Skip to content
Browse files

compile: pubkey related linting added

  - warn about files in keydir/ that dont end with ".pub"
  - warn about pubkey files for which the user is not mentioned in config
  - warn more sternly about the opposite (user in config, no pubkey!)

update hook: add reponame to message on deny
auth: minor typo
  • Loading branch information...
1 parent 70d26d8 commit c66e1ad73286e1a193373234142daab44e5f7dd6 Sitaram Chamarty committed Sep 27, 2009
Showing with 25 additions and 5 deletions.
  1. +1 −1 src/gl-auth-command
  2. +23 −3 src/gl-compile-conf
  3. +1 −1 src/update-hook.pl
View
2 src/gl-auth-command
@@ -51,7 +51,7 @@ my $user=$ENV{GL_USER}=shift; # there; now that's available everywhere!
# ----------------------------------------------------------------------------
# SSH_ORIGINAL_COMMAND must exist. Since we also captured $user, we print
-# that in the message so people saying "ssh git@server" can see which gitosis
+# that in the message so people saying "ssh git@server" can see which gitolite
# user he is being recognised as
my $cmd = $ENV{SSH_ORIGINAL_COMMAND}
or die "no SSH_ORIGINAL_COMMAND? I'm not a shell, $user!\n";
View
26 src/gl-compile-conf
@@ -71,6 +71,7 @@ my $USERNAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._-]*$); # very simple patter
# groups can now represent user groups or repo groups
my %groups = ();
my %repos = ();
+my %user_list = (); # only to catch lint; search for "lint" below
# set the umask before creating any files
umask($REPO_UMASK);
@@ -172,6 +173,8 @@ while (<$conf_fh>)
{
for my $user (@users)
{
+ $user_list{$user}++; # only to catch lint, see later
+
# for 1st level check (see faq/tips doc)
$repos{$repo}{R}{$user} = 1 if $perms =~ /R/;
$repos{$repo}{W}{$user} = 1 if $perms =~ /W/;
@@ -195,7 +198,7 @@ print $compiled_fh Data::Dumper->Dump([\%repos], [qw(*repos)]);
close $compiled_fh or die "$ATTN close compiled-conf failed: $!\n";
# ----------------------------------------------------------------------------
-# any new repos created?
+# any new repos to be created?
# ----------------------------------------------------------------------------
# modern gits allow cloning from an empty repo, so we just create it. Gitosis
@@ -291,7 +294,7 @@ for my $repo (sort keys %repos) {
}
}
-# has there been a change?
+# has there been a change in the gitweb projects list?
if ($projlist_changed) {
print STDERR "updating gitweb project list $PROJECTS_LIST\n";
my $projlist_fh = wrap_open( ">", $PROJECTS_LIST);
@@ -317,12 +320,29 @@ while (<$authkeys_fh>)
# options, in the standard ssh authorized_keys format), then the "end" line.
print $newkeys_fh "# gitolite start\n";
wrap_chdir($GL_KEYDIR);
-for my $pubkey (glob("*.pub"))
+for my $pubkey (glob("*"))
{
+ # lint check 1
+ unless ($pubkey =~ /\.pub$/)
+ {
+ print STDERR "WARNING: pubkey files should end with \".pub\", ignoring $pubkey\n";
+ next;
+ }
my $user = $pubkey; $user =~ s/(\@.+)?\.pub$//;
+ # lint check 2
+ print STDERR "WARNING: pubkey $pubkey exists but user $user not in config\n"
+ unless $user_list{$user};
+ $user_list{$user} = 'has pubkey';
print $newkeys_fh "command=\"$AUTH_COMMAND $user\",$AUTH_OPTIONS ";
print $newkeys_fh `cat $pubkey`;
}
+# lint check 3; a little more severe than the first two I guess...
+for my $user (sort keys %user_list)
+{
+ next if $user eq '@all' or $user_list{$user} eq 'has pubkey';
+ print STDERR "$ATTN user $user in config, but has no pubkey!\n";
+}
+
print $newkeys_fh "# gitolite end\n";
close $newkeys_fh or die "$ATTN close newkeys failed: $!\n";
View
2 src/update-hook.pl
@@ -81,4 +81,4 @@
exit 0;
}
}
-die "$perm $ref $ENV{GL_USER} DENIED by fallthru\n";
+die "$perm $ref $ENV{GL_REPO} $ENV{GL_USER} DENIED by fallthru\n";

0 comments on commit c66e1ad

Please sign in to comment.
Something went wrong with that request. Please try again.