diff options
-rwxr-xr-x | gitaclhook | 30 | ||||
-rw-r--r-- | lib/GitACL.pm | 14 | ||||
-rw-r--r-- | lib/GitACL/File.pm | 2 | ||||
-rw-r--r-- | lib/GitACL/LDAP.pm | 2 |
4 files changed, 24 insertions, 24 deletions
@@ -47,14 +47,14 @@ server cannot be reached, the update is denied. Two storage engines are supported: B<File>, which reads access control lists from a disk file, and B<LDAP>, which obtains them from LDAP. -The engine to use is defined by the B<hooks.acltype> configuration keyword. +The engine to use is defined by the B<hooks.acl.type> configuration keyword. The default is B<File>. =head1 ACL FILE The ACL file is used when the B<File> storage engine is requested. The -path to the file must be given via the B<hooks.aclfile> configuration -keyword. If B<hooks.aclfile> is not defined, update is allowed +path to the file must be given via the B<hooks.acl.file> configuration +keyword. If B<hooks.acl.file> is not defined, update is allowed unconditionally. The ACL file has the usual line-oriented syntax. Comments are introduced @@ -143,7 +143,7 @@ contains the opcode of the requested operation and I<REF> matches the affected ref. Missing I<REF> and/or I<OP> are treated as a match. If no rule applies, the operation is denied. This can be changed by setting -B<hooks.acldefault = allow> in Git configuration file. +B<hooks.acl.default = allow> in Git configuration file. For example, assume you have the following ACL file: @@ -168,7 +168,7 @@ The LDAP storage engine is requested by the following configuration statement: acltype = LDAP The URI of the LDAP server to use and other data necessary to access it -are read from the file name given in the B<hooks.aclldapconf> variable, +are read from the file name given in the B<hooks.acl.ldapconf> variable, or from B</etc/ldap.conf>, if it is not defined. LDAP access control entries are similar to the plaintext file ACLs. Each entry has the following attrubutes: @@ -221,38 +221,38 @@ If no matching entry is found, the update is allowed. =over 4 -=item B<hooks.acltype> STRING +=item B<hooks.acl.type> STRING Type of the storage engine. Valid values are B<File> (default) and B<LDAP>. -=item B<hooks.aclfile> STRING +=item B<hooks.acl.file> STRING For the B<File> storage engine, name of the ACL file. -=item B<hooks.aclldapconf> STRING +=item B<hooks.acl.ldapconf> STRING For the B<LDAP> storage engine, the name of the configuration file to use instead of B</etc/ldap.conf>. -=item B<hooks.acllog> STRING +=item B<hooks.acl.log> STRING Send log info to this file. -=item B<hooks.acldebug> NUMBER +=item B<hooks.acl.debug> NUMBER Enable debugging. The bigger the number, the more debugging info will be displayed. -=item B<hooks.aclquiet> BOOL +=item B<hooks.acl.quiet> BOOL Suppress diagnostics on stderr. -=item B<hooks.acldefault> B<allow>|B<deny> +=item B<hooks.acl.default> B<allow>|B<deny> Sets the default rule, i.e. the one that will be executed if no other rule matched the request. Unless defined, B<deny> is assumed. -=item B<hooks.httpd-user> STRING +=item B<hooks.acl.httpd-user> STRING Name of the user httpd runs as. Define it if the repository can be accessed via HTTP(S). If B<gitaclhook> is run as this user, it will @@ -285,7 +285,7 @@ The program uses following environment variables: =item B<GIT_UPDATE_DEBUG> -When set to 1, enables debugging mode. The B<hooks.acldebug> +When set to 1, enables debugging mode. The