deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

(mirroring) reject non-local pushes if GL_HOSTNAME not set

Browse source 
We previously said all mirroring features are disabled if GL_HOSTNAME is
not set.

But what if, after mirroring has been setup, and master/slaves defined
for a repo, a slave admin fat-fingers the RC file and accidentally
comments out GL_HOSTNAME?  We might end up violating RULE NUMBER ONE!
This commit is contained in:
Sitaram Chamarty 2011-08-13 13:39:07 +05:30
parent 37ce28a43b
commit a3ffc9d8fd
3 changed files with 8 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
doc/mirroring.mkd
View file

@ -132,8 +132,9 @@ and 'gollum' as examples here.
(Remember the "rc" file is NOT mirrored; it is meant to be site-local). (Remember the "rc" file is NOT mirrored; it is meant to be site-local).
Note: if `GL_HOSTNAME` is undefined, all mirroring features are disabled Note: if `GL_HOSTNAME` is undefined, you cannot push to repos which have
on that server, regardless of other settings. the 'gitolite.mirror.master' config variable set. (See 'details' section
below for more info on this variable).
5. On each machine, add the keys for all other machines. For example, on 5. On each machine, add the keys for all other machines. For example, on
frodo you'd run these two commands: frodo you'd run these two commands:

4
src/gitolite.pm
View file

@ -1208,9 +1208,11 @@ sub mirror_listslaves {
return ( `git config --file $REPO_BASE/$repo.git/config --get gitolite.mirror.slaves` || '' ); return ( `git config --file $REPO_BASE/$repo.git/config --get gitolite.mirror.slaves` || '' );
} }
# is a redirect ok for this repo from this slave?
sub mirror_redirectOK { sub mirror_redirectOK {
my $repo = shift; my $repo = shift;
my $slave = shift || ''; my $slave = shift || return 0;
# if we don't know who's asking, the answer is "no"
my $gmrOK = `git config --file $REPO_BASE/$repo.git/config --get gitolite.mirror.redirectOK` || ''; my $gmrOK = `git config --file $REPO_BASE/$repo.git/config --get gitolite.mirror.redirectOK` || '';
chomp $gmrOK; chomp $gmrOK;

3
src/gl-auth-command
View file

@ -140,8 +140,9 @@ $ENV{GL_REPO}=$repo;
my $aa = ($verb =~ $R_COMMANDS ? 'R' : 'W'); my $aa = ($verb =~ $R_COMMANDS ? 'R' : 'W');
# writes may get redirected under certain conditions # writes may get redirected under certain conditions
if ( $GL_HOSTNAME and $aa eq 'W' and mirror_mode($repo) =~ /^slave of (\S+)/ ) { if ( $aa eq 'W' and mirror_mode($repo) =~ /^slave of (\S+)/ ) {
my $master = $1; my $master = $1;
die "$ABRT GL_HOSTNAME not set; rejecting push to non-local repo\n" unless $GL_HOSTNAME;
die "$ABRT $GL_HOSTNAME not the master, please push to $master\n" unless mirror_redirectOK($repo, $GL_HOSTNAME); die "$ABRT $GL_HOSTNAME not the master, please push to $master\n" unless mirror_redirectOK($repo, $GL_HOSTNAME);
print STDERR "$GL_HOSTNAME ==== $user ($repo) ===> $master\n"; print STDERR "$GL_HOSTNAME ==== $user ($repo) ===> $master\n";
exec("ssh", $master, "USER=$user", "SOC=$ENV{SSH_ORIGINAL_COMMAND}"); exec("ssh", $master, "USER=$user", "SOC=$ENV{SSH_ORIGINAL_COMMAND}");