You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

198 lines
4.6 KiB

10 years ago
10 years ago
10 years ago
10 years ago
  1. // Copyright 2014 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package main
  5. import (
  6. //"container/list"
  7. "fmt"
  8. "os"
  9. "os/exec"
  10. "path"
  11. "strconv"
  12. "strings"
  13. "github.com/codegangsta/cli"
  14. qlog "github.com/qiniu/log"
  15. //"github.com/gogits/git"
  16. "github.com/gogits/gogs/models"
  17. "github.com/gogits/gogs/modules/base"
  18. )
  19. var (
  20. COMMANDS_READONLY = map[string]int{
  21. "git-upload-pack": models.AU_WRITABLE,
  22. "git upload-pack": models.AU_WRITABLE,
  23. "git-upload-archive": models.AU_WRITABLE,
  24. }
  25. COMMANDS_WRITE = map[string]int{
  26. "git-receive-pack": models.AU_READABLE,
  27. "git receive-pack": models.AU_READABLE,
  28. }
  29. )
  30. var CmdServ = cli.Command{
  31. Name: "serv",
  32. Usage: "This command just should be called by ssh shell",
  33. Description: `
  34. gogs serv provide access auth for repositories`,
  35. Action: runServ,
  36. Flags: []cli.Flag{},
  37. }
  38. func newLogger(execDir string) {
  39. logPath := execDir + "/log/serv.log"
  40. os.MkdirAll(path.Dir(logPath), os.ModePerm)
  41. f, err := os.OpenFile(logPath, os.O_WRONLY|os.O_APPEND|os.O_CREATE, os.ModePerm)
  42. if err != nil {
  43. qlog.Fatal(err)
  44. }
  45. qlog.SetOutput(f)
  46. qlog.Info("Start logging serv...")
  47. }
  48. func parseCmd(cmd string) (string, string) {
  49. ss := strings.SplitN(cmd, " ", 2)
  50. if len(ss) != 2 {
  51. return "", ""
  52. }
  53. verb, args := ss[0], ss[1]
  54. if verb == "git" {
  55. ss = strings.SplitN(args, " ", 2)
  56. args = ss[1]
  57. verb = fmt.Sprintf("%s %s", verb, ss[0])
  58. }
  59. return verb, args
  60. }
  61. func In(b string, sl map[string]int) bool {
  62. _, e := sl[b]
  63. return e
  64. }
  65. func runServ(k *cli.Context) {
  66. execDir, _ := base.ExecDir()
  67. newLogger(execDir)
  68. base.NewConfigContext()
  69. models.LoadModelsConfig()
  70. if models.UseSQLite3 {
  71. os.Chdir(execDir)
  72. }
  73. models.SetEngine()
  74. keys := strings.Split(os.Args[2], "-")
  75. if len(keys) != 2 {
  76. println("auth file format error")
  77. qlog.Fatal("auth file format error")
  78. }
  79. keyId, err := strconv.ParseInt(keys[1], 10, 64)
  80. if err != nil {
  81. println("auth file format error")
  82. qlog.Fatal("auth file format error", err)
  83. }
  84. user, err := models.GetUserByKeyId(keyId)
  85. if err != nil {
  86. println("You have no right to access")
  87. qlog.Fatalf("SSH visit error: %v", err)
  88. }
  89. cmd := os.Getenv("SSH_ORIGINAL_COMMAND")
  90. if cmd == "" {
  91. println("Hi", user.Name, "! You've successfully authenticated, but Gogs does not provide shell access.")
  92. return
  93. }
  94. verb, args := parseCmd(cmd)
  95. repoPath := strings.Trim(args, "'")
  96. rr := strings.SplitN(repoPath, "/", 2)
  97. if len(rr) != 2 {
  98. println("Unavilable repository", args)
  99. qlog.Fatalf("Unavilable repository %v", args)
  100. }
  101. repoUserName := rr[0]
  102. repoName := strings.TrimSuffix(rr[1], ".git")
  103. isWrite := In(verb, COMMANDS_WRITE)
  104. isRead := In(verb, COMMANDS_READONLY)
  105. repoUser, err := models.GetUserByName(repoUserName)
  106. if err != nil {
  107. println("You have no right to access")
  108. qlog.Fatal("Get user failed", err)
  109. }
  110. // access check
  111. switch {
  112. case isWrite:
  113. has, err := models.HasAccess(user.LowerName, path.Join(repoUserName, repoName), models.AU_WRITABLE)
  114. if err != nil {
  115. println("Inernel error:", err)
  116. qlog.Fatal(err)
  117. } else if !has {
  118. println("You have no right to write this repository")
  119. qlog.Fatalf("User %s has no right to write repository %s", user.Name, repoPath)
  120. }
  121. case isRead:
  122. repo, err := models.GetRepositoryByName(repoUser.Id, repoName)
  123. if err != nil {
  124. println("Get repository error:", err)
  125. qlog.Fatal("Get repository error: " + err.Error())
  126. }
  127. if !repo.IsPrivate {
  128. break
  129. }
  130. has, err := models.HasAccess(user.Name, path.Join(repoUserName, repoName), models.AU_READABLE)
  131. if err != nil {
  132. println("Inernel error")
  133. qlog.Fatal(err)
  134. }
  135. if !has {
  136. has, err = models.HasAccess(user.Name, repoPath, models.AU_WRITABLE)
  137. if err != nil {
  138. println("Inernel error")
  139. qlog.Fatal(err)
  140. }
  141. }
  142. if !has {
  143. println("You have no right to access this repository")
  144. qlog.Fatal("You have no right to access this repository")
  145. }
  146. default:
  147. println("Unknown command")
  148. qlog.Fatal("Unknown command")
  149. }
  150. models.SetRepoEnvs(user.Id, user.Name, repoName)
  151. gitcmd := exec.Command(verb, repoPath)
  152. gitcmd.Dir = base.RepoRootPath
  153. gitcmd.Stdout = os.Stdout
  154. gitcmd.Stdin = os.Stdin
  155. gitcmd.Stderr = os.Stderr
  156. if err = gitcmd.Run(); err != nil {
  157. println("execute command error:", err.Error())
  158. qlog.Fatal("execute command error: " + err.Error())
  159. }
  160. //refName := os.Getenv("refName")
  161. //oldCommitId := os.Getenv("oldCommitId")
  162. //newCommitId := os.Getenv("newCommitId")
  163. //qlog.Error("get envs:", refName, oldCommitId, newCommitId)
  164. // update
  165. //models.Update(refName, oldCommitId, newCommitId, repoUserName, repoName, user.Id)
  166. }