summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoe Rayhawk <jrayhawk@omgwallhack.org>2011-04-24 12:57:38 -0700
committerJoe Rayhawk <jrayhawk@omgwallhack.org>2011-04-24 12:57:38 -0700
commit4ac0fd01b73a0b718db3a756866fee121a1615f1 (patch)
treef8b1c3054b923526fbe46608ccf9d7f39538bcaa
parentba8fd5e9907dd8e132e9c6fca006824907239636 (diff)
downloadpiny-code-4ac0fd01b73a0b718db3a756866fee121a1615f1.tar.gz
piny-code-4ac0fd01b73a0b718db3a756866fee121a1615f1.zip
Switching ikiwiki- username/group over to iki-; untested and requires a mass rebuildrepo
-rw-r--r--docs/architecture/data.mdwn2
-rw-r--r--docs/issues/cgi_gateway.mdwn2
-rw-r--r--docs/issues/repo_name_limit.mdwn2
-rw-r--r--libpiny/lib/Piny/Repo.pm18
-rw-r--r--libpiny/lib/Piny/User.pm4
-rw-r--r--libpiny/lib/Piny/User/IkiWiki.pm2
-rwxr-xr-xpinyadmin/sbin/newuser6
-rw-r--r--pinyweb/suid/piny-suid.c2
8 files changed, 23 insertions, 15 deletions
diff --git a/docs/architecture/data.mdwn b/docs/architecture/data.mdwn
index a81a268..c86ec15 100644
--- a/docs/architecture/data.mdwn
+++ b/docs/architecture/data.mdwn
@@ -4,7 +4,7 @@ Dynamic data lookup should opportunisticly cache any associated cheap data. For
[[!table format=dsv delimiter=# data="""
datum #stored location #constraint
-username #usually $ENV{SUDO_USER} # !~ /^git-|^ikiwiki-/ and =~ /^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$/
+username #usually $ENV{SUDO_USER} # !~ /^git-|^iki-/ and =~ /^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$/
uid #/etc/passwd # None
email #/etc/passwd GECOS #Email::Valid::Loose->new("-fqdn" => 1, "-fudge" => 0, "-local_rules" => 0, "-mxcheck" => 1, "-tldcheck" => 0 );
repoaccess #/etc/group git-$reponame entry # None
diff --git a/docs/issues/cgi_gateway.mdwn b/docs/issues/cgi_gateway.mdwn
index 8ac5c1b..b930665 100644
--- a/docs/issues/cgi_gateway.mdwn
+++ b/docs/issues/cgi_gateway.mdwn
@@ -20,7 +20,7 @@ Requirements:
* pinyadmin command arguments
* exits if username's uid < 1000
* exits if username violates piny username constraints (specifically git- and
- ikiwiki- are not allowed)
+ iki- are not allowed)
* executes with the appropriate uid/gid the specified pinyadmin command and the
specified arguments
diff --git a/docs/issues/repo_name_limit.mdwn b/docs/issues/repo_name_limit.mdwn
index a7725c8..68a77f5 100644
--- a/docs/issues/repo_name_limit.mdwn
+++ b/docs/issues/repo_name_limit.mdwn
@@ -4,6 +4,6 @@
* Opened by: jrayhawk
### Discussion
-Problem: Repository names are restricted to 24 characters by the groupname limit in libc6 plus our use of the ikiwiki- prefix.
+Problem: Repository names are restricted to 24 characters by the groupname limit in libc6 plus our use of the iki- prefix.
Possible solution: optional use of truncated md5 (the first character needing to be a letter) hash of reponame as groupnames, restriction of usernames to 31 characters to keep namespaces isolated, check in newrepo for hash collision before actions are taken
diff --git a/libpiny/lib/Piny/Repo.pm b/libpiny/lib/Piny/Repo.pm
index 17142ed..306b3a8 100644
--- a/libpiny/lib/Piny/Repo.pm
+++ b/libpiny/lib/Piny/Repo.pm
@@ -203,14 +203,22 @@ sub has_access {
sub rebuild {
my ( $s ) = @_;
- my $ikiuser = Piny::User::IkiWiki->new( "name" => "ikiwiki-" . $s->name );
+ unless( getgrnam("git-" . $s->name ); ) {
+ system( "/usr/sbin/addgroup", "--quiet", "git-$s->name" ) and die "Could not create repo group!";
+ };
+
+ unless( getpwname("iki-" . $s->name ); ) {
+ system( "/usr/sbin/adduser", "--quiet", "--system", "--group", "--gecos", $s->name, "iki-$s->name" ) and die "Could not create ikiwiki user!";
+ };
+
+ my $ikiuser = Piny::User::IkiWiki->new( "name" => "iki-" . $s->name );
foreach( "git-daemon-export-ok", "packed-refs" ) {
open( TOUCH, ">", $s->path . "/" . $_ ) or die "Could not touch $_ for repo: $!";
close( TOUCH );
};
- foreach( "info", "logs" ) {
+ foreach( "info", "logs", "branches" ) {
(-e $s->path . "/" . $_) or mkdir( $s->path . "/" . $_ ) or die "Could not mkdir $_ for repo: $!";
};
@@ -296,7 +304,7 @@ sub destroy {
