...
|
...
|
@@ -15,8 +15,8 @@ my $debug = 0;
|
15
|
15
|
my $project_re = qr/[a-zA-Z0-9_\-\.]+$/;
|
16
|
16
|
|
17
|
17
|
# User
|
18
|
|
-my $user = shift;
|
19
|
|
-die "User not specifed" unless defined $user;
|
|
18
|
+my $session_user = shift;
|
|
19
|
+die "User not specifed" unless defined $session_user;
|
20
|
20
|
|
21
|
21
|
# Application
|
22
|
22
|
my $app = Gitprep->new;
|
...
|
...
|
@@ -30,7 +30,7 @@ my $dbi = $app->dbi;
|
30
|
30
|
# SSH connection
|
31
|
31
|
my $ssh_connection = $ENV{SSH_CONNECTION};
|
32
|
32
|
warn "ssh_connection: $ssh_connection" if $debug;
|
33
|
|
-die "who the *heck* are you?" unless defined $ssh_connection;
|
|
33
|
+die "who the *heck* are you?\n" unless defined $ssh_connection;
|
34
|
34
|
|
35
|
35
|
# SSH original command
|
36
|
36
|
my $ssh_original_command = $ENV{SSH_ORIGINAL_COMMAND} || '';
|
...
|
...
|
@@ -47,18 +47,33 @@ $ssh_original_command_tmp =~ s/[\n\r]+/<<newline>>/g;
|
47
|
47
|
die "I don't like newlines in the command: $ssh_original_command\n"
|
48
|
48
|
if $ssh_original_command ne $ssh_original_command_tmp;
|
49
|
49
|
|
50
|
|
-my ($verb, $user_url, $project) = parse_ssh_original_command($ssh_original_command);
|
51
|
|
-die "User don't match" if $user ne $user_url;
|
|
50
|
+# Project
|
|
51
|
+my ($verb, $user, $project) = parse_ssh_original_command($ssh_original_command);
|
52
|
52
|
sanity($project);
|
53
|
53
|
|
|
54
|
+# Can access
|
|
55
|
+my $can_access;
|
|
56
|
+if ($session_user eq $user) {
|
|
57
|
+ $can_access = 1;
|
|
58
|
+}
|
|
59
|
+else {
|
|
60
|
+ my $row = $app->dbi->model('collaboration')->select(
|
|
61
|
+ id => [$user, $project, $session_user]
|
|
62
|
+ )->one;
|
|
63
|
+
|
|
64
|
+ $can_access = $row ? 1 : 0;
|
|
65
|
+}
|
|
66
|
+die qq|User "$session_user" can't access repository "$user/$project.git"\n|
|
|
67
|
+ unless $can_access;
|
|
68
|
+
|
|
69
|
+# Command
|
54
|
70
|
my $rep_home = $git->rep_home;
|
55
|
71
|
my $repository = "'$rep_home/$user/$project.git'";
|
56
|
72
|
my @git_shell_cmd = ("git", "shell", "-c", "$verb $repository");
|
57
|
73
|
warn "@git_shell_cmd" if $debug;
|
58
|
|
-
|
59
|
74
|
unless ($debug) {
|
60
|
75
|
system(@git_shell_cmd) == 0
|
61
|
|
- or die "Can't execute command: @git_shell_cmd" ;
|
|
76
|
+ or die "Can't execute command: @git_shell_cmd\n" ;
|
62
|
77
|
}
|
63
|
78
|
|
64
|
79
|
sub parse_ssh_original_command {
|
...
|
...
|
@@ -67,22 +82,22 @@ sub parse_ssh_original_command {
|
67
|
82
|
$ssh_original_command ||= '';
|
68
|
83
|
|
69
|
84
|
my $git_commands = "git-upload-pack|git-receive-pack|git-upload-archive";
|
70
|
|
- if ($ssh_original_command =~ m(^($git_commands) '.*/([a-zA-Z_]+)/([^\/]+?)\.git'$)) {
|
|
85
|
+ if ($ssh_original_command =~ m(^($git_commands) '.*/([a-zA-Z1-9_]+)/([^\/]+?)\.git'$)) {
|
71
|
86
|
my ($verb, $user, $project) = ($1, $2, $3);
|
72
|
87
|
warn "User:$user, Project:$project" if $debug;
|
73
|
|
- die "invalid repo name: '$project'" if $project !~ $project_re;
|
|
88
|
+ die "invalid repo name: '$project'\n" if $project !~ $project_re;
|
74
|
89
|
return ($verb, $user, $project);
|
75
|
90
|
}
|
76
|
91
|
else {
|
77
|
|
- die "Invalid command: $ssh_original_command";
|
|
92
|
+ die "Invalid command: $ssh_original_command\n";
|
78
|
93
|
}
|
79
|
94
|
}
|
80
|
95
|
|
81
|
96
|
sub sanity {
|
82
|
97
|
my $project = shift;
|
83
|
|
- die "'$project' contains bad characters" if $project !~ $project_re;
|
84
|
|
- die "'$project' ends with a '/'" if $project =~ m(/$);
|
85
|
|
- die "'$project' contains '..'" if $project =~ m(\.\.);
|
|
98
|
+ die "'$project' contains bad characters\n" if $project !~ $project_re;
|
|
99
|
+ die "'$project' ends with a '/'\n" if $project =~ m(/$);
|
|
100
|
+ die "'$project' contains '..'\n" if $project =~ m(\.\.);
|
86
|
101
|
}
|
87
|
102
|
|
88
|
103
|
=head1 NAME
|