X-Git-Url: http://git.pjr.cc/?p=gwvp.git;a=blobdiff_plain;f=gwvplib%2Fgwvpgitcontrol.php;h=7c34d9b07bfaca1dd2dd98f21b0a9ceeaa726b6a;hp=a59a02b9605efa8e237863083551ef8cd5b38b2f;hb=942b821d861aba1da43ef6c999141853e9f8b3a8;hpb=507bc8f2818a42d751ed6e2e2fc68ee2bde94016 diff --git a/gwvplib/gwvpgitcontrol.php b/gwvplib/gwvpgitcontrol.php index a59a02b..7c34d9b 100644 --- a/gwvplib/gwvpgitcontrol.php +++ b/gwvplib/gwvpgitcontrol.php @@ -6,6 +6,9 @@ $CALL_ME_FUNCTIONS["gitcontrol"] = "gwvp_gitControlCallMe"; //$MENU_ITEMS["20repos"]["link"] = "$BASE_URL/admin/repos"; $HOME_PAGE_PROVIDERS["gitlog"] = "gwvp_GitLogProvider"; +// TODO: we could actually change backend interface such that is +// will respond to any url's that contain "repo.git" rather then +// having to be $BASE_URL/git/repo.git function gwvp_gitControlCallMe() { if(isset($_REQUEST["q"])) { @@ -42,49 +45,79 @@ function gwvp_gitBackendInterface() // TODO: we need to stop passing the repo name around as "repo.git", it needs to be just "repo" + + /* bizare git problem that ignores 403's or continues on with a push despite them + error_log("FLAP for ".$_SERVER["REQUEST_URI"]); + if(isset($_REQUEST)) { + $dump = print_r($_REQUEST, true); + error_log("FLAP, $dump"); + } + if(isset($_SERVER["PHP_AUTH_USER"])) { + error_log("FLAP: donut hole"); + }*/ + + + + $repo = ""; - $repoid = -1; + $repoid = false; $newloc = "/"; if(isset($_REQUEST["q"])) { $query = $_REQUEST["q"]; $qspl = explode("/", $query); - $repo = $qspl[1]; - $repoid = gwvp_resolvRepoPerms($repo); + // TODO do this with + $repo = preg_replace("/\.git$/", "", $qspl[1]); + $repoid = gwvp_GetRepoId($repo); for($i=2; $i < count($qspl); $i++) { $newloc .= "/".$qspl[$i]; } } - if($repoid == -1) { + if($repoid == false) { gwvp_fourZeroFour(); return; } + // we do an update server cause its weird and i cant figure out when it actually needs to happen + chdir("$repo_base/$repo.git"); + exec("/usr/bin/git update-server-info"); + + // so now we have the repo // next we determine if this is a read or a write $write = false; if(isset($_REQUEST["service"])) { if($_REQUEST["service"] == "git-receive-pack") { + error_log("got write as receivepack in post"); $write = true; } } if($_SERVER["REQUEST_METHOD"] == "POST") { $write = true; } + // THIS MAY CAUSE ISSUES LATER ON but we do it cause the git client ignores our 403 when it uses git-receive-pack after an auth + // no, this isnt a solution cause auth'd read attempts will come up as writes... + //if(isset($_SERVER["PHP_AUTH_USER"])) { + //$write = true; + //} // if its a write, we push for authentication if($write) { + error_log("is write attempt, ask for login"); $person = gwvp_checkBasicAuthLogin(); if($person == false) { gwvp_AskForBasicAuth(); return; } else { - $perms = gwvp_resolvRepoPerms($person["id"], $repoid); + error_log("checking perms for $person against $repoid for repo $repo"); + $perms = gwvp_resolvRepoPerms(gwvp_getUserId(null, $person), $repoid); if($perms < 3) { + error_log("perms are $perms and im not allowed"); gwvp_fourZeroThree(); - return; + exit(0); } else { // here we pass to the git backend + error_log("perms are $perms and im allowed"); gwvp_callGitBackend($person["username"], $repo); } } @@ -102,8 +135,10 @@ function gwvp_gitBackendInterface() gwvp_AskForBasicAuth(); return; } else { - $perms = gwvp_resolvRepoPerms($person["id"], $repoid); + $perms = gwvp_resolvRepoPerms(gwvp_getUserId(null, $person), $repoid); if($perms < 3) { + $dump = print_r($person, true); + error_log("in basic read, called 403 for $perms $dump"); gwvp_fourZeroThree(); return; } @@ -111,9 +146,9 @@ function gwvp_gitBackendInterface() } // if we made it this far, we a read and we have permissions to do so, just search the file from the repo - if(file_exists("$repo_base/$repo/$newloc")) { - error_log("would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc"); - $fh = fopen("$repo_base/$repo/$newloc", "rb"); + if(file_exists("$repo_base/$repo.git/$newloc")) { + error_log("would ask $repo for $repo.git/$newloc from $repo_base/$repo.git/$newloc"); + $fh = fopen("$repo_base/$repo.git/$newloc", "rb"); error_log("pushing file"); while(!feof($fh)) { @@ -248,13 +283,13 @@ function gwvp_canManageRepo($userid, $repoid) return false; } -function gwvp_callGitBackend($username, $reponame) +function gwvp_callGitBackend($username, $repo) { // this is where things become a nightmare $fh = fopen('php://input', "r"); $ruri = $_SERVER["REQUEST_URI"]; - $strrem = "git/$repo"; + $strrem = "git/$repo.git"; $euri = str_replace($strrem, "", $_REQUEST["q"]); //$euri = preg_replace("/^git\/$repo\.git/", "", $_REQUEST["q"]); @@ -284,7 +319,7 @@ function gwvp_callGitBackend($username, $reponame) // setup env if(isset($procenv)) unset($procenv); $procenv["GATEWAY_INTERFACE"] = "CGI/1.1"; - $procenv["PATH_TRANSLATED"] = "/tmp/$repo/$euri"; + $procenv["PATH_TRANSLATED"] = "/tmp/$repo.git/$euri"; $procenv["REQUEST_METHOD"] = "$rmeth"; $procenv["GIT_HTTP_EXPORT_ALL"] = "1"; $procenv["QUERY_STRING"] = "$qs"; @@ -302,7 +337,7 @@ function gwvp_callGitBackend($username, $reponame) $procenv["CONTENT_LENGTH"] = $_SERVER["CONTENT_LENGTH"]; } - error_log("path trans'd is /tmp/$repo/$euri from $ruri with ".$_REQUEST["q"]." $strrem"); + error_log("path trans'd is /tmp/$repo.git/$euri from $ruri with ".$_REQUEST["q"]." $strrem"); @@ -453,14 +488,17 @@ function gwvp_createGitRepo($name, $ownerid, $desc, $bundle=null, $defaultperms= // 1 - visible // 2 - read // 3 - write +// 4 - owner/administrator function gwvp_resolvRepoPerms($userid, $repoid) { $ownerid = gwvp_getRepoOwner($repoid); $isadmin = gwvp_IsUserAdmin(null, null, $userid); - if($isadmin) return 3; + error_log("USerid is $userid, ownerid $ownerid"); + + if($isadmin) return 4; - if($userid == $ownerid) return 3; + if($userid == $ownerid) return 4; // now we load the perms table and pray $repoperms = gwvp_getRepoPermissions($repoid);