system( "rm", "-rf", $s->secure_path, $s->ikiwiki_destdir, $s->ikiwiki_srcdir, "/etc/ikiwiki/piny/" . $s->name . ".setup", $s->path );
- my $ikiuser = Piny::User::IkiWiki->new( "name" => "ikiwiki-" . $s->name );
+ my $ikiuser = Piny::User::IkiWiki->new( "name" => "iki-" . $s->name );
system( "deluser", "--remove-home", $ikiuser->name );
system( "delgroup", $ikiuser->name );
@@ -374,9 +382,9 @@ sub create {
mkdir( $repo->path ) or die "The repo $name appears to already exist! ($!)";
- system( "/usr/sbin/adduser", "--quiet", "--system", "--group", "--gecos", $name, "ikiwiki-$name" ) and die "Could not create ikiwiki user!";
+ system( "/usr/sbin/adduser", "--quiet", "--system", "--group", "--gecos", $name, "iki-$name" ) and die "Could not create ikiwiki user!";
- my $ikiuser = Piny::User::IkiWiki->new( "name" => "ikiwiki-$name" );
+ my $ikiuser = Piny::User::IkiWiki->new( "name" => "iki-$name" );
system( "/usr/sbin/addgroup", "--quiet", "git-$name" ) and die "Could not create repo group!";
diff --git a/libpiny/lib/Piny/User.pm b/libpiny/lib/Piny/User.pm
index 6267ecb..baae258 100644
--- a/libpiny/lib/Piny/User.pm
+++ b/libpiny/lib/Piny/User.pm
@@ -17,8 +17,8 @@ use Piny::Group;
subtype 'Username'
=> as 'Str'
- => where { $_ =~ /^(?!(git|ikiwiki)-)[a-zA-Z][a-zA-Z0-9_.-]*$/ }
- => message { if ( /^((?:git|ikiwiki)-|[^a-zA-Z])/ ) { "Usernames are not allowed to begin with $1" } elsif ( /([^a-zA-Z0-9_.-])/ ) { "Usernames are not allowed to contain $1" } else { "Invalid username" } }
+ => where { $_ =~ /^(?!(git|iki)-)[a-zA-Z][a-zA-Z0-9_.-]*$/ }
+ => message { if ( /^((?:git|iki)-|[^a-zA-Z])/ ) { "Usernames are not allowed to begin with $1" } elsif ( /([^a-zA-Z0-9_.-])/ ) { "Usernames are not allowed to contain $1" } else { "Invalid username" } }
;
# Attributes
diff --git a/libpiny/lib/Piny/User/IkiWiki.pm b/libpiny/lib/Piny/User/IkiWiki.pm
index 8585e90..3838f38 100644
--- a/libpiny/lib/Piny/User/IkiWiki.pm
+++ b/libpiny/lib/Piny/User/IkiWiki.pm
@@ -18,7 +18,7 @@ extends "Piny::User";
subtype 'IkiWikiUsername'
=> as 'Str'
- => where { $_ =~ /^ikiwiki-[a-zA-Z][a-zA-Z0-9_.-]*$/ }
+ => where { $_ =~ /^iki-[a-zA-Z][a-zA-Z0-9_.-]*$/ }
=> message { 'That username is not in the correct format for an ikiwiki user.' }
;
diff --git a/pinyadmin/sbin/newuser b/pinyadmin/sbin/newuser
index e38e791..c463aa9 100755
--- a/pinyadmin/sbin/newuser
+++ b/pinyadmin/sbin/newuser
@@ -73,8 +73,8 @@ if ( scalar @ARGV == 3 and $ARGV[0] eq "--batch" ) {
next;
};
- if ( $username =~ /^(git|ikiwiki)-/ ) {
- print "Your username cannot start with git- or ikiwiki-!\n";
+ if ( $username =~ /^(git|iki)-/ ) {
+ print "Your username cannot start with git- or iki-!\n";
next;
};
@@ -117,7 +117,7 @@ if ( scalar @ARGV == 3 and $ARGV[0] eq "--batch" ) {
# pathways to get to this point, but only a single path from here on down.
if ( not defined $email or $email eq "" ) { print "Email address is undefined!\n"; exit 3; };
if ( not defined $username or $username eq "" ) { print "Username is undefined!\n"; exit 3; };
-if ( $username =~ /^(git|ikiwiki)-/ ) { print "Username must not begin with git- or ikiwiki-!\n"; exit 3; };
+if ( $username =~ /^(git|iki)-/ ) { print "Username must not begin with git- or iki-!\n"; exit 3; };
if ( $username !~ /^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$/ ) { print "Usernames must consist only of letters, digits, underscores, periods, and dashes, and not start with a dash. Usernames are case sensitive.\n" };
if ( not defined $password or $password eq "" ) { print "Password is undefined!\n"; exit 3; };
diff --git a/pinyweb/suid/piny-suid.c b/pinyweb/suid/piny-suid.c
index 5c5b4d3..0fbaddb 100644
--- a/pinyweb/suid/piny-suid.c
+++ b/pinyweb/suid/piny-suid.c
@@ -39,7 +39,7 @@ int main( int argc, char *argv[] ) {
regfree( &user_reg );
- if ( ( err = regcomp( &user_reg, "^(git|ikiwiki)-", REG_EXTENDED | REG_NOSUB ) ) != 0 ) {
+ if ( ( err = regcomp( &user_reg, "^(git|iki)-", REG_EXTENDED | REG_NOSUB ) ) != 0 ) {
size_t sz = regerror( err, &user_reg, NULL, 0 );
char buf[sz];
regerror( err, &user_reg, buf, sz );