Commit-Graf

1152 Incheckningar

Upphovsman SHA1 Meddelande Datum
Jason A. Donenfeld
b826537cb4 authentication: use hidden form instead of referer
This also gives us some CSRF protection. Note that we make use of the
hmac to protect the redirect value.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16 12:13:39 +01:00
Jason A. Donenfeld
d6e9200cc3 auth: add basic authentication filter framework
This leverages the new lua support. See
filters/simple-authentication.lua for explaination of how this works.
There is also additional documentation in cgitrc.5.txt.

Though this is a cookie-based approach, cgit's caching mechanism is
preserved for authenticated pages.

Very plugable and extendable depending on user needs.

The sample script uses an HMAC-SHA1 based cookie to store the
currently logged in user, with an expiration date.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16 02:28:12 +01:00
Lukas Fleischer
3741254a69 t0111: Additions and fixes
* Rename the capitalize-* filters to dump.* since they also dump the
  arguments.

* Add full argument validation to the email filters.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-16 00:53:18 +01:00
Lukas Fleischer
2a7dd4bf67 parsing.c: Remove leading space from committer
This did not really break anything in the past since spaces are ignored
when rendering HTML. Remove the preceding space anyway to prevent from
potential future problems.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-16 00:53:08 +01:00
Lukas Fleischer
c01fb69fc9 Add .mailmap
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-15 23:18:04 +01:00
Lukas Fleischer
caf557a2ba t0111: Add basic tests for Lua filters
* Validate the email filter by manipulating stdin. Additional checks for
  all the arguments can be added in a later patch.

* Add the exec prefix to all informational messages.

* Rename the filter repository to filter-exec. The Git repository itself
  is not renamed since it can be shared amongst all filter types.

* In the filter checks, check whether all arguments are passed properly
  instead of validating the buffer/stdin only.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-15 14:45:21 +01:00
Christian Hesse
8ae1d8b8fd email-gravatar: fix html syntax issues
an attribute value specification must be an attribute value literal
unless SHORTTAG YES is specified
2014-01-15 14:43:02 +01:00
Jason A. Donenfeld
5bda21faf4 email-gravatar: do not scale icons up
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 18:57:51 +01:00
Jason A. Donenfeld
6ca734da8f filter: allow returning exit code from filter
Filters can now indicate a status back to cgit by means of the exit code
for exec, or the return value from close for Lua.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 18:09:52 +01:00
Lukas Fleischer
ce56d89a26 tests/: Add t0111-filter.sh
This adds basic tests for all types of exec filters.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-14 13:55:53 +01:00
Christian Hesse
1167dbb95b email-gravatar: fix html syntax issues
* make ampersand a html entity
* add required alt attribute
* add required img end tag
2014-01-14 13:55:44 +01:00
Christian Hesse
46176eca7f email-gravatar.py: fix UTF-8 2014-01-14 13:55:35 +01:00
Christian Hesse
50287e7912 email-gravatar.lua: fix for lua 5.2 2014-01-14 13:55:25 +01:00
Jason A. Donenfeld
a9a7f68244 makefile: only display lua message once
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 13:47:28 +01:00
Jason A. Donenfeld
027e88a1a1 README: document lua makefile flags
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 03:48:23 +01:00
Lukas Fleischer
70546a3458 cgitrc.5.txt: Fix documentation of the snapshot mask
Mention that the snapshot setting only specifies the formats that links
are generated for and not the set of formats that are accessible via
HTTP.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-14 02:30:01 +01:00
Jason A. Donenfeld
3488d12405 makefile: auto-detect presence of various Lua, bsd
We favor LuaJIT over Lua. We disable Lua if neither can be found. We
error out if a particular Lua is specified via LUA_IMPLEMENTATION=JIT or
LUA_IMPLEMENTATION=VANILLA, but cannot be found. We print a status
message depending on what happens.

Also, we do not link against libdl on the BSDs, since they include it as
part of libc.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 02:00:07 +01:00
Jason A. Donenfeld
d3c0370a3f filter: style tweaks
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 02:00:07 +01:00
Jason A. Donenfeld
786609bd36 filter: add page source to email filter
Since the email filter is called from lots of places, the script might
benefit from knowing the origin. That way it can modify its contents
and/or size depending.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 02:00:07 +01:00
Jason A. Donenfeld
e942a1622b filter: add gravatar scripts
The lua one is hugely faster than the python one, but both are included
for comparison.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 02:00:07 +01:00
Jason A. Donenfeld
a5e1553726 filter: add support for email filter
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 02:00:07 +01:00
Jason A. Donenfeld
800380dde7 filter: return on null filter from open and close
So that we don't have to include the if(filter) open_filter(filter)
block everywhere, we introduce the guard in the function itself. This
should simplify quite a bit of code.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 02:00:07 +01:00
Jason A. Donenfeld
f43b228d0b filter: add lua support
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 02:00:07 +01:00
Jason A. Donenfeld
e83b51b4f6 filter: basic write hooking infrastructure
Filters can now call hook_write and unhook_write if they want to
redirect writing to stdout to a different function. This saves us from
potential file descriptor pipes and other less efficient mechanisms.

