gwvplib/gwvpgitcontrol.php

   1 <?php
   2
   3 $CALL_ME_FUNCTIONS["gitcontrol"] = "gwvp_gitControlCallMe";
   4
   5 //$MENU_ITEMS["20repos"]["text"] = "Repo Admin";
   6 //$MENU_ITEMS["20repos"]["link"] = "$BASE_URL/admin/repos";
   7
   8 function gwvp_gitControlCallMe()
   9 {
  10         if(isset($_REQUEST["q"])) {
  11                 $query = $_REQUEST["q"];
  12                 $qspl = explode("/", $query);
  13                 if(isset($qspl[0])) {
  14                         if($qspl[0] == "git") {
  15                                 return "gwvp_gitBackendInterface";
  16                         }
  17                 }
  18                 else return false;
  19         }
  20
  21         return false;
  22
  23 }
  24
  25 function gwvp_repoPermissionCheck($repo, $user)
  26 {
  27         return true;
  28 }
  29
  30 function gwvp_gitBackendInterface_new()
  31 {
  32         // and this is where i re-code the git backend interface from scratch
  33         global $repo_base, $BASE_URL;
  34
  35
  36         $repo = "";
  37         $newloc = "/";
  38         if(isset($_REQUEST["q"])) {
  39                 $query = $_REQUEST["q"];
  40                 $qspl = explode("/", $query);
  41                 $repo = $qspl[1];
  42                 for($i=2; $i < count($qspl); $i++) {
  43                         $newloc .= "/".$qspl[$i];
  44                 }
  45         }
  46
  47
  48 }
  49
  50
  51 function gwvp_gitBackendInterface()
  52 {
  53         global $repo_base, $BASE_URL;
  54
  55
  56         $repo = "";
  57         $newloc = "/";
  58         if(isset($_REQUEST["q"])) {
  59                 $query = $_REQUEST["q"];
  60                 $qspl = explode("/", $query);
  61                 $repo = $qspl[1];
  62                 for($i=2; $i < count($qspl); $i++) {
  63                         $newloc .= "/".$qspl[$i];
  64                 }
  65         }
  66
  67         $actual_repo_name = preg_replace("/\.git$/", "", $repo);
  68
  69         $user = gwvp_checkBasicAuthLogin();
  70
  71         if(!$user) {
  72                 error_log("User is set to false, so its anonymouse");
  73         } else {
  74                 error_log("user is $user");
  75         }
  76
  77         // must remember that $user of false is anonymous when we code gwvp_repoPerm'sCheck()
  78         if(!gwvp_repoPermissionCheck($actual_repo_name, $user)) {
  79                 error_log("perms check fails - start auth");
  80                 if(isset($_SERVER["PHP_AUTH_USER"])) {
  81                         error_log("have auth - push 403");
  82                         gwvp_fourZeroThree();
  83                 } else {
  84                         error_log("push auth");
  85                         gwvp_AskForBasicAuth();
  86                         return;
  87                 }
  88         }
  89
  90         // we need to quite a bit of parsing in here. The "repo" will always be /git/repo.git
  91         // but if we get here from a browser, we need to forward back to a normal repo viewer
  92         // the only way i can think of doing this is to check the useragent for the word "git"
  93
  94         /*
  95          * here we need to
  96          * 1) figure out the repo its acessing
  97          * 2) figure out the perms on the repo
  98          * 3) determine if its a pull or a push
  99          * - if its a pull, we just serve straight from the fs
 100          * - if its a push, we go thru git-http-backend
 101          * 4) if it requiers auth, we push to auth
 102          *
 103          */
 104         $agent = "git-unknown";
 105         $isgitagent = false;
 106
 107         // tested the user agent bit with jgit from eclipse and normal git... seems to work
 108         if(isset($_SERVER["HTTP_USER_AGENT"])) {
 109                 $agent = $_SERVER["HTTP_USER_AGENT"];
 110                 error_log("in git backend with user agent $agent");
 111                 if(stristr($agent, "git")!==false) {
 112                         $isgitagent = true;
 113                 }
 114         }
 115
 116
 117
 118         /* dont need this code right now
 119         if($isgitagent) echo "GIT: i am a git backened interface for a repo $repo, agent $agent";
 120         else echo "NOT GIT: i am a git backened interface for a repo $repo, agent $agent";
 121         */
 122
 123         // now we need to rebuild the actual request or do we?
