diff options
-rwxr-xr-x | gitaclhook | 10 | ||||
-rw-r--r-- | lib/GitACL.pm | 15 | ||||
-rw-r--r-- | lib/GitACL/File.pm | 6 | ||||
-rw-r--r-- | lib/GitACL/LDAP.pm | 4 |
4 files changed, 27 insertions, 8 deletions
@@ -1,5 +1,5 @@ | |||
1 | #! /usr/bin/perl | 1 | #! /usr/bin/perl |
2 | # Copyright (C) 2013 Sergey Poznyakoff <gray@gnu.org> | 2 | # Copyright (C) 2013, 2014 Sergey Poznyakoff <gray@gnu.org> |
3 | # | 3 | # |
4 | # This program is free software; you can redistribute it and/or modify | 4 | # This program is free software; you can redistribute it and/or modify |
5 | # it under the terms of the GNU General Public License as published by | 5 | # it under the terms of the GNU General Public License as published by |
@@ -142,7 +142,8 @@ which is being updated and the user who requests the update, its I<OP> | |||
142 | contains the opcode of the requested operation and I<REF> matches the affected | 142 | contains the opcode of the requested operation and I<REF> matches the affected |
143 | ref. Missing I<REF> and/or I<OP> are treated as a match. | 143 | ref. Missing I<REF> and/or I<OP> are treated as a match. |
144 | 144 | ||
145 | If no rule applies, the operation is allowed. | 145 | If no rule applies, the operation is denied. This can be changed by setting |
146 | B<hooks.acldefault = allow> in Git configuration file. | ||
146 | 147 | ||
147 | For example, assume you have the following ACL file: | 148 | For example, assume you have the following ACL file: |
148 | 149 | ||
@@ -246,6 +247,11 @@ be displayed. | |||
246 | 247 | ||
247 | Suppress diagnostics on stderr. | 248 | Suppress diagnostics on stderr. |
248 | 249 | ||
250 | =item B<hooks.acldefault> B<allow>|B<deny> | ||
251 | |||
252 | Sets the default rule, i.e. the one that will be executed if no other | ||
253 | rule matched the request. Unless defined, B<deny> is assumed. | ||
254 | |||
249 | =item B<hooks.httpd-user> STRING | 255 | =item B<hooks.httpd-user> STRING |
250 | 256 | ||
251 | Name of the user httpd runs as. Define it if the repository can be | 257 | Name of the user httpd runs as. Define it if the repository can be |
diff --git a/lib/GitACL.pm b/lib/GitACL.pm index f1f792a..9cd381d 100644 --- a/lib/GitACL.pm +++ b/lib/GitACL.pm | |||
@@ -71,6 +71,20 @@ sub allow($$) { | |||
71 | exit 0; | 71 | exit 0; |
72 | } | 72 | } |
73 | 73 | ||
74 | sub default_rule($) { | ||
75 | my $self = shift; | ||
76 | my $def = GitACL::git_value('config', 'hooks.acldefault'); | ||
77 | my $msg = "default rule"; | ||
78 | if (defined($def)) { | ||
79 | if ($def eq "allow") { | ||
80 | $self->allow($msg); | ||
81 | } elsif ($def ne "deny") { | ||
82 | $msg .= " (warning: hooks.acldefault has invalid value)"; | ||
83 | } | ||
84 | } | ||
85 | $self->deny($msg); | ||
86 | } | ||
87 | |||
74 | sub info($$) { | 88 | sub info($$) { |
75 | my ($self, $msg) = @_; | 89 | my ($self, $msg) = @_; |
76 | $self->logmsg("INFO", $msg); | 90 | $self->logmsg("INFO", $msg); |
@@ -209,7 +223,6 @@ sub new { | |||
209 | } | 223 | } |
210 | 224 | ||
211 | $obj->{project_name} = get_project_name($obj->{git_dir}); | 225 | $obj->{project_name} = get_project_name($obj->{git_dir}); |
212 | |||
213 | $obj->deny("need a ref name") unless defined($args{ref}); | 226 | $obj->deny("need a ref name") unless defined($args{ref}); |
214 | $obj->deny("bogus ref $args{ref}") unless $args{ref} =~ s,^refs/,,; | 227 | $obj->deny("bogus ref $args{ref}") unless $args{ref} =~ s,^refs/,,; |
215 | $obj->{ref} = $args{ref}; | 228 | $obj->{ref} = $args{ref}; |
diff --git a/lib/GitACL/File.pm b/lib/GitACL/File.pm index 8842ffd..efabfd4 100644 --- a/lib/GitACL/File.pm +++ b/lib/GitACL/File.pm | |||
@@ -1,5 +1,5 @@ | |||
1 | # This file is part of gitaclhook -*- perl -*- | 1 | # This file is part of gitaclhook -*- perl -*- |
2 | # Copyright (C) 2013 Sergey Poznyakoff <gray@gnu.org> | 2 | # Copyright (C) 2013, 2014 Sergey Poznyakoff <gray@gnu.org> |
3 | # | 3 | # |
4 | # Gitaclhook is free software; you can redistribute it and/or modify | 4 | # Gitaclhook is free software; you can redistribute it and/or modify |
5 | # it under the terms of the GNU General Public License as published by | 5 | # it under the terms of the GNU General Public License as published by |
@@ -24,7 +24,7 @@ sub check_acl { | |||
24 | my @ret; | 24 | my @ret; |
25 | 25 | ||
26 | my $filename = GitACL::git_value('config', 'hooks.aclfile'); | 26 | my $filename = GitACL::git_value('config', 'hooks.aclfile'); |
27 | $self->allow("no ACL configured for ".$self->project_name) | 27 | $self->allow("no ACL configured for ".$self->{project_name}) |
28 | unless defined($filename); | 28 | unless defined($filename); |
29 | 29 | ||
30 | open($fd, "<", $filename) | 30 | open($fd, "<", $filename) |
@@ -52,7 +52,7 @@ sub check_acl { | |||
52 | exit(127); | 52 | exit(127); |
53 | } | 53 | } |
54 | close($fd); | 54 | close($fd); |
55 | $self->allow("default rule"); | 55 | $self->default_rule; |
56 | } | 56 | } |
57 | 57 | ||
58 | 1; | 58 | 1; |
diff --git a/lib/GitACL/LDAP.pm b/lib/GitACL/LDAP.pm index d8d5489..22bfd8d 100644 --- a/lib/GitACL/LDAP.pm +++ b/lib/GitACL/LDAP.pm | |||
@@ -1,5 +1,5 @@ | |||
1 | # This file is part of gitaclhook -*- perl -*- | 1 | # This file is part of gitaclhook -*- perl -*- |
2 | # Copyright (C) 2013 Sergey Poznyakoff <gray@gnu.org> | 2 | # Copyright (C) 2013, 2014 Sergey Poznyakoff <gray@gnu.org> |
3 | # | 3 | # |
4 | # Gitaclhook is free software; you can redistribute it and/or modify | 4 | # Gitaclhook is free software; you can redistribute it and/or modify |
5 | # it under the terms of the GNU General Public License as published by | 5 | # it under the terms of the GNU General Public License as published by |
@@ -108,7 +108,7 @@ sub check_acl($) { | |||
108 | exit(127); | 108 | exit(127); |
109 | } | 109 | } |
110 | $ldap->unbind; | 110 | $ldap->unbind; |
111 | $self->allow("default rule"); | 111 | $self->default_rule; |
112 | } | 112 | } |
113 | 113 | ||
114 | 1; | 114 | 1; |