aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org.ua>2014-07-29 17:08:50 +0300
committerSergey Poznyakoff <gray@gnu.org.ua>2014-07-29 18:16:23 +0300
commitd745c522f462e01aa576c6f93b94cbad6c631f73 (patch)
tree854738e411b0f993ecaea3d5d3fb05280a621642
parentba7a48a2b88b33c6c49511fd4422d255264fac98 (diff)
downloadgitaclhook-d745c522f462e01aa576c6f93b94cbad6c631f73.tar.gz
gitaclhook-d745c522f462e01aa576c6f93b94cbad6c631f73.tar.bz2
Change namespace for the configuration variables: hooks.acl.*
-rwxr-xr-xgitaclhook30
-rw-r--r--lib/GitACL.pm14
-rw-r--r--lib/GitACL/File.pm2
-rw-r--r--lib/GitACL/LDAP.pm2
4 files changed, 24 insertions, 24 deletions
diff --git a/gitaclhook b/gitaclhook
index f9b5974..b88adf3 100755
--- a/gitaclhook
+++ b/gitaclhook
@@ -47,14 +47,14 @@ server cannot be reached, the update is denied.
47 47
48Two storage engines are supported: B<File>, which reads access control 48Two storage engines are supported: B<File>, which reads access control
49lists from a disk file, and B<LDAP>, which obtains them from LDAP. 49lists from a disk file, and B<LDAP>, which obtains them from LDAP.
50The engine to use is defined by the B<hooks.acltype> configuration keyword. 50The engine to use is defined by the B<hooks.acl.type> configuration keyword.
51The default is B<File>. 51The default is B<File>.
52 52
53=head1 ACL FILE 53=head1 ACL FILE
54 54
55The ACL file is used when the B<File> storage engine is requested. The 55The ACL file is used when the B<File> storage engine is requested. The
56path to the file must be given via the B<hooks.aclfile> configuration 56path to the file must be given via the B<hooks.acl.file> configuration
57keyword. If B<hooks.aclfile> is not defined, update is allowed 57keyword. If B<hooks.acl.file> is not defined, update is allowed
58unconditionally. 58unconditionally.
59 59
60The ACL file has the usual line-oriented syntax. Comments are introduced 60The ACL file has the usual line-oriented syntax. Comments are introduced
@@ -143,7 +143,7 @@ contains the opcode of the requested operation and I<REF> matches the affected
143ref. Missing I<REF> and/or I<OP> are treated as a match. 143ref. Missing I<REF> and/or I<OP> are treated as a match.
144 144
145If no rule applies, the operation is denied. This can be changed by setting 145If no rule applies, the operation is denied. This can be changed by setting
146B<hooks.acldefault = allow> in Git configuration file. 146B<hooks.acl.default = allow> in Git configuration file.
147 147
148For example, assume you have the following ACL file: 148For example, assume you have the following ACL file:
149 149
@@ -168,7 +168,7 @@ The LDAP storage engine is requested by the following configuration statement:
168 acltype = LDAP 168 acltype = LDAP
169 169
170The URI of the LDAP server to use and other data necessary to access it 170The URI of the LDAP server to use and other data necessary to access it
171are read from the file name given in the B<hooks.aclldapconf> variable, 171are read from the file name given in the B<hooks.acl.ldapconf> variable,
172or from B</etc/ldap.conf>, if it is not defined. LDAP access control 172or from B</etc/ldap.conf>, if it is not defined. LDAP access control
173entries are similar to the plaintext file ACLs. Each entry has the 173entries are similar to the plaintext file ACLs. Each entry has the
174following attrubutes: 174following attrubutes:
@@ -221,38 +221,38 @@ If no matching entry is found, the update is allowed.
221 221
222=over 4 222=over 4
223 223
224=item B<hooks.acltype> STRING 224=item B<hooks.acl.type> STRING
225 225
226Type of the storage engine. Valid values are B<File> (default) and B<LDAP>. 226Type of the storage engine. Valid values are B<File> (default) and B<LDAP>.
227 227
228=item B<hooks.aclfile> STRING 228=item B<hooks.acl.file> STRING
229 229
230For the B<File> storage engine, name of the ACL file. 230For the B<File> storage engine, name of the ACL file.
