diff options
| author | Joe Rayhawk <jrayhawk@omgwallhack.org> | 2011-04-24 13:00:05 -0700 |
|---|---|---|
| committer | Joe Rayhawk <jrayhawk@omgwallhack.org> | 2011-04-24 13:00:05 -0700 |
| commit | ffab3ec34b9fd949a9877d0a19182b58911424da (patch) | |
| tree | 102fb78c332d7c43d5c3671e4de59bcba25134ca | |
| parent | 4ac0fd01b73a0b718db3a756866fee121a1615f1 (diff) | |
| parent | 2a27be477f89b42abb23793c5118b40120b793aa (diff) | |
| download | piny-code-ffab3ec34b9fd949a9877d0a19182b58911424da.tar.gz piny-code-ffab3ec34b9fd949a9877d0a19182b58911424da.zip | |
Merge branch 'master' of piny.be:/srv/git/piny-code
Conflicts:
libpiny/lib/Piny/Repo.pm
| -rwxr-xr-x | libpiny/debian/libpiny-perl.postinst | 4 | ||||
| -rw-r--r-- | libpiny/lib/Piny/Config.pm | 10 | ||||
| -rw-r--r-- | libpiny/lib/Piny/Repo.pm | 20 | ||||
| -rw-r--r-- | libpiny/lib/Piny/User.pm | 33 | ||||
| -rwxr-xr-x | pinyadmin/sbin/newuser | 13 | ||||
| -rwxr-xr-x | pinyadmin/sbin/pinyconfig | 16 | ||||
| -rw-r--r-- | pinyconfigs/etc/apache2/sites-available/piny | 4 | ||||
| -rwxr-xr-x | pinyweb/cgi-bin/newuser.cgi | 56 |
8 files changed, 128 insertions, 28 deletions
diff --git a/libpiny/debian/libpiny-perl.postinst b/libpiny/debian/libpiny-perl.postinst index 065289a..85cca0c 100755 --- a/libpiny/debian/libpiny-perl.postinst +++ b/libpiny/debian/libpiny-perl.postinst @@ -7,9 +7,11 @@ case "$1" in configure) if [ ! -f /etc/libpiny.key ]; then - umask 0177 + umask 0137 dd if=/dev/urandom of=/etc/libpiny.key bs=512 count=1 fi + chgrp shadow /etc/libpiny.key + chmod g+r /etc/libpiny.key # Updating an old umask ;; diff --git a/libpiny/lib/Piny/Config.pm b/libpiny/lib/Piny/Config.pm index 29a06d5..535df33 100644 --- a/libpiny/lib/Piny/Config.pm +++ b/libpiny/lib/Piny/Config.pm @@ -55,7 +55,7 @@ has 'confpath' => has '_conf' => ( is => 'ro' - , isa => 'HashRef[Maybe[Str]]' + , isa => 'HashRef[Str]' , lazy_build => 1 , clearer => 'clear_conf' , init_arg => undef @@ -107,6 +107,10 @@ sub _build__conf { }; + foreach my $key ( keys %$conf ) { + $conf->{$key} = "" unless defined $conf->{$key}; + }; + return $conf; }; @@ -204,6 +208,7 @@ sub tweakable { # The tweakables +# Repo-specific tweakables, in the repos' .git/config files. tweakable "piny_ikiwikidestdir" => "/srv/www/piny.be/", 'PathDir'; tweakable "piny_ikiwikisrcdir" => "/srv/ikiwiki/", 'PathDir'; tweakable "piny_ikiwikiurl" => "http://piny.be/", 'HttpUrl'; @@ -211,6 +216,9 @@ tweakable "piny_ikiwikisecureurl" => "https://secure.piny.be/", 'HttpsUrl' tweakable "piny_ikiwikisecurepath" => "/srv/www/secure.piny.be/", 'PathDir'; tweakable "receive_denynonfastforwards" => "true", 'GitBool'; +# User-specific tweakables, in the users' ~/.gitconfig files. +tweakable "user_email" => undef, 'Maybe[Str]'; + # Moose boilerplate __PACKAGE__->meta->make_immutable; diff --git a/libpiny/lib/Piny/Repo.pm b/libpiny/lib/Piny/Repo.pm index 306b3a8..335843e 100644 --- a/libpiny/lib/Piny/Repo.pm +++ b/libpiny/lib/Piny/Repo.pm @@ -203,12 +203,15 @@ sub has_access { sub rebuild { my ( $s ) = @_; - unless( getgrnam("git-" . $s->name ); ) { - system( "/usr/sbin/addgroup", "--quiet", "git-$s->name" ) and die "Could not create repo group!"; + unless( getgrnam("git-" . $s->name ) ) { + system( "/usr/sbin/addgroup", "--quiet", "git-" . $s->name ) and die "Could not create repo group!"; + system( "/usr/sbin/adduser", "--quiet", $s->owner->name, "git-" . $s->name ) and die "Could not add you to the repo group!"; + system( "/usr/sbin/adduser", "--quiet", "iki-" . $s->name, "git-" . $s->name ) and print "...But that's probably okay.