gitolite/contrib/adc/rsync

#!/usr/bin/perl

# 'rsync' helper ADC.  See bottom of this file for more info

use strict;
use warnings;

BEGIN {
    die "ENV GL_RC not set\n" unless $ENV{GL_RC};
    die "ENV GL_BINDIR not set\n" unless $ENV{GL_BINDIR};
    unshift @INC, $ENV{GL_BINDIR};
}
use gitolite_rc;
use gitolite;

my $cmd = $ENV{SSH_ORIGINAL_COMMAND};

# test the command patterns; reject if they don't fit.  Rsync sends
# commands that looks like one of these to the server (the first one is
# for a read, the second for a write)
#   rsync --server --sender -some.flags . some/path
#   rsync --server -some.flags . some/path

die "bad rsync command: $cmd"
    unless $cmd =~ /^rsync --server( --sender)? -[\w.]+(?: --(?:delete|partial))* \. (\S+)$/;
my $perm = "W";
$perm = "R" if $1;
my $path = $2;
die "I dont like some of the characters in $path\n" unless $path =~ $REPONAME_PATT;
    # XXX make a better pattern for this if people complain ;-)
die "I dont like absolute paths in $cmd\n" if $path =~ /^\//;
die "I dont like '..' paths in $cmd\n" if $path =~ /\.\./;

# ok now check if we're permitted to execute a $perm action on $path
# (taken as a refex) using rsync.

check_access('EXTCMD/rsync', "NAME/$path", $perm);
    # that should "die" if there's a problem

wrap_chdir($RSYNC_BASE);
log_it();
exec $ENV{SHELL}, "-c", $ENV{SSH_ORIGINAL_COMMAND};

__END__

This is an rsync helper ADC.  It is an example of using gitolite's config
language, combined with the 'check_access()' function, to implement access
control for non-git software using a "fake" repo.  For historical reasons,
fake repos start with "EXTCMD/".  Gitolite does not auto-create fake repos, so
you can use those as namespaces to hold collections of rules for various
purposes.

So here's a fake git repository to collect rsync rules in one place.  It grant
permissions to files/dirs within the $RSYNC_BASE tree.  A leading NAME/ is
required as a prefix; the actual path starts after that.  Matching follows the
same rules as given in "FILE/DIR NAME BASED RESTRICTIONS" elsewhere in the
gitolite documentation.

    repo    EXTCMD/rsync
        RW  NAME/                       =   sitaram
        RW  NAME/foo/                   =   user1
        R   NAME/bar/                   =   user2
        RW  NAME/baz/.*/.*\.c$          =   user3
some nice ADC changes... (warning: minor backward compat breakage) - support for ADCs with unchecked arguments - rsync, htpasswd, and svnserve gone from core; turned into ADCs Backward compat breakage and fix: Please see documentation for details, but if you're using gitolite to control rsync you will now need to setup ADCs (admin defined commands), and install at least the new "rsync" ADC. ---- Thanks to Joey Hess (see commit prior to this) for forcing me to stop being lazy and get this out of my long term todo list. 2011-10-17 03:11:40 +02:00			`#!/usr/bin/perl`

			`# 'rsync' helper ADC. See bottom of this file for more info`

			`use strict;`
			`use warnings;`

			`BEGIN {`
			`die "ENV GL_RC not set\n" unless $ENV{GL_RC};`
			`die "ENV GL_BINDIR not set\n" unless $ENV{GL_BINDIR};`
			`unshift @INC, $ENV{GL_BINDIR};`
			`}`
			`use gitolite_rc;`
			`use gitolite;`

			`my $cmd = $ENV{SSH_ORIGINAL_COMMAND};`

			`# test the command patterns; reject if they don't fit. Rsync sends`
			`# commands that looks like one of these to the server (the first one is`
			`# for a read, the second for a write)`
			`# rsync --server --sender -some.flags . some/path`
			`# rsync --server -some.flags . some/path`

			`die "bad rsync command: $cmd"`
			`unless $cmd =~ /^rsync --server( --sender)? -[\w.]+(?: --(?:delete\|partial))* \. (\S+)$/;`
			`my $perm = "W";`
			`$perm = "R" if $1;`
			`my $path = $2;`
			`die "I dont like some of the characters in $path\n" unless $path =~ $REPONAME_PATT;`
			`# XXX make a better pattern for this if people complain ;-)`
			`die "I dont like absolute paths in $cmd\n" if $path =~ /^\//;`
			`die "I dont like '..' paths in $cmd\n" if $path =~ /\.\./;`

			`# ok now check if we're permitted to execute a $perm action on $path`
			`# (taken as a refex) using rsync.`

			`check_access('EXTCMD/rsync', "NAME/$path", $perm);`
			`# that should "die" if there's a problem`

			`wrap_chdir($RSYNC_BASE);`
			`log_it();`
			`exec $ENV{SHELL}, "-c", $ENV{SSH_ORIGINAL_COMMAND};`

			`__END__`

			`This is an rsync helper ADC. It is an example of using gitolite's config`
			`language, combined with the 'check_access()' function, to implement access`
			`control for non-git software using a "fake" repo. For historical reasons,`
			`fake repos start with "EXTCMD/". Gitolite does not auto-create fake repos, so`
			`you can use those as namespaces to hold collections of rules for various`
			`purposes.`

			`So here's a fake git repository to collect rsync rules in one place. It grant`
			`permissions to files/dirs within the $RSYNC_BASE tree. A leading NAME/ is`
			`required as a prefix; the actual path starts after that. Matching follows the`
			`same rules as given in "FILE/DIR NAME BASED RESTRICTIONS" elsewhere in the`
			`gitolite documentation.`

			`repo EXTCMD/rsync`
			`RW NAME/ = sitaram`
			`RW NAME/foo/ = user1`
			`R NAME/bar/ = user2`
			`RW NAME/baz/./.\.c$ = user3`