gitolite/src/gl-auth-command

#!/usr/bin/perl

use strict;
use warnings;

# === auth-command ===
# the command that GL users actually run

# part of the gitolite (GL) suite

# how run:      via sshd, being listed in "command=" in ssh authkeys
# when:         every login by a GL user
# input:        $1 is GL username, plus $SSH_ORIGINAL_COMMAND
# output:
# security:
#     - currently, we just make some basic checks, copied from gitosis

# robustness:

# other notes:

# ----------------------------------------------------------------------------
#       common definitions
# ----------------------------------------------------------------------------


# these are set by the "rc" file
our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $GL_ADMINDIR);
# and these are set by gitolite.pm
our ($R_COMMANDS, $W_COMMANDS, $REPONAME_PATT);
our %repos;

# the common setup module is in the same directory as this running program is
my $bindir = $0;
$bindir =~ s/\/[^\/]+$//;
require "$bindir/gitolite.pm";

# ask where the rc file is, get it, and "do" it
&where_is_rc();
die "parse $ENV{GL_RC} failed: "       . ($! or $@) unless do $ENV{GL_RC};

# add a custom path for git binaries, if specified
$ENV{PATH} .= ":$GIT_PATH" if $GIT_PATH;

# ----------------------------------------------------------------------------
#       start...
# ----------------------------------------------------------------------------

# first, fix the biggest gripe I have with gitosis, a 1-line change
my $user=$ENV{GL_USER}=shift;       # there; now that's available everywhere!

# ----------------------------------------------------------------------------
#       sanity checks on SSH_ORIGINAL_COMMAND
# ----------------------------------------------------------------------------

# SSH_ORIGINAL_COMMAND must exist; if not, we die with a nice message
unless ($ENV{SSH_ORIGINAL_COMMAND}) {
    &report_basic($GL_ADMINDIR, $GL_CONF_COMPILED, $user);
    exit 1;
}

my $cmd = $ENV{SSH_ORIGINAL_COMMAND};
my $repo_base_abs = ( $REPO_BASE =~ m(^/) ? $REPO_BASE : "$ENV{HOME}/$REPO_BASE" );

# ----------------------------------------------------------------------------
#       get and set perms for actual repo created by wildcard-autoviv
# ----------------------------------------------------------------------------

my $CUSTOM_COMMANDS=qr/^\s*(expand|getperms|setperms)\s/;

# note that all the subs called here chdir somewhere else and do not come
# back; they all blithely take advantage of the fact that processing custom
# commands is sort of a dead end for normal (git) processing

if ($cmd =~ $CUSTOM_COMMANDS) {
    my ($verb, $repo) = ($cmd =~ /^\s*(\S+)\s+\/?(.*?)(?:.git)?$/);
    if ($repo =~ $REPONAME_PATT and $verb =~ /getperms|setperms/) {
        # with an actual reponame, you can "getperms" or "setperms"
        get_set_perms($repo_base_abs, $repo, $verb, $user);
    }
    elsif ($repo !~ $REPONAME_PATT and $verb eq 'expand') {
        # with a wildcard, you can "expand" it to see what repos actually match
        expand_wild($GL_CONF_COMPILED, $repo_base_abs, $repo, $user);
    } else {
        die "$cmd doesn't make sense to me\n";
    }
    exit 1;
}

# ----------------------------------------------------------------------------
#       normal (git) processing
# ----------------------------------------------------------------------------

# split into command and arguments; the pattern allows old style as well as
# new style: "git-subcommand arg" or "git subcommand arg", just like gitosis
# does, although I'm not sure how necessary that is
#
# keep in mind this is how git sends across the command:
#   git-receive-pack 'reponame.git'
# including the single quotes

my ($verb, $repo) = ($cmd =~ /^\s*(git\s+\S+|\S+)\s+'\/?(.*?)(?:.git)?'/);
die "bad command: $cmd.  Make sure the repo name is exactly as in your config\n"
    unless ( $verb and ( $verb =~ $R_COMMANDS or $verb =~ $W_COMMANDS )
        and  $repo and   $repo =~ $REPONAME_PATT );

