X-Git-Url: https://gitweb.ps.run/ps-cgit/blobdiff_plain/dcbc0438b2543a733858d62170f3110a89edbed6..d6e9200cc35411f3f27426b608bcfdef9348e6d3:/cgit.c diff --git a/cgit.c b/cgit.c index f0a9acf..c52ef33 100644 --- a/cgit.c +++ b/cgit.c @@ -1,7 +1,6 @@ /* cgit.c: cgi for the git scm * - * Copyright (C) 2006 Lars Hjemli - * Copyright (C) 2010-2013 Jason A. Donenfeld + * Copyright (C) 2006-2014 cgit Development Team * * Licensed under GNU General Public License v2 * (see COPYING for full license text) @@ -28,36 +27,6 @@ static void add_mimetype(const char *name, const char *value) item->util = xstrdup(value); } -static struct cgit_filter *new_filter(const char *cmd, filter_type filtertype) -{ - struct cgit_filter *f; - int args_size = 0; - int extra_args; - - if (!cmd || !cmd[0]) - return NULL; - - switch (filtertype) { - case SOURCE: - case ABOUT: - extra_args = 1; - break; - - case COMMIT: - default: - extra_args = 0; - break; - } - - f = xmalloc(sizeof(struct cgit_filter)); - f->cmd = xstrdup(cmd); - args_size = (2 + extra_args) * sizeof(char *); - f->argv = xmalloc(args_size); - memset(f->argv, 0, args_size); - f->argv[0] = f->cmd; - return f; -} - static void process_cached_repolist(const char *path); static void repo_config(struct cgit_repo *repo, const char *name, const char *value) @@ -115,11 +84,13 @@ static void repo_config(struct cgit_repo *repo, const char *name, const char *va repo->logo_link = xstrdup(value); else if (ctx.cfg.enable_filter_overrides) { if (!strcmp(name, "about-filter")) - repo->about_filter = new_filter(value, ABOUT); + repo->about_filter = cgit_new_filter(value, ABOUT); else if (!strcmp(name, "commit-filter")) - repo->commit_filter = new_filter(value, COMMIT); + repo->commit_filter = cgit_new_filter(value, COMMIT); else if (!strcmp(name, "source-filter")) - repo->source_filter = new_filter(value, SOURCE); + repo->source_filter = cgit_new_filter(value, SOURCE); + else if (!strcmp(name, "email-filter")) + repo->email_filter = cgit_new_filter(value, EMAIL); } } @@ -211,12 +182,18 @@ static void config_cb(const char *name, const char *value) ctx.cfg.cache_static_ttl = atoi(value); else if (!strcmp(name, "cache-dynamic-ttl")) ctx.cfg.cache_dynamic_ttl = atoi(value); + else if (!strcmp(name, "cache-about-ttl")) + ctx.cfg.cache_about_ttl = atoi(value); else if (!strcmp(name, "case-sensitive-sort")) ctx.cfg.case_sensitive_sort = atoi(value); else if (!strcmp(name, "about-filter")) - ctx.cfg.about_filter = new_filter(value, ABOUT); + ctx.cfg.about_filter = cgit_new_filter(value, ABOUT); else if (!strcmp(name, "commit-filter")) - ctx.cfg.commit_filter = new_filter(value, COMMIT); + ctx.cfg.commit_filter = cgit_new_filter(value, COMMIT); + else if (!strcmp(name, "email-filter")) + ctx.cfg.email_filter = cgit_new_filter(value, EMAIL); + else if (!strcmp(name, "auth-filter")) + ctx.cfg.auth_filter = cgit_new_filter(value, AUTH); else if (!strcmp(name, "embedded")) ctx.cfg.embedded = atoi(value); else if (!strcmp(name, "max-atom-items")) @@ -250,7 +227,7 @@ static void config_cb(const char *name, const char *value) else if (!strcmp(name, "section-sort")) ctx.cfg.section_sort = atoi(value); else if (!strcmp(name, "source-filter")) - ctx.cfg.source_filter = new_filter(value, SOURCE); + ctx.cfg.source_filter = cgit_new_filter(value, SOURCE); else if (!strcmp(name, "summary-log")) ctx.cfg.summary_log = atoi(value); else if (!strcmp(name, "summary-branches")) @@ -351,18 +328,20 @@ static void prepare_context(struct cgit_context *ctx) ctx->cfg.agefile = "info/web/last-modified"; ctx->cfg.nocache = 0; ctx->cfg.cache_size = 0; - ctx->cfg.cache_dynamic_ttl = 5; ctx->cfg.cache_max_create_time = 5; - ctx->cfg.cache_repo_ttl = 5; ctx->cfg.cache_root = CGIT_CACHE_ROOT; + ctx->cfg.cache_about_ttl = 15; + ctx->cfg.cache_repo_ttl = 5; ctx->cfg.cache_root_ttl = 5; ctx->cfg.cache_scanrc_ttl = 15; + ctx->cfg.cache_dynamic_ttl = 5; ctx->cfg.cache_static_ttl = -1; ctx->cfg.case_sensitive_sort = 1; ctx->cfg.branch_sort = 0; ctx->cfg.commit_sort = 0; ctx->cfg.css = "/cgit.css"; ctx->cfg.logo = "/cgit.png"; + ctx->cfg.favicon = "/favicon.ico"; ctx->cfg.local_time = 0; ctx->cfg.enable_http_clone = 1; ctx->cfg.enable_index_owner = 1; @@ -401,6 +380,10 @@ static void prepare_context(struct cgit_context *ctx) ctx->env.script_name = getenv("SCRIPT_NAME"); ctx->env.server_name = getenv("SERVER_NAME"); ctx->env.server_port = getenv("SERVER_PORT"); + ctx->env.http_cookie = getenv("HTTP_COOKIE"); + ctx->env.http_referer = getenv("HTTP_REFERER"); + ctx->env.content_length = getenv("CONTENT_LENGTH") ? strtoul(getenv("CONTENT_LENGTH"), NULL, 10) : 0; + ctx->env.authenticated = 0; ctx->page.mimetype = "text/html"; ctx->page.charset = PAGE_ENCODING; ctx->page.filename = NULL; @@ -616,11 +599,92 @@ static int prepare_repo_cmd(struct cgit_context *ctx) return 0; } +static inline void open_auth_filter(struct cgit_context *ctx, const char *function) +{ + cgit_open_filter(ctx->cfg.auth_filter, function, + ctx->env.http_cookie ? ctx->env.http_cookie : "", + ctx->env.request_method ? ctx->env.request_method : "", + ctx->env.query_string ? ctx->env.query_string : "", + ctx->env.http_referer ? ctx->env.http_referer : "", + ctx->env.path_info ? ctx->env.path_info : "", + ctx->env.http_host ? ctx->env.http_host : "", + ctx->env.https ? ctx->env.https : "", + ctx->qry.repo ? ctx->qry.repo : "", + ctx->qry.page ? ctx->qry.page : "", + ctx->qry.url ? ctx->qry.url : ""); +} + +#define MAX_AUTHENTICATION_POST_BYTES 4096 +static inline void authenticate_post(struct cgit_context *ctx) +{ + if (ctx->env.http_referer && strlen(ctx->env.http_referer) > 0) { + html("Status: 302 Redirect\n"); + html("Cache-Control: no-cache, no-store\n"); + htmlf("Location: %s\n", ctx->env.http_referer); + } else { + html("Status: 501 Missing Referer\n"); + html("Cache-Control: no-cache, no-store\n\n"); + exit(0); + } + + open_auth_filter(ctx, "authenticate-post"); + char buffer[MAX_AUTHENTICATION_POST_BYTES]; + int len; + len = ctx->env.content_length; + if (len > MAX_AUTHENTICATION_POST_BYTES) + len = MAX_AUTHENTICATION_POST_BYTES; + if (read(STDIN_FILENO, buffer, len) < 0) + die_errno("Could not read POST from stdin"); + if (write(STDOUT_FILENO, buffer, len) < 0) + die_errno("Could not write POST to stdout"); + /* The filter may now spit