\n"; }; - unless( getpwname("iki-" . $s->name ); ) { - system( "/usr/sbin/adduser", "--quiet", "--system", "--group", "--gecos", $s->name, "iki-$s->name" ) and die "Could not create ikiwiki user!"; + unless( getpwnam("iki-" . $s->name ) ) { + system( "/usr/sbin/adduser", "--quiet", "--system", "--group", "--gecos", $s->name, "iki-" . $s->name ) and die "Could not create ikiwiki user!"; + system( "/usr/sbin/adduser", "--quiet", "iki-" . $s->name, "git-" . $s->name ) and die "Could not add ikiwiki user to the repo group!"; }; my $ikiuser = Piny::User::IkiWiki->new( "name" => "iki-" . $s->name ); @@ -234,7 +237,14 @@ sub rebuild { print SETUP $s->ikiwiki_setup; close( SETUP ) or die "Could not close new ikiwiki setup file: $!"; - system( "/bin/chown", "-R", $ikiuser->name . "." . $ikiuser->name, $s->ikiwiki_srcdir, $s->ikiwiki_destdir, $s->secure_path ) and die "Could not change ownership of ikiwiki directories!"; + unless( -d $s->ikiwiki_srcdir ) { + system( "/usr/bin/git", "clone", "--quiet", $s->path, $s->ikiwiki_srcdir ) and die "Could not clone repo to ikiwiki srcdir!"; + }; + + foreach( $ikiuser->name, $s->ikiwiki_srcdir, $s->ikiwiki_destdir, $s->secure_path ) { + unless( -d $_ ) { mkdir( $_ ) }; + system( "/bin/chown", "-R", $ikiuser->name . ".", $_ ) and die "Could not change ownership of ikiwiki directories!"; + }; open( WIKILIST, ">", "/etc/ikiwiki/wikilist.d/" . $s->name ) or die "Could not create wikilist.d file: $!"; print WIKILIST $ikiuser->name . " /etc/ikiwiki/piny/" . $s->name . ".setup\n"; diff --git a/libpiny/lib/Piny/User.pm b/libpiny/lib/Piny/User.pm index baae258..f742f87 100644 --- a/libpiny/lib/Piny/User.pm +++ b/libpiny/lib/Piny/User.pm @@ -10,6 +10,7 @@ use Moose; use Moose::Util::TypeConstraints; use MooseX::StrictConstructor; +use Piny::Config; use Piny::Email; use Piny::Group; @@ -49,6 +50,20 @@ has 'password_hash' => , init_arg => undef ); +has 'home' => + ( is => 'ro' + , isa => 'Path' + , lazy_build => 1 + , init_arg => undef + ); + +has 'config' => + ( is => 'ro' + , isa => 'Piny::Config' + , lazy_build => 1 + , init_arg => undef + ); + has 'email' => ( is => 'ro' , isa => 'Piny::Email' @@ -180,10 +195,26 @@ sub _build_password_hash { return $s->pwent( )->[1]; }; +sub _build_home { + my ( $s ) = @_; + + return $s->pwent( )->[7]; +}; + +sub _build_config { + my ( $s ) = @_; + + return Piny::Config->new( confpath => $s->home . "/.gitconfig" ); +}; + sub _build_email { my ( $s ) = @_; - return Piny::Email->new( address => $s->pwent( )->[6] ); + if ( not defined $s->config->user_email ) { + die "You must provide a user.email attribute in your .gitconfig!\nPlease run pinyconfig --user user.email your\@email.com"; + }; + + return Piny::Email->new( address => $s->config->user_email ); }; sub _build_groups { diff --git a/pinyadmin/sbin/newuser b/pinyadmin/sbin/newuser index c463aa9..7b864b7 100755 --- a/pinyadmin/sbin/newuser +++ b/pinyadmin/sbin/newuser @@ -5,6 +5,8 @@ use warnings; use Email::Valid::Loose qw( ); +use Piny::User; + my ( $email, $username, $password ); # Configure the strictness of our email checks. @@ -147,6 +149,17 @@ if ( $ret ) { exit 1; }; +my $u = Piny::User->new( $username ); + +open( GITCONFIG, ">", $u->home . "/.gitconfig" ) or die "Could not open .gitconfig for new user: $!\n"; +print GITCONFIG <<END; +[user] + email = $email +END +close( GITCONFIG ); + +chown( $u->uid, (getgrnam("users"))[2] , $u->home . "/.gitconfig" ); + print "Your user has been created. Try logging in!