Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

compile: pubkey related linting added

  - warn about files in keydir/ that dont end with ".pub"
  - warn about pubkey files for which the user is not mentioned in config
  - warn more sternly about the opposite (user in config, no pubkey!)

update hook: add reponame to message on deny
auth: minor typo
  • Loading branch information...
commit c66e1ad73286e1a193373234142daab44e5f7dd6 1 parent 70d26d8
Sitaram Chamarty authored
2  src/gl-auth-command
@@ -51,7 +51,7 @@ my $user=$ENV{GL_USER}=shift; # there; now that's available everywhere!
51 51 # ----------------------------------------------------------------------------
52 52
53 53 # SSH_ORIGINAL_COMMAND must exist. Since we also captured $user, we print
54   -# that in the message so people saying "ssh git@server" can see which gitosis
  54 +# that in the message so people saying "ssh git@server" can see which gitolite
55 55 # user he is being recognised as
56 56 my $cmd = $ENV{SSH_ORIGINAL_COMMAND}
57 57 or die "no SSH_ORIGINAL_COMMAND? I'm not a shell, $user!\n";
26 src/gl-compile-conf
@@ -71,6 +71,7 @@ my $USERNAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._-]*$); # very simple patter
71 71 # groups can now represent user groups or repo groups
72 72 my %groups = ();
73 73 my %repos = ();
  74 +my %user_list = (); # only to catch lint; search for "lint" below
74 75
75 76 # set the umask before creating any files
76 77 umask($REPO_UMASK);
@@ -172,6 +173,8 @@ while (<$conf_fh>)
172 173 {
173 174 for my $user (@users)
174 175 {
  176 + $user_list{$user}++; # only to catch lint, see later
  177 +
175 178 # for 1st level check (see faq/tips doc)
176 179 $repos{$repo}{R}{$user} = 1 if $perms =~ /R/;
177 180 $repos{$repo}{W}{$user} = 1 if $perms =~ /W/;
@@ -195,7 +198,7 @@ print $compiled_fh Data::Dumper->Dump([\%repos], [qw(*repos)]);
195 198 close $compiled_fh or die "$ATTN close compiled-conf failed: $!\n";
196 199
197 200 # ----------------------------------------------------------------------------
198   -# any new repos created?
  201 +# any new repos to be created?
199 202 # ----------------------------------------------------------------------------
200 203
201 204 # modern gits allow cloning from an empty repo, so we just create it. Gitosis
@@ -291,7 +294,7 @@ for my $repo (sort keys %repos) {
291 294 }
292 295 }
293 296
294   -# has there been a change?
  297 +# has there been a change in the gitweb projects list?
295 298 if ($projlist_changed) {
296 299 print STDERR "updating gitweb project list $PROJECTS_LIST\n";
297 300 my $projlist_fh = wrap_open( ">", $PROJECTS_LIST);
@@ -317,12 +320,29 @@ while (<$authkeys_fh>)
317 320 # options, in the standard ssh authorized_keys format), then the "end" line.
318 321 print $newkeys_fh "# gitolite start\n";
319 322 wrap_chdir($GL_KEYDIR);
320   -for my $pubkey (glob("*.pub"))
  323 +for my $pubkey (glob("*"))
321 324 {
  325 + # lint check 1
  326 + unless ($pubkey =~ /\.pub$/)
  327 + {
  328 + print STDERR "WARNING: pubkey files should end with \".pub\", ignoring $pubkey\n";
  329 + next;
  330 + }
322 331 my $user = $pubkey; $user =~ s/(\@.+)?\.pub$//;
  332 + # lint check 2
  333 + print STDERR "WARNING: pubkey $pubkey exists but user $user not in config\n"
  334 + unless $user_list{$user};
  335 + $user_list{$user} = 'has pubkey';
323 336 print $newkeys_fh "command=\"$AUTH_COMMAND $user\",$AUTH_OPTIONS ";
324 337 print $newkeys_fh `cat $pubkey`;
325 338 }
  339 +# lint check 3; a little more severe than the first two I guess...
  340 +for my $user (sort keys %user_list)
  341 +{
  342 + next if $user eq '@all' or $user_list{$user} eq 'has pubkey';
  343 + print STDERR "$ATTN user $user in config, but has no pubkey!\n";
  344 +}
  345 +
326 346 print $newkeys_fh "# gitolite end\n";
327 347 close $newkeys_fh or die "$ATTN close newkeys failed: $!\n";
328 348
2  src/update-hook.pl
@@ -81,4 +81,4 @@
81 81 exit 0;
82 82 }
83 83 }
84   -die "$perm $ref $ENV{GL_USER} DENIED by fallthru\n";
  84 +die "$perm $ref $ENV{GL_REPO} $ENV{GL_USER} DENIED by fallthru\n";

0 comments on commit c66e1ad

Please sign in to comment.
Something went wrong with that request. Please try again.