# ----------------------------------------------------------------------------
#       first level permissions check
# ----------------------------------------------------------------------------

if ( -d "$repo_base_abs/$repo.git" ) {
    # existing repo
    my ($creater, $user_R, $user_W) = &repo_rights($repo_base_abs, $repo, $user);
    my $patt = &parse_acl($GL_CONF_COMPILED, $repo, $creater, $user_R, $user_W);
} else {
    my $patt = &parse_acl($GL_CONF_COMPILED, $repo, $user, $user, $user);
    # parse_acl returns "" if the repo was non-wildcard, or the pattern
    # that matched if it was a wildcard

    # auto-vivify new repo; 2 situations allow autoviv -- normal repos
    # with W access (the old mode), and wildcard repos with C access
    my $W_ok = $repos{$repo}{W}{$user} || $repos{$repo}{W}{'@all'};
    my $C_ok = $repos{$repo}{C}{$user} || $repos{$repo}{C}{'@all'};
    if ($W_ok and not $patt or $C_ok and $patt) {
        wrap_chdir("$repo_base_abs");
        # for wildcard repos, we also want to set the "creater"
        new_repo($repo, "$GL_ADMINDIR/src/hooks", ( $patt ? $user : ""));
        wrap_chdir($ENV{HOME});
    }
}

# we know the user and repo; we just need to know what perm he's trying
my $perm = ($verb =~ $R_COMMANDS ? 'R' : 'W');

die "$perm access for $repo DENIED to $user\n"
    unless $repos{$repo}{$perm}{$user}
        or $repos{$repo}{$perm}{'@all'};

# ----------------------------------------------------------------------------
#       logging, timestamp.  also setup env vars for later
# ----------------------------------------------------------------------------

# reponame
$ENV{GL_REPO}=$repo;

# timestamp
my ($s, $min, $h, $d, $m, $y) = (localtime)[0..5];
$y += 1900; $m++;               # usual adjustments
for ($s, $min, $h, $d, $m) {
    $_ = "0$_" if $_ < 10;
}
$ENV{GL_TS} = "$y-$m-$d.$h:$min:$s";

# substitute template parameters and set the logfile name
$GL_LOGT =~ s/%y/$y/g;
$GL_LOGT =~ s/%m/$m/g;
$GL_LOGT =~ s/%d/$d/g;
$ENV{GL_LOG} = $GL_LOGT;

# if log failure isn't important enough to block access, get rid of all the
# error checking
open my $log_fh, ">>", $ENV{GL_LOG}
    or die "open log failed: $!\n";
print $log_fh "$ENV{GL_TS}\t$ENV{SSH_ORIGINAL_COMMAND}\t$user\n";
close $log_fh or die "close log failed: $!\n";

# ----------------------------------------------------------------------------
#       over to git now
# ----------------------------------------------------------------------------

$repo = "'$REPO_BASE/$repo.git'";
exec("git", "shell", "-c", "$verb $repo");
use-warnings 2009-08-25 05:14:46 +02:00			`#!/usr/bin/perl`
auth: finally! 2009-08-23 14:54:37 +02:00
			`use strict;`
use-warnings 2009-08-25 05:14:46 +02:00			`use warnings;`
auth: finally! 2009-08-23 14:54:37 +02:00
			`# === auth-command ===`
			`# the command that GL users actually run`

project renamed to gitolite 2009-08-26 02:47:27 +02:00			`# part of the gitolite (GL) suite`
auth: finally! 2009-08-23 14:54:37 +02:00
			`# how run: via sshd, being listed in "command=" in ssh authkeys`
			`# when: every login by a GL user`
			`# input: $1 is GL username, plus $SSH_ORIGINAL_COMMAND`
			`# output:`
			`# security:`
			`# - currently, we just make some basic checks, copied from gitosis`

