diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-07-29 17:08:50 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-07-29 18:16:23 +0300 |
commit | d745c522f462e01aa576c6f93b94cbad6c631f73 (patch) | |
tree | 854738e411b0f993ecaea3d5d3fb05280a621642 | |
parent | ba7a48a2b88b33c6c49511fd4422d255264fac98 (diff) | |
download | gitaclhook-d745c522f462e01aa576c6f93b94cbad6c631f73.tar.gz gitaclhook-d745c522f462e01aa576c6f93b94cbad6c631f73.tar.bz2 |
Change namespace for the configuration variables: hooks.acl.*
-rwxr-xr-x | gitaclhook | 30 | ||||
-rw-r--r-- | lib/GitACL.pm | 14 | ||||
-rw-r--r-- | lib/GitACL/File.pm | 2 | ||||
-rw-r--r-- | lib/GitACL/LDAP.pm | 2 |
4 files changed, 24 insertions, 24 deletions
@@ -47,14 +47,14 @@ server cannot be reached, the update is denied. | |||
47 | 47 | ||
48 | Two storage engines are supported: B<File>, which reads access control | 48 | Two storage engines are supported: B<File>, which reads access control |
49 | lists from a disk file, and B<LDAP>, which obtains them from LDAP. | 49 | lists from a disk file, and B<LDAP>, which obtains them from LDAP. |
50 | The engine to use is defined by the B<hooks.acltype> configuration keyword. | 50 | The engine to use is defined by the B<hooks.acl.type> configuration keyword. |
51 | The default is B<File>. | 51 | The default is B<File>. |
52 | 52 | ||
53 | =head1 ACL FILE | 53 | =head1 ACL FILE |
54 | 54 | ||
55 | The ACL file is used when the B<File> storage engine is requested. The | 55 | The ACL file is used when the B<File> storage engine is requested. The |
56 | path to the file must be given via the B<hooks.aclfile> configuration | 56 | path to the file must be given via the B<hooks.acl.file> configuration |
57 | keyword. If B<hooks.aclfile> is not defined, update is allowed | 57 | keyword. If B<hooks.acl.file> is not defined, update is allowed |
58 | unconditionally. | 58 | unconditionally. |
59 | 59 | ||
60 | The ACL file has the usual line-oriented syntax. Comments are introduced | 60 | The ACL file has the usual line-oriented syntax. Comments are introduced |
@@ -143,7 +143,7 @@ contains the opcode of the requested operation and I<REF> matches the affected | |||
143 | ref. Missing I<REF> and/or I<OP> are treated as a match. | 143 | ref. Missing I<REF> and/or I<OP> are treated as a match. |
144 | 144 | ||
145 | If no rule applies, the operation is denied. This can be changed by setting | 145 | If no rule applies, the operation is denied. This can be changed by setting |
146 | B<hooks.acldefault = allow> in Git configuration file. | 146 | B<hooks.acl.default = allow> in Git configuration file. |
147 | 147 | ||
148 | For example, assume you have the following ACL file: | 148 | For example, assume you have the following ACL file: |
149 | 149 | ||
@@ -168,7 +168,7 @@ The LDAP storage engine is requested by the following configuration statement: | |||
168 | acltype = LDAP | 168 | acltype = LDAP |
169 | 169 | ||
170 | The URI of the LDAP server to use and other data necessary to access it | 170 | The URI of the LDAP server to use and other data necessary to access it |
171 | are read from the file name given in the B<hooks.aclldapconf> variable, | 171 | are read from the file name given in the B<hooks.acl.ldapconf> variable, |
172 | or from B</etc/ldap.conf>, if it is not defined. LDAP access control | 172 | or from B</etc/ldap.conf>, if it is not defined. LDAP access control |
173 | entries are similar to the plaintext file ACLs. Each entry has the | 173 | entries are similar to the plaintext file ACLs. Each entry has the |
174 | following attrubutes: | 174 | following attrubutes: |
@@ -221,38 +221,38 @@ If no matching entry is found, the update is allowed. | |||
221 | 221 | ||
222 | =over 4 | 222 | =over 4 |
223 | 223 | ||
224 | =item B<hooks.acltype> STRING | 224 | =item B<hooks.acl.type> STRING |
225 | 225 | ||
226 | Type of the storage engine. Valid values are B<File> (default) and B<LDAP>. | 226 | Type of the storage engine. Valid values are B<File> (default) and B<LDAP>. |
227 | 227 | ||
228 | =item B<hooks.aclfile> STRING | 228 | =item B<hooks.acl.file> STRING |
