diff options
| -rwxr-xr-x | src/commands/create | 15 | ||||
| -rwxr-xr-x | src/commands/perms | 22 | ||||
| -rw-r--r-- | src/lib/Gitolite/Triggers/AutoCreate.pm | 24 | ||||
| -rwxr-xr-x | t/sequence.t | 2 |
4 files changed, 52 insertions, 11 deletions
diff --git a/src/commands/create b/src/commands/create new file mode 100755 index 0000000..adac0e3 --- /dev/null +++ b/src/commands/create @@ -0,0 +1,15 @@ +#!/bin/bash + +# Usage: ssh git@host create <repo> +# +# Create wild repo. + +die() { echo "$@" >&2; exit 1; } +usage() { perl -lne 'print substr($_, 2) if /^# Usage/../^$/' < $0; exit 1; } +[ -z "$1" ] && usage +[ -z "$2" ] || usage +[ "$1" = "-h" ] && usage +[ -z "$GL_USER" ] && die GL_USER not set + +# ---------------------------------------------------------------------- +exec $GL_BINDIR/commands/perms -c "$@" < /dev/null diff --git a/src/commands/perms b/src/commands/perms index 46c4e97..6b61596 100755 --- a/src/commands/perms +++ b/src/commands/perms @@ -46,18 +46,20 @@ if ( $ARGV[0] eq '-l' ) { # auto-create the repo if -c passed and repo doesn't exist if ( $ARGV[0] eq '-c' ) { shift; - my $repo = $ARGV[0]; + my $repo = $ARGV[0] or usage(); _die "invalid repo '$repo'" unless $repo =~ $REPONAME_PATT; - if (not -d "$rc{GL_REPO_BASE}/$repo.git") { - my $ret = access( $repo, $ENV{GL_USER}, '^C', 'any' ); - _die $ret if $ret =~ /DENIED/; - - require Gitolite::Conf::Store; - Gitolite::Conf::Store->import; - new_wild_repo( $repo, $ENV{GL_USER}, 'perms-c' ); - gl_log( 'create', $repo, $ENV{GL_USER}, 'perms-c' ); - } + my $d = "$rc{GL_REPO_BASE}/$repo.git"; + my $errmsg = "repo already exists or you are not authorised to create it"; + # use the same message in both places to prevent leaking repo existence info + _die $errmsg if -d $d; + my $ret = access( $repo, $ENV{GL_USER}, '^C', 'any' ); + _die $errmsg if $ret =~ /DENIED/; + + require Gitolite::Conf::Store; + Gitolite::Conf::Store->import; + new_wild_repo( $repo, $ENV{GL_USER}, 'perms-c' ); + gl_log( 'create', $repo, $ENV{GL_USER}, 'perms-c' ); } my $repo = shift; diff --git a/src/lib/Gitolite/Triggers/AutoCreate.pm b/src/lib/Gitolite/Triggers/AutoCreate.pm new file mode 100644 index 0000000..8fe46d7 --- /dev/null +++ b/src/lib/Gitolite/Triggers/AutoCreate.pm @@ -0,0 +1,24 @@ +package Gitolite::Triggers::AutoCreate; + +use strict; +use warnings; + +# perl trigger set for stuff to do with auto-creating repos +# ---------------------------------------------------------------------- + +# to deny auto-create on read access, add 'AutoCreate::deny_R' to the +# PRE_CREATE trigger list +sub deny_R { + die "autocreate denied\n" if $_[3] and $_[3] eq 'R'; + return; +} + +# to deny auto-create on read *and* write access, add 'AutoCreate::deny_RW' to +# the PRE_CREATE trigger list. This means you can only create repos using the +# 'create' command, (which needs to be enabled in the COMMANDS list). +sub deny_RW { + die "autocreate denied\n" if $_[3] and ( $_[3] eq 'R' or $_[3] eq 'W' ); + return; +} + +1; diff --git a/t/sequence.t b/t/sequence.t index e98690b..a42b6b6 100755 --- a/t/sequence.t +++ b/t/sequence.t @@ -100,7 +100,7 @@ try " # auto-create using perms fail echo READERS u5 | glt perms u4 -c foo/u4/baz !/Initialized empty Git repository in .*/foo/u4/baz.git/ - /FATAL: .C any foo/u4/baz u4 DENIED by fallthru/ + /FATAL: repo already exists or you are not authorised to create it/ # auto-create using perms echo READERS u2 | glt perms u1 -c foo/u1/baz |