			`# robustness:`

			`# other notes:`

			`# ----------------------------------------------------------------------------`
			`# common definitions`
			`# ----------------------------------------------------------------------------`

almost all src/conf: logging totally redone, upgrade doc added - logs go into $GL_ADMINDIR/logs by default, named by year-month - logfile name template (including dir prefix) now in $GL_LOGT - two new env vars passed down: GL_TS and GL_LOG (timestamp, logfilename) - log messages timestamps more compact, fields tab-delimited - old and new SHAs cut to 14 characters 2009-09-06 10:04:41 +02:00
auth, compile, pm: good bit of refactoring all of this is prep for the upcoming, all-new, chrome-plated, "wildrepos" branch :) - many variables go to gitolite.pm now, and are "our"d into the other files as needed - new functions parse_acl, report_basic to replace inlined code 2009-12-04 05:21:22 +01:00			`# these are set by the "rc" file`
auth, doc/3: print useful information when no command given 2009-10-28 09:03:24 +01:00			`our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $GL_ADMINDIR);`
auth, compile, pm: good bit of refactoring all of this is prep for the upcoming, all-new, chrome-plated, "wildrepos" branch :) - many variables go to gitolite.pm now, and are "our"d into the other files as needed - new functions parse_acl, report_basic to replace inlined code 2009-12-04 05:21:22 +01:00			`# and these are set by gitolite.pm`
			`our ($R_COMMANDS, $W_COMMANDS, $REPONAME_PATT);`
auth: finally! 2009-08-23 14:54:37 +02:00			`our %repos;`

the rc file can now be in one of 2 places... Packaging gitolite for debian requires the rc file to be in /etc/gitolite. But non-root installs must still be supported, and they need it in $HOME. This means the rc file is no longer in a fixed place, which needs code to find the rc file first. See comments inside new file 'gitolite.pm' for details. The rest of the changes are in the other programs, to replace the hard-coded rc filename with a call to this new code. 2009-10-25 03:59:52 +01:00			`# the common setup module is in the same directory as this running program is`
			`my $bindir = $0;`
			`$bindir =~ s/\/[^\/]+$//;`
			`require "$bindir/gitolite.pm";`

			`# ask where the rc file is, get it, and "do" it`
			`&where_is_rc();`
			`die "parse $ENV{GL_RC} failed: " . ($! or $@) unless do $ENV{GL_RC};`
auth: finally! 2009-08-23 14:54:37 +02:00
support git installed outside default $PATH (also some minor fixes to doc/3) 2009-10-13 06:32:45 +02:00			`# add a custom path for git binaries, if specified`
			`$ENV{PATH} .= ":$GIT_PATH" if $GIT_PATH;`

auth: finally! 2009-08-23 14:54:37 +02:00			`# ----------------------------------------------------------------------------`
			`# start...`
			`# ----------------------------------------------------------------------------`

			`# first, fix the biggest gripe I have with gitosis, a 1-line change`
			`my $user=$ENV{GL_USER}=shift; # there; now that's available everywhere!`

			`# ----------------------------------------------------------------------------`
			`# sanity checks on SSH_ORIGINAL_COMMAND`
			`# ----------------------------------------------------------------------------`

auth, doc/3: print useful information when no command given 2009-10-28 09:03:24 +01:00			`# SSH_ORIGINAL_COMMAND must exist; if not, we die with a nice message`
			`unless ($ENV{SSH_ORIGINAL_COMMAND}) {`
auth, compile, pm: good bit of refactoring all of this is prep for the upcoming, all-new, chrome-plated, "wildrepos" branch :) - many variables go to gitolite.pm now, and are "our"d into the other files as needed - new functions parse_acl, report_basic to replace inlined code 2009-12-04 05:21:22 +01:00			`&report_basic($GL_ADMINDIR, $GL_CONF_COMPILED, $user);`
auth, doc/3: print useful information when no command given 2009-10-28 09:03:24 +01:00			`exit 1;`
			`}`