We do this instead of replacing the call in html_raw because some places
stdlib's printf functions are used (ui-patch or within git itself),
which has its own internal buffering, which makes it difficult to
interlace our function calls. So, we dlsym libc's write and then
override it in the link stage.

While we're at it, we move considerations of argument count into the
generic new filter handler.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 02:00:07 +01:00
Jason A. Donenfeld
d750c7a2c9 filter: allow for cleanup hook for filter types
At some point, we're going to want to do lazy deallocation of filters.
For example, if we implement lua, we'll want to load the lua runtime
once for each filter, even if that filter is called many times.
Similarly, for persistent exec filters, we'll want to load it once,
despite many open_filter and close_filter calls, and only reap the child
process at the end of the cgit process. For this reason, we add here a
cleanup function that is called at the end of cgit's main().

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 02:00:07 +01:00
John Keeping
4bb87cbf17 filter: introduce "filter type" prefix
This allows different filter implementations to be specified in the
configuration file.  Currently only "exec" is supported, but it may now
be specified either with or without the "exec:" prefix.

Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-14 02:00:07 +01:00
John Keeping
7bd90b8048 filter: add interface layer
Change the existing cgit_{open,close,fprintf}_filter functions to
delegate to filter-specific implementations accessed via function
pointers on the cgit_filter object.

We treat the "exec" filter type slightly specially here by putting its
structure definition in the header file and providing an "init" function
to set up the function pointers.  This is required so that the
ui-snapshot.c code that applies a compression filter can continue to use
the filter interface to do so.

Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-14 02:00:07 +01:00
John Keeping
632efb25c0 filter: add fprintf_filter function
This stops the code in cgit.c::print_repo needing to inspect the
cgit_filter structure, meaning that we can abstract out different filter
types that will have different fields that need to be printed.

Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-14 02:00:07 +01:00
Jason A. Donenfeld
ed3497b0de authors: specify maintainers
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 02:00:07 +01:00
Stefan Tatschner
ceffeb5d52 filters: Improved syntax-highlighting.py
- Switched back to python2 according to a problem in pygments with python3.
  With the next release of pygments this problem should be fixed.
  Issue see here:
  https://bitbucket.org/birkenfeld/pygments-main/issue/901/problems-with-python3
- Just read the stdin, decode it to utf-8 and ignore unknown signs. This ensures
  that even destroyed files do not cause any errors in the filter.
- Improved language guessing:
  -> At first use guess_lexer_for_filename for a better detection of the used
     programming languages (even mixed cases will be detected, e.g. php + html).
  -> If nothing was found look if there is a shebang and use guess_lexer.
  -> As default/fallback choose TextLexer.

Signed-off-by: Stefan Tatschner <stefan@sevenbyte.org>
2014-01-13 22:48:51 +01:00
John Keeping
a52aaa90da tests: add CGIT_TEST_OPTS variable to Makefile
This allows running the entire test suite with a set of command-line
options.  For example:

	make test CGIT_TEST_OPTS=--valgrind

Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12 23:03:54 +01:00
John Keeping
1de6591159 ui-repolist: HTML-escape cgit_rooturl() response
This is for consistency with other callers.  The value returned from
cgit_rooturl is not guaranteed to be HTML-safe.

Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12 23:02:41 +01:00
John Keeping
a45030f8ee ui-shared: URL-escape script_name
As far as I know, there is no requirement that $SCRIPT_NAME contain only
URL-safe characters, so we need to make sure that any special characters
are escaped.

Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12 23:02:19 +01:00
John Keeping
d1a6ece439 ui-refs: escape HTML chars in author and tagger names
Everywhere else we use html_txt to escape any special characters in
these variables.  Do so here as well.

Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12 23:02:02 +01:00
John Keeping
3d8a6507ca filter: pass extra arguments via cgit_open_filter
This avoids poking into the filter data structure at various points in
the code.  We rely on the fact that the number of arguments is fixed
based on the filter type (set in cgit_new_filter) and that the call
sites all know which filter type they're using.

Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12 20:20:20 +01:00
John Keeping
da218fcd9e ui-snapshot: set unused cgit_filter fields to zero
By switching the assignment of fields in the cgit_filter structure to
use designated initializers, the compiler will initialize all other
fields to their default value.  This will be needed when we add the
extra_args field in the next patch.

Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12 20:16:33 +01:00
John Keeping
fd31aa6930 html: remove redundant htmlfd variable
This is never changed from STDOUT_FILENO, so just use that value
directly.

Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12 20:15:55 +01:00
John Keeping
1b1974c45e tests: add Valgrind support
Now running tests with the "--valgrind" option will run cgit under
Valgrind instead of all Git commands.

Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12 19:33:03 +01:00
John Keeping
382ecf152e cache: don't leave cache_slot fields uninitialized
Valgrind says:

==18344== Conditional jump or move depends on uninitialised value(s)
==18344==    at 0x406C83: open_slot (cache.c:63)
==18344==    by 0x407478: cache_ls (cache.c:403)
==18344==    by 0x404C9A: process_request (cgit.c:639)
==18344==    by 0x406BD2: fill_slot (cache.c:190)
==18344==    by 0x4071A0: cache_process (cache.c:284)
==18344==    by 0x404461: main (cgit.c:952)
==18344==  Uninitialised value was created by a stack allocation
==18344==    at 0x40738B: cache_ls (cache.c:375)

This is caused by the keylen field being used to calculate whether or
not a slot is matched.  We never then check the value of this and the
length of data read depends on the key length read from the file so this
isn't dangerous, but it's nice to avoid branching based on uninitialized
data.

Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12 19:32:20 +01:00
Jason A. Donenfeld
3eae406934 filter: split filter functions into their own file
A first step for more interesting things.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-10 17:45:43 +01:00
Jason A. Donenfeld
b67ea0c022 filter: make exit status local
It's only used in one place, and not useful to have around since
close_filter will die() if exit_status isn't what it expects, anyway. So
this is best as just a local variable instead of as part of the struct.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-10 17:45:43 +01:00
Jason A. Donenfeld
d01a6eec43 parsing: fix header typo 2014-01-10 17:45:43 +01:00
Lukas Fleischer
c96becc1e5 cgit.c: Fix comment on bit mask hack
* Formatting and spelling fixes.

* A bit mask with the size of one byte only allows for storing 8 (not
  255!) different flags.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-10 17:06:24 +01:00
Lukas Fleischer
441e748564 cgit.c: Use "else" for mutually exclusive branches
When parsing command line arguments, no pair of command line options can
ever match simultaneously. Use "else if" blocks to reflect this. This
change improves both readability and speed.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-10 17:05:34 +01:00
Lukas Fleischer
e711679618 ui-snapshot.c: Do not reinvent suffixcmp()
Use suffixcmp() from Git instead of reimplementing it. This is a
preparation for moving to ends_with() in Git 1.8.6.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-10 17:04:43 +01:00
Lukas Fleischer
f04b8d5c99 Refactor cgit_parse_snapshots_mask()
Use Git string lists instead of str{spn,cspn,ncmp}() magic. This
significantly improves readability.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-10 17:04:14 +01:00
Lukas Fleischer
2abce4300b Disallow use of undocumented snapshot delimiters
Since the introduction of selective snapshot format configuration in
dc3c9b5 (allow selective enabling of snapshots, 2007-07-21), we allowed
seven different delimiters for snapshot formats, while the documentation
has always been clear about spaces being the only valid delimiter:

    The value is a space-separated list of zero or more of the values
    "tar", "tar.gz", "tar.bz2", "tar.xz" and "zip".

Supporting the undocumented delimiters makes the code unnecessarily
complex. Remove them.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-10 17:03:18 +01:00
Lukas Fleischer
36bdb2171f Replace most uses of strncmp() with prefixcmp()
This is a preparation for replacing all prefix checks with either
strip_prefix() or starts_with() when Git 1.8.6 is released.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-10 17:01:29 +01:00
Lukas Fleischer
d523dacc3b README: Fix dependencies
* Remove the dependency on Git (which can be obtained automatically when
  building, using either the Git submodule or `make get-git`).

* Use proper upstream names of dependencies.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-09 19:55:28 +01:00
Lukas Fleischer
e2416259ef README: Spelling and formatting fixes
* Several small spelling and capitalization fixes.

* Use consistent and better-looking formatting that is compatible with
  AsciiDoc (and partly compatible with RST).

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-08 22:22:12 +01:00