diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-04-25 13:07:46 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-04-25 13:07:46 +0300 |
commit | ba7a48a2b88b33c6c49511fd4422d255264fac98 (patch) | |
tree | c82f927e550d44bda4777284838c58eacb6035ea /lib | |
parent | 8291c8576d80453ec7c70cdb8d3baf2dd72cfae4 (diff) | |
download | gitaclhook-ba7a48a2b88b33c6c49511fd4422d255264fac98.tar.gz gitaclhook-ba7a48a2b88b33c6c49511fd4422d255264fac98.tar.bz2 |
Change default rule to "deny".
The old behavior can be restored by setting 'hooks.acldefault = allow'
in Git configuration.
* gitaclhook: Document hooks.acldefault.
* lib/GitACL.pm (default_rule): New sub.
* lib/GitACL/File.pm (check_acl): Use default_rule.
Fix incorrect reference to project_name.
* lib/GitACL/LDAP.pm (check_acl): Use default_rule.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/GitACL.pm | 15 | ||||
-rw-r--r-- | lib/GitACL/File.pm | 6 | ||||
-rw-r--r-- | lib/GitACL/LDAP.pm | 4 |
3 files changed, 19 insertions, 6 deletions
diff --git a/lib/GitACL.pm b/lib/GitACL.pm index f1f792a..9cd381d 100644 --- a/lib/GitACL.pm +++ b/lib/GitACL.pm @@ -68,12 +68,26 @@ sub allow($$) { "$self->{project_name}:$self->{user_name}:$opstr{$self->{op}}:$self->{ref}:$self->{old}:$self->{new}", $loc); $self->debug(1, "allow $loc"); exit 0; } +sub default_rule($) { + my $self = shift; + my $def = GitACL::git_value('config', 'hooks.acldefault'); + my $msg = "default rule"; + if (defined($def)) { + if ($def eq "allow") { + $self->allow($msg); + } elsif ($def ne "deny") { + $msg .= " (warning: hooks.acldefault has invalid value)"; + } + } + $self->deny($msg); +} + sub info($$) { my ($self, $msg) = @_; $self->logmsg("INFO", $msg); print STDERR "info: $msg\n" if $self->{debug}; } @@ -206,13 +220,12 @@ sub new { if (defined($httpdusr) and $obj->{user_name} eq $httpdusr) { $obj->deny("need authenticated user") unless $ENV{AUTH_TYPE}; $obj->{user_name} = $ENV{REMOTE_USER}; } $obj->{project_name} = get_project_name($obj->{git_dir}); - $obj->deny("need a ref name") unless defined($args{ref}); $obj->deny("bogus ref $args{ref}") unless $args{ref} =~ s,^refs/,,; $obj->{ref} = $args{ref}; $obj->deny("bad old value $args{old}") unless $args{old} =~ /^[a-z0-9]{40}$/; diff --git a/lib/GitACL/File.pm b/lib/GitACL/File.pm index 8842ffd..efabfd4 100644 --- a/lib/GitACL/File.pm +++ b/lib/GitACL/File.pm @@ -1,8 +1,8 @@ # This file is part of gitaclhook -*- perl -*- -# Copyright (C) 2013 Sergey Poznyakoff <gray@gnu.org> +# Copyright (C) 2013, 2014 Sergey Poznyakoff <gray@gnu.org> # # Gitaclhook is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3, or (at your option) # any later version. # @@ -21,13 +21,13 @@ sub check_acl { my $self = shift; my $fd; my $line = 0; my @ret; my $filename = GitACL::git_value('config', 'hooks.aclfile'); - $self->allow("no ACL configured for ".$self->project_name) + $self->allow("no ACL configured for ".$self->{project_name}) unless defined($filename); open($fd, "<", $filename) or $self->deny("cannot open configuration file: $!"); while (<$fd>) { ++$line; @@ -49,10 +49,10 @@ sub check_acl { } else { $res[0]->($self, "$filename:$line"); } exit(127); } close($fd); - $self->allow("default rule"); + $self->default_rule; } 1; diff --git a/lib/GitACL/LDAP.pm b/lib/GitACL/LDAP.pm index d8d5489..22bfd8d 100644 --- a/lib/GitACL/LDAP.pm +++ b/lib/GitACL/LDAP.pm @@ -1,8 +1,8 @@ # This file is part of gitaclhook -*- perl -*- -# Copyright (C) 2013 Sergey Poznyakoff <gray@gnu.org> +# Copyright (C) 2013, 2014 Sergey Poznyakoff <gray@gnu.org> # # Gitaclhook is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3, or (at your option) # any later version. # @@ -105,12 +105,12 @@ sub check_acl($) { } else { $res[0]->($self, $ent->dn); } exit(127); } $ldap->unbind; - $self->allow("default rule"); + $self->default_rule; } 1; |