			`my $cmd = $ENV{SSH_ORIGINAL_COMMAND};`
wildrepos: implement getperms and setperms 2009-12-06 10:09:40 +01:00			`my $repo_base_abs = ( $REPO_BASE =~ m(^/) ? $REPO_BASE : "$ENV{HOME}/$REPO_BASE" );`

			`# ----------------------------------------------------------------------------`
			`# get and set perms for actual repo created by wildcard-autoviv`
			`# ----------------------------------------------------------------------------`

			`my $CUSTOM_COMMANDS=qr/^\s*(expand\|getperms\|setperms)\s/;`

			`# note that all the subs called here chdir somewhere else and do not come`
			`# back; they all blithely take advantage of the fact that processing custom`
			`# commands is sort of a dead end for normal (git) processing`

			`if ($cmd =~ $CUSTOM_COMMANDS) {`
			`my ($verb, $repo) = ($cmd =~ /^\s(\S+)\s+\/?(.?)(?:.git)?$/);`
			`if ($repo =~ $REPONAME_PATT and $verb =~ /getperms\|setperms/) {`
			`# with an actual reponame, you can "getperms" or "setperms"`
			`get_set_perms($repo_base_abs, $repo, $verb, $user);`
			`}`
			`elsif ($repo !~ $REPONAME_PATT and $verb eq 'expand') {`
			`# with a wildcard, you can "expand" it to see what repos actually match`
wildrepos: expanded access reporting This feature has no warranty, and so no documentation. Not more than this transcript anyway. config file: @prof = u1 @TAs = u2 u3 @students = u4 u5 u6 repo assignments/CREATER/a[0-9][0-9] C = @students RW+ = CREATER RW = WRITERS @TAs R = READERS @prof session: as user "u4": # check your permissions $ ssh git@server PTY allocation request failed on channel 0 hello u4, the gitolite version here is v0.95-31-gbcb14ca you have the following permissions: C assignments/CREATER/a[0-9][0-9] @ @ testing Connection to localhost closed. # autovivify repos for assignment 12 and 24 $ git clone git@server:assignments/u4/a12 a12 Initialized empty Git repository in /home/sitaram/t/a12/.git/ Initialized empty Git repository in /home/gitolite/repositories/assignments/u4/a12.git/ warning: You appear to have cloned an empty repository. $ git clone git@server:assignments/u4/a24 a24 Initialized empty Git repository in /home/sitaram/t/a24/.git/ Initialized empty Git repository in /home/gitolite/repositories/assignments/u4/a24.git/ warning: You appear to have cloned an empty repository. # check what repos you autovivified $ ssh git@server expand assignments/u4/a[0-9][0-9] (u4) assignments/u4/a12 (u4) assignments/u4/a24 as user "u5": # check your basic permissions $ ssh git@server PTY allocation request failed on channel 0 hello u5, the gitolite version here is v0.95-31-gbcb14ca you have the following permissions: C assignments/CREATER/a[0-9][0-9] @ @ testing Connection to localhost closed. # see if you have access to any of u4's repos $ ssh git@server expand assignments/u4/a[0-9][0-9] # (no output produced) as user "u4": # allow "u5" read access to assignment 12 # note you type in "R u5", hit enter, then hit Ctrl-D. Gitolite # then produces a confirmation message starting "New perms are:" $ ssh git@server setperms assignments/u4/a12 R u5 New perms are: R u5 as user "u5": # again see if you have access to any u4 repos $ ssh git@server expand assignments/u4/a[0-9][0-9] (u4) assignments/u4/a12 as user "u4": # check what permissions you gave to assignment 12 $ ssh git@server getperms assignments/u4/a12 R u5 # add RW access to "u6" to assignment 12 # again, type 'em in, then hit Ctrl-D; and note each time you run # this you're starting from scratch -- you can't "add to" the # permissions. Deal with it... $ ssh git@server setperms assignments/u4/a12 R u5 RW u6 New perms are: R u5 RW u6 as user "u6": # check what u4 stuff you have access to $ ssh git@server expand assignments/u4/a[0-9][0-9] (u4) assignments/u4/a12 2009-12-06 10:56:53 +01:00			`expand_wild($GL_CONF_COMPILED, $repo_base_abs, $repo, $user);`
wildrepos: implement getperms and setperms 2009-12-06 10:09:40 +01:00			`} else {`
			`die "$cmd doesn't make sense to me\n";`
			`}`
			`exit 1;`
			`}`

