1 files changed, 18 insertions, 0 deletions

diff --git a/lib/GitACL.pm b/lib/GitACL.pm
index cde9624..4214b3f 100644
--- a/lib/GitACL.pm
+++ b/lib/GitACL.pm
@@ -18,6 +18,7 @@ package GitACL;
 
 use strict;
 use File::Spec;
+use Net::CIDR qw (cidrlookup);
 
 my %opstr = ('C' => 'create',
              'D' => 'delete',
@@ -116,10 +117,20 @@ sub match_primary_group($$) {
     return 0;
 }
 
+sub match_host($$) {
+    my ($ip,$iplist) = @_;
+    return 0 unless defined($ip);
+    return cidrlookup($ip, split /,/, $iplist);
+}
+
 sub match_user($$) {
     my ($self, $expr) = @_;
     return 1 if ($expr eq 'all');
     return 0 if ($expr eq 'none');
+    if ($expr =~ /(.+)@(.+)/) {
+        return 0 unless match_host($self->{ip}, $2);
+        $expr = $1;
+    }
     if ($expr =~ /^%(.+)/) {
         return 1 if match_primary_group($self->{user_name}, $1);
         my ($name,$passwd,$gid,$members) = getgrnam($1) or return 0;
@@ -220,6 +231,13 @@ sub new {
     if (defined($httpdusr) and $obj->{user_name} eq $httpdusr) {
         $obj->deny("need authenticated user") unless $ENV{AUTH_TYPE};
         $obj->{user_name} = $ENV{REMOTE_USER};
+        $obj->{ip} = $ENV{REMOTE_ADDR};
+    } else {
+        my $ipvar = git_value('config', 'hooks.acl.ip-env-var') or 'SSH_CLIENT';
+        if (defined($ENV{$ipvar})) {
+            my @a = split /\S/, $ENV{$ipvar}, 2;
+            $obj->{ip} = $a[0];
+        }
     }
 
     $obj->{project_name} = get_project_name($obj->{git_dir});