIE']);
 	$content = curl_exec($ch);
+	if ($content === false) {
+		exit_error("Error fetching $script_url : " . curl_error($ch), 'summary');
+	}
 	curl_close($ch);
 } else {
 	// Call to ViewCVS CGI locally (see viewcvs_utils.php)

-----------------------------------------------------------------------

Summary of changes:
 src/plugins/scmsvn/cgi-bin/viewvc.cgi |   16 +++++++++++++++-
 src/www/scm/viewvc.php                |    8 +++++++-
 2 files changed, 22 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list