			`# ----------------------------------------------------------------------------`
			`# normal (git) processing`
			`# ----------------------------------------------------------------------------`
auth: finally! 2009-08-23 14:54:37 +02:00
			`# split into command and arguments; the pattern allows old style as well as`
			`# new style: "git-subcommand arg" or "git subcommand arg", just like gitosis`
			`# does, although I'm not sure how necessary that is`
			`#`
			`# keep in mind this is how git sends across the command:`
			`# git-receive-pack 'reponame.git'`
			`# including the single quotes`

auth: make ".git" at the end optional 2009-10-29 16:22:06 +01:00			`my ($verb, $repo) = ($cmd =~ /^\s(git\s+\S+\|\S+)\s+'\/?(.?)(?:.git)?'/);`
			`die "bad command: $cmd. Make sure the repo name is exactly as in your config\n"`
auth: better message, remove unsightly perl warning on bad command 2009-09-27 20:22:04 +02:00			`unless ( $verb and ( $verb =~ $R_COMMANDS or $verb =~ $W_COMMANDS )`
			`and $repo and $repo =~ $REPONAME_PATT );`
auth: finally! 2009-08-23 14:54:37 +02:00
			`# ----------------------------------------------------------------------------`
			`# first level permissions check`
			`# ----------------------------------------------------------------------------`

wildrepos: teach auth and update hook about wildcard repos - new_repo now takes a "creater" parameter; if given, this user is recorded (in a file called "gl-creater") as the creater of the repo. Only applicable to wildcards - repo_rights reads "gl-creater" and "gl-perms" to tell you who created it, and whether you (the $user) are in the list of READERS or WRITERS NOTE that the mechanism to create/update gl-perms has not been written yet... (as of this commit) - parse_acl takes 4 more arguments, all optional. The repo name we're interested in (set by all except the access reporting function), and the names to be interpolated as $creater, $readers, writers - report_basic now knows about the "C" permission and shows it - auth now autovivifies a repo if the user has "C" and it's a wildcard match, or (the old case) the user has "W" and it's not a wildcard. In the former case, the creater is also set IMPLEMENTATION NOTES: - the Dumper code now uses a custom hash key sort to make sure $creater etc land up at the end - a wee bit of duplication exists in the update hook; it borrows a little code from parse_acl. I dont (yet) want to include all of gitolite.pm for that little piece... 2009-12-05 18:09:56 +01:00			`if ( -d "$repo_base_abs/$repo.git" ) {`
			`# existing repo`
			`my ($creater, $user_R, $user_W) = &repo_rights($repo_base_abs, $repo, $user);`
			`my $patt = &parse_acl($GL_CONF_COMPILED, $repo, $creater, $user_R, $user_W);`
			`} else {`
			`my $patt = &parse_acl($GL_CONF_COMPILED, $repo, $user, $user, $user);`
			`# parse_acl returns "" if the repo was non-wildcard, or the pattern`
			`# that matched if it was a wildcard`

