summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoe Rayhawk <jrayhawk@omgwallhack.org>2011-06-04 18:49:10 -0700
committerJoe Rayhawk <jrayhawk@omgwallhack.org>2011-06-04 18:49:10 -0700
commit6af31393296abbe06eb3b7c0b4c60ab3d697618e (patch)
treea6125b6f6bfeeeb1c2b3a42442e4cce444a23a6f
parent49c515348221933cba9404eee866084aebb27030 (diff)
downloadpiny-code-6af31393296abbe06eb3b7c0b4c60ab3d697618e.tar.gz
piny-code-6af31393296abbe06eb3b7c0b4c60ab3d697618e.zip
Bugfixes for core.sharedrepo
-rw-r--r--libpiny/lib/Piny/Repo.pm49
1 files changed, 30 insertions, 19 deletions
diff --git a/libpiny/lib/Piny/Repo.pm b/libpiny/lib/Piny/Repo.pm
index b265705..fea6846 100644
--- a/libpiny/lib/Piny/Repo.pm
+++ b/libpiny/lib/Piny/Repo.pm
@@ -628,22 +628,33 @@ sub _build_ikiwiki_setup {
$config->{"srcdir"} = $s->ikiwiki_srcdir;
$config->{"destdir"} = $s->ikiwiki_destdir;
$config->{"url"} = $s->ikiwiki_url;
- $config->{"cgiurl"} = $s->ikiwiki_cgiurl;
$config->{"historyurl"} = $s->ikiwiki_historyurl;
$config->{"diffurl"} = $s->ikiwiki_diffurl;
- $config->{"wrappers"} =
- [ { "wrapper" => $s->ikiwiki_cgipath
- , "wrappergroup" => $s->group->name
- , "wrappermode" => "06755"
- , "cgi" => 1
- }
- , { "wrapper" => $s->path . "/hooks/post-update"
- , "wrappergroup" => $s->group->name
- , "wrappermode" => "06755"
- , "notify" => 0
- }
- ];
+ if ( $s->config->core_sharedrepository =~ /^(0640|false|0)$/ ) {
+ warn( "warning: ikiwiki web-based editing interface relies on group writability.\n" );
+ $config->{"wrappers"} =
+ [ { "wrapper" => $s->path . "/hooks/post-update"
+ , "wrappergroup" => $s->group->name
+ , "wrappermode" => "06755"
+ , "notify" => 0
+ }
+ ];
+ } else {
+ $config->{"cgiurl"} = $s->ikiwiki_cgiurl;
+ $config->{"wrappers"} =
+ [ { "wrapper" => $s->ikiwiki_cgipath
+ , "wrappergroup" => $s->group->name
+ , "wrappermode" => "06755"
+ , "cgi" => 1
+ }
+ , { "wrapper" => $s->path . "/hooks/post-update"
+ , "wrappergroup" => $s->group->name
+ , "wrappermode" => "06755"
+ , "notify" => 0
+ }
+ ];
+ };
if ( -e "/etc/ikiwiki/piny/" . $s->name . ".setup.pl" ) {
system( "perl", "-C", "/etc/ikiwiki/piny/" . $s->name . ".setup.pl" ) && die ( 'Failed to compile ikiwiki overrides file!' );
@@ -734,21 +745,21 @@ sub _build_apache_global_config {
if ( $s->config->core_sharedrepository eq "0666" ) {
return (
- "<Directory " . $s->secure_path . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n" . " AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"Valid Piny user needed.\"\n" . " Require valid-user\n" . " </Directory>\n"
+ "<Directory " . $s->secure_path . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled off\n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"Valid Piny user needed.\"\n" . " Require valid-user\n" . " </Directory>\n"
);
} elsif ( $s->config->core_sharedrepository =~ /^(0664|all|everybody|world)$/ ) {
return (
- "<Directory " . $s->secure_path . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled on\n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n</Directory>\n"
+ "<Directory " . $s->secure_path . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled on \n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n</Directory>\n"
);
} elsif ( $s->config->core_sharedrepository =~ /^(0660|true|1|group)$/ ) {
return (
- "<Directory " . $s->secure_path . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled on\n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n</Directory>\n" .
- "<Directory " . $s->ikiwiki_destdir . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled on\n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n</Directory>\n"
+ "<Directory " . $s->secure_path . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled on \n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n</Directory>\n" .
+ "<Directory " . $s->ikiwiki_destdir . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled on \n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n</Directory>\n"
);
} elsif ( $s->config->core_sharedrepository =~ /^(0640|false|0)$/ ) {
return (
- "<Directory " . $s->secure_path . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n" . " AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"Owner of " . $s->name . " repository needed.\"\n Require user " . $s->owner->name . "\n</Directory>\n" .
- "<Directory " . $s->ikiwiki_destdir . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled on\n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n</Directory>\n"
+ "<Directory " . $s->secure_path . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled off\n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"Owner of " . $s->name . " repository needed.\"\n Require user " . $s->owner->name . "\n</Directory>\n" .
+ "<Directory " . $s->ikiwiki_destdir . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled on \n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n</Directory>\n"
);
} else {
die ( $s->config->core_sharedrepository . "is an unhandled value!" );