Files
@ a444c46a0649
Branch filter:
Location: kallithea/kallithea/lib/middleware/simplegit.py
a444c46a0649
6.7 KiB
text/x-python
middleware: fix handling of Git 'info/refs' command to give correct access control
For a pull, the Git client first sends an 'info/refs' command with a
'service=git-upload-pack' query, then it sends the actual 'git-upload-pack'
command.
For a push, the Git client first sends an 'info/refs' command with a
'service=git-receive-pack' query, then it sends the actual 'git-receive-pack'
command.
Before, the 'info/refs' commands would fall back to the default of trying to
use the action of the previous request. That seems wrong.
Instead, authorize the 'info/refs' command just like the actual command it
references.
path_info will now be checked more than before. Mainly because that is more
correct and more explicit and "better" to do it that way. It might also give
some safety.
For a pull, the Git client first sends an 'info/refs' command with a
'service=git-upload-pack' query, then it sends the actual 'git-upload-pack'
command.
For a push, the Git client first sends an 'info/refs' command with a
'service=git-receive-pack' query, then it sends the actual 'git-receive-pack'
command.
Before, the 'info/refs' commands would fall back to the default of trying to
use the action of the previous request. That seems wrong.
Instead, authorize the 'info/refs' command just like the actual command it
references.
path_info will now be checked more than before. Mainly because that is more
correct and more explicit and "better" to do it that way. It might also give
some safety.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 | # -*- coding: utf-8 -*-
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
kallithea.lib.middleware.simplegit
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SimpleGit middleware for handling Git protocol requests (push/clone etc.)
It's implemented with basic auth function
This file was forked by the Kallithea project in July 2014.
Original author and date, and relevant copyright and licensing information is below:
:created_on: Apr 28, 2010
:author: marcink
:copyright: (c) 2013 RhodeCode GmbH, and others.
:license: GPLv3, see LICENSE.md for more details.
"""
import os
import re
import logging
import traceback
from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \
HTTPNotAcceptable
from kallithea.model.db import Ui
from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \
_set_extras
from kallithea.lib.base import BaseVCSController
from kallithea.lib.utils import make_ui, is_valid_repo
from kallithea.lib.middleware.pygrack import make_wsgi_app
log = logging.getLogger(__name__)
GIT_PROTO_PAT = re.compile(r'^/(.+)/(info/refs|git-upload-pack|git-receive-pack)')
def is_git(environ):
path_info = environ['PATH_INFO']
isgit_path = GIT_PROTO_PAT.match(path_info)
log.debug('pathinfo: %s detected as Git %s',
path_info, isgit_path is not None
)
return isgit_path
class SimpleGit(BaseVCSController):
_git_stored_op = 'pull' # most recent kind of command
def _handle_request(self, environ, start_response):
if not is_git(environ):
return self.application(environ, start_response)
ip_addr = self._get_ip_addr(environ)
# skip passing error to error controller
environ['pylons.status_code_redirect'] = True
#======================================================================
# EXTRACT REPOSITORY NAME FROM ENV
#======================================================================
try:
str_repo_name = self.__get_repository(environ)
repo_name = safe_unicode(str_repo_name)
log.debug('Extracted repo name is %s', repo_name)
except Exception as e:
log.error('error extracting repo_name: %r', e)
return HTTPInternalServerError()(environ, start_response)
# quick check if that dir exists...
if not is_valid_repo(repo_name, self.basepath, 'git'):
return HTTPNotFound()(environ, start_response)
#======================================================================
# GET ACTION PULL or PUSH
#======================================================================
action = self.__get_action(environ)
#======================================================================
# CHECK PERMISSIONS
#======================================================================
user, response_app = self._authorize(environ, start_response, action, repo_name, ip_addr)
if response_app is not None:
return response_app(environ, start_response)
# extras are injected into Mercurial UI object and later available
# in hooks executed by Kallithea
from kallithea import CONFIG
server_url = get_server_url(environ)
extras = {
'ip': ip_addr,
'username': user.username,
'action': action,
'repository': repo_name,
'scm': 'git',
'config': CONFIG['__file__'],
'server_url': server_url,
}
#===================================================================
# GIT REQUEST HANDLING
#===================================================================
log.debug('HOOKS extras is %s', extras)
baseui = make_ui()
_set_extras(extras or {})
try:
self._handle_githooks(repo_name, action, baseui, environ)
log.info('%s action on Git repo "%s" by "%s" from %s',
action, str_repo_name, safe_str(user.username), ip_addr)
app = self.__make_app(repo_name)
return app(environ, start_response)
except Exception:
log.error(traceback.format_exc())
return HTTPInternalServerError()(environ, start_response)
def __make_app(self, repo_name):
"""
Return a pygrack wsgi application.
"""
return make_wsgi_app(repo_name, safe_str(self.basepath)) # FIXME: safe_str???
def __get_repository(self, environ):
"""
Gets repository name out of PATH_INFO header
:param environ: environ where PATH_INFO is stored
"""
try:
return GIT_PROTO_PAT.match(environ['PATH_INFO']).group(1)
except Exception:
log.error(traceback.format_exc())
raise
def __get_action(self, environ):
"""
Maps Git request commands into 'pull' or 'push'.
"""
mapping = {
'git-receive-pack': 'push',
'git-upload-pack': 'pull',
}
path_info = environ.get('PATH_INFO', '')
m = GIT_PROTO_PAT.match(path_info)
if m is not None:
cmd = m.group(2)
if cmd == 'info/refs':
service = environ['QUERY_STRING'].split('=')
cmd = service[1] if len(service) > 1 else None
if cmd in mapping:
self._git_stored_op = mapping[cmd]
elif cmd in mapping:
self._git_stored_op = mapping[cmd]
# fallback to stored variable as we don't know if the last
# operation is pull/push
return self._git_stored_op
def _handle_githooks(self, repo_name, action, baseui, environ):
"""
Handles pull action, push is handled by post-receive hook
"""
from kallithea.lib.hooks import log_pull_action
service = environ['QUERY_STRING'].split('=')
if len(service) < 2:
return
from kallithea.model.db import Repository
_repo = Repository.get_by_repo_name(repo_name)
_repo = _repo.scm_instance
if action == 'pull':
log_pull_action(ui=baseui, repo=_repo._repo)
|