			`# auto-vivify new repo; 2 situations allow autoviv -- normal repos`
			`# with W access (the old mode), and wildcard repos with C access`
			`my $W_ok = $repos{$repo}{W}{$user} \|\| $repos{$repo}{W}{'@all'};`
			`my $C_ok = $repos{$repo}{C}{$user} \|\| $repos{$repo}{C}{'@all'};`
			`if ($W_ok and not $patt or $C_ok and $patt) {`
			`wrap_chdir("$repo_base_abs");`
			`# for wildcard repos, we also want to set the "creater"`
			`new_repo($repo, "$GL_ADMINDIR/src/hooks", ( $patt ? $user : ""));`
			`wrap_chdir($ENV{HOME});`
			`}`
			`}`
auth, compile, pm: good bit of refactoring all of this is prep for the upcoming, all-new, chrome-plated, "wildrepos" branch :) - many variables go to gitolite.pm now, and are "our"d into the other files as needed - new functions parse_acl, report_basic to replace inlined code 2009-12-04 05:21:22 +01:00
auth: tighten up 2 regexes; one minor code clarity fix 2009-08-25 05:51:07 +02:00			`# we know the user and repo; we just need to know what perm he's trying`
			`my $perm = ($verb =~ $R_COMMANDS ? 'R' : 'W');`

minor doc/message updates/clarifications 2009-11-22 05:51:22 +01:00			`die "$perm access for $repo DENIED to $user\n"`
first production use: @all, leading slash I had to make two minor fixes while migrating my work repos: 1. I forgot to honor '@all'; oops! While I was about it, I also fixed the "access denied" message to show what rights were being tried when it failed. 2. I forgot that URLs can have leading slashes (I myself only use URLs like gs:reponame.git, where gs is an ssh stanza that describes the git server in question). 2009-08-27 09:44:47 +02:00			`unless $repos{$repo}{$perm}{$user}`
			`or $repos{$repo}{$perm}{'@all'};`
auth: finally! 2009-08-23 14:54:37 +02:00
			`# ----------------------------------------------------------------------------`
almost all src/conf: logging totally redone, upgrade doc added - logs go into $GL_ADMINDIR/logs by default, named by year-month - logfile name template (including dir prefix) now in $GL_LOGT - two new env vars passed down: GL_TS and GL_LOG (timestamp, logfilename) - log messages timestamps more compact, fields tab-delimited - old and new SHAs cut to 14 characters 2009-09-06 10:04:41 +02:00			`# logging, timestamp. also setup env vars for later`
auth: finally! 2009-08-23 14:54:37 +02:00			`# ----------------------------------------------------------------------------`

almost all src/conf: logging totally redone, upgrade doc added - logs go into $GL_ADMINDIR/logs by default, named by year-month - logfile name template (including dir prefix) now in $GL_LOGT - two new env vars passed down: GL_TS and GL_LOG (timestamp, logfilename) - log messages timestamps more compact, fields tab-delimited - old and new SHAs cut to 14 characters 2009-09-06 10:04:41 +02:00			`# reponame`
auth: finally! 2009-08-23 14:54:37 +02:00			`$ENV{GL_REPO}=$repo;`

almost all src/conf: logging totally redone, upgrade doc added - logs go into $GL_ADMINDIR/logs by default, named by year-month - logfile name template (including dir prefix) now in $GL_LOGT - two new env vars passed down: GL_TS and GL_LOG (timestamp, logfilename) - log messages timestamps more compact, fields tab-delimited - old and new SHAs cut to 14 characters 2009-09-06 10:04:41 +02:00			`# timestamp`
			`my ($s, $min, $h, $d, $m, $y) = (localtime)[0..5];`
			`$y += 1900; $m++; # usual adjustments`
			`for ($s, $min, $h, $d, $m) {`
			`$_ = "0$_" if $_ < 10;`
			`}`
			`$ENV{GL_TS} = "$y-$m-$d.$h:$min:$s";`

