first production use: @all, leading slash
I had to make two minor fixes while migrating my work repos:
1. I forgot to honor '@all'; oops!
While I was about it, I also fixed the "access denied"
message to show what rights were being tried when it
failed.
2. I forgot that URLs can have leading slashes (I myself
only use URLs like gs:reponame.git, where gs is an ssh
stanza that describes the git server in question).
This commit is contained in:
Sitaram Chamarty
parent
522b35434e
commit
3ddc9087d3
|
|
@ -65,9 +65,10 @@ my $user=$ENV{GL_USER}=shift; # there; now that's available everywhere!
|
|||
my $cmd = $ENV{SSH_ORIGINAL_COMMAND}
|
||||
or die "no SSH_ORIGINAL_COMMAND? I'm not a shell, $user!";
|
||||
|
||||
# we don't like newlines or semicolons in SSH_ORIGINAL_COMMAND
|
||||
# this check is largely for comic value if someone tries something outrageous;
|
||||
# $cmd gets split and the pieces examined more thoroughly later anyway
|
||||
die "$cmd??? you're a funny guy..."
|
||||
if $cmd =~ /[;\n]/;
|
||||
if $cmd =~ /[<>&|;\n]/;
|
||||
|
||||
# split into command and arguments; the pattern allows old style as well as
|
||||
# new style: "git-subcommand arg" or "git subcommand arg", just like gitosis
|
||||
|
|
@ -77,7 +78,7 @@ die "$cmd??? you're a funny guy..."
|
|||
# git-receive-pack 'reponame.git'
|
||||
# including the single quotes
|
||||
|
||||
my ($verb, $repo) = ($cmd =~ /^\s*(git\s+\S+|\S+)\s+'(.*).git'/);
|
||||
my ($verb, $repo) = ($cmd =~ /^\s*(git\s+\S+|\S+)\s+'\/?(.*).git'/);
|
||||
die "$verb? I don't do odd jobs, sorry..."
|
||||
unless $verb =~ $R_COMMANDS or $verb =~ $W_COMMANDS;
|
||||
|
||||
|
|
@ -91,7 +92,9 @@ die "I don't like the look of $repo, sorry!"
|
|||
# we know the user and repo; we just need to know what perm he's trying
|
||||
my $perm = ($verb =~ $R_COMMANDS ? 'R' : 'W');
|
||||
|
||||
die "access denied" unless $repos{$repo}{$perm}{$user};
|
||||
die "$perm access for $repo denied to $user"
|
||||
unless $repos{$repo}{$perm}{$user}
|
||||
or $repos{$repo}{$perm}{'@all'};
|
||||
|
||||
# ----------------------------------------------------------------------------
|
||||
# over to git now
|
||||
|
|
|
|||
|
|
@ -67,8 +67,10 @@ $perm = '+' if $ref =~ m(refs/tags/) and $oldsha ne ('0' x 40);
|
|||
# should
|
||||
$perm = '+' if $ref =~ m(refs/heads/) and $oldsha ne $merge_base;
|
||||
|
||||
my $allowed_refs = $repos{$ENV{GL_REPO}}{$perm}{$ENV{GL_USER}};
|
||||
for my $refex (@$allowed_refs)
|
||||
my @allowed_refs;
|
||||
push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{$perm}{$ENV{GL_USER}} };
|
||||
push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{$perm}{'@all'} };
|
||||
for my $refex (@allowed_refs)
|
||||
# refex? sure -- a regex to match a ref against :)
|
||||
{
|
||||
if ($ref =~ /$refex/)
|
||||
|
|
|
|||
Loading…
Reference in a new issue