231 231
232=item B<hooks.aclldapconf> STRING 232=item B<hooks.acl.ldapconf> STRING
233 233
234For the B<LDAP> storage engine, the name of the configuration file to use 234For the B<LDAP> storage engine, the name of the configuration file to use
235instead of B</etc/ldap.conf>. 235instead of B</etc/ldap.conf>.
236 236
237=item B<hooks.acllog> STRING 237=item B<hooks.acl.log> STRING
238 238
239Send log info to this file. 239Send log info to this file.
240 240
241=item B<hooks.acldebug> NUMBER 241=item B<hooks.acl.debug> NUMBER
242 242
243Enable debugging. The bigger the number, the more debugging info will 243Enable debugging. The bigger the number, the more debugging info will
244be displayed. 244be displayed.
245 245
246=item B<hooks.aclquiet> BOOL 246=item B<hooks.acl.quiet> BOOL
247 247
248Suppress diagnostics on stderr. 248Suppress diagnostics on stderr.
249 249
250=item B<hooks.acldefault> B<allow>|B<deny> 250=item B<hooks.acl.default> B<allow>|B<deny>
251 251
252Sets the default rule, i.e. the one that will be executed if no other 252Sets the default rule, i.e. the one that will be executed if no other
253rule matched the request. Unless defined, B<deny> is assumed. 253rule matched the request. Unless defined, B<deny> is assumed.
254 254
255=item B<hooks.httpd-user> STRING 255=item B<hooks.acl.httpd-user> STRING
256 256
257Name of the user httpd runs as. Define it if the repository can be 257Name of the user httpd runs as. Define it if the repository can be
258accessed via HTTP(S). If B<gitaclhook> is run as this user, it will 258accessed via HTTP(S). If B<gitaclhook> is run as this user, it will
@@ -285,7 +285,7 @@ The program uses following environment variables:
285 285
286=item B<GIT_UPDATE_DEBUG> 286=item B<GIT_UPDATE_DEBUG>
287 287
288When set to 1, enables debugging mode. The B<hooks.acldebug> 288When set to 1, enables debugging mode. The B<hooks.acl.debug>
289configuration variable overrides this setting. 289configuration variable overrides this setting.
290 290
291=item B<GIT_DIR> 291=item B<GIT_DIR>
@@ -294,7 +294,7 @@ Path to the affected repository.
294 294
295=back 295=back
296 296
297If updates are performed via HTTP or HTTPS and the B<hooks.httpd-user> 297If updates are performed via HTTP or HTTPS and the B<hooks.acl.httpd-user>
298configuration variable is set, the following two variables are used 298configuration variable is set, the following two variables are used
299to determine the identity of the user: 299to determine the identity of the user:
300 300
diff --git a/lib/GitACL.pm b/lib/GitACL.pm
index 9cd381d..cde9624 100644
--- a/lib/GitACL.pm
+++ b/lib/GitACL.pm
@@ -73,7 +73,7 @@ sub allow($$) {
73 73
74sub default_rule($) { 74sub default_rule($) {
75 my $self = shift; 75 my $self = shift;
76 my $def = GitACL::git_value('config', 'hooks.acldefault'); 76 my $def = GitACL::git_value('config', 'hooks.acl.default');
77 my $msg = "default rule"; 77 my $msg = "default rule";
78 if (defined($def)) { 78 if (defined($def)) {
79 if ($def eq "allow") { 79 if ($def eq "allow") {
@@ -110,7 +110,7 @@ sub git_value(@) {
110 110
111sub match_primary_group($$) { 111sub match_primary_group($$) {
112 my ($user_name,$group_name) = @_; 112 my ($user_name,$group_name) = @_;
113 my ($name,$passwd,$uid,$gid,$members) = getpwnam($user_name) or return 0; 113 my ($name,$passwd,$uid,$gid) = getpwnam($user_name) or return 0;
114 ($name) = getgrgid($gid) or return 0; 114 ($name) = getgrgid($gid) or return 0;
115 return 1 if $name eq $group_name; 115 return 1 if $name eq $group_name;
116 return 0; 116 return 0;
