bug fix: perms propagation to slaves...
Sometime after v3.2, I fixed what looked like an information disclosure
issue, where a user could determine if an arbitrary repo existed or not,
even if he had no rights to see the repo. This was:
96cc2ea "new features relating to creating wild repos:"
Unfortunately, this appears to have broken gl-perms propagation to
slaves, because now running "perm -c" on an existing repo dies!
If you run
git diff 96cc2ea^ <this commit> -- src/commands/perms
you'll see how simple the fix *should* have been :-(
master
Sitaram Chamarty
parent
b303694882
commit
84424e48b9
|
|
@ -43,23 +43,23 @@ if ( $ARGV[0] eq '-l' ) {
|
|||
getperms(@ARGV); # doesn't return
|
||||
}
|
||||
|
||||
my $generic_error = "repo does not exist, or you are not authorised";
|
||||
|
||||
# auto-create the repo if -c passed and repo doesn't exist
|
||||
if ( $ARGV[0] eq '-c' ) {
|
||||
shift;
|
||||
my $repo = $ARGV[0] or usage();
|
||||
_die "invalid repo '$repo'" unless $repo =~ $REPONAME_PATT;
|
||||
|
||||
my $d = "$rc{GL_REPO_BASE}/$repo.git";
|
||||
my $errmsg = "repo already exists or you are not authorised to create it";
|
||||
# use the same message in both places to prevent leaking repo existence info
|
||||
_die $errmsg if -d $d;
|
||||
my $ret = access( $repo, $ENV{GL_USER}, '^C', 'any' );
|
||||
_die $errmsg if $ret =~ /DENIED/;
|
||||
if (not -d "$rc{GL_REPO_BASE}/$repo.git") {
|
||||
my $ret = access( $repo, $ENV{GL_USER}, '^C', 'any' );
|
||||
_die $generic_error if $ret =~ /DENIED/;
|
||||
|
||||
require Gitolite::Conf::Store;
|
||||
Gitolite::Conf::Store->import;
|
||||
new_wild_repo( $repo, $ENV{GL_USER}, 'perms-c' );
|
||||
gl_log( 'create', $repo, $ENV{GL_USER}, 'perms-c' );
|
||||
require Gitolite::Conf::Store;
|
||||
Gitolite::Conf::Store->import;
|
||||
new_wild_repo( $repo, $ENV{GL_USER}, 'perms-c' );
|
||||
gl_log( 'create', $repo, $ENV{GL_USER}, 'perms-c' );
|
||||
}
|
||||
}
|
||||
|
||||
my $repo = shift;
|
||||
|
|
@ -70,7 +70,7 @@ _system( "gitolite", "trigger", "POST_CREATE", $repo, $ENV{GL_USER}, 'perms' );
|
|||
|
||||
sub getperms {
|
||||
my $repo = shift;
|
||||
_die "sorry you are not authorised" if repo_missing($repo) or creator($repo) ne $ENV{GL_USER};
|
||||
_die $generic_error if repo_missing($repo) or creator($repo) ne $ENV{GL_USER};
|
||||
my $pf = "$rc{GL_REPO_BASE}/$repo.git/gl-perms";
|
||||
|
||||
print slurp($pf) if -f $pf;
|
||||
|
|
@ -79,7 +79,7 @@ sub getperms {
|
|||
}
|
||||
|
||||
sub setperms {
|
||||
_die "sorry you are not authorised" if repo_missing($repo) or creator($repo) ne $ENV{GL_USER};
|
||||
_die $generic_error if repo_missing($repo) or creator($repo) ne $ENV{GL_USER};
|
||||
my $pf = "$rc{GL_REPO_BASE}/$repo.git/gl-perms";
|
||||
|
||||
if ( not @_ ) {
|
||||
|
|
|
|||
|
|
@ -100,7 +100,7 @@ try "
|
|||
# auto-create using perms fail
|
||||
echo READERS u5 | glt perms u4 -c foo/u4/baz
|
||||
!/Initialized empty Git repository in .*/foo/u4/baz.git/
|
||||
/FATAL: repo already exists or you are not authorised to create it/
|
||||
/FATAL: repo does not exist, or you are not authorised/
|
||||
|
||||
# auto-create using perms
|
||||
echo READERS u2 | glt perms u1 -c foo/u1/baz
|
||||
|
|
|
|||
Loading…
Reference in New Issue