From 27081ad1c1f923487c571b9ecc4ef4cf3ced2b94 Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Sat, 1 Jan 2011 19:48:18 +0530 Subject: [PATCH] new rc var: GL_ALL_READ_ALL --- conf/example.gitolite.rc | 4 +++- doc/gitolite.rc.mkd | 7 +++++++ src/gl-auth-command | 9 +++++++-- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/conf/example.gitolite.rc b/conf/example.gitolite.rc index 8626be1..9ee7840 100644 --- a/conf/example.gitolite.rc +++ b/conf/example.gitolite.rc @@ -33,8 +33,10 @@ $GL_BIG_CONFIG = 0; $GL_NO_DAEMON_NO_GITWEB = 0; # ------------------------------------------------------------------------------ -# VARIABLES WITH A SECURITY IMPACT +# VARIABLES WITH A SECURITY IMPACT. READ DOC WELL BEFORE CHANGING THESE. +# http://github.com/sitaramc/gitolite/blob/pu/doc/gitolite.rc.mkd#_variables_with_a_security_impact # ------------------------------------------------------------------------------ +# $GL_ALL_READ_ALL = 0; $GIT_PATH=""; $GL_GITCONFIG_KEYS = ""; # $GL_GITCONFIG_WILD = 0; diff --git a/doc/gitolite.rc.mkd b/doc/gitolite.rc.mkd index ecf5758..e354ff0 100644 --- a/doc/gitolite.rc.mkd +++ b/doc/gitolite.rc.mkd @@ -96,6 +96,13 @@ test suite, my actual production use, my time, and sometimes (LDAP comes to mind) even my skill or resources available to me, and that therefore I depend on feedback from my users to find or fix issues. + * `$GL_ALL_READ_ALL`, boolean, default undef + + Eliminates the access control check for read access. Makes things much + (**much**!) faster when you have 10,000 projects and the compiled conf + file is more than 20MB in size! **Double check with your boss or have a + new job lined up before setting this on!** + * `$GIT_PATH`, string, default empty If git on your server is on a standard path (that is `ssh git@server git diff --git a/src/gl-auth-command b/src/gl-auth-command index 46cea7d..1ebacb5 100755 --- a/src/gl-auth-command +++ b/src/gl-auth-command @@ -32,7 +32,7 @@ use warnings; # ---------------------------------------------------------------------------- # these are set by the "rc" file -our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $REPO_UMASK, $GL_ADMINDIR, $RSYNC_BASE, $HTPASSWD_FILE, $GL_WILDREPOS, $GL_WILDREPOS_DEFPERMS, $GL_ADC_PATH, $SVNSERVE, $PROJECTS_LIST, $GL_SLAVE_MODE, $GL_PERFLOGT); +our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $REPO_UMASK, $GL_ADMINDIR, $RSYNC_BASE, $HTPASSWD_FILE, $GL_WILDREPOS, $GL_WILDREPOS_DEFPERMS, $GL_ADC_PATH, $SVNSERVE, $PROJECTS_LIST, $GL_SLAVE_MODE, $GL_PERFLOGT, $GL_ALL_READ_ALL); # and these are set by gitolite.pm our ($R_COMMANDS, $W_COMMANDS, $REPONAME_PATT, $REPOPATT_PATT, $ADC_CMD_ARGS_PATT); our %repos; @@ -227,7 +227,12 @@ $ENV{GL_REPO}=$repo; # first level permissions check # ---------------------------------------------------------------------------- -my ($perm, $creator, $wild) = &repo_rights($repo); +my ($perm, $creator, $wild); +if ( $GL_ALL_READ_ALL and $verb =~ $R_COMMANDS and -d "$ENV{GL_REPO_BASE_ABS}/$repo.git") { + $perm = 'R'; +} else { + ($perm, $creator, $wild) = &repo_rights($repo); +} if ($perm =~ /C/) { # it was missing, and you have create perms wrap_chdir("$ENV{GL_REPO_BASE_ABS}");