kallithea Changeset - a444c46a0649

Changeset - a444c46a0649

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Mads Kiilerich - 7 years ago 2019-01-07 01:58:16
mads@kiilerich.com

Grafted from: 6e3f4c3e3dbe

middleware: fix handling of Git 'info/refs' command to give correct access control

For a pull, the Git client first sends an 'info/refs' command with a
'service=git-upload-pack' query, then it sends the actual 'git-upload-pack'
command.

For a push, the Git client first sends an 'info/refs' command with a
'service=git-receive-pack' query, then it sends the actual 'git-receive-pack'
command.

Before, the 'info/refs' commands would fall back to the default of trying to
use the action of the previous request. That seems wrong.

Instead, authorize the 'info/refs' command just like the actual command it
references.

path_info will now be checked more than before. Mainly because that is more
correct and more explicit and "better" to do it that way. It might also give
some safety.

1 file changed with 18 insertions and 15 deletions:

kallithea/lib/middleware/simplegit.py

0 comments (0 inline, 0 general)

kallithea/lib/middleware/simplegit.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 kallithea.lib.middleware.simplegit
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 SimpleGit middleware for handling Git protocol requests (push/clone etc.)
 It's implemented with basic auth function
 This file was forked by the Kallithea project in July 2014.
 Original author and date, and relevant copyright and licensing information is below:
 :created_on: Apr 28, 2010
 :author: marcink
 :copyright: (c) 2013 RhodeCode GmbH, and others.
 :license: GPLv3, see LICENSE.md for more details.
 """
 import os
 import re
 import logging
 import traceback
 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \
     HTTPNotAcceptable
 from kallithea.model.db import Ui
 from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \
     _set_extras
 from kallithea.lib.base import BaseVCSController
 from kallithea.lib.utils import make_ui, is_valid_repo
 from kallithea.lib.middleware.pygrack import make_wsgi_app
 log = logging.getLogger(__name__)
 GIT_PROTO_PAT = re.compile(r'^/(.+)/(info/refs|git-upload-pack|git-receive-pack)')
 def is_git(environ):
     path_info = environ['PATH_INFO']
     isgit_path = GIT_PROTO_PAT.match(path_info)
     log.debug('pathinfo: %s detected as Git %s',
         path_info, isgit_path is not None
+    )
     return isgit_path
 class SimpleGit(BaseVCSController):
     _git_stored_op = 'pull' # most recent kind of command
     def _handle_request(self, environ, start_response):
         if not is_git(environ):
             return self.application(environ, start_response)
         ip_addr = self._get_ip_addr(environ)
         # skip passing error to error controller
         environ['pylons.status_code_redirect'] = True
         #======================================================================
         # EXTRACT REPOSITORY NAME FROM ENV
         #======================================================================
         try:
             str_repo_name = self.__get_repository(environ)
             repo_name = safe_unicode(str_repo_name)
             log.debug('Extracted repo name is %s', repo_name)
         except Exception as e:
             log.error('error extracting repo_name: %r', e)
             return HTTPInternalServerError()(environ, start_response)
         # quick check if that dir exists...
         if not is_valid_repo(repo_name, self.basepath, 'git'):
             return HTTPNotFound()(environ, start_response)
         #======================================================================
         # GET ACTION PULL or PUSH
         #======================================================================
         action = self.__get_action(environ)
         #======================================================================
         # CHECK PERMISSIONS
         #======================================================================
         user, response_app = self._authorize(environ, start_response, action, repo_name, ip_addr)
         if response_app is not None:
             return response_app(environ, start_response)
         # extras are injected into Mercurial UI object and later available
         # in hooks executed by Kallithea
         from kallithea import CONFIG
         server_url = get_server_url(environ)
         extras = {
             'ip': ip_addr,
             'username': user.username,
             'action': action,
             'repository': repo_name,
             'scm': 'git',
             'config': CONFIG['__file__'],
             'server_url': server_url,
+        }
         #===================================================================
         # GIT REQUEST HANDLING
         #===================================================================
         log.debug('HOOKS extras is %s', extras)
         baseui = make_ui()
         _set_extras(extras or {})
         try:
             self._handle_githooks(repo_name, action, baseui, environ)
             log.info('%s action on Git repo "%s" by "%s" from %s',
                      action, str_repo_name, safe_str(user.username), ip_addr)
             app = self.__make_app(repo_name)
             return app(environ, start_response)
         except Exception:
             log.error(traceback.format_exc())
             return HTTPInternalServerError()(environ, start_response)
     def __make_app(self, repo_name):
         """
         Return a pygrack wsgi application.
         """
         return make_wsgi_app(repo_name, safe_str(self.basepath)) # FIXME: safe_str???
     def __get_repository(self, environ):
         """
         Gets repository name out of PATH_INFO header
         :param environ: environ where PATH_INFO is stored
         """
         try:
             return GIT_PROTO_PAT.match(environ['PATH_INFO']).group(1)
         except Exception:
             log.error(traceback.format_exc())
             raise
     def __get_action(self, environ):
         """
         Maps Git request commands into a pull or push command.
         :param environ:
         Maps Git request commands into 'pull' or 'push'.
         """
         service = environ['QUERY_STRING'].split('=')
         if len(service) > 1:
             service_cmd = service[1]
             mapping = {
                 'git-receive-pack': 'push',
                 'git-upload-pack': 'pull',
+            }
             op = mapping[service_cmd]
             self._git_stored_op = op
             # try to fallback to stored variable as we don't know if the last
             # operation is pull/push
         mapping = {
             'git-receive-pack': 'push',
             'git-upload-pack': 'pull',
+        }
         path_info = environ.get('PATH_INFO', '')
         m = GIT_PROTO_PAT.match(path_info)
         if m is not None:
             cmd = m.group(2)
             if cmd == 'info/refs':
                 service = environ['QUERY_STRING'].split('=')
                 cmd = service[1] if len(service) > 1 else None
                 if cmd in mapping:
                     self._git_stored_op = mapping[cmd]
             elif cmd in mapping:
                 self._git_stored_op = mapping[cmd]
         # fallback to stored variable as we don't know if the last
         # operation is pull/push
         return self._git_stored_op
     def _handle_githooks(self, repo_name, action, baseui, environ):
         """
         Handles pull action, push is handled by post-receive hook
         """
         from kallithea.lib.hooks import log_pull_action
         service = environ['QUERY_STRING'].split('=')
         if len(service) < 2:
             return
         from kallithea.model.db import Repository
         _repo = Repository.get_by_repo_name(repo_name)
         _repo = _repo.scm_instance
         if action == 'pull':
             log_pull_action(ui=baseui, repo=_repo._repo)

0 comments (0 inline, 0 general)