Yak, a bunch of changes for cvs access to project repos that have been

marked publically readable. Anon users trying to find a project repo are silently redirected over the ops web server. Some really disgusting stuff in cvsweb.cgi; do not look! Note we now install cvsweb and friends into ops:/usr/testbed/www/cvsweb

Yak, a bunch of changes for cvs access to project repos that have been
marked publically readable. Anon users trying to find a project repo are silently redirected over the ops web server. Some really disgusting stuff in cvsweb.cgi; do not look! Note we now install cvsweb and friends into ops:/usr/testbed/www/cvsweb
e25f49bb · Leigh B. Stoller · 84c1df2d · e25f49bb · e25f49bb · e25f49bb
Commit e25f49bb authored Sep 02, 2005 by Leigh B. Stoller
4 changed files
--- a/www/cvsweb/cvsweb-ops.conf
+++ b/www/cvsweb/cvsweb-ops.conf
--- a/www/cvsweb/cvsweb.cgi
+++ b/www/cvsweb/cvsweb.cgi
@@ -46,7 +46,7 @@
 # SUCH DAMAGE.
 #
 # $FreeBSD: projects/cvsweb/cvsweb.cgi,v 1.119.2.6 2002/09/26 20:56:05 scop Exp $
-# $Id: cvsweb.cgi,v 1.4 2005-09-01 18:11:43 stoller Exp $
+# $Id: cvsweb.cgi,v 1.5 2005-09-02 22:07:23 stoller Exp $
 # $Idaemons: /home/cvs/cvsweb/cvsweb.cgi,v 1.84 2001/10/07 20:50:10 knu Exp $
 #
 ###
@@ -358,11 +358,39 @@ if (defined($input{"content-type"})) {
 	    if ($input{"content-type"} !~ /^[-0-9A-Za-z]+\/[-0-9A-Za-z]+$/);
 }

+# Emulab Hacks!
 if (@ARGV && $ARGV[0] eq "-repo") {
    $license = undef;
    @CVSrepositories = (
 	'top'   => [$ARGV[1], $ARGV[1]],
    );
+    $cvstreedefault = $CVSrepositories[2 * 0];    # The first one
+}
+elsif (! -e @{$CVSrepositories[1]}[1] . "/CVSROOT") {
+    my $dh = do { local (*DH); };
+    my $topdir = @{$CVSrepositories[1]}[1];
+    
+    opendir($dh, $topdir) or
+	fatal("404 Not Found", '%s: %s', $topdir, $!);
+    my @dirfiles = readdir($dh);
+    closedir($dh);
+    
+    @CVSrepositories = ();
+
+    foreach my $dir (@dirfiles) {
+	my $rdir = "$topdir/$dir";
+
+	next
+	    if ($dir eq "." || $dir eq "..");
+
+	if (-r $rdir && -e "$rdir/CVSROOT") {
+	    push(@CVSrepositories, $dir => [$dir, $rdir]);
+	}
+    }
+    if (! @CVSrepositories) {
+	fatal("404 Not Found", '%s: %s', $topdir, $!);
+    }
+    $cvstreedefault = $CVSrepositories[2 * 0];    # The first one
 }
 $DEFAULTVALUE{'cvsroot'} = $cvstreedefault;

@@ -662,7 +690,7 @@ if (-d $fullname) {
 	# give direct access to dirs
 	if ($where eq '/') {
 		chooseMirror ();
-		#chooseCVSRoot ();
+                #chooseCVSRoot ();
 	} else {
 		print "<p>Current directory: <b>", &clickablePath($where, 0),
 		    "</b></p>\n";

--- a/www/cvsweb/cvsweb.conf
+++ b/www/cvsweb/cvsweb.conf
@@ -9,7 +9,7 @@
 #          based on work by Bill Fenner  <fenner@FreeBSD.org>
 #
 # $FreeBSD: projects/cvsweb/cvsweb.conf,v 1.36.2.3 2002/09/23 05:30:17 scop Exp $
-# $Id: cvsweb.conf,v 1.5 2005-09-01 18:11:43 stoller Exp $
+# $Id: cvsweb.conf,v 1.6 2005-09-02 22:07:23 stoller Exp $
 # $Idaemons: /home/cvs/cvsweb/cvsweb.conf,v 1.27 2001/08/01 09:48:39 knu Exp $
 #
 ###
@@ -117,7 +117,7 @@ $mancgi =
 	# hidecvsroot: Don't show the CVSROOT directory
 	#   1      Hide CVSROOT directory
 	#   0      Show CVSROOT directory
-	"hidecvsroot" => "1",
+	"hidecvsroot" => "0",

 	# hidenonreadable: Don't show entries which cannot be read
 	#   1      Hide non-readable entries

--- a/www/cvsweb/cvsweb.php3
+++ b/www/cvsweb/cvsweb.php3
@@ -12,13 +12,10 @@ chdir("../");
 require("defs.php3");

 #
-# Only known and logged in users can do this.
+# We look for anon access, and if so, redirect to ops web server.
+# WARNING: See the LOGGEDINORDIE() calls below.
 #
 $uid = GETLOGIN();
-LOGGEDINORDIE($uid);
-
-# Just for project specific 
-$scriptargs = "";

 #
 # Verify form arguments.
@@ -30,14 +27,36 @@ if (isset($pid) && $pid != "") {
    if (!TBvalid_pid($pid)) {
 	PAGEARGERROR("Invalid project ID.");
    }
+    # Redirect now, to avoid phishing.
+    if ($uid) {
+	LOGGEDINORDIE($uid);
+    }
+    else {
+	$url = $OPSCVSURL . "?cvsroot=$pid";
+	
+	header("Location: $url");
+	return;
+    }
    if (! TBValidProject($pid)) {
 	USERERROR("The project '$pid' is not a valid project.", 1);
    }
-    if (! TBProjAccessCheck($uid, $pid, $pid, $TB_PROJECT_READINFO)) {
-	USERERROR("You are not a member of Project $pid.", 1);
+    if (! ISADMIN($uid) &&
+	! TBProjAccessCheck($uid, $pid, $pid, $TB_PROJECT_READINFO)) {
+	# Then check to see if the project cvs repo is public.
+	$query_result =
+	    DBQueryFatal("select cvsrepo_public from projects ".
+			 "where pid='$pid'");
+	if (!mysql_num_rows($query_result)) {
+	    TBERROR("Error getting cvsrepo_public bit", 1);
+	}
+ 	$row = mysql_fetch_array($query_result);
+	if ($row[0] == 0) {
+	    USERERROR("You are not a member of Project $pid.", 1);
+	}
    }
 }
 else {
+    LOGGEDINORDIE($uid);
    if (! TBCvswebAllowed($uid)) {
        USERERROR("You do not have permission to use cvsweb!", 1);
    }
@@ -95,7 +114,7 @@ $shellcmd = "env PATH=./cvsweb/ QUERY_STRING=$query PATH_INFO=$path " .
 if (isset($pid)) {
  # I know, I added an argument to a script that is not supposed to
  # take any. So be it; it was easy.
-  $shellcmd .= "$TBSUEXEC_PATH $uid $pid webcvsweb -repo /proj/$pid/CVS";
+  $shellcmd .= "$TBSUEXEC_PATH $uid $pid webcvsweb -repo $TBCVSREPO_DIR/$pid";
 }
 else {
  $shellcmd .= "$script";