[PATCH 2/3] Add ability to authorize viewing a repository using

[valentin.haenel at gmx.de (Valentin Haenel)]

You can ignore this one, sorry.

* Valentin Haenel <valentin.haenel at gmx.de> [2012-10-16]:
> This provides a mechanism for cgit to query an external program for repository
> authorisation. An additional config variable 'authorization' is
> ---
>  cgit.c       |   24 ++++++++++++++++++++++++
>  cgit.h       |    1 +
>  cgitrc.5.txt |    6 ++++++
>  3 files changed, 31 insertions(+)
> 
> diff --git a/cgit.c b/cgit.c
> index 101954e12a..f06528215d 100644
> --- a/cgit.c
> +++ b/cgit.c
> @@ -123,6 +123,8 @@ void config_cb(const char *name, const char *value)
>  		ctx.cfg.readme = xstrdup(value);
>  	else if (!strcmp(name, "user-envvar"))
>  		ctx.cfg.user_envvar = xstrdup(value);
> +	else if (!strcmp(name, "authorization"))
> +		ctx.cfg.authorization = xstrdup(value);
>  	else if (!strcmp(name, "root-title"))
>  		ctx.cfg.root_title = xstrdup(value);
>  	else if (!strcmp(name, "root-desc"))
> @@ -372,6 +374,7 @@ static void prepare_context(struct cgit_context *ctx)
>  	ctx->cfg.summary_tags = 10;
>  	ctx->cfg.max_atom_items = 10;
>  	ctx->cfg.ssdiff = 0;
> +	ctx->cfg.authorization = "/bin/true";
>  	ctx->cfg.user_envvar = "REMOTE_USER";
>  	ctx->env.cgit_config = xstrdupn(getenv("CGIT_CONFIG"));
>  	ctx->env.http_host = xstrdupn(getenv("HTTP_HOST"));
> @@ -545,6 +548,27 @@ static void process_request(void *cbdata)
>  		return;
>  	}
>  
> +	/* Here we do the authorization check.
> +	 *
> +	 * TODO
> +	 * ----
> +	 *  * figure out if this is the correct place to do the check
> +	 *  * check that the authorization script exists and is executable
> +	 *
> +	 */
> +	if (ctx->repo && system(fmt("%s %s %s",
> +					ctx->cfg.authorization,
> +					ctx->repo->name,
> +					ctx->env.remote_user)) != 0) {
> +		cgit_print_http_headers(ctx);
> +		cgit_print_docstart(ctx);
> +		cgit_print_pageheader(ctx);
> +		cgit_print_error(fmt("Authorization failed for repo: '%s' and user: '%s'",
> +					ctx->repo->name, ctx->env.remote_user));
> +		cgit_print_docend();
> +		exit(1);
> +	}
> +
>  	if (ctx->repo && prepare_repo_cmd(ctx))
>  		return;
>  
> diff --git a/cgit.h b/cgit.h
> index 369dd8af8b..43f4f562f3 100644
> --- a/cgit.h
> +++ b/cgit.h
> @@ -166,6 +166,7 @@ struct cgit_query {
>  struct cgit_config {
>  	char *agefile;
>  	char *user_envvar;
> +	char *authorization;
>  	char *cache_root;
>  	char *clone_prefix;
>  	char *clone_url;
> diff --git a/cgitrc.5.txt b/cgitrc.5.txt
> index cd7327a4b3..d864289502 100644
> --- a/cgitrc.5.txt
> +++ b/cgitrc.5.txt
> @@ -40,6 +40,12 @@ agefile::
>  	function in libgit. Recommended timestamp-format is "yyyy-mm-dd
>  	hh:mm:ss". Default value: "info/web/last-modified".
>  
> +authorization::
> +	Specifies a path to authorization executable. The executable must take two
> +	arguments: "<repository> <user> [<permissions>]". The permission is the
> +	type of permission we wish to check for, e.g. "R" or "RW" or "RW+". A
> +	common use case is to call gitolite through this machinery.
> +
>  cache-root::
>  	Path used to store the cgit cache entries. Default value:
>  	"/var/cache/cgit". See also: "MACRO EXPANSION".
> -- 
> 1.7.9.5
>