some nice ADC changes... (warning: minor backward compat breakage)

- support for ADCs with unchecked arguments - rsync, htpasswd, and svnserve gone from core; turned into ADCs Backward compat breakage and fix: Please see documentation for details, but if you're using gitolite to control rsync you will now need to setup ADCs (admin defined commands), and install at least the new "rsync" ADC. ---- Thanks to Joey Hess (see commit prior to this) for forcing me to stop being lazy and get this out of my long term todo list.
2011-10-17 06:41:40 +05:30 · 2011-10-17 06:41:40 +05:30 · 85da5572b2
commit 85da5572b2
parent 955edcc5ec
8 changed files with 234 additions and 200 deletions
--- a/contrib/adc/htpasswd
+++ b/contrib/adc/htpasswd
@ -0,0 +1,30 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+BEGIN {
+    die "ENV GL_RC not set\n" unless $ENV{GL_RC};
+    die "ENV GL_BINDIR not set\n" unless $ENV{GL_BINDIR};
+    unshift @INC, $ENV{GL_BINDIR};
+}
+use gitolite_rc;
+use gitolite;
+
+die "$HTPASSWD_FILE doesn't exist or is not writable\n" unless -w $HTPASSWD_FILE;
+$|++;
+print <<EOFhtp;
+Please type in your new htpasswd at the prompt.  You only have to type it once.
+
+NOTE THAT THE PASSWORD WILL BE ECHOED, so please make sure no one is
+shoulder-surfing, and make sure you clear your screen as well as scrollback
+history after you're done (or close your terminal instance).
+
+EOFhtp
+print "new htpasswd:";
+
+my $password = <>;
+$password =~ s/[\n\r]*$//;
+die "empty passwords are not allowed\n" unless $password;
+my $rc = system("htpasswd", "-mb", $HTPASSWD_FILE, $ENV{GL_USER}, $password);
+die "htpasswd command seems to have failed with $rc return code...\n" if $rc;
--- a/contrib/adc/rsync
+++ b/contrib/adc/rsync
@ -0,0 +1,63 @@
+#!/usr/bin/perl
+
+# 'rsync' helper ADC.  See bottom of this file for more info
+
+use strict;
+use warnings;
+
+BEGIN {
+    die "ENV GL_RC not set\n" unless $ENV{GL_RC};
+    die "ENV GL_BINDIR not set\n" unless $ENV{GL_BINDIR};
+    unshift @INC, $ENV{GL_BINDIR};
+}
+use gitolite_rc;
+use gitolite;
+
+my $cmd = $ENV{SSH_ORIGINAL_COMMAND};
+
+# test the command patterns; reject if they don't fit.  Rsync sends
+# commands that looks like one of these to the server (the first one is
+# for a read, the second for a write)
+#   rsync --server --sender -some.flags . some/path
+#   rsync --server -some.flags . some/path
+
+die "bad rsync command: $cmd"
+    unless $cmd =~ /^rsync --server( --sender)? -[\w.]+(?: --(?:delete|partial))* \. (\S+)$/;
+my $perm = "W";
+$perm = "R" if $1;
+my $path = $2;
+die "I dont like some of the characters in $path\n" unless $path =~ $REPONAME_PATT;
+    # XXX make a better pattern for this if people complain ;-)
+die "I dont like absolute paths in $cmd\n" if $path =~ /^\//;
+die "I dont like '..' paths in $cmd\n" if $path =~ /\.\./;
+
+# ok now check if we're permitted to execute a $perm action on $path
+# (taken as a refex) using rsync.
+
+check_access('EXTCMD/rsync', "NAME/$path", $perm);
+    # that should "die" if there's a problem
+
+wrap_chdir($RSYNC_BASE);
+log_it();
+exec $ENV{SHELL}, "-c", $ENV{SSH_ORIGINAL_COMMAND};
+
+__END__
+
+This is an rsync helper ADC.  It is an example of using gitolite's config
+language, combined with the 'check_access()' function, to implement access
+control for non-git software using a "fake" repo.  For historical reasons,
+fake repos start with "EXTCMD/".  Gitolite does not auto-create fake repos, so
+you can use those as namespaces to hold collections of rules for various
+purposes.
+
+So here's a fake git repository to collect rsync rules in one place.  It grant
+permissions to files/dirs within the $RSYNC_BASE tree.  A leading NAME/ is
+required as a prefix; the actual path starts after that.  Matching follows the
+same rules as given in "FILE/DIR NAME BASED RESTRICTIONS" elsewhere in the
+gitolite documentation.
+
+    repo    EXTCMD/rsync
+        RW  NAME/                       =   sitaram
+        RW  NAME/foo/                   =   user1
+        R   NAME/bar/                   =   user2
+        RW  NAME/baz/.*/.*\.c$          =   user3
--- a/contrib/adc/svnserve
+++ b/contrib/adc/svnserve
@ -0,0 +1,20 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+BEGIN {
+    die "ENV GL_RC not set\n" unless $ENV{GL_RC};
+    die "ENV GL_BINDIR not set\n" unless $ENV{GL_BINDIR};
+    unshift @INC, $ENV{GL_BINDIR};
+}
+use gitolite_rc;
+use gitolite;
+
+my $cmd = $ENV{SSH_ORIGINAL_COMMAND};
+
+die "expecting 'svnserve -t', got '$cmd'\n" unless $cmd eq 'svnserve -t';
+
+$SVNSERVE =~ s/%u/$ENV{GL_USER}/g;
+exec $SVNSERVE;
+die "svnserve exec failed\n";