229 | 229 | ||
230 | For the B<File> storage engine, name of the ACL file. | 230 | For the B<File> storage engine, name of the ACL file. |
231 | 231 | ||
232 | =item B<hooks.aclldapconf> STRING | 232 | =item B<hooks.acl.ldapconf> STRING |
233 | 233 | ||
234 | For the B<LDAP> storage engine, the name of the configuration file to use | 234 | For the B<LDAP> storage engine, the name of the configuration file to use |
235 | instead of B</etc/ldap.conf>. | 235 | instead of B</etc/ldap.conf>. |
236 | 236 | ||
237 | =item B<hooks.acllog> STRING | 237 | =item B<hooks.acl.log> STRING |
238 | 238 | ||
239 | Send log info to this file. | 239 | Send log info to this file. |
240 | 240 | ||
241 | =item B<hooks.acldebug> NUMBER | 241 | =item B<hooks.acl.debug> NUMBER |
242 | 242 | ||
243 | Enable debugging. The bigger the number, the more debugging info will | 243 | Enable debugging. The bigger the number, the more debugging info will |
244 | be displayed. | 244 | be displayed. |
245 | 245 | ||
246 | =item B<hooks.aclquiet> BOOL | 246 | =item B<hooks.acl.quiet> BOOL |
247 | 247 | ||
248 | Suppress diagnostics on stderr. | 248 | Suppress diagnostics on stderr. |
249 | 249 | ||
250 | =item B<hooks.acldefault> B<allow>|B<deny> | 250 | =item B<hooks.acl.default> B<allow>|B<deny> |
251 | 251 | ||
252 | Sets the default rule, i.e. the one that will be executed if no other | 252 | Sets the default rule, i.e. the one that will be executed if no other |
253 | rule matched the request. Unless defined, B<deny> is assumed. | 253 | rule matched the request. Unless defined, B<deny> is assumed. |
254 | 254 | ||
255 | =item B<hooks.httpd-user> STRING | 255 | =item B<hooks.acl.httpd-user> STRING |
256 | 256 | ||
257 | Name of the user httpd runs as. Define it if the repository can be | 257 | Name of the user httpd runs as. Define it if the repository can be |
258 | accessed via HTTP(S). If B<gitaclhook> is run as this user, it will | 258 | accessed via HTTP(S). If B<gitaclhook> is run as this user, it will |
@@ -285,7 +285,7 @@ The program uses following environment variables: | |||
285 | 285 | ||
286 | =item B<GIT_UPDATE_DEBUG> | 286 | =item B<GIT_UPDATE_DEBUG> |
287 | 287 | ||
288 | When set to 1, enables debugging mode. The B<hooks.acldebug> | 288 | When set to 1, enables debugging mode. The B<hooks.acl.debug> |
289 | configuration variable overrides this setting. | 289 | configuration variable overrides this setting. |
290 | 290 | ||
291 | =item B<GIT_DIR> | 291 | =item B<GIT_DIR> |
@@ -294,7 +294,7 @@ Path to the affected repository. | |||
294 | 294 | ||
295 | =back | 295 | =back |
296 | 296 | ||
297 | If updates are performed via HTTP or HTTPS and the B<hooks.httpd-user> | 297 | If updates are performed via HTTP or HTTPS and the B<hooks.acl.httpd-user> |
298 | configuration variable is set, the following two variables are used | 298 | configuration variable is set, the following two variables are used |
299 | to determine the identity of the user: | 299 | to determine the identity of the user: |
300 | 300 | ||
diff --git a/lib/GitACL.pm b/lib/GitACL.pm index 9cd381d..cde9624 100644 --- a/lib/GitACL.pm +++ b/lib/GitACL.pm | |||
@@ -73,7 +73,7 @@ sub allow($$) { | |||
73 | 73 | ||
74 | sub default_rule($) { | 74 | sub default_rule($) { |
75 | my $self = shift; | 75 | my $self = shift; |
76 | my $def = GitACL::git_value('config', 'hooks.acldefault'); | 76 | my $def = GitACL::git_value('config', 'hooks.acl.default'); |
77 | my $msg = "default rule"; | 77 | my $msg = "default rule"; |
78 | if (defined($def)) { | 78 | if (defined($def)) { |
79 | if ($def eq "allow") { | 79 | if ($def eq "allow") { |
@@ -110,7 +110,7 @@ sub git_value(@) { | |||
110 | 110 | ||
111 | sub match_primary_group($$) { | 111 | sub match_primary_group($$) { |
112 | my ($user_name,$group_name) = @_; | 112 | my ($user_name,$group_name) = @_; |
113 | my ($name,$passwd,$uid,$gid,$members) = getpwnam($user_name) or return 0; | 113 | my ($name,$passwd,$uid,$gid) = getpwnam($user_name) or return 0; |
114 | ($name) = getgrgid($gid) or return 0; | 114 | ($name) = getgrgid($gid) or return 0; |