wildrepos: teach auth and update hook about wildcard repos - new_repo now takes a "creater" parameter; if given, this user is recorded (in a file called "gl-creater") as the creater of the repo. Only applicable to wildcards - repo_rights reads "gl-creater" and "gl-perms" to tell you who created it, and whether you (the $user) are in the list of READERS or WRITERS NOTE that the mechanism to create/update gl-perms has not been written yet... (as of this commit) - parse_acl takes 4 more arguments, all optional. The repo name we're interested in (set by all except the access reporting function), and the names to be interpolated as $creater, $readers, writers - report_basic now knows about the "C" permission and shows it - auth now autovivifies a repo if the user has "C" and it's a wildcard match, or (the old case) the user has "W" and it's not a wildcard. In the former case, the creater is also set IMPLEMENTATION NOTES: - the Dumper code now uses a custom hash key sort to make sure $creater etc land up at the end - a wee bit of duplication exists in the update hook; it borrows a little code from parse_acl. I dont (yet) want to include all of gitolite.pm for that little piece... 2009-12-05 18:09:56 +01:00			`# substitute template parameters and set the logfile name`
almost all src/conf: logging totally redone, upgrade doc added - logs go into $GL_ADMINDIR/logs by default, named by year-month - logfile name template (including dir prefix) now in $GL_LOGT - two new env vars passed down: GL_TS and GL_LOG (timestamp, logfilename) - log messages timestamps more compact, fields tab-delimited - old and new SHAs cut to 14 characters 2009-09-06 10:04:41 +02:00			`$GL_LOGT =~ s/%y/$y/g;`
			`$GL_LOGT =~ s/%m/$m/g;`
			`$GL_LOGT =~ s/%d/$d/g;`
			`$ENV{GL_LOG} = $GL_LOGT;`

all: lexical file handles instead of bare 2009-08-25 06:27:19 +02:00			`# if log failure isn't important enough to block access, get rid of all the`
			`# error checking`
almost all src/conf: logging totally redone, upgrade doc added - logs go into $GL_ADMINDIR/logs by default, named by year-month - logfile name template (including dir prefix) now in $GL_LOGT - two new env vars passed down: GL_TS and GL_LOG (timestamp, logfilename) - log messages timestamps more compact, fields tab-delimited - old and new SHAs cut to 14 characters 2009-09-06 10:04:41 +02:00			`open my $log_fh, ">>", $ENV{GL_LOG}`
all src: suffixed a \n to all die's; error output looks cleaner now 2009-09-10 17:54:58 +02:00			`or die "open log failed: $!\n";`
almost all src/conf: logging totally redone, upgrade doc added - logs go into $GL_ADMINDIR/logs by default, named by year-month - logfile name template (including dir prefix) now in $GL_LOGT - two new env vars passed down: GL_TS and GL_LOG (timestamp, logfilename) - log messages timestamps more compact, fields tab-delimited - old and new SHAs cut to 14 characters 2009-09-06 10:04:41 +02:00			`print $log_fh "$ENV{GL_TS}\t$ENV{SSH_ORIGINAL_COMMAND}\t$user\n";`
all src: suffixed a \n to all die's; error output looks cleaner now 2009-09-10 17:54:58 +02:00			`close $log_fh or die "close log failed: $!\n";`
auth: finally! 2009-08-23 14:54:37 +02:00
almost all src/conf: logging totally redone, upgrade doc added - logs go into $GL_ADMINDIR/logs by default, named by year-month - logfile name template (including dir prefix) now in $GL_LOGT - two new env vars passed down: GL_TS and GL_LOG (timestamp, logfilename) - log messages timestamps more compact, fields tab-delimited - old and new SHAs cut to 14 characters 2009-09-06 10:04:41 +02:00			`# ----------------------------------------------------------------------------`
			`# over to git now`
			`# ----------------------------------------------------------------------------`

auth: finally! 2009-08-23 14:54:37 +02:00			`$repo = "'$REPO_BASE/$repo.git'";`
			`exec("git", "shell", "-c", "$verb $repo");`