summaryrefslogtreecommitdiffabout
path: root/gitaclhook
authorSergey Poznyakoff <gray@gnu.org.ua>2013-06-21 13:47:52 (GMT)
committer Sergey Poznyakoff <gray@gnu.org.ua>2013-06-21 14:43:15 (GMT)
commit9e6f5e5fe3c9422f5ab7182e88e8cfd05470c86c (patch) (side-by-side diff)
tree45ded1f54689fb7a9773cf1e594966b087713f3a /gitaclhook
parent702fcc7b2326c03e20e999dfa606cc471e6744a3 (diff)
downloadgitaclhook-9e6f5e5fe3c9422f5ab7182e88e8cfd05470c86c.tar.gz
gitaclhook-9e6f5e5fe3c9422f5ab7182e88e8cfd05470c86c.tar.bz2
gitaclhook: Implement test mode.
Diffstat (limited to 'gitaclhook') (more/less context) (ignore whitespace changes)
-rwxr-xr-xgitaclhook76
1 files changed, 71 insertions, 5 deletions
diff --git a/gitaclhook b/gitaclhook
index dd31dd8..c2dfdb8 100755
--- a/gitaclhook
+++ b/gitaclhook
@@ -27,6 +27,8 @@ gitaclhook - control access to git repositories
B<gitaclhook> I<refname> I<old-sha1> I<new-sha1>
+B<gitacthook> B<--test> I<REPO> I<USER> I<OP> I<REF>
+
B<gitaclhook --help>
=head1 DESCRIPTION
@@ -173,6 +175,55 @@ from the environment variable B<REMOTE_USER>.
=back
+=head1 TEST MODE
+
+The B<--test> option provides a mechanism for testing access control lists
+from the command line. When given this option, B<gitaclhook> expects four
+arguments:
+
+=over 4
+
+B<gitacthook> B<--test> I<REPO> I<USER> I<OP> I<REF>
+
+=back
+
+I<REPO> is a pathname of the repository to test, I<USER> is the username,
+I<OP> is the operation code and I<REF> is the reference.
+
+=head1 ENVIRONMENT
+
+The program uses following environment variables:
+
+=over 4
+
+=item B<GIT_UPDATE_DEBUG>
+
+When set to 1, enables debugging mode. The B<hooks.acldebug>
+configuration variable overrides this setting.
+
+=item B<GIT_DIR>
+
+Path to the affected repository.
+
+=back
+
+If updates are performed via HTTP or HTTPS and the B<hooks.httpd-user>
+configuration variable is set, the following two variables are used
+to determine the identity of the user:
+
+=over 4
+
+=item B<AUTH_TYPE>
+
+If this variable is not set or set to an empty value, the program will
+deny the update.
+
+=item B<REMOTE_USER>
+
+The authenticated name of the user.
+
+=back
+
=head1 SEE ALSO
B<git-receive-pack>(1).
@@ -243,6 +294,13 @@ sub info($) {
print STDERR "info: $_[0]\n" if $debug;
}
+sub project_name($) {
+ my $dir = shift;
+
+ File::Spec->rel2abs($dir) =~ m,/([^/]+)(?:\.git|/\.git)$,;
+ return $1;
+}
+
sub git_value(@) {
my $fd;
@@ -302,7 +360,7 @@ sub check_acl($$$) {
unless ($x[0] eq 'allow' || $x[0] eq 'deny');
deny("malformed line", "$filename:$line")
unless $#x >= 2;
-
+
next if ($x[1] ne "*" and $x[1] ne $project);
next unless match_user($x[2]);
next if ($#x >= 3 && index(uc $x[3], $op) == -1);
@@ -321,6 +379,16 @@ sub check_acl($$$) {
# Sanity checks
unless ($git_dir) {
pod2usage(-exitstatus => 0, -verbose => 2) if ($ref eq "--help");
+ if ($ref eq "--test") {
+ deny("--test requires four arguments") unless ($#ARGV == 4);
+ $ENV{GIT_DIR} = $ARGV[1];
+ $user_name = $ARGV[2];
+ $op = $ARGV[3];
+ deny("invalid op") unless defined($opstr{$op});
+ $ref = $ARGV[4];
+ check_acl(project_name($ARGV[1]), $op, $ref);
+ exit(0);
+ }
deny "try \"$0 --help\" for fore info"
}
@@ -333,7 +401,7 @@ $quiet = git_value('config', 'hooks.aclquiet') unless ($debug);
my $httpdusr = git_value('config', 'hooks.httpd-user');
if (defined($httpdusr) and $user_name eq $httpdusr) {
- deny "need authenticated user" unless defined($ENV{AUTH_TYPE});
+ deny "need authenticated user" unless $ENV{AUTH_TYPE};
$user_name = $ENV{REMOTE_USER};
}
@@ -344,9 +412,7 @@ deny "bad new value $new" unless $new =~ /^[a-z0-9]{40}$/;
deny "no such user" unless $user_name;
allow "no change requested" if $old eq $new;
-$project_name = File::Spec->rel2abs($git_dir);
-$project_name =~ m,/([^/]+)(?:\.git|/\.git)$,;
-$project_name = $1;
+$project_name = project_name($git_dir);
if ($old =~ /^0{40}$/) {
$op = 'C';

Return to:

Send suggestions and report system problems to the System administrator.