git-http-backend-verify: suppress git-http-backend errors

[girocco.git] / bin / git-http-backend-verify

#!/bin/sh
#
# Abort any push early if the pushing user doesn't have any push permissions
# at all.  This avoids unnecessary traffic and unpacked object pollution.
#
# Set GIT_HTTP_BACKEND_BIN to change the default http-backend binary from
# the default of Config.pm $git_http_backend_bin (which itself has a default
# of "/usr/lib/git-core/git-http-backend")
#
# Note that GIT_PROJECT_ROOT must be set to use this script.
#
# Also prevent standard error output from git-http-backend cluttering up the
# server's log unless GIT_HTTP_BACKEND_SHOW_ERRORS is set to a non-empty value.

set -e

. @basedir@/shlib.sh

[ -z "$GIT_HTTP_BACKEND_BIN" ] || cfg_git_http_backend_bin="$GIT_HTTP_BACKEND_BIN"
[ -n "$cfg_git_http_backend_bin" ] ||
        cfg_git_http_backend_bin=/usr/lib/git-core/git-http-backend

# This script is called for both fetch and push.
# Only the following conditions trigger a push permissions check:
#
#   1. REQUEST_METHOD=GET
#      and PATH_INFO ends with "/info/refs"
#      and QUERY_STRING has "service=git-receive-pack"
#
#   2. REQUEST_METHOD=POST
#      and PATH_INFO ends with "/git-receive-pack"
#
# Note that there is no check for PATH_INFO being under a certain root as
# it's presumed that GIT_PROJECT_ROOT has been set and so all PATH_INFO
# values are effectively forced under the desired root.
# The project name is, however, extracted and the project directory must exist
# under $cfg_reporoot.

errorhdrs()
{
        # A single CR (0x0d) is between the quotes
        cr="
"
        echo "Status: $1 $2$cr"
        echo "Expires: Fri, 01 Jan 1980 00:00:00 GMT$cr"
        echo "Pragma: no-cache$cr"
        echo "Cache-Control: no-cache, max-age=0, must-revalidate$cr"
        echo "Content-Type: text/plain$cr"
        echo "$cr"
}

msglines()
{
        while [ $# -gt 0 ]; do
                echo "$1"
                shift
        done
}

internalerr()
{
        errorhdrs 500 "Internal Server Error"
        if [ $# -eq 0 ]; then
                msglines "Internal Server Error"
                echo "Internal Server Error" >&2
        else
                msglines "$@"
                while [ $# -gt 0 ]; do
                        echo "$1" >&2
                        shift
                done
        fi
        exit 0
}

forbidden()
{
        errorhdrs 403 Forbidden
        if [ $# -eq 0 ]; then
                msglines "Forbidden"
        else
                msglines "$@"
        fi
        exit 0
}

needsauth()
{
        errorhdrs 401 "Authorization Required"
        if [ $# -eq 0 ]; then
                msglines "Authorization Required"
        else
                msglines "$@"
        fi
        exit 0
}

[ -n "$GIT_PROJECT_ROOT" ] || { internalerr 'GIT_PROJECT_ROOT must be set'; exit 1; }

proj=
needscheck=
pathcheck="${PATH_INFO#/}"
if [ "$REQUEST_METHOD" = "GET" -o "$REQUEST_METHOD" = "HEAD" ]; then
        case "$pathcheck" in *"/info/refs")
                case "&$QUERY_STRING&" in *"&service=git-receive-pack&"*)
                        needscheck=1
                        proj="${pathcheck%/info/refs}"
                esac
        esac
elif [ "$REQUEST_METHOD" = "POST" ]; then
        case "$pathcheck" in *"/git-receive-pack")
                needscheck=1
                proj="${pathcheck%/git-receive-pack}"
        esac
fi

if [ -z "$needscheck" ]; then
        if [ -n "$GIT_HTTP_BACKEND_SHOW_ERRORS" ]; then
                exec "$cfg_git_http_backend_bin" "$@"
        else
                exec "$cfg_git_http_backend_bin" "$@" 2>/dev/null
        fi
        internalerr "exec failed: $cfg_git_http_backend_bin"
        exit 1
fi

# add a missing trailing .git
case "$proj" in
        *.git) :;;
        *)
                proj="$proj.git"
esac

dir="$cfg_reporoot/$proj"
if ! [ -d "$dir" ] || ! [ -f "$dir/HEAD" ] || ! [ -d "$dir/objects" ]; then
        forbidden
        exit 1
fi

projbare="${proj%.git}"

if ! [ -f "$dir/.nofetch" ]; then
        forbidden "The $proj project is a mirror and may not be pushed to, sorry"
        exit 1
fi

authuser="${REMOTE_USER#/UID=}"
authuuid="${authuser}"
authuser="${authuser%/dnQualifier=*}"
authuuid="${authuuid#$authuser}"
authuuid="${authuuid#/dnQualifier=}"
if [ -z "$authuser" ]; then
        needsauth "Only authenticated users may push, sorry"
        exit 1
fi

if perl -I@basedir@ -MGirocco::Project -MGirocco::User <<EOT; then :; else
        my \$p = Girocco::Project->load('$projbare');
        exit 1 unless \$p && \$p->can_user_push('$authuser');
        exit 0 if \$Girocco::Config::mob eq 'mob' && '$authuser' eq 'mob';
        my \$u = Girocco::User->load('$authuser');
        exit 2 unless \$u && \$u->{uuid} eq '$authuuid';
        exit 0
EOT
        if [ $? -eq 2 ]; then
                forbidden "The user '$authuser' certificate being used is no longer valid." \
                        "You may download a new user certificate at $cfg_webadmurl/edituser.cgi"
        else
                forbidden "The user '$authuser' does not have push permissions for project '$proj'." \
                        "You may adjust push permissions at $cfg_webadmurl/editproj.cgi?name=$proj"
        fi
        exit 1
fi

if [ -n "$GIT_HTTP_BACKEND_SHOW_ERRORS" ]; then
        exec "$cfg_git_http_backend_bin" "$@"
else
        exec "$cfg_git_http_backend_bin" "$@" 2>/dev/null
fi
internalerr "exec failed: $cfg_git_http_backend_bin"
exit 1