diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/GitACL.pm | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/lib/GitACL.pm b/lib/GitACL.pm index cde9624..4214b3f 100644 --- a/lib/GitACL.pm +++ b/lib/GitACL.pm | |||
@@ -18,6 +18,7 @@ package GitACL; | |||
18 | 18 | ||
19 | use strict; | 19 | use strict; |
20 | use File::Spec; | 20 | use File::Spec; |
21 | use Net::CIDR qw (cidrlookup); | ||
21 | 22 | ||
22 | my %opstr = ('C' => 'create', | 23 | my %opstr = ('C' => 'create', |
23 | 'D' => 'delete', | 24 | 'D' => 'delete', |
@@ -116,10 +117,20 @@ sub match_primary_group($$) { | |||
116 | return 0; | 117 | return 0; |
117 | } | 118 | } |
118 | 119 | ||
120 | sub match_host($$) { | ||
121 | my ($ip,$iplist) = @_; | ||
122 | return 0 unless defined($ip); | ||
123 | return cidrlookup($ip, split /,/, $iplist); | ||
124 | } | ||
125 | |||
119 | sub match_user($$) { | 126 | sub match_user($$) { |
120 | my ($self, $expr) = @_; | 127 | my ($self, $expr) = @_; |
121 | return 1 if ($expr eq 'all'); | 128 | return 1 if ($expr eq 'all'); |
122 | return 0 if ($expr eq 'none'); | 129 | return 0 if ($expr eq 'none'); |
130 | if ($expr =~ /(.+)@(.+)/) { | ||
131 | return 0 unless match_host($self->{ip}, $2); | ||
132 | $expr = $1; | ||
133 | } | ||
123 | if ($expr =~ /^%(.+)/) { | 134 | if ($expr =~ /^%(.+)/) { |
124 | return 1 if match_primary_group($self->{user_name}, $1); | 135 | return 1 if match_primary_group($self->{user_name}, $1); |
125 | my ($name,$passwd,$gid,$members) = getgrnam($1) or return 0; | 136 | my ($name,$passwd,$gid,$members) = getgrnam($1) or return 0; |
@@ -220,6 +231,13 @@ sub new { | |||
220 | if (defined($httpdusr) and $obj->{user_name} eq $httpdusr) { | 231 | if (defined($httpdusr) and $obj->{user_name} eq $httpdusr) { |
221 | $obj->deny("need authenticated user") unless $ENV{AUTH_TYPE}; | 232 | $obj->deny("need authenticated user") unless $ENV{AUTH_TYPE}; |
222 | $obj->{user_name} = $ENV{REMOTE_USER}; | 233 | $obj->{user_name} = $ENV{REMOTE_USER}; |
234 | $obj->{ip} = $ENV{REMOTE_ADDR}; | ||
235 | } else { | ||
236 | my $ipvar = git_value('config', 'hooks.acl.ip-env-var') or 'SSH_CLIENT'; | ||
237 | if (defined($ENV{$ipvar})) { | ||
238 | my @a = split /\S/, $ENV{$ipvar}, 2; | ||
239 | $obj->{ip} = $a[0]; | ||
240 | } | ||
223 | } | 241 | } |
224 | 242 | ||
225 | $obj->{project_name} = get_project_name($obj->{git_dir}); | 243 | $obj->{project_name} = get_project_name($obj->{git_dir}); |