Indefero

Indefero Commit Details


Date:2009-01-19 13:44:03 (15 years 11 months ago)
Author:Loic d'Anterroches
Branch:dev, develop, feature-issue_links, feature.better-home, feature.content-md5, feature.diff-whitespace, feature.download-md5, feature.issue-links, feature.issue-of-others, feature.issue-summary, feature.search-filter, feature.webrepos, feature.wiki-default-page, master, release-1.1, release-1.2, release-1.3
Commit:941a4951442a628a47dcefb4d0190699bacf71f7
Parents: b2ec9bb9e88fb2424276d2773035363fcc86f21f
Message:Added the bulk of the access control to the git repositories.
Changes:

File differences

scripts/gitcron.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<?php
/* -*- tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
# ***** BEGIN LICENSE BLOCK *****
# This file is part of InDefero, an open source project management application.
# Copyright (C) 2008 Céondo Ltd and contributors.
#
# InDefero is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# InDefero is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# ***** END LICENSE BLOCK ***** */
/**
* This script is used to control the access to the git repositories
* using a restricted shell access.
*
* The only argument must be the login of the user.
*/
// Set the include path to have Pluf and IDF in it.
$indefero_path = dirname(__FILE__).'/../src';
//$pluf_path = '/path/to/pluf/src';
set_include_path(get_include_path()
.PATH_SEPARATOR.$indefero_path
// .PATH_SEPARATOR.$pluf_path
);
require 'Pluf.php';
Pluf::start(dirname(__FILE__).'/../src/IDF/conf/idf.php');
Pluf_Dispatcher::loadControllers(Pluf::f('idf_views'));
IDF_Plugin_SyncGit_Cron::main();
scripts/gitserve.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#!/usr/bin/env python
GITSERVEPHP='/home/loa/Projects/indefero/scripts/gitserve.php'
# ***** BEGIN LICENSE BLOCK *****
# This file is part of InDefero, an open source project management application.
# Copyright (C) 2008 Céondo Ltd and contributors.
#
# InDefero is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# InDefero is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# ***** END LICENSE BLOCK ***** */
import os
import sys
import commands
status, output = commands.getstatusoutput('php %s %s' % (GITSERVEPHP, sys.argv[1]))
if status == 0:
os.execvp('git', ['git', 'shell', '-c', output.strip()])
else:
sys.stderr.write("%s\n" % output)
sys.exit(1)
src/IDF/Plugin/SyncGit/Cron.php
2929
3030
3131
32
33
32
3433
3534
3635
......
3837
3938
4039
41
42
40
4341
4442
4543
......
4846
4947
5048
49
5150
5251
5352
......
5756
5857
5958
59
60
61
62
63
64
65
66
67
68
69
70
6071
/**
* Template for the SSH key.
*/
public $template = 'command="%s %s",no-port-forwarding,no-X11-forwarding,'
.'no-agent-forwarding,no-pty %s';
public $template = 'command="php %s %s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s';
/**
* Synchronize.
public static function sync()
{
$template = Pluf::factory(__CLASS__)->template;
$keys = Pluf::factory('IDF_Key')->getList(array('view'=>'join_user'));
$cmd = Pluf::f('idf_plugin_syncgit_path_gitserve', '/bin/false');
$cmd = Pluf::f('idf_plugin_syncgit_path_gitserve', '/dev/null');
$authorized_keys = Pluf::f('idf_plugin_syncgit_path_authorized_keys', false);
if (false == $authorized_keys) {
throw new Pluf_Exception_SettingError('Setting git_path_authorized_keys not set.');
throw new Exception('Cannot create file: '.$authorized_keys);
}
$out = '';
$keys = Pluf::factory('IDF_Key')->getList(array('view'=>'join_user'));
foreach ($keys as $key) {
if (strlen($key->content) > 40 // minimal check
and preg_match('/^[a-zA-Z][a-zA-Z0-9_.-]*(@[a-zA-Z][a-zA-Z0-9.-]*)?$/', $key->login)) {
}
file_put_contents($authorized_keys, $out, LOCK_EX);
}
/**
* Check if a sync is needed.
*
*/
public static function main()
{
if (file_exists(Pluf::f('idf_plugin_syncgit_sync_file'))) {
@unlink(Pluf::f('idf_plugin_syncgit_sync_file'));
self::sync();
}
}
}
src/IDF/Plugin/SyncGit/Serve.php
104104
105105
106106
107
108
109
107
108
110109
111
110
112111
113112
114
115
113
116114
117115
118116
......
120118
121119
122120
123
124
121
125122
126
127
128
129
130
131
123
124
132125
133126
134127
......
164157
165158
166159
160
161
167162
168163
169164
......
178173
179174
180175
176
177
178
179
180
181
182
183
184
185
186
181187
182188
183189
*/
public static function main($argv, $env)
{
if (count($argv) != 1) {
print('Missing argument USER.');
exit(1);
if (count($argv) != 2) {
self::fatalError('Missing argument USER.');
}
$username = $argv[0];
$username = $argv[1];
umask(0022);
if (!isset($env['SSH_ORIGINAL_COMMAND'])) {
print('Need SSH_ORIGINAL_COMMAND in environment.');
exit(1);
self::fatalError('Need SSH_ORIGINAL_COMMAND in environment.');
}
$cmd = $env['SSH_ORIGINAL_COMMAND'];
chdir(Pluf::f('idf_plugin_syncgit_git_home_dir', '/home/git'));
try {
$new_cmd = $serve->serve($username, $cmd);
} catch (Exception $e) {
print($e->getMessage());
exit(1);
self::fatalError($e->getMessage());
}
passthru(sprintf('git shell -c %s', $new_cmd), $res);
if ($res != 0) {
print('Cannot execute git-shell.');
exit(1);
}
exit();
print $new_cmd;
exit(0);
}
/**
$user = $users[0];
$request = new StdClass();
$request->user = $user;
$request->conf = $conf;
$request->project = $project;
if (true === IDF_Precondition::accessTabGeneric($request, 'source_access_rights')) {
if ($mode == 'readonly') {
return array(Pluf::f('idf_plugin_syncgit_base_repositories', '/home/git/repositories'),
}
/**
* Die on a message on stderr.
*
* @param string Message
*/
public static function fatalError($mess)
{
fwrite(STDERR, $mess."\n");
exit(1);
}
/**
* Init a new empty bare repository.
*
* @param string Full path to the repository

Archive Download the corresponding diff file

Page rendered in 0.08202s using 13 queries.