tighten up argument handling in ADCs even more
More and more people are using ADCs, which I originally wrote just for adventure-loving people ;-)
This commit is contained in:
Sitaram Chamarty
parent
b4a3b812a7
commit
8a980a60bb
|
|
@ -36,6 +36,8 @@ our $REPONAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._\@/+-]*$); # very simple patter
|
||||||
our $USERNAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._\@+-]*$); # very simple pattern
|
our $USERNAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._\@+-]*$); # very simple pattern
|
||||||
# same as REPONAME, but used for wildcard repos, allows some common regex metas
|
# same as REPONAME, but used for wildcard repos, allows some common regex metas
|
||||||
our $REPOPATT_PATT=qr(^\@?[0-9a-zA-Z[][\\^.$|()[\]*+?{}0-9a-zA-Z._\@/-]*$);
|
our $REPOPATT_PATT=qr(^\@?[0-9a-zA-Z[][\\^.$|()[\]*+?{}0-9a-zA-Z._\@/-]*$);
|
||||||
|
# ADC commands and arguments must match this pattern
|
||||||
|
our $ADC_CMD_ARGS_PATT=qr(^[0-9a-zA-Z._\@/+-]*$);
|
||||||
|
|
||||||
# these come from the RC file
|
# these come from the RC file
|
||||||
our ($REPO_UMASK, $GL_WILDREPOS, $GL_PACKAGE_CONF, $GL_PACKAGE_HOOKS, $REPO_BASE, $GL_CONF_COMPILED, $GL_BIG_CONFIG, $GL_PERFLOGT, $PROJECTS_LIST, $GL_ALL_INCLUDES_SPECIAL, $GL_SITE_INFO);
|
our ($REPO_UMASK, $GL_WILDREPOS, $GL_PACKAGE_CONF, $GL_PACKAGE_HOOKS, $REPO_BASE, $GL_CONF_COMPILED, $GL_BIG_CONFIG, $GL_PERFLOGT, $PROJECTS_LIST, $GL_ALL_INCLUDES_SPECIAL, $GL_SITE_INFO);
|
||||||
|
|
@ -509,7 +511,7 @@ sub parse_acl
|
||||||
our $saved_crwu;
|
our $saved_crwu;
|
||||||
our (%saved_repos, %saved_groups);
|
our (%saved_repos, %saved_groups);
|
||||||
|
|
||||||
if ($saved_crwu eq "$creator,$readers,$writers,$gl_user") {
|
if ($saved_crwu and $saved_crwu eq "$creator,$readers,$writers,$gl_user") {
|
||||||
%repos = %saved_repos; %groups = %saved_groups;
|
%repos = %saved_repos; %groups = %saved_groups;
|
||||||
} else {
|
} else {
|
||||||
die "parse $GL_CONF_COMPILED failed: " . ($! or $@) unless do $GL_CONF_COMPILED;
|
die "parse $GL_CONF_COMPILED failed: " . ($! or $@) unless do $GL_CONF_COMPILED;
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,7 @@ use warnings;
|
||||||
# these are set by the "rc" file
|
# these are set by the "rc" file
|
||||||
our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $REPO_UMASK, $GL_ADMINDIR, $RSYNC_BASE, $HTPASSWD_FILE, $GL_WILDREPOS, $GL_WILDREPOS_DEFPERMS, $GL_ADC_PATH, $SVNSERVE, $PROJECTS_LIST, $GL_SLAVE_MODE, $GL_PERFLOGT);
|
our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $REPO_UMASK, $GL_ADMINDIR, $RSYNC_BASE, $HTPASSWD_FILE, $GL_WILDREPOS, $GL_WILDREPOS_DEFPERMS, $GL_ADC_PATH, $SVNSERVE, $PROJECTS_LIST, $GL_SLAVE_MODE, $GL_PERFLOGT);
|
||||||
# and these are set by gitolite.pm
|
# and these are set by gitolite.pm
|
||||||
our ($R_COMMANDS, $W_COMMANDS, $REPONAME_PATT, $REPOPATT_PATT);
|
our ($R_COMMANDS, $W_COMMANDS, $REPONAME_PATT, $REPOPATT_PATT, $ADC_CMD_ARGS_PATT);
|
||||||
our %repos;
|
our %repos;
|
||||||
our %groups;
|
our %groups;
|
||||||
our %repo_config;
|
our %repo_config;
|
||||||
|
|
@ -157,7 +157,7 @@ if ($GL_ADC_PATH and -d $GL_ADC_PATH) {
|
||||||
my ($cmd, @args) = split ' ', $ENV{SSH_ORIGINAL_COMMAND};
|
my ($cmd, @args) = split ' ', $ENV{SSH_ORIGINAL_COMMAND};
|
||||||
if (-x "$GL_ADC_PATH/$cmd") {
|
if (-x "$GL_ADC_PATH/$cmd") {
|
||||||
# yes this is rather strict, sorry.
|
# yes this is rather strict, sorry.
|
||||||
do { die "I don't like $_\n" unless $_ =~ $REPOPATT_PATT } for ($cmd, @args);
|
do { die "I don't like $_\n" unless $_ =~ $ADC_CMD_ARGS_PATT } for ($cmd, @args);
|
||||||
&log_it("$GL_ADC_PATH/$ENV{SSH_ORIGINAL_COMMAND}");
|
&log_it("$GL_ADC_PATH/$ENV{SSH_ORIGINAL_COMMAND}");
|
||||||
exec("$GL_ADC_PATH/$cmd", @args);
|
exec("$GL_ADC_PATH/$cmd", @args);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue