3 # Abort any push early if the pushing user doesn't have any push permissions
4 # at all. This avoids unnecessary traffic and unpacked object pollution.
6 # Set GIT_HTTP_BACKEND_BIN to change the default http-backend binary from
7 # the default of Config.pm $git_http_backend_bin (which itself has a default
8 # of "/usr/lib/git-core/git-http-backend")
10 # Note that GIT_PROJECT_ROOT is automatically set to $cfg_reporoot and exported
11 # any incoming value for it will be ignored.
13 # Also prevents standard error output from git-http-backend cluttering up the
14 # server's log unless GIT_HTTP_BACKEND_SHOW_ERRORS is set to a non-empty value.
21 if [ -n "$defined_cfg_git_server_ua" ]; then
22 GIT_USER_AGENT
="$cfg_git_server_ua"
26 [ -z "$GIT_HTTP_BACKEND_BIN" ] || cfg_git_http_backend_bin
="$GIT_HTTP_BACKEND_BIN"
27 [ -n "$cfg_git_http_backend_bin" ] ||
28 cfg_git_http_backend_bin
="$($cfg_git_bin --exec-path)/git-http-backend"
30 GIT_PROJECT_ROOT
="$cfg_reporoot"
31 export GIT_PROJECT_ROOT
33 # This script is called for both fetch and push.
34 # Only the following conditions trigger a push permissions check:
36 # 1. REQUEST_METHOD=GET
37 # and PATH_INFO ends with "/info/refs"
38 # and QUERY_STRING has "service=git-receive-pack"
40 # 2. REQUEST_METHOD=POST
41 # and PATH_INFO ends with "/git-receive-pack"
43 # Note that there is no check for PATH_INFO being under a certain root as
44 # GIT_PROJECT_ROOT will be exported and set so all PATH_INFO values are
45 # effectively forced under the desired root.
47 # The REQUEST_METHOD is validated. For smart HTTP requests only the project
48 # name is extracted and validated and the corresponding project directory must
49 # exist under $cfg_reporoot. Non-smart HTTP fetch requests (GET or HEAD) are
50 # passed on unchanged and unchecked.
54 printf '%s\r\n' "Status: $1 $2"
55 printf '%s\r\n' "Expires: Fri, 01 Jan 1980 00:00:00 GMT"
56 printf '%s\r\n' "Pragma: no-cache"
57 printf '%s\r\n' "Cache-Control: no-cache, max-age=0, must-revalidate"
58 [ -z "$3" ] ||
printf '%s\r\n' "$3"
59 printf '%s\r\n' "Content-Type: text/plain"
65 while [ $# -gt 0 ]; do
73 errorhdrs
500 "Internal Server Error"
75 msglines
"Internal Server Error"
76 echo "Internal Server Error" >&2
79 while [ $# -gt 0 ]; do
80 printf '%s\n' "$1" >&2
89 errorhdrs
405 "Method Not Allowed" "Allow: GET, HEAD, POST"
91 msglines
"Method Not Allowed"
100 errorhdrs
403 Forbidden
101 if [ $# -eq 0 ]; then
111 errorhdrs
401 "Authorization Required"
112 if [ $# -eq 0 ]; then
113 msglines
"Authorization Required"
120 [ -n "$GIT_PROJECT_ROOT" ] ||
{ internalerr
'GIT_PROJECT_ROOT must be set'; exit 1; }
126 pathcheck
="${PATH_INFO#/}"
127 if [ "$REQUEST_METHOD" = "GET" -o "$REQUEST_METHOD" = "HEAD" ]; then
128 # We do not currently validate non-smart GET/HEAD requests.
129 # There are only 8 possible suffix values that need to be allowed for
130 # non-smart HTTP GET/HEAD fetches (see http-backend.c):
133 # /objects/info/alternates
134 # /objects/info/http-alternates
135 # /objects/info/packs
136 # /objects/[0-9a-f]{2}/[0-9a-f]{38}
137 # /objects/pack/pack-[0-9a-f]{40}.idx
138 # /objects/pack/pack-[0-9a-f]{40}.pack
139 case "$pathcheck" in *"/info/refs")
140 proj
="${pathcheck%/info/refs}"
141 case "&$QUERY_STRING&" in
142 *"&service=git-receive-pack&"*)
147 *"&service=git-upload-pack&"*)
153 elif [ "$REQUEST_METHOD" = "POST" ]; then
155 *"/git-receive-pack")
158 proj
="${pathcheck%/git-receive-pack}"
159 suffix
=git-receive-pack
163 proj
="${pathcheck%/git-upload-pack}"
164 suffix
=git-upload-pack
176 # Reject any project names that start with _
177 case "$pathcheck" in _
*)
181 if [ -n "$smart" ]; then
182 # add a missing trailing .git
189 reporoot
="$cfg_reporoot"
190 dir
="$reporoot/$proj"
192 # Valid project names never end in .git (we add that automagically), so a valid
193 # fork can never have .git at the end of any path component except the last.
