deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

first production use: @all, leading slash

Browse source 
I had to make two minor fixes while migrating my work repos:

1.  I forgot to honor '@all'; oops!

    While I was about it, I also fixed the "access denied"
    message to show what rights were being tried when it
    failed.

2.  I forgot that URLs can have leading slashes (I myself
    only use URLs like gs:reponame.git, where gs is an ssh
    stanza that describes the git server in question).
This commit is contained in:
Sitaram Chamarty 2009-08-27 13:14:47 +05:30
parent 522b35434e
commit 3ddc9087d3
2 changed files with 11 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
gl-auth-command
View file

@ -65,9 +65,10 @@ my $user=$ENV{GL_USER}=shift; # there; now that's available everywhere!
my $cmd = $ENV{SSH_ORIGINAL_COMMAND} my $cmd = $ENV{SSH_ORIGINAL_COMMAND}
or die "no SSH_ORIGINAL_COMMAND? I'm not a shell, $user!"; or die "no SSH_ORIGINAL_COMMAND? I'm not a shell, $user!";
# we don't like newlines or semicolons in SSH_ORIGINAL_COMMAND # this check is largely for comic value if someone tries something outrageous;
# $cmd gets split and the pieces examined more thoroughly later anyway
die "$cmd??? you're a funny guy..." die "$cmd??? you're a funny guy..."
if $cmd =~ /[;\n]/; if $cmd =~ /[<>&|;\n]/;
# split into command and arguments; the pattern allows old style as well as # split into command and arguments; the pattern allows old style as well as
# new style: "git-subcommand arg" or "git subcommand arg", just like gitosis # new style: "git-subcommand arg" or "git subcommand arg", just like gitosis
@ -77,7 +78,7 @@ die "$cmd??? you're a funny guy..."
# git-receive-pack 'reponame.git' # git-receive-pack 'reponame.git'
# including the single quotes # including the single quotes
my ($verb, $repo) = ($cmd =~ /^\s*(git\s+\S+|\S+)\s+'(.*).git'/); my ($verb, $repo) = ($cmd =~ /^\s*(git\s+\S+|\S+)\s+'\/?(.*).git'/);
die "$verb? I don't do odd jobs, sorry..." die "$verb? I don't do odd jobs, sorry..."
unless $verb =~ $R_COMMANDS or $verb =~ $W_COMMANDS; unless $verb =~ $R_COMMANDS or $verb =~ $W_COMMANDS;
@ -91,7 +92,9 @@ die "I don't like the look of $repo, sorry!"
# we know the user and repo; we just need to know what perm he's trying # we know the user and repo; we just need to know what perm he's trying
my $perm = ($verb =~ $R_COMMANDS ? 'R' : 'W'); my $perm = ($verb =~ $R_COMMANDS ? 'R' : 'W');
die "access denied" unless $repos{$repo}{$perm}{$user}; die "$perm access for $repo denied to $user"
unless $repos{$repo}{$perm}{$user}
or $repos{$repo}{$perm}{'@all'};
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
# over to git now # over to git now

6
update-hook.pl
View file

@ -67,8 +67,10 @@ $perm = '+' if $ref =~ m(refs/tags/) and $oldsha ne ('0' x 40);
# should # should
$perm = '+' if $ref =~ m(refs/heads/) and $oldsha ne $merge_base; $perm = '+' if $ref =~ m(refs/heads/) and $oldsha ne $merge_base;
my $allowed_refs = $repos{$ENV{GL_REPO}}{$perm}{$ENV{GL_USER}}; my @allowed_refs;
for my $refex (@$allowed_refs) push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{$perm}{$ENV{GL_USER}} };
push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{$perm}{'@all'} };
for my $refex (@allowed_refs)
# refex? sure -- a regex to match a ref against :) # refex? sure -- a regex to match a ref against :)
{ {
if ($ref =~ /$refex/) if ($ref =~ /$refex/)