out a Set-Cookie: ... */ + cgit_close_filter(ctx->cfg.auth_filter); + + html("\n"); + exit(0); +} + +static inline void authenticate_cookie(struct cgit_context *ctx) +{ + /* If we don't have an auth_filter, consider all cookies valid, and thus return early. */ + if (!ctx->cfg.auth_filter) { + ctx->env.authenticated = 1; + return; + } + + /* If we're having something POST'd to /login, we're authenticating POST, + * instead of the cookie, so call authenticate_post and bail out early. + * This pattern here should match /?p=login with POST. */ + if (ctx->env.request_method && ctx->qry.page && !ctx->repo && \ + !strcmp(ctx->env.request_method, "POST") && !strcmp(ctx->qry.page, "login")) { + authenticate_post(ctx); + return; + } + + /* If we've made it this far, we're authenticating the cookie for real, so do that. */ + open_auth_filter(ctx, "authenticate-cookie"); + ctx->env.authenticated = cgit_close_filter(ctx->cfg.auth_filter); +} + static void process_request(void *cbdata) { struct cgit_context *ctx = cbdata; struct cgit_cmd *cmd; + /* If we're not yet authenticated, no matter what page we're on, + * display the authentication body from the auth_filter. This should + * never be cached. */ + if (!ctx->env.authenticated) { + ctx->page.title = "Authentication Required"; + cgit_print_http_headers(ctx); + cgit_print_docstart(ctx); + cgit_print_pageheader(ctx); + open_auth_filter(ctx, "body"); + cgit_close_filter(ctx->cfg.auth_filter); + cgit_print_docend(); + return; + } + cmd = cgit_get_cmd(ctx); if (!cmd) { ctx->page.title = "cgit error"; @@ -733,11 +797,13 @@ static void print_repo(FILE *f, struct cgit_repo *repo) fprintf(f, "repo.enable-log-linecount=%d\n", repo->enable_log_linecount); if (repo->about_filter && repo->about_filter != ctx.cfg.about_filter) - fprintf(f, "repo.about-filter=%s\n", repo->about_filter->cmd); + cgit_fprintf_filter(repo->about_filter, f, "repo.about-filter="); if (repo->commit_filter && repo->commit_filter != ctx.cfg.commit_filter) - fprintf(f, "repo.commit-filter=%s\n", repo->commit_filter->cmd); + cgit_fprintf_filter(repo->commit_filter, f, "repo.commit-filter="); if (repo->source_filter && repo->source_filter != ctx.cfg.source_filter) - fprintf(f, "repo.source-filter=%s\n", repo->source_filter->cmd); + cgit_fprintf_filter(repo->source_filter, f, "repo.source-filter="); + if (repo->email_filter && repo->email_filter != ctx.cfg.email_filter) + cgit_fprintf_filter(repo->email_filter, f, "repo.email-filter="); if (repo->snapshots != ctx.cfg.snapshots) { char *tmp = build_snapshot_setting(repo->snapshots); fprintf(f, "repo.snapshots=%s\n", tmp ? tmp : ""); @@ -860,45 +926,38 @@ static void cgit_parse_args(int argc, const char **argv) int scan = 0; for (i = 1; i < argc; i++) { - if (!strncmp(argv[i], "--cache=", 8)) { + if (!prefixcmp(argv[i], "--cache=")) { ctx.cfg.cache_root = xstrdup(argv[i] + 8); - } - if (!strcmp(argv[i], "--nocache")) { + } else if (!strcmp(argv[i], "--nocache")) { ctx.cfg.nocache = 1; - } - if (!strcmp(argv[i], "--nohttp")) { + } else if (!strcmp(argv[i], "--nohttp")) { ctx.env.no_http = "1"; - } - if (!strncmp(argv[i], "--query=", 8)) { + } else if (!prefixcmp(argv[i], "--query=")) { ctx.qry.raw = xstrdup(argv[i] + 8); - } - if (!strncmp(argv[i], "--repo=", 7)) { + } else if (!prefixcmp(argv[i], "--repo=")) { ctx.qry.repo = xstrdup(argv[i] + 7); - } - if (!strncmp(argv[i], "--page=", 7)) { + } else if (!prefixcmp(argv[i], "--page=")) { ctx.qry.page = xstrdup(argv[i] + 7); - } - if (!strncmp(argv[i], "--head=", 7)) { + } else if (!prefixcmp(argv[i], "--head=")) { ctx.qry.head = xstrdup(argv[i] + 7); ctx.qry.has_symref = 1; - } - if (!strncmp(argv[i], "--sha1=", 7)) { + } else if (!prefixcmp(argv[i], "--sha1=")) { ctx.qry.sha1 = xstrdup(argv[i] + 7); ctx.qry.has_sha1 = 1; - } - if (!strncmp(argv[i], "--ofs=", 6)) { + } else if (!prefixcmp(argv[i], "--ofs=")) { ctx.qry.ofs = atoi(argv[i] + 6); - } - if (!strncmp(argv[i], "--scan-tree=", 12) || - !strncmp(argv[i], "--scan-path=", 12)) { - /* HACK: the global snapshot bitmask defines the - * set of allowed snapshot formats, but the config - * file hasn't been parsed yet so the mask is - * currently 0. By setting all bits high before - * scanning we make sure that any in-repo cgitrc - * snapshot setting is respected by scan_tree(). - * BTW: we assume that there'll never be more than - * 255 different snapshot formats supported by cgit... + } else if (!prefixcmp(argv[i], "--scan-tree=") || + !prefixcmp(argv[i], "--scan-path=")) { + /* + * HACK: The global snapshot bit mask defines the set + * of allowed snapshot formats, but the config file + * hasn't been parsed yet so the mask is currently 0. + * By setting all bits high before scanning we make + * sure that any in-repo cgitrc snapshot setting is + * respected by scan_tree(). + * + * NOTE: We assume that there aren't more than 8 + * different snapshot formats supported by cgit... */ ctx.cfg.snapshots = 0xFF; scan++; @@ -921,12 +980,15 @@ static int calc_ttl() if (!ctx.qry.page) return ctx.cfg.cache_repo_ttl; - if (ctx.qry.has_symref) - return ctx.cfg.cache_dynamic_ttl; + if (!strcmp(ctx.qry.page, "about")) + return ctx.cfg.cache_about_ttl; if (ctx.qry.has_sha1) return ctx.cfg.cache_static_ttl; + if (ctx.qry.has_symref) + return ctx.cfg.cache_dynamic_ttl; + return ctx.cfg.cache_repo_ttl; } @@ -935,6 +997,9 @@ int main(int argc, const char **argv) const char *path; int err, ttl; + cgit_init_filters(); + atexit(cgit_cleanup_filters); + prepare_context(&ctx); cgit_repolist.length = 0; cgit_repolist.count = 0; @@ -971,9 +1036,17 @@ int main(int argc, const char **argv) cgit_parse_url(ctx.qry.url); } + /* Before we go any further, we set ctx.env.authenticated by checking to see + * if the supplied cookie is valid. All cookies are valid if there is no + * auth_filter. If there is an auth_filter, the filter decides. */ + authenticate_cookie(&ctx); + ttl = calc_ttl(); - ctx.page.expires += ttl * 60; - if (ctx.env.request_method && !strcmp(ctx.env.request_method, "HEAD")) + if (ttl < 0) + ctx.page.expires += 10 * 365 * 24 * 60 * 60; /* 10 years */ + else + ctx.page.expires += ttl * 60; + if (!ctx.env.authenticated || (ctx.env.request_method && !strcmp(ctx.env.request_method, "HEAD"))) ctx.cfg.nocache = 1; if (ctx.cfg.nocache) ctx.cfg.cache_size = 0;