B<hooks.acl.debug> configuration variable overrides this setting. =item B<GIT_DIR> @@ -294,7 +294,7 @@ Path to the affected repository. =back -If updates are performed via HTTP or HTTPS and the B<hooks.httpd-user> +If updates are performed via HTTP or HTTPS and the B<hooks.acl.httpd-user> configuration variable is set, the following two variables are used to determine the identity of the user: diff --git a/lib/GitACL.pm b/lib/GitACL.pm index 9cd381d..cde9624 100644 --- a/lib/GitACL.pm +++ b/lib/GitACL.pm @@ -73,7 +73,7 @@ sub allow($$) { sub default_rule($) { my $self = shift; - my $def = GitACL::git_value('config', 'hooks.acldefault'); + my $def = GitACL::git_value('config', 'hooks.acl.default'); my $msg = "default rule"; if (defined($def)) { if ($def eq "allow") { @@ -110,7 +110,7 @@ sub git_value(@) { sub match_primary_group($$) { my ($user_name,$group_name) = @_; - my ($name,$passwd,$uid,$gid,$members) = getpwnam($user_name) or return 0; + my ($name,$passwd,$uid,$gid) = getpwnam($user_name) or return 0; ($name) = getgrgid($gid) or return 0; return 1 if $name eq $group_name; return 0; @@ -190,14 +190,14 @@ sub new { if (defined($args{debug})) { $obj->{debug} = $args{debug}; } else { - $obj->{debug} = git_value('config', '--bool', 'hooks.acldebug') || + $obj->{debug} = git_value('config', '--bool', 'hooks.acl.debug') || $ENV{GIT_UPDATE_DEBUG} > 0; } if (defined($args{logfile})) { $obj->{logfile} = $args{logfile}; } else { - $obj->{logfile} = git_value('config', 'hooks.acllog'); + $obj->{logfile} = git_value('config', 'hooks.acl.log'); } if ($obj->{logfile} && $obj->{logfile} !~ /[>|]/) { $obj->{logfile} = ">>$obj->{logfile}"; @@ -206,7 +206,7 @@ sub new { if (defined($args{quiet})) { $obj->{quiet} = $args{quiet}; } elsif (!$obj->{debug}) { - $obj->{quiet} = git_value('config', 'hooks.aclquiet'); + $obj->{quiet} = git_value('config', 'hooks.acl.quiet'); } if (defined($args{user})) { @@ -216,7 +216,7 @@ sub new { $obj->{user_name} = $u; } $obj->deny("no such user") unless $obj->{user_name}; - my $httpdusr = git_value('config', 'hooks.httpd-user'); + my $httpdusr = git_value('config', 'hooks.acl.httpd-user'); if (defined($httpdusr) and $obj->{user_name} eq $httpdusr) { $obj->deny("need authenticated user") unless $ENV{AUTH_TYPE}; $obj->{user_name} = $ENV{REMOTE_USER}; @@ -261,7 +261,7 @@ sub check { $self->info("$self->{user_name} requested $opstr{$self->{op}} ". "on $self->{ref} in $self->{project_name}"); - my $type = git_value('config', 'hooks.acltype'); + my $type = git_value('config', 'hooks.acl.type'); $type = "File" unless $type; my $r = eval("use GitACL::$type; GitACL::$type->new(\$self);"); diff --git a/lib/GitACL/File.pm b/lib/GitACL/File.pm index efabfd4..f72c16d 100644 --- a/lib/GitACL/File.pm +++ b/lib/GitACL/File.pm @@ -23,7 +23,7 @@ sub check_acl { my $line = 0; my @ret; - my $filename = GitACL::git_value('config', 'hooks.aclfile'); + my $filename = GitACL::git_value('config', 'hooks.acl.file'); $self->allow("no ACL configured for ".$self->{project_name}) unless defined($filename); diff --git a/lib/GitACL/LDAP.pm b/lib/GitACL/LDAP.pm index 22bfd8d..ac8fd06 100644 --- a/lib/GitACL/LDAP.pm +++ b/lib/GitACL/LDAP.pm @@ -21,7 +21,7 @@ use Net::LDAP; sub parse_ldap_conf { my $self = shift; - my $filename = GitACL::git_value('config', 'hooks.aclldapconf') || + my $filename = GitACL::git_value('config', 'hooks.acl.ldapconf') || "/etc/ldap.conf"; my $fd; |