deny message change; t01 also changed accordingly
This commit is contained in:
parent
b89ac4dd1e
commit
56be906e5d
|
@ -69,13 +69,13 @@ sub access {
|
||||||
trace( 4, "perm=$perm, refex=$refex" );
|
trace( 4, "perm=$perm, refex=$refex" );
|
||||||
|
|
||||||
# skip 'deny' rules if the ref is not (yet) known
|
# skip 'deny' rules if the ref is not (yet) known
|
||||||
next if $perm eq '-' and $ref eq 'unknown';
|
next if $perm eq '-' and $ref eq 'any';
|
||||||
|
|
||||||
# rule matches if ref matches or ref is unknown (see gitolite-shell)
|
# rule matches if ref matches or ref is any (see gitolite-shell)
|
||||||
next unless $ref =~ /^$refex/ or $ref eq 'unknown';
|
next unless $ref =~ /^$refex/ or $ref eq 'any';
|
||||||
|
|
||||||
trace( 3, "DENIED by $refex" ) if $perm eq '-';
|
trace( 3, "DENIED by $refex" ) if $perm eq '-';
|
||||||
return "DENIED: $aa access to $repo by $user (rule: $refex)" if $perm eq '-';
|
return "$aa $ref $repo $user DENIED by $refex" if $perm eq '-';
|
||||||
|
|
||||||
# $perm can be RW\+?(C|D|CD|DC)?M?. $aa can be W, +, C or D, or
|
# $perm can be RW\+?(C|D|CD|DC)?M?. $aa can be W, +, C or D, or
|
||||||
# any of these followed by "M".
|
# any of these followed by "M".
|
||||||
|
@ -85,7 +85,7 @@ sub access {
|
||||||
return $refex if ( $perm =~ /$aaq/ );
|
return $refex if ( $perm =~ /$aaq/ );
|
||||||
}
|
}
|
||||||
trace( 3, "DENIED by fallthru" );
|
trace( 3, "DENIED by fallthru" );
|
||||||
return "DENIED: $aa access to $repo by $user (fallthru)";
|
return "$aa $ref $repo $user DENIED by fallthru";
|
||||||
}
|
}
|
||||||
|
|
||||||
# ----------------------------------------------------------------------
|
# ----------------------------------------------------------------------
|
||||||
|
|
2
g3-info
2
g3-info
|
@ -20,7 +20,7 @@ use warnings;
|
||||||
|
|
||||||
my $user = shift or die;
|
my $user = shift or die;
|
||||||
my $aa;
|
my $aa;
|
||||||
my $ref = 'unknown';
|
my $ref = 'any';
|
||||||
|
|
||||||
my $ret;
|
my $ret;
|
||||||
while (<>) {
|
while (<>) {
|
||||||
|
|
|
@ -31,11 +31,11 @@ sanity($repo);
|
||||||
$ENV{GL_REPO} = $repo;
|
$ENV{GL_REPO} = $repo;
|
||||||
my $aa = ( $verb =~ 'upload' ? 'R' : 'W' );
|
my $aa = ( $verb =~ 'upload' ? 'R' : 'W' );
