Commit graph

204 commits

Author SHA1 Message Date
Sitaram Chamarty 5e2e13aac2 review all user input, system(), and `` 2012-03-24 10:30:45 +05:30
Sitaram Chamarty 98a6b08ff4 'desc' command added (manually smoke tested only; no test script) 2012-03-24 10:30:45 +05:30
Sitaram Chamarty 878bb3009a last check in the "dammit, don't call creator() on a missing repo" series :) 2012-03-24 10:30:45 +05:30
Sitaram Chamarty 80a234c0f6 upgraded the basic test a bit for quicker turnaround on some experiments 2012-03-24 10:30:45 +05:30
Sitaram Chamarty 661fefbd0e added more personal branch tests 2012-03-24 10:30:45 +05:30
Sitaram Chamarty 139c08d3a1 abort on suspicious ref names
(and the other Dan Carpenter finding too, while we're about it!)

Note that neither of these is an actual issue, (and even less likely now
that gitolite is pure perl and no shell metas used) but it's just
playing safe.
2012-03-24 10:30:45 +05:30
Sitaram Chamarty 999f9cd39d make site-local scripts easier to write
- new Gitolite::Easy module hides all the other stuff
  - (put GL_ADMIN_BASE and GL_REPO_BASE into %ENV)
  - new 'gitolite creator' shell command
  - 'writes' command modified to use Gitolite::Easy.  It is also the
    only dual mode command -- it can be invoked remotely as well as
    locally.  I deem that the required trick to make other remote-only
    commands work locally is too much trouble for what is probably a
    rarely used command.
2012-03-24 10:30:45 +05:30
Sitaram Chamarty 5deafb6823 fix some "this specific user" dependencies for testing 2012-03-24 10:30:45 +05:30
Sitaram Chamarty 43f95f9b22 (minor) help command usage message changed 2012-03-24 10:30:45 +05:30
Sitaram Chamarty f0355d749b 'gitolite writes off/on...' done 2012-03-24 10:30:45 +05:30
Sitaram Chamarty 1ec8be663e (test infrastructure) CLONE/PUSH macros redefined 2012-03-24 10:30:45 +05:30
Sitaram Chamarty bc2bd7a78c oops; the $repo argument to PRE_ and POST_GIT triggers was wrong! 2012-03-24 10:30:45 +05:30
Sitaram Chamarty 1de773ab8e perm-roles.t 2012-03-24 10:30:44 +05:30
Sitaram Chamarty 34cfdb4355 add some checks to perms
- check user auth
  - check role names in legacy mode
2012-03-24 10:30:44 +05:30
Sitaram Chamarty a6d8184a56 rule sequences test 2012-03-24 10:30:44 +05:30
Sitaram Chamarty ed47d1aef8 two significant fixes to load:
- don't look for user-roles if the repo is missing (doesn't make sense
    and because we roll in the <perm> = CREATOR function into that, it
    causes bugs like [1] below)

  - allow ^CREATOR/ in repo names (i.e., don't insist it has to be
    /CREATOR/)

----

[1] here's the bug

    repo foo/..*
        C   =   u1
        RW+ =   CREATOR # <--- this line
        R   =   READERS
        RW  =   WRITERS

    causes
        GL_USER=u2 gitolite info

    to print
        hello u2, this is gitolite3 (unknown) on git 1.7.7.6

         R W  	foo/..*
         R W  	testing

    when in reality it should not be looking at CREATOR at all.
2012-03-24 10:30:44 +05:30
Sitaram Chamarty 545c00aa26 perms with groups test 2012-03-24 10:30:44 +05:30
Sitaram Chamarty 741512482b 'info' learned not to show ^C column when used with '-p' 2012-03-24 10:30:44 +05:30
Sitaram Chamarty 2e1f840f13 'info' learns '-lc' option (and load.pm exports creator()) 2012-03-24 10:30:44 +05:30
Sitaram Chamarty 9f1e360ef3 deny-create test (the RWC stuff) 2012-03-24 10:30:44 +05:30
Sitaram Chamarty 0614655252 (minor) sequence.t 2012-03-24 10:30:44 +05:30
Sitaram Chamarty 3f7edfea67 usage() needed some minor fixes... 2012-03-24 10:30:44 +05:30
Sitaram Chamarty 32494cfa0c info learned '-p' and pattern limiting.
'-p' is what gives you 'expand' now
2012-03-24 10:30:44 +05:30
Sitaram Chamarty 5b5c02f226 merge-check test 2012-03-24 10:30:44 +05:30
Sitaram Chamarty af11919025 git-configs update code done 2012-03-24 10:30:44 +05:30
Sitaram Chamarty 7b1efe8a7b (minor) 2012-03-24 10:30:44 +05:30
Sitaram Chamarty e6ba17fc52 "deny-rules" (used to be called "deny-repo" in g2) 2012-03-24 10:30:44 +05:30
Sitaram Chamarty 3e1746b267 change die to warn if split_conf is not set but gl-conf is present
(although the opposite case is still a "die")

We found out how this can happen: if you change

    repo r1 r2

to

    @g = r1 r2
    repo @g

as found by t/deleg-2.t, which suddenly started breaking after an
apparently unrelated commit :-)
2012-03-24 10:30:44 +05:30
Sitaram Chamarty b1a75b7889 gitweb/daemon post-create scripts done 2012-03-24 10:30:44 +05:30
Sitaram Chamarty 24b36f11c5 (perltidy) 2012-03-24 10:30:44 +05:30
Sitaram Chamarty d853c58ada (!!) trigger mechanism... read below
new triggers:

  - PRE_GIT and POST_GIT in gitolite-shell
  - PRE_CREATE and POST_CREATE when a new wild repo is created
  - (POST_COMPILE had already existed)
  - ACCESS_CHECK triggers both in gitolite-shell and the update hook

  - trace() learned to print the file name if called from top level and
    a function name is not available

note: trigger was called 'run-all' and only had POST_COMPILE.  The code
existed in gitolite-shell, but is now moved to Rc.pm.
2012-03-24 10:30:44 +05:30
Sitaram Chamarty 80b50f3be8 added delegation tests
(although one seems almost the same as the other...)
2012-03-24 10:30:44 +05:30
Sitaram Chamarty 4c1017a529 new sugar 'legacy-delegation-abort', enabled by default 2012-03-24 10:30:44 +05:30
Sitaram Chamarty 20fd0d0c19 (minor) test reformatting 2012-03-24 10:30:44 +05:30
Sitaram Chamarty 2069156c6b wild repos test #2 2012-03-24 10:30:43 +05:30
Sitaram Chamarty 8dcc051e64 access() with a missing repo
when a real repo (i.e., not a groupname or such) doesn't exist, checking
any permission other than ^C will give invalid results unless ^C is ok
for the user in question.

Take a look at this:

    repo    foo/CREATOR/a[0-9][0-9]
        C   =   u2 u3
        RW+ =   CREATOR
        R   =   READERS u1

u1 looking for R access on foo/u1/a11 will otherwise result in
success.
2012-03-24 10:30:43 +05:30
Sitaram Chamarty c79f9d2381 glt learns to deal better with non-git commands 2012-03-24 10:30:43 +05:30
Sitaram Chamarty e743cab1a3 perms command done (smoke tested) 2012-03-24 10:30:43 +05:30
Sitaram Chamarty 1b31c21440 wildrepos almost done (except setperms etc)
implementation notes

  - new sugar role_names() to prefix an "@" to CREATOR, and any role
    names listed in the rc file.

  - invalidate the cache in rules() if the repo was missing.  Without
    this, an auto-create operation succeeds the ^C check and calls
    new_wild_repo(), but then -- due to the cached rules not containing
    a rule for CREATOR, the actual read/write fails.

  - treat roles (READERS, WRITERS, etc.) as group names that apply only
    to that particular repo.  Don't add them to %groups, because that
    would screw up caching, but add them in when memberships() is called
    for the user.

    This is why the membership call for the user also has a reponame
    tacked on -- i.e., a user's membership list varied depending on
    which repo you're talking about.

  - while we're about it, pretend we added "CREATOR = <content of
    gl-creator>" as another "role".  Makes things so much easier dealing
    with "RW+ = CREATOR"

  - searching for rules pertaining to foo/CREATOR/bar when looking at
    repo foo/sitaram/bar is done backwards from what g2 used to do.  G2
    used to play tricks with the do-eval'd file using global variables
    so that what you get after the do may not even contain 'CREATOR'.

    We go the other way.  We replace sitaram with CREATOR and start
    looking for memberships of *both* foo/sitaram/bar and
    foo/CREATOR/bar.

  - this doesn't work (because we don't know *what* to replace) for
    missing repos if GL_USER is not set.  This means that 'gitolite
    access ...' queries (which do not set GL_USER) cannot be used
    reliably for non-existant repos.

    Since a ^C check is the only meaningful one for a non-existent repo,
    this means you cannot do that from 'gitolite access'.

    'GL_USER=luser gitolite info' will still work though ;-)

all in all, much cleaner and simpler than g2.
2012-03-24 10:30:43 +05:30
Sitaram Chamarty 3c5ae7f26b added 'RW+CDM' perm function, including some test code for 'D' 2012-03-24 10:30:43 +05:30
Sitaram Chamarty 5ae9b4abab new sugar function to help with RW+CDM 2012-03-24 10:30:43 +05:30
Sitaram Chamarty a6a666af78 new option() function in load.pm to quickly test conf options
reminder: these are enabled by 'option foo = bar' keyword in conf and
apply only to the repo
2012-03-24 10:30:43 +05:30
Sitaram Chamarty d5ddf6c68d wip test suite 2012-03-24 10:30:43 +05:30
Sitaram Chamarty 44e6bc4bb2 logging (but see below)
The logging is both for paranoia and parsing/automated processing.  The
ones you're probably interested in parsing should be easy to pick out
and are very likely to have tab-delimited fields already.
2012-03-24 10:30:43 +05:30
Sitaram Chamarty 5b93dd4b53 minor changes to the testing infrastructure 2012-03-24 10:30:43 +05:30
Sitaram Chamarty 941de722da gl-perms handling and roles, first cut
(additional memberships that user has when accessing a specific repo)
2012-03-24 10:30:43 +05:30
Sitaram Chamarty 9650d2fb3f (minor)
trace rationalisation plus perltidy again
2012-03-24 10:30:43 +05:30
Sitaram Chamarty 89a1857d56 auto-create repo on 'C' perm done 2012-03-24 10:30:43 +05:30
Sitaram Chamarty a014d2ffd5 "memberships()" can now deal with most everything except roles 2012-03-24 10:30:43 +05:30
Sitaram Chamarty f21d17e086 git_configs almost done, but
real testing can only happen after wildrepos is finished (specifically,
when memberships() can return regex repo names also)
2012-03-24 10:30:43 +05:30