194 # We check this to avoid a situation where a certain collection of pushed refs
195 # could be mistaken for a GIT_DIR. Git would ultimately complain, but some
196 # undesirable things could happen along the way.
198 # Remove the leading $reporoot and trailing .git to get a test string
199 testpath
="${dir#$reporoot/}"
200 testpath
="${testpath%.git}"
201 case "$testpath/" in *.
[Gg
][Ii
][Tt
]/*|_
*)
206 if ! [ -d "$dir" ] ||
! [ -f "$dir/HEAD" ] ||
! [ -d "$dir/objects" ]; then
212 if [ -z "$needsauthcheck" ] ||
[ -z "$smart" ]; then
213 if [ -n "$GIT_HTTP_BACKEND_SHOW_ERRORS" ]; then
214 exec "$cfg_git_http_backend_bin" "$@"
216 exec "$cfg_git_http_backend_bin" "$@" 2>/dev
/null
218 internalerr
"exec failed: $cfg_git_http_backend_bin"
222 projbare
="${proj%.git}"
224 if ! [ -f "$dir/.nofetch" ]; then
225 forbidden
"The $proj project is a mirror and may not be pushed to, sorry"
229 authuser
="${REMOTE_USER#/UID=}"
230 authuuid
="${authuser}"
231 authuser
="${authuser%/dnQualifier=*}"
232 authuuid
="${authuuid#$authuser}"
233 authuuid
="${authuuid#/dnQualifier=}"
234 if [ -z "$authuser" ]; then
235 needsauth
"Only authenticated users may push, sorry"
238 if [ "$authuser" != "mob" -o "$cfg_mob" != "mob" ]; then
239 if ! useruuid
="$("$cfg_basedir/bin
/get_user_uuid
" "$authuser")" ||
[ "$useruuid" != "$authuuid" ]; then
240 forbidden
"The user '$authuser' certificate being used is no longer valid." \
241 "You may download a new user certificate at $cfg_webadmurl/edituser.cgi"
246 if ! "$cfg_basedir/bin/can_user_push_http" "$projbare" "$authuser"; then
247 # If mob is enabled and mob has push permissions and
248 # the current user is not the mob then it's a personal mob push
249 # presuming the special mob directory has been set up
250 if [ "$cfg_mob" = "mob" -a "$authuser" != "mob" -a -d "$cfg_reporoot/$proj/mob" ] &&
251 "$cfg_basedir/bin/can_user_push_http" "$projbare" "mob"; then
254 > "$cfg_chroot/etc/sshactive/${authuser},"
255 mv -f "$cfg_chroot/etc/sshactive/${authuser}," "$cfg_chroot/etc/sshactive/${authuser}"
257 export PATH_INFO
="/$proj/mob/$suffix"
258 if [ -n "$GIT_HTTP_BACKEND_SHOW_ERRORS" ]; then
259 exec "$cfg_git_http_backend_bin" "$@"
261 exec "$cfg_git_http_backend_bin" "$@" 2>/dev
/null
263 internalerr
"exec failed: $cfg_git_http_backend_bin"
266 forbidden
"The user '$authuser' does not have push permissions for project '$proj'." \
267 "You may adjust push permissions at $cfg_webadmurl/editproj.cgi?name=$proj"
273 > "$cfg_chroot/etc/sshactive/${authuser},"
274 mv -f "$cfg_chroot/etc/sshactive/${authuser}," "$cfg_chroot/etc/sshactive/${authuser}"
276 if [ -n "$GIT_HTTP_BACKEND_SHOW_ERRORS" ]; then
277 exec "$cfg_git_http_backend_bin" "$@"
279 exec "$cfg_git_http_backend_bin" "$@" 2>/dev
/null
281 internalerr
"exec failed: $cfg_git_http_backend_bin"