From d61890301fea2a920d246bafe308a173bcf50369 Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Fri, 15 Jan 2010 09:27:47 +0530 Subject: [PATCH 1/3] delegation doc: minor oops I know hardly anyone is using delegation, but if you find yourself locked out from pushing because of this one little thing, do this: * on your gitolite-admin clone, add the required lines per this patch, and commit * on the server, edit ~/.gitolite/conf/gitolite.conf-compiled.pm, and delete the following line 'NAME_LIMITS' => 1 from the entry for "gitolite-admin" (if you don't know what that means delete *all* such lines) and save the file * back on your admin repo clone, do a push --- doc/5-delegation.mkd | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/5-delegation.mkd b/doc/5-delegation.mkd index 6c62b24..9260046 100644 --- a/doc/5-delegation.mkd +++ b/doc/5-delegation.mkd @@ -63,6 +63,8 @@ You do this by adding branches to the `gitolite-admin` repo: repo gitolite-admin RW+ = sitaram # now add these lines to the config for the admin repo + RW = alice bob mallory + RW+ NAME/ = sitaram RW NAME/conf/fragments/webbrowser_repos = alice RW NAME/conf/fragments/webserver_repos = bob RW NAME/conf/fragments/malware_repos = mallory From 261b289609c19143573b599ae10c8951f371874d Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Fri, 15 Jan 2010 10:40:07 +0530 Subject: [PATCH 2/3] mention NAME-based restrictions in README --- README.mkd | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.mkd b/README.mkd index b766f7e..1df3bf8 100644 --- a/README.mkd +++ b/README.mkd @@ -70,6 +70,8 @@ detail [here][gsdiff]. * simpler, yet far more powerful, config file syntax, including specifying gitweb/daemon access. You'll need this power if you manage lots of users+repos+combinations of access + * apart from branch-name based restrictions, you can also restrict by + file/dir name changed (i.e., output of `git diff --name-only`) * config file syntax gets checked upfront, and much more thoroughly * if your requirements are still too complex, you can split up the config file and delegate authority over parts of it From 645ab77af5d3854e1d8c2cef39101c2c5c21f33e Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Fri, 15 Jan 2010 14:20:00 +0530 Subject: [PATCH 3/3] compile: disallow multiple pubkeys in one file The way pubkey files are handled by gitolite, this could be used by a repo admin to get shell access. It's always been there as an undocumented emergency mechanism for an admin who lost his shell keys or overwrote them due to not understanding ssh well enough (and it has been so used at least once). But not any more... Like the @SHELL case, this reflects a shift away from treating people with repo admin rights as eqvt to people who have shell on the server, and systematically making the former lesser privileged than the latter. While in most cases (including my $DAYJOB) these two may be the same person, I am told that's not a valid assumption for others, and there've been requests to close this potential loophole. --- src/gl-compile-conf | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/gl-compile-conf b/src/gl-compile-conf index dcd2535..141f7d7 100755 --- a/src/gl-compile-conf +++ b/src/gl-compile-conf @@ -458,14 +458,20 @@ for my $pubkey (glob("*")) print STDERR "WARNING: pubkey $pubkey exists but user $user not in config\n" unless $user_list{$user}; $user_list{$user} = 'has pubkey'; + # apparently some pubkeys don't end in a newline... + my $pubkey_content = `cat $pubkey`; + $pubkey_content =~ s/\s*$/\n/; + # don't trust files with multiple lines (i.e., something after a newline) + if ($pubkey_content =~ /\n./) + { + print STDERR "WARNING: a pubkey file can only have one line (key); ignoring $pubkey\n"; + next; + } if ($SHELL_USERS and $SHELL_USERS =~ /(^|\s)$user(\s|$)/) { print $newkeys_fh "command=\"$AUTH_COMMAND -s $user\",$AUTH_OPTIONS "; } else { print $newkeys_fh "command=\"$AUTH_COMMAND $user\",$AUTH_OPTIONS,no-pty "; } - # apparently some pubkeys don't end in a newline... - my $pubkey_content = `cat $pubkey`; - $pubkey_content =~ s/\s*$/\n/; print $newkeys_fh $pubkey_content; } # lint check 3; a little more severe than the first two I guess...