@@ -190,14 +190,14 @@ sub new {
190 if (defined($args{debug})) { 190 if (defined($args{debug})) {
191 $obj->{debug} = $args{debug}; 191 $obj->{debug} = $args{debug};
192 } else { 192 } else {
193 $obj->{debug} = git_value('config', '--bool', 'hooks.acldebug') || 193 $obj->{debug} = git_value('config', '--bool', 'hooks.acl.debug') ||
194 $ENV{GIT_UPDATE_DEBUG} > 0; 194 $ENV{GIT_UPDATE_DEBUG} > 0;
195 } 195 }
196 196
197 if (defined($args{logfile})) { 197 if (defined($args{logfile})) {
198 $obj->{logfile} = $args{logfile}; 198 $obj->{logfile} = $args{logfile};
199 } else { 199 } else {
200 $obj->{logfile} = git_value('config', 'hooks.acllog'); 200 $obj->{logfile} = git_value('config', 'hooks.acl.log');
201 } 201 }
202 if ($obj->{logfile} && $obj->{logfile} !~ /[>|]/) { 202 if ($obj->{logfile} && $obj->{logfile} !~ /[>|]/) {
203 $obj->{logfile} = ">>$obj->{logfile}"; 203 $obj->{logfile} = ">>$obj->{logfile}";
@@ -206,7 +206,7 @@ sub new {
206 if (defined($args{quiet})) { 206 if (defined($args{quiet})) {
207 $obj->{quiet} = $args{quiet}; 207 $obj->{quiet} = $args{quiet};
208 } elsif (!$obj->{debug}) { 208 } elsif (!$obj->{debug}) {
209 $obj->{quiet} = git_value('config', 'hooks.aclquiet'); 209 $obj->{quiet} = git_value('config', 'hooks.acl.quiet');
210 } 210 }
211 211
212 if (defined($args{user})) { 212 if (defined($args{user})) {
@@ -216,7 +216,7 @@ sub new {
216 $obj->{user_name} = $u; 216 $obj->{user_name} = $u;
217 } 217 }
218 $obj->deny("no such user") unless $obj->{user_name}; 218 $obj->deny("no such user") unless $obj->{user_name};
219 my $httpdusr = git_value('config', 'hooks.httpd-user'); 219 my $httpdusr = git_value('config', 'hooks.acl.httpd-user');
220 if (defined($httpdusr) and $obj->{user_name} eq $httpdusr) { 220 if (defined($httpdusr) and $obj->{user_name} eq $httpdusr) {
221 $obj->deny("need authenticated user") unless $ENV{AUTH_TYPE}; 221 $obj->deny("need authenticated user") unless $ENV{AUTH_TYPE};
222 $obj->{user_name} = $ENV{REMOTE_USER}; 222 $obj->{user_name} = $ENV{REMOTE_USER};
@@ -261,7 +261,7 @@ sub check {
261 $self->info("$self->{user_name} requested $opstr{$self->{op}} ". 261 $self->info("$self->{user_name} requested $opstr{$self->{op}} ".
262 "on $self->{ref} in $self->{project_name}"); 262 "on $self->{ref} in $self->{project_name}");
263 263
264 my $type = git_value('config', 'hooks.acltype'); 264 my $type = git_value('config', 'hooks.acl.type');
265 $type = "File" unless $type; 265 $type = "File" unless $type;
266 266
267 my $r = eval("use GitACL::$type; GitACL::$type->new(\$self);"); 267 my $r = eval("use GitACL::$type; GitACL::$type->new(\$self);");
diff --git a/lib/GitACL/File.pm b/lib/GitACL/File.pm
index efabfd4..f72c16d 100644
--- a/lib/GitACL/File.pm
+++ b/lib/GitACL/File.pm
@@ -23,7 +23,7 @@ sub check_acl {
23 my $line = 0; 23 my $line = 0;
24 my @ret; 24 my @ret;
25 25
26 my $filename = GitACL::git_value('config', 'hooks.aclfile'); 26 my $filename = GitACL::git_value('config', 'hooks.acl.file');
27 $self->allow("no ACL configured for ".$self->{project_name}) 27 $self->allow("no ACL configured for ".$self->{project_name})
28 unless defined($filename); 28 unless defined($filename);
29 29
diff --git a/lib/GitACL/LDAP.pm b/lib/GitACL/LDAP.pm
index 22bfd8d..ac8fd06 100644
--- a/lib/GitACL/LDAP.pm
+++ b/lib/GitACL/LDAP.pm
@@ -21,7 +21,7 @@ use Net::LDAP;
21 21
22sub parse_ldap_conf { 22sub parse_ldap_conf {
23 my $self = shift; 23 my $self = shift;
24 my $filename = GitACL::git_value('config', 'hooks.aclldapconf') || 24 my $filename = GitACL::git_value('config', 'hooks.acl.ldapconf') ||