Files @ a444c46a0649
Branch filter:

Location: kallithea/init.d/kallithea-daemon-arch

a444c46a0649 1.3 KiB text/plain Show Annotation Show as Raw Download as Raw
Mads Kiilerich
middleware: fix handling of Git 'info/refs' command to give correct access control

For a pull, the Git client first sends an 'info/refs' command with a
'service=git-upload-pack' query, then it sends the actual 'git-upload-pack'
command.

For a push, the Git client first sends an 'info/refs' command with a
'service=git-receive-pack' query, then it sends the actual 'git-receive-pack'
command.

Before, the 'info/refs' commands would fall back to the default of trying to
use the action of the previous request. That seems wrong.

Instead, authorize the 'info/refs' command just like the actual command it
references.

path_info will now be checked more than before. Mainly because that is more
correct and more explicit and "better" to do it that way. It might also give
some safety.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#!/bin/bash
###########################################
#### THIS IS AN ARCH LINUX RC.D SCRIPT ####
###########################################

. /etc/rc.conf
. /etc/rc.d/functions

DAEMON=kallithea
APP_HOMEDIR="/srv"
APP_PATH="$APP_HOMEDIR/$DAEMON"
CONF_NAME="production.ini"
LOG_FILE="/var/log/$DAEMON.log"
PID_FILE="/run/daemons/$DAEMON"
APPL=/usr/bin/gearbox
RUN_AS="*****"

ARGS="serve --daemon \
--user=$RUN_AS \
--group=$RUN_AS \
--pid-file=$PID_FILE \
--log-file=$LOG_FILE \
-c $APP_PATH/$CONF_NAME"

[ -r /etc/conf.d/$DAEMON ] && . /etc/conf.d/$DAEMON

if [[ -r $PID_FILE ]]; then
    read -r PID < "$PID_FILE"
    if [[ $PID && ! -d /proc/$PID ]]; then
        unset PID
        rm_daemon $DAEMON
    fi
fi

case "$1" in
start)
    stat_busy "Starting $DAEMON"
    export HOME=$APP_PATH
    [ -z "$PID" ] && $APPL $ARGS &>/dev/null
    if [ $? = 0 ]; then
        add_daemon $DAEMON
        stat_done
    else
        stat_fail
        exit 1
    fi
    ;;
stop)
    stat_busy "Stopping $DAEMON"
    [ -n "$PID" ] && kill $PID &>/dev/null
    if [ $? = 0 ]; then
        rm_daemon $DAEMON
        stat_done
    else
        stat_fail
        exit 1
    fi
    ;;
restart)
    $0 stop
    sleep 1
    $0 start
    ;;
status)
    stat_busy "Checking $name status";
    ck_status $name
    ;;
*)
    echo "usage: $0 {start|stop|restart|status}"
esac
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.