 124         //$basegit = "$BASE_URL/git/something.git";
 125         //$newloc = preg_replace("/^$basegit/", "", $_SERVER["REQUEST_URI"]);
 126         chdir("$repo_base/$repo");
 127         exec("/usr/bin/git update-server-info");
 128
 129         if($_SERVER["REQUEST_METHOD"] == "POST") {
 130                         gwvp_AskForBasicAuth();
 131                         gwvp_callGitBackend($repo);
 132                         return;
 133         }
 134
 135         if(isset($_REQUEST["service"])) {
 136                 if($_REQUEST["service"] == "git-receive-pack") {
 137                         // we are a write call - we need auth and we're going to the backend proper
 138                         gwvp_AskForBasicAuth();
 139                         gwvp_callGitBackend($repo);
 140                         return;
 141                 }
 142         }
 143
 144
 145         if(file_exists("$repo_base/$repo/$newloc")) {
 146                 error_log("would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc");
 147                 $fh = fopen("$repo_base/$repo/$newloc", "rb");
 148
 149                 error_log("pushing file");
 150                 while(!feof($fh)) {
 151                         echo fread($fh, 8192);
 152                 }
 153         } else {
 154                 echo "would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc, NE";
 155                 header('HTTP/1.0 404 No Such Thing');
 156                 return;
 157         }
 158 }
 159
 160
 161 function gwvp_callGitBackend($repo)
 162 {
 163         // this is where things become a nightmare
 164                 $fh   = fopen('php://input', "r");
 165
 166                 $ruri = $_SERVER["REQUEST_URI"];
 167                 $strrem = "git/$repo";
 168                 $euri = str_replace($strrem, "", $_REQUEST["q"]);
 169                 //$euri = preg_replace("/^git\/$repo\.git/", "", $_REQUEST["q"]);
 170
 171
 172
 173                 $rmeth = $_SERVER["REQUEST_METHOD"];
 174
 175                 $qs = "";
 176                 foreach($_REQUEST as $key => $var) {
 177                         if($key != "q") {
 178                                 //error_log("adding, $var from $key");
 179                                 if($qs == "") $qs.="$key=$var";
 180                                 else $qs.="&$key=$var";
 181                         }
 182                 }
 183
 184                 //sleep(2);
 185
 186
 187
 188                 // this is where the fun, it ends.
 189                 $myoutput = "";
 190                 unset($myoutput);
 191
 192                 // this be nasty!
 193
 194                 // setup env
 195                 if(isset($procenv))     unset($procenv);
 196                 $procenv["GATEWAY_INTERFACE"] = "CGI/1.1";
 197                 $procenv["PATH_TRANSLATED"] = "/tmp/$repo/$euri";
 198                 $procenv["REQUEST_METHOD"] = "$rmeth";
 199                 $procenv["GIT_HTTP_EXPORT_ALL"] = "1";
 200                 $procenv["QUERY_STRING"] = "$qs";
 201                 $procenv["HTTP_USER_AGENT"] = "git/1.7.1";
 202                 $procenv["REMOTE_USER"] = "user";
 203                 $procenv["REMOTE_ADDR"] = "1.2.3.4";
 204                 $procenv["AUTH_TYPE"] = "Basic";
 205
 206                 if(isset($_SERVER["CONTENT_TYPE"])) {
 207                         $procenv["CONTENT_TYPE"] = $_SERVER["CONTENT_TYPE"];
 208                 } else {
 209                         //$procenv["CONTENT_TYPE"] = "";
 210                 }
 211                 if(isset($_SERVER["CONTENT_LENGTH"])) {
 212                         $procenv["CONTENT_LENGTH"] = $_SERVER["CONTENT_LENGTH"];
 213                 }
 214
 215                 error_log("path trans'd is /tmp/$repo/$euri from $ruri with ".$_REQUEST["q"]." $strrem");
 216
 217
 218
 219
 220                 $pwd = "/tmp/";
 221
 222                 $proc = proc_open("/usr/lib/git-core/git-http-backend", array(array("pipe","rb"),array("pipe","wb"),array("file","/tmp/err", "a")), $pipes, $pwd, $procenv);
 223
 224                 $untilblank = false;
 225                 while(!$untilblank&&!feof($pipes[1])) {
 226                         $lines_t = fgets($pipes[1]);
 227                         $lines = trim($lines_t);
 228                         error_log("got line: $lines");
 229                         if($lines_t == "\r\n") {
 230                                 $untilblank = true;
 231                                 error_log("now blank");
 232                         } else header($lines);
 233                         if($lines === false) {
 234                                 error_log("got an unexpexted exit...");
 235                                 exit(0);
 236                         }
 237
 238                 }
 239
 240
 241                 $firstline = true;
 242                 $continue = true;
 243
 244                 if(!stream_set_blocking($fh,0)) {
 245                         error_log("cant set input non-blocking");
 246                 }
 247
 248                 if(!stream_set_blocking($pipes[1],0)) {
 249                         error_log("cant set pipe1 non-blocking");
 250                 }
 251
 252                 // i was going to use stream_select, but i feel this works better like this
 253                 while($continue) {
 254                         // do client
 255                         if(!feof($fh)) {
 256                                 $from_client_data = fread($fh,8192);
 257                                 if($from_client_data !== false) fwrite($pipes[0], $from_client_data);
 258                                 fflush($pipes[0]);
 259                                 //fwrite($fl, $from_client_data);
 260                                 $client_len = strlen($from_client_data);
 261                         } else {
 262                                 error_log("client end");
 263                                 $client_len = 0;
 264                         }
 265
 266                         // do cgi
 267                         // sometimes, we get a \r\n from the cgi, i do not know why she swallowed the fly,
 268                         // but i do know that the fgets for the headers above should have comsued that
 269                         if(!feof($pipes[1])) {
 270                                 $from_cgi_data_t = fread($pipes[1],8192);
 271                                 $from_cgi_data = $from_cgi_data_t;
 272
 273                                 // i dont know if this will solve it... it coudl cause some serious issues elsewhere
 274                                 // TODO: this is a hack, i need to know why the fgets above doesn consume the \r\n even tho it reads it
 275                                 // i.e. why the pointer doesnt increment over it, cause the freads above then get them again.