|
||||||
|
|
||||||
# a ref of 'unknown' signifies that this is a pre-git check, where we don't
|
# a ref of 'any' signifies that this is a pre-git check, where we don't
|
||||||
# yet know the ref that will be eventually pushed (and even that won't apply
|
# yet know the ref that will be eventually pushed (and even that won't apply
|
||||||
# if it's a read operation). See the matching code in access() for more.
|
# if it's a read operation). See the matching code in access() for more.
|
||||||
my $ret = access( $repo, $user, $aa, 'unknown' );
|
my $ret = access( $repo, $user, $aa, 'any' );
|
||||||
trace( 1, "access($repo, $user, $aa, 'unknown') -> $ret" );
|
trace( 1, "access($repo, $user, $aa, 'any') -> $ret" );
|
||||||
_die $ret if $ret =~ /DENIED/;
|
_die $ret if $ret =~ /DENIED/;
|
||||||
|
|
||||||
$repo = "'$rc{GL_REPO_BASE}/$repo.git'";
|
$repo = "'$rc{GL_REPO_BASE}/$repo.git'";
|
||||||
|
|
12
t/t01-basic
12
t/t01-basic
|
@ -15,7 +15,7 @@ try "
|
||||||
## clone
|
## clone
|
||||||
glt clone dev2 file://gitolite-admin
|
glt clone dev2 file://gitolite-admin
|
||||||
!ok; gsh
|
!ok; gsh
|
||||||
/FATAL: DENIED: R access to gitolite-admin by dev2 .fallthru./
|
/DENIED by fallthru/
|
||||||
/fatal: The remote end hung up unexpectedly/
|
/fatal: The remote end hung up unexpectedly/
|
||||||
glt clone admin --progress file://gitolite-admin
|
glt clone admin --progress file://gitolite-admin
|
||||||
ok; gsh
|
ok; gsh
|
||||||
|
@ -40,13 +40,13 @@ try "
|
||||||
git status -s; ok; /M conf/gitolite.conf/
|
git status -s; ok; /M conf/gitolite.conf/
|
||||||
git commit -m t01a; ok; /master.*t01a/
|
git commit -m t01a; ok; /master.*t01a/
|
||||||
glt push dev2 origin; !ok; gsh
|
glt push dev2 origin; !ok; gsh
|
||||||
/FATAL: DENIED: W access to gitolite-admin by dev2 .fallthru./
|
/DENIED by fallthru/
|
||||||
/fatal: The remote end hung up unexpectedly/
|
/fatal: The remote end hung up unexpectedly/
|
||||||
glt push admin origin; ok; /master -. master/
|
glt push admin origin; ok; /master -. master/
|
||||||
tsh empty; ok;
|
tsh empty; ok;
|
||||||
glt push admin origin master:mm
|
glt push admin origin master:mm
|
||||||
!ok; gsh
|
!ok; gsh
|
||||||
/FATAL: DENIED: W access to gitolite-admin by admin .rule: refs/heads/mm./
|
/DENIED by refs/heads/mm/
|
||||||
/remote: error: hook declined to update refs/heads/mm/
|
/remote: error: hook declined to update refs/heads/mm/
|
||||||
/To file://gitolite-admin/
|
/To file://gitolite-admin/
|
||||||
/remote rejected. master -. mm .hook declined./
|
/remote rejected. master -. mm .hook declined./
|
||||||
|
@ -79,7 +79,7 @@ try "
|
||||||
## clone
|
## clone
|
||||||
cd ..; ok;
|
cd ..; ok;
|
||||||
glt clone u1 file://t1; !ok; gsh
|
glt clone u1 file://t1; !ok; gsh
|
||||||
/FATAL: DENIED: R access to t1 by u1 .fallthru./
|
/DENIED by fallthru/
|
||||||
/fatal: The remote end hung up unexpectedly/
|
/fatal: The remote end hung up unexpectedly/
|
||||||
glt clone u2 file://t1; ok; gsh
|
glt clone u2 file://t1; ok; gsh
|
||||||
/warning: You appear to have cloned an empty repository./
|
/warning: You appear to have cloned an empty repository./
|
||||||
|
@ -89,7 +89,7 @@ try "
|
||||||
## push
|
## push
|
||||||
test-commit tc1 tc2 tc2; ok; /f7153e3/
|
test-commit tc1 tc2 tc2; ok; /f7153e3/
|
||||||
glt push u2 origin; !ok; gsh
|
glt push u2 origin; !ok; gsh
|
||||||
/FATAL: DENIED: W access to t1 by u2 .fallthru./
|
/DENIED by fallthru/
|
||||||
/fatal: The remote end hung up unexpectedly/
|
/fatal: The remote end hung up unexpectedly/
|
||||||
glt push u3 origin master; ok; gsh
|
glt push u3 origin master; ok; gsh
|
||||||
/master -. master/
|
/master -. master/
|
||||||
|
@ -100,7 +100,7 @@ try "
|
||||||
glt push u3 origin; !ok; gsh
|
glt push u3 origin; !ok; gsh
|
||||||
/rejected.*master -. master.*non-fast-forward./
|
/rejected.*master -. master.*non-fast-forward./
|
||||||
glt push u3 -f origin; !ok; gsh
|
glt push u3 -f origin; !ok; gsh
|
||||||
/FATAL: DENIED: \\+ access to t1 by u3 .fallthru./
|
/DENIED by fallthru/
|
||||||
/remote: error: hook declined to update refs/heads/master/
|
/remote: error: hook declined to update refs/heads/master/
|
||||||
/To file://t1/
|
/To file://t1/
|
||||||
/remote rejected. master -. master .hook declined./
|
/remote rejected. master -. master .hook declined./
|
||||||
|
|
Loading…
Reference in a new issue