From 25ba9b74ee5eeddf7cbc6a9c3d3770bbf9653d7f Mon Sep 17 00:00:00 2001 From: Richard Ipsum Date: Fri, 10 Jul 2015 22:13:29 +0100 Subject: Fix empty command bug This fixes a bug that causes gitano to crash when it's given an empty command list Opening and closing of the log should be done in the application, so it can log before checking for authorization, log after, and clean up at the end --- bin/gitano-auth.in | 7 ++++++- bin/gitano-command.cgi.in | 8 +++++++- bin/gitano-smart-http.cgi.in | 10 +++++++++- 3 files changed, 22 insertions(+), 3 deletions(-) (limited to 'bin') diff --git a/bin/gitano-auth.in b/bin/gitano-auth.in index 2190ae0..2ec6c45 100644 --- a/bin/gitano-auth.in +++ b/bin/gitano-auth.in @@ -20,6 +20,10 @@ local sp = require "luxio.subprocess" -- @@GITANO_SHARE_PATH -- @@GITANO_PLUGIN_PATH +local start_log_level = gitano.log.get_level() +gitano.log.cap_level(gitano.log.level.INFO) +local transactionid = gitano.log.syslog.open() + local repo_root, user, keytag = ... gitano.config.repo_path(repo_root) @@ -31,7 +35,8 @@ if cmdline:match("^[ \t\n]*$") then end local authorized, cmd, parsed_cmdline, config, env, repo = - gitano.auth.is_authorized(user, "ssh", cmdline, repo_root) + gitano.auth.is_authorized(user, "ssh", cmdline, repo_root, + transactionid, start_log_level) if authorized then local exit = gitano.util.run_command(cmd, cmdline, parsed_cmdline, diff --git a/bin/gitano-command.cgi.in b/bin/gitano-command.cgi.in index 2fa1db2..94c5dd5 100755 --- a/bin/gitano-command.cgi.in +++ b/bin/gitano-command.cgi.in @@ -52,9 +52,13 @@ if os.getenv("QUERY_STRING") then local user = os.getenv("REMOTE_USER") or "gitano/anonymous" gitano.log.buffer_output() + local start_log_level = gitano.log.get_level() + gitano.log.cap_level(gitano.log.level.INFO) + local transactionid = gitano.log.syslog.open() local authorized, cmd, parsed_cmdline, config, env, repo = - gitano.auth.is_authorized(user, "http", cmdline, os.getenv("GITANO_ROOT")) + gitano.auth.is_authorized(user, "http", cmdline, os.getenv("GITANO_ROOT"), + transactionid, start_log_level) if authorized then local exit = gitano.util.run_command(cmd, cmdline, parsed_cmdline, @@ -67,6 +71,8 @@ if os.getenv("QUERY_STRING") then stdout:write("Status: 403 Forbidden\r\n\r\n") stdout:write(gitano.log.get_buffered_output() or "") end + + gitano.log.syslog.close() else stdout:write("Status: 400 Bad request\r\n\r\n") stdout:write("Malformed command line, format: ?cmd=arg0 arg1 ... argn\n") diff --git a/bin/gitano-smart-http.cgi.in b/bin/gitano-smart-http.cgi.in index f294b28..6f8fdee 100755 --- a/bin/gitano-smart-http.cgi.in +++ b/bin/gitano-smart-http.cgi.in @@ -59,8 +59,14 @@ if request_method == "GET" or request_method == "POST" then local user = os.getenv("REMOTE_USER") or "gitano/anonymous" local cmdline = parse_request(request_method) + local start_log_level = gitano.log.get_level() + gitano.log.cap_level(gitano.log.level.INFO) + local transactionid = gitano.log.syslog.open() + if cmdline and gitano.auth.is_authorized(user, "http", cmdline, - os.getenv("GITANO_ROOT")) then + os.getenv("GITANO_ROOT"), + transactionid, + start_log_level) then local proc = subprocess.spawn_simple({"git", "http-backend"}) local exit_code @@ -72,6 +78,8 @@ if request_method == "GET" or request_method == "POST" then else stdout:write("Status: 403 Forbidden\r\n\r\n") end + + gitano.log.syslog.close() else stdout:write("Status: 405 Method Not Allowed\r\n") stdout:write("Allow: GET, POST\r\n\r\n") -- cgit v1.2.1