Mercurial > p > roundup > code

annotate scripts/server-ctl @ 5257:928512faf565

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- issue2550864: Potential information leakage via journal/history Original code didn't fully implement the security checks. Users with only Edit access on a property were not able to view the journal entry for the property. This patch fixes that. Also had additional info leakage: the target object of a link or multilink must be viewable or editable in order for the journal entry to be shown. Otherwise the existance of the target is exposed via the journal while it is blocked from searches, direct access etc.
author John Rouillard <rouilj@ieee.org>
date Sun, 27 Aug 2017 00:19:48 -0400
parents 311ad623e2d1
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1646
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1 #!/bin/sh
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 #
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
4 # Configuration
3595
311ad623e2d1 use server configuration file [SF#1443805]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1646
diff changeset
5 #
311ad623e2d1 use server configuration file [SF#1443805]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1646
diff changeset
6 CONFFILE="/var/roundup/server-config.ini"
1646
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
7
3595
311ad623e2d1 use server configuration file [SF#1443805]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1646
diff changeset
8 # this will end up with extra space, but it should be ignored in the script
311ad623e2d1 use server configuration file [SF#1443805]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1646
diff changeset
9 PIDFILE=`grep '^pidfile' ${CONFFILE} | awk -F = '{print $2}' `
311ad623e2d1 use server configuration file [SF#1443805]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1646
diff changeset
10 SERVER="/usr/local/bin/roundup-server -C ${CONFFILE}"
1646
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
11 ERROR=0
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12 ARGV="$@"
3595
311ad623e2d1 use server configuration file [SF#1443805]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1646
diff changeset
13 if [ "x$ARGV" = "x" ] ; then
1646
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
14 ARGS="help"
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
15 fi
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
16
3595
311ad623e2d1 use server configuration file [SF#1443805]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1646
diff changeset
17 if [ -z "${PIDFILE}" ] ; then
311ad623e2d1 use server configuration file [SF#1443805]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1646
diff changeset
18 echo "pidfile option must be set in configuration file"
311ad623e2d1 use server configuration file [SF#1443805]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1646
diff changeset
19 exit 1
311ad623e2d1 use server configuration file [SF#1443805]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1646
diff changeset
20 fi
311ad623e2d1 use server configuration file [SF#1443805]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1646
diff changeset
21
1646
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
22 for ARG in $@ $ARGS
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
23 do
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
24 # check for pidfile
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
25 if [ -f $PIDFILE ] ; then
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
26 PID=`cat $PIDFILE`
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
27 if [ "x$PID" != "x" ] && kill -0 $PID 2>/dev/null ; then
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
28 STATUS="roundup-server (pid $PID) running"
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
29 RUNNING=1
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
30 else
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
31 STATUS="roundup-server (pid $PID?) not running"
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
32 RUNNING=0
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
33 fi
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
34 else
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
35 STATUS="roundup-server (no pid file) not running"
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
36 RUNNING=0
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
37 fi
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
38
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
39 case $ARG in
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
40 start)
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
41 if [ $RUNNING -eq 1 ] ; then
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
42 echo "$0 $ARG: roundup-server (pid $PID) already running"
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
43 continue
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
44 fi
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
45 if $SERVER ; then
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
46 echo "$0 $ARG: roundup-server started"
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
47 else
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
48 echo "$0 $ARG: roundup-server could not be started"
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
49 ERROR=1
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
50 fi
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
51 ;;
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
52 condstart)
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
53 if [ $RUNNING -eq 1 ] ; then
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
54 continue
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
55 fi
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
56 if $SERVER ; then
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
57 echo "$0 $ARG: roundup-server started"
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
58 else
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
59 echo "$0 $ARG: roundup-server could not be started"
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
60 ERROR=1
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
61 fi
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
62 ;;
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
63 stop)
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
64 if [ $RUNNING -eq 0 ] ; then
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
65 echo "$0 $ARG: $STATUS"
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
66 continue
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
67 fi
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
68 if kill $PID ; then
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
69 echo "$0 $ARG: roundup-server stopped"
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
70 else
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
71 echo "$0 $ARG: roundup-server could not be stopped"
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
72 ERROR=2
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
73 fi
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
74 ;;
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
75 status)
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
76 echo $STATUS
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
77 ;;
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
78 *)
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
79 echo "usage: $0 (start|condstart|stop|status)"
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
80 cat <<EOF
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
81
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
82 start - start roundup-server
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
83 condstart - start roundup-server if it's not running
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
84 stop - stop roundup-server
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
85 status - display roundup-server status
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
86
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
87 EOF
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
88 ERROR=3
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
89 ;;
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
90
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
91 esac
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
92
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
93 done
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
94
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
95 exit $ERROR
adc076b825a1 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
96
Roundup Issue Tracker: http://roundup-tracker.org/