115 | return 1 if $name eq $group_name; | 115 | return 1 if $name eq $group_name; |
116 | return 0; | 116 | return 0; |
@@ -190,14 +190,14 @@ sub new { | |||
190 | if (defined($args{debug})) { | 190 | if (defined($args{debug})) { |
191 | $obj->{debug} = $args{debug}; | 191 | $obj->{debug} = $args{debug}; |
192 | } else { | 192 | } else { |
193 | $obj->{debug} = git_value('config', '--bool', 'hooks.acldebug') || | 193 | $obj->{debug} = git_value('config', '--bool', 'hooks.acl.debug') || |
194 | $ENV{GIT_UPDATE_DEBUG} > 0; | 194 | $ENV{GIT_UPDATE_DEBUG} > 0; |
195 | } | 195 | } |
196 | 196 | ||
197 | if (defined($args{logfile})) { | 197 | if (defined($args{logfile})) { |
198 | $obj->{logfile} = $args{logfile}; | 198 | $obj->{logfile} = $args{logfile}; |
199 | } else { | 199 | } else { |
200 | $obj->{logfile} = git_value('config', 'hooks.acllog'); | 200 | $obj->{logfile} = git_value('config', 'hooks.acl.log'); |
201 | } | 201 | } |
202 | if ($obj->{logfile} && $obj->{logfile} !~ /[>|]/) { | 202 | if ($obj->{logfile} && $obj->{logfile} !~ /[>|]/) { |
203 | $obj->{logfile} = ">>$obj->{logfile}"; | 203 | $obj->{logfile} = ">>$obj->{logfile}"; |
@@ -206,7 +206,7 @@ sub new { | |||
206 | if (defined($args{quiet})) { | 206 | if (defined($args{quiet})) { |
207 | $obj->{quiet} = $args{quiet}; | 207 | $obj->{quiet} = $args{quiet}; |
208 | } elsif (!$obj->{debug}) { | 208 | } elsif (!$obj->{debug}) { |
209 | $obj->{quiet} = git_value('config', 'hooks.aclquiet'); | 209 | $obj->{quiet} = git_value('config', 'hooks.acl.quiet'); |
210 | } | 210 | } |
211 | 211 | ||
212 | if (defined($args{user})) { | 212 | if (defined($args{user})) { |
@@ -216,7 +216,7 @@ sub new { | |||
216 | $obj->{user_name} = $u; | 216 | $obj->{user_name} = $u; |
217 | } | 217 | } |
218 | $obj->deny("no such user") unless $obj->{user_name}; | 218 | $obj->deny("no such user") unless $obj->{user_name}; |
219 | my $httpdusr = git_value('config', 'hooks.httpd-user'); | 219 | my $httpdusr = git_value('config', 'hooks.acl.httpd-user'); |
220 | if (defined($httpdusr) and $obj->{user_name} eq $httpdusr) { | 220 | if (defined($httpdusr) and $obj->{user_name} eq $httpdusr) { |
221 | $obj->deny("need authenticated user") unless $ENV{AUTH_TYPE}; | 221 | $obj->deny("need authenticated user") unless $ENV{AUTH_TYPE}; |
222 | $obj->{user_name} = $ENV{REMOTE_USER}; | 222 | $obj->{user_name} = $ENV{REMOTE_USER}; |
@@ -261,7 +261,7 @@ sub check { | |||
261 | $self->info("$self->{user_name} requested $opstr{$self->{op}} ". | 261 | $self->info("$self->{user_name} requested $opstr{$self->{op}} ". |
262 | "on $self->{ref} in $self->{project_name}"); | 262 | "on $self->{ref} in $self->{project_name}"); |
263 | 263 | ||
264 | my $type = git_value('config', 'hooks.acltype'); | 264 | my $type = git_value('config', 'hooks.acl.type'); |
265 | $type = "File" unless $type; | 265 | $type = "File" unless $type; |
266 | 266 | ||
267 | my $r = eval("use GitACL::$type; GitACL::$type->new(\$self);"); | 267 | my $r = eval("use GitACL::$type; GitACL::$type->new(\$self);"); |
diff --git a/lib/GitACL/File.pm b/lib/GitACL/File.pm index efabfd4..f72c16d 100644 --- a/lib/GitACL/File.pm +++ b/lib/GitACL/File.pm | |||
@@ -23,7 +23,7 @@ sub check_acl { | |||
23 | my $line = 0; | 23 | my $line = 0; |
24 | my @ret; | 24 | my @ret; |
25 | 25 | ||
26 | my $filename = GitACL::git_value('config', 'hooks.aclfile'); | 26 | my $filename = GitACL::git_value('config', 'hooks.acl.file'); |
27 | $self->allow("no ACL configured for ".$self->{project_name}) | 27 | $self->allow("no ACL configured for ".$self->{project_name}) |
28 | unless defined($filename); | 28 | unless defined($filename); |
29 | 29 | ||
diff --git a/lib/GitACL/LDAP.pm b/lib/GitACL/LDAP.pm index 22bfd8d..ac8fd06 100644 --- a/lib/GitACL/LDAP.pm +++ b/lib/GitACL/LDAP.pm | |||
@@ -21,7 +21,7 @@ use Net::LDAP; | |||
21 | 21 | ||
22 | sub parse_ldap_conf { | 22 | sub parse_ldap_conf { |
23 | my $self = shift; | 23 | my $self = shift; |
24 | my $filename = GitACL::git_value('config', 'hooks.aclldapconf') || | 24 | my $filename = GitACL::git_value('config', 'hooks.acl.ldapconf') || |