[Fusionforge-commits] FusionForge branch 6.0 updated. 83e5e2349010b147da7be2a5c343f79140ab663d

Sylvain Beucler beuc-inria at fusionforge.org
Thu Feb 19 16:15:56 CET 2015


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, 6.0 has been updated
       via  83e5e2349010b147da7be2a5c343f79140ab663d (commit)
       via  cf688c3e46bdcad43464eb5e697dfe4c7725dce3 (commit)
       via  2c98e2eaca6cff1f8da8520980ff4be7b932c57c (commit)
      from  abd4f06ed59f5b60e980e10b0c9c085e9b52ca09 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 83e5e2349010b147da7be2a5c343f79140ab663d
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Thu Feb 19 16:13:44 2015 +0100

    scmsvn: update httpd conf comments

diff --git a/src/plugins/scmsvn/etc/httpd.conf.d/05-config-macros-scmsvn.conf b/src/plugins/scmsvn/etc/httpd.conf.d/05-config-macros-scmsvn.conf
index 218b88f..95a33c7 100644
--- a/src/plugins/scmsvn/etc/httpd.conf.d/05-config-macros-scmsvn.conf
+++ b/src/plugins/scmsvn/etc/httpd.conf.d/05-config-macros-scmsvn.conf
@@ -2,12 +2,13 @@
 <Location /authscm/$user/svn>
   DAV svn
   SVNParentPath {scmsvn/repos_path}
-  # only authenticated users may access the repository
+  # Note: ^ this need to be in the macro, doesn't work in a LocationMatch
+  # Only authenticated users may access the repository:
   Require user $user
-  # Note: AuthzSVNAccessFile would have priority over this so don't use it
-</Location>
-<Location /authscm/$user/viewvc>
-  # TODO: let's find a way to authenticate from viewvc.php
-  #Require user $user
+  # Note: ^ AuthzSVNAccessFile would have priority over this so don't use it
 </Location>
+# Authentified via cookie in viewvc.php:
+#<Location /authscm/$user/viewvc>
+#  Require user $user
+#</Location>
 </Macro>
diff --git a/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc b/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc
index 1bc20d2..a4b9f60 100644
--- a/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc
+++ b/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc
@@ -1,3 +1,4 @@
+# Read-only access for public repos
 <Location /anonscm/svn/>
   DAV svn
   SVNParentPath {scmsvn/repos_path}
@@ -6,6 +7,7 @@
   </LimitExcept>
 </Location>
 
+# Authentification for macro 'ScmsvnUser'
 <LocationMatch "^/authscm/[^/]+/svn">
   # how to authenticate a user
   AuthType Basic
@@ -15,19 +17,19 @@
   #AuthzSVNAccessFile {core/data_path}/svnroot-access
 </LocationMatch>
 
-<LocationMatch "^/authscm/[^/]+/viewvc">
-  # TODO: let's find a way to authenticate from viewvc.php
-  #AuthType Basic
-  #AuthName "SCM for FusionForge"
-  #AuthUserFile {core/data_path}/svnroot-authfile
-</LocationMatch>
-
+# ViewVC
+# Authentified via cookie in viewvc.php:
+#<LocationMatch "^/authscm/[^/]+/viewvc">
+#  AuthType Basic
+#  AuthName "SCM for FusionForge"
+#  AuthUserFile {core/data_path}/svnroot-authfile
+#</LocationMatch>
 ScriptAlias /anonscm/viewvc {core/source_path}/plugins/scmsvn/cgi-bin/viewvc.cgi
 ScriptAliasMatch ^/authscm/[^/]+/viewvc(.*) {core/source_path}/plugins/scmsvn/cgi-bin/viewvc.cgi$1
+#Alias /doc/viewvc /usr/share/viewvc/docroot
 <Directory {core/source_path}/plugins/scmsvn/cgi-bin>
   Require all granted
 </Directory>
-#Alias /doc/viewvc /usr/share/viewvc/docroot
 
