From 33fc0a7e9fe98dac1eec284119cf47509d68ab8c Mon Sep 17 00:00:00 2001
From: Sitaram Chamarty <sitaram@sita-wd.atc.tcs.com>
Date: Fri, 11 Dec 2009 09:52:29 +0530
Subject: [PATCH] compile, parse_acl: treat foo/CREATER (no regex metas)
 correctly

Teemu's testing brought up a situtation I had not anticipated:
"repo foo/CREATER" looks like a non-regex, and its creation then (a)
goes by "W" permissions instead of "C" permissions, and (b) the
creater's name does not get recorded (no gl-creater file).

    SIDE NOTE: one way is to reduce the paranoia, and just put the
    creater name in anyway.  Treat a repo created from gl-auth as a
    wildcard-matched autovivified repo, because the *other* kind would
    have actually got created by gl-compile anyway.

    However, I can think of *one* very far-out situation where this
    could backfire on an unwary admin, and I'm paranoid :-)

So we need to force it to look like a regex.  Moving the line-anchoring
from `parse_acl` to gl-compile sounded fine, until I realised that the
"$" isn't easy.  Backslashitis, bigtime, plus the single/double quote
tricks we're playing with the dumped hash adds its own complexities.

Best of both worlds, promote the "^" to gl-compile, keep the "$" where
it is...!
---
 src/gitolite.pm     | 8 +++++++-
 src/gl-compile-conf | 6 +++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/gitolite.pm b/src/gitolite.pm
index 41c45b1..0534a87 100644
--- a/src/gitolite.pm
+++ b/src/gitolite.pm
@@ -177,9 +177,15 @@ sub parse_acl
     return unless $repo;
 
     return $ENV{GL_REPOPATT} = "" if $repos{$repo};
-    my @matched = grep { $repo =~ /^$_$/ } sort keys %repos;
+
+    # didn't find $repo in %repos, so it must be a wildcard-match case
+
+    # note that the repo regexes in %repos have a leading ^ but not a trailing
+    # $; we need to add the $ here to complete the "line-anchoring"
+    my @matched = grep { $repo =~ /$_$/ } sort keys %repos;
     die "$repo has no matches\n" unless @matched;
     die "$repo has multiple matches\n@matched\n" if @matched > 1;
+
     # found exactly one pattern that matched, copy its ACL
     $repos{$repo} = $repos{$matched[0]};
     # and return the pattern
diff --git a/src/gl-compile-conf b/src/gl-compile-conf
index da1822a..618dcae 100755
--- a/src/gl-compile-conf
+++ b/src/gl-compile-conf
@@ -192,7 +192,11 @@ sub parse_conf_file
             @repos = split ' ', $1;
             @repos = expand_list ( @repos );
 
-            s/\bCREAT[EO]R\b/\$creater/g for @repos;
+            # CREAT[EO]R must be changed to $creater.  Also, prefix a "^" to
+            # force it to look like a regex.  Otherwise, foo/CREATER/bar (no
+            # regex metas) looks like an ordinary reponame, and the logic (in
+            # gl-auth) that decides when to allow autovivify gets confused.
+            s/\bCREAT[EO]R\b/\$creater/g && s/^/^/ for @repos;
         }
         # actual permission line
         elsif (/^(-|C|R|RW|RW\+) (.* )?= (.+)/)