 276                                 if($firstline) {
 277                                         if(strlen($from_cgi_data_t)>0) {
 278                                                 // i dont get why this happens, and its very frustrating.. im not sure if its a bug in php
 279                                                 // or something the git-http-backend thing is doing..
 280                                                 // TODO: find out why this happens
 281                                                 $from_cgi_data = preg_replace("/^\r\n/", "", $from_cgi_data_t);
 282                                                 if(strlen($from_cgi_data)!=strlen($from_cgi_data_t)) {
 283                                                         error_log("MOOOKS - we did trunc");
 284                                                 } else {
 285                                                         error_log("MOOOKS - we did not trunc");
 286                                                 }
 287                                                 $firstline = false;
 288                                         }
 289                                 }
 290
 291                                 if($from_cgi_data !== false) {
 292                                         echo $from_cgi_data;
 293                                         flush();
 294                                 }
 295                                 $cgi_len = strlen($from_cgi_data);
 296                         } else {
 297                                 error_log("cgi end");
 298                                 $cgi_len = 0;
 299                         }
 300
 301                         if(feof($pipes[1])) $continue = false;
 302                         else {
 303                                 if($client_len == 0 && $cgi_len == 0) {
 304                                         usleep(200000);
 305                                         error_log("sleep tick");
 306                                 } else {
 307                                         error_log("sizes: $client_len, $cgi_len");
 308                                         if($cgi_len > 0) {
 309                                                 error_log("from cgi: \"$from_cgi_data\"");
 310                                         }
 311                                 }
 312                         }
 313
 314                 }
 315
 316
 317                 //fclose($fl);
 318                 fclose($fh);
 319                 fclose($pipes[1]);
 320                 fclose($pipes[0]);
 321 }
 322
 323
 324
 325 function gwvp_repoExists($name)
 326 {
 327         global $repo_base;
 328
 329         if(file_exists("$repo_base/$name.git")) return true;
 330         else return false;
 331 }
 332
 333 // default perms:
 334 // 0 - anyone can clone/read, only owner can write
 335 // 1 - noone can clone/read, repo is visible (i.e. name), only owner can read/write repo
 336 // 2 - only owner can see anything
 337 function gwvp_createGitRepo($name, $ownerid, $desc, $bundle=null, $defaultperms=0)
 338 {
 339         global $repo_base;
 340
 341         // phew, this works, but i tell you this - bundles arent quite as nice as they should be
 342         if($bundle == null) {
 343                 error_log("would create $repo_base/$name.git");
 344                 exec("/usr/bin/git init $repo_base/$name.git --bare > /tmp/gitlog 2>&1");
 345                 chdir("$repo_base/$name.git");
 346                 exec("/usr/bin/git update-server-info");
 347         } else {
 348                 error_log("create via mirror on $repo_base/$name.git");
 349                 exec("/usr/bin/git clone --mirror $bundle $repo_base/$name.git > /tmp/gitlog 2>&1");
 350                 chdir("$repo_base/$name.git");
 351                 exec("/usr/bin/git update-server-info");
 352         }
 353
 354         // gwvp_AddRepo($reponame, $repodesc, $repoowner, $defaultperms = 0)
 355         gwvp_AddRepo($name, $desc, $ownerid, $defaultperms);
 356
 357         return true;
 358 }
 359
 360 // this funciton returns one of three things, read, visible, write, none
 361 // as
 362 // 0 - none
 363 // 1 - visible
 364 // 2 - read
 365 // 3 - write
 366 function gwvp_resolvRepoPerms($userid, $repoid)
 367 {
 368         $ownerid = gwvp_getRepoOwner($repoid);
 369         $isadmin = gwvp_IsUserAdmin(null, null, $userid);
 370
 371         if($isadmin) return 3;
 372
 373         if($userid == $ownerid) return 3;
 374
 375         // now we load the perms table and pray
 376         $repoperms = gwvp_getRepoPermissions($repoid);
 377         $usergroups = gwvp_getGroupsForUser(null, $userid);
 378
 379         $maxperm = 0;
 380         foreach($repoperms as $perm) {
 381                 // need to go thru each perm, then check it agains the user we're trying to figure
 382                 // the perms on
 383
 384
 385         }
 386 }
 387
 388 ?>