 # Redirect URLs from FF < 6.0
 <IfModule mod_authz_svn.c>

commit cf688c3e46bdcad43464eb5e697dfe4c7725dce3
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Thu Feb 19 15:22:02 2015 +0100

    scmsvn: viewvc: support compression

diff --git a/src/plugins/scmsvn/cgi-bin/viewvc.cgi b/src/plugins/scmsvn/cgi-bin/viewvc.cgi
index 1838db9..4dc69d7 100755
--- a/src/plugins/scmsvn/cgi-bin/viewvc.cgi
+++ b/src/plugins/scmsvn/cgi-bin/viewvc.cgi
@@ -45,6 +45,7 @@ import subprocess
 
 # Get repo path from FusionForge config
 # couldn't find any way to disable compression in forge_get_config/PHP >(
+encoding = os.environ['HTTP_ACCEPT_ENCODING']
 if 'HTTP_ACCEPT_ENCODING' in os.environ: del os.environ['HTTP_ACCEPT_ENCODING']
 repos_path = subprocess.check_output(['forge_get_config', 'repos_path', 'scmsvn']).rstrip()
 cfg.general.root_parents = [repos_path+': svn']
@@ -72,6 +73,7 @@ except Exception, e:
   print e
   #raise
   sys.exit(1)
+if encoding != None: os.environ['HTTP_ACCEPT_ENCODING'] = encoding
 
 # Pretend we're running on the source host
 os.environ['SCRIPT_NAME'] = '/scm/viewvc.php'
diff --git a/src/www/scm/viewvc.php b/src/www/scm/viewvc.php
index ff6f1a9..0523b12 100644
--- a/src/www/scm/viewvc.php
+++ b/src/www/scm/viewvc.php
@@ -112,6 +112,7 @@ if ($external_scm) {
 		curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);  // for session validation
 		curl_setopt($ch, CURLOPT_HTTPHEADER,
 					array('Accept-Language: '.$_SERVER['HTTP_ACCEPT_LANGUAGE'],  // for i18n
+						  'Accept-Encoding: '.$_SERVER['HTTP_ACCEPT_ENCODING'],  // for compression
 						  'X-Forwarded-For: '.$_SERVER['REMOTE_ADDR']));  // for session validation
 		$content = curl_exec($ch);
 		if ($content === false) {
@@ -153,8 +154,8 @@ if (count($exploded_content) > 1) {
 			$content_type = $matches[2];
 			if (isset($matches[4])) $charset = $matches[4];
 			// we'll validate content-type or transcode body below
-		} else if (preg_match('/^Transfer-Encoding:/', $header)) {
-			// skip headers like "Transfer-Encoding: chunked" which cause issue in the user browser
+		} else if (preg_match('/^Transfer-Encoding: chunked/', $header)) {
+			// curl already de-chuncked the body
 		} else {
 			header($header);
 		}

commit 2c98e2eaca6cff1f8da8520980ff4be7b932c57c
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Thu Feb 19 15:17:33 2015 +0100

    svnscm: viewvc: authentify user through cookie checked against a basic web service (instead of using sudo)

diff --git a/src/plugins/scmsvn/cgi-bin/viewvc.cgi b/src/plugins/scmsvn/cgi-bin/viewvc.cgi
index 4c51a76..1838db9 100755
--- a/src/plugins/scmsvn/cgi-bin/viewvc.cgi
+++ b/src/plugins/scmsvn/cgi-bin/viewvc.cgi
@@ -28,7 +28,7 @@ for pat in CONF_GLOBS:
     break
 #CONF_PATHNAME = os.path.dirname(__filename__) + '/viewvc.conf'
 
-#print "Content-type: text/plain\n\n";
+#print "Content-type: text/plain\n";
 #print os.popen('id').read()
 #print os.environ
 #sys.exit(0)
@@ -51,15 +51,26 @@ cfg.general.root_parents = [repos_path+': svn']
 
 # Authentify request
 try:
-  # TODO: itk prevents sudo from gaining privileges, let's try with something else
-  # p = subprocess.Popen(['sudo', 'forge_check_cookie'], stdin=subprocess.PIPE)
-  #p.communicate(os.environ.get('HTTP_COOKIE', ''))
-  #if p.returncode != 0:
-  #  raise Exception('Unauthorized')
-  pass  # no auth for now
+  web_host = subprocess.check_output(['forge_get_config', 'web_host']).rstrip()
+  import pycurl
+  from StringIO import StringIO
+  buffer = StringIO()
+  c = pycurl.Curl()
+  c.setopt(c.URL, 'https://' + web_host + '/account/check_forwarded_session.php')
+  c.setopt(c.SSL_VERIFYPEER, False)
+  c.setopt(c.COOKIE, os.environ.get('HTTP_COOKIE', ''))
+  c.setopt(c.USERAGENT, os.environ.get('HTTP_USER_AGENT', ''))
+  c.setopt(c.HTTPHEADER, ['X-Forwarded-For: '+os.environ.get('HTTP_X_FORWARDED_FOR', '')])
+  c.setopt(c.WRITEDATA, buffer)
+  c.perform()
+  c.close()
+  body = buffer.getvalue()
+  if body != 'OK':
+    raise Exception('Unauthorized')
 except Exception, e:
-  print "Content-type: text/plain\n\n";
+  print "Content-type: text/plain\n";
   print e
+  #raise
   sys.exit(1)
 
 # Pretend we're running on the source host
diff --git a/src/www/account/check_forwarded_session.php b/src/www/account/check_forwarded_session.php
new file mode 100644
index 0000000..2f53ef4
--- /dev/null
+++ b/src/www/account/check_forwarded_session.php
@@ -0,0 +1,28 @@
+<?php
+/**
+ * Check if cookie forwarded by e.g. our ViewVC wrapper is valid
+ *
+ * Copyright (C) 2015  Inria (Sylvain Beucler)
+ *
+ * This file is part of FusionForge. FusionForge is free software;
+ * you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the Licence, or (at your option)
+ * any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with FusionForge; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+require_once '../env.inc.php';
+
+$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
+require_once $gfcommon.'include/pre.php';
+
+echo session_loggedin() ? 'OK' : 'KO';
diff --git a/src/www/scm/viewvc.php b/src/www/scm/viewvc.php
index f1c9480..ff6f1a9 100644
--- a/src/www/scm/viewvc.php
+++ b/src/www/scm/viewvc.php
@@ -108,7 +108,11 @@ if ($external_scm) {
 		curl_setopt($ch, CURLOPT_URL, $script_url);
 		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
-		curl_setopt($ch, CURLOPT_COOKIE, $_SERVER['HTTP_COOKIE']);
+		curl_setopt($ch, CURLOPT_COOKIE, $_SERVER['HTTP_COOKIE']);  // for session validation
+		curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);  // for session validation
+		curl_setopt($ch, CURLOPT_HTTPHEADER,
+					array('Accept-Language: '.$_SERVER['HTTP_ACCEPT_LANGUAGE'],  // for i18n
+						  'X-Forwarded-For: '.$_SERVER['REMOTE_ADDR']));  // for session validation
 		$content = curl_exec($ch);
 		if ($content === false) {
 			exit_error("Error fetching $script_url : " . curl_error($ch), 'summary');

-----------------------------------------------------------------------

Summary of changes:
 src/plugins/scmsvn/cgi-bin/viewvc.cgi              |   29 ++++++++++++++------
 .../etc/httpd.conf.d/05-config-macros-scmsvn.conf  |   13 +++++----
 .../scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc      |   18 ++++++------
 .../check_forwarded_session.php}                   |   10 +++----
 src/www/scm/viewvc.php                             |   11 ++++++--
 5 files changed, 51 insertions(+), 30 deletions(-)
 copy src/www/{themes/index.php => account/check_forwarded_session.php} (79%)


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list