\n"; exit 0; diff --git a/pinyadmin/sbin/pinyconfig b/pinyadmin/sbin/pinyconfig index f6752db..e78cf3c 100755 --- a/pinyadmin/sbin/pinyconfig +++ b/pinyadmin/sbin/pinyconfig @@ -8,30 +8,36 @@ use Piny; my ( $reponame, $attr, $value ) = @ARGV; if ( not defined $reponame or not defined $attr ) { - die "Usage: $0 reponame tweakable [value]\n"; + die "Usage: $0 reponame|--user tweakable [value]\n"; }; $attr = lc $attr; $attr =~ s/\./_/g; -my $repo = Piny::Repo->new( $reponame ); +my $config; + +if ( $reponame eq "--user" ) { + $config = Piny::Environment->instance->user->config; +} else { + $config = Piny::Repo->new( $reponame )->config; +}; if ( defined $value ) { undef $@; eval { - $repo->config->$attr( $value ); + $config->$attr( $value ); }; if ( $@ ) { print STDERR "$attr is not a legal tweakable, or $value is not a legal value for that tweakable.\n$@\n"; }; - if ( $value ne $repo->config->$attr ) { + if ( $value ne $config->$attr ) { print STDERR "Failed to set $attr (perhaps an override is in place)\n"; }; }; undef $@; eval { - print "$attr = " . $repo->config->$attr . "\n"; + print "$attr = " . $config->$attr . "\n"; }; if ( $@ ) { print STDERR "$attr is not a legal tweakable, or its current value is illegal.\n$@\n"; diff --git a/pinyconfigs/etc/apache2/sites-available/piny b/pinyconfigs/etc/apache2/sites-available/piny index a8e69d3..691c238 100644 --- a/pinyconfigs/etc/apache2/sites-available/piny +++ b/pinyconfigs/etc/apache2/sites-available/piny @@ -10,7 +10,7 @@ Alias /js /usr/share/javascript - RedirectMatch 301 ^/$ http://piny.be/piny-web/ + RedirectMatch 301 ^/$ http://piny.be/piny-hosting/ </VirtualHost> <VirtualHost *:80> @@ -29,7 +29,7 @@ Alias /js /usr/share/javascript - RedirectMatch 301 ^/$ http://piny.be/piny-web/ + RedirectMatch 301 ^/$ http://piny.be/piny-hosting/ SSLEngine On SSLCertificateFile /etc/ssl/private/secure.piny.be.pem diff --git a/pinyweb/cgi-bin/newuser.cgi b/pinyweb/cgi-bin/newuser.cgi index 90c2d59..4f1263b 100755 --- a/pinyweb/cgi-bin/newuser.cgi +++ b/pinyweb/cgi-bin/newuser.cgi @@ -9,23 +9,53 @@ use CGI; use IPC::Open2; +use Piny::Auth; + $q = CGI->new; print( "Content-type: text/plain\n\n" ); -if( $q->param('n') && $q->param('a') && $q->param('p') ) { - unless( open2( OUT, IN, '/usr/bin/sudo', '/usr/sbin/newuser', '--batch', $q->param('a'), $q->param('n') ) ) { - print 'could not execute newrepo'; - die; - }; - # make things flushier - select((select(IN), $| = 1)[0]); - select((select(OUT), $| = 1)[0]); - print( IN $q->param('p') . "\n" ); - close( IN ); - while( <OUT> ) { - print; +if( $q->param("n") && $q->param("a") && $q->param("p") ) { + + my $auth = Piny::Auth->new( ); + + my $code = $auth->hash( { "n" => $q->param( "n" ), "a" => $q->param( "a" ), "p" => $q->param( "p" ) } ); + + if ( $q->param("h") && $q->param("h") eq $code ) { + unless( open2( OUT, IN, "/usr/bin/sudo", "/usr/sbin/newuser", "--batch", $q->param("a"), $q->param("n") ) ) { + print "could not execute newrepo"; + die; + }; + # make things flushier + select((select(IN), $| = 1)[0]); + select((select(OUT), $| = 1)[0]); + print( IN $q->param("p") . "\n" ); + close( IN ); + while( <OUT> ) { + print; + }; + } else { # No hash, they need one sent to their address + print( "Dispatching email to " . $q->param("a") . "...\n" ); + unless( open( MAIL, "|/usr/lib/sendmail -t" ) ) { + print "could not execute sendmail"; + die; + }; + print( MAIL "To: " . $q->param("a") . "\n" ); + print( MAIL "Subject: Verifying account " . $q->param("n") . "\n" ); + print( MAIL "Content-Type: text/plain; charset=us-ascii\n\n" ); + print( MAIL "http" ); + if( $ENV{"HTTPS"} eq "on" ) { + print( MAIL "s" ); + }; + print( MAIL "://" . $ENV{"SERVER_NAME"} . $ENV{"SCRIPT_NAME"} . "?" ); + print( MAIL "h=" . $code ); + print( MAIL "&n=" . $q->param("n") ); + print( MAIL "&a=" . $q->param("a") ); + print( MAIL "&p=" . $q->param("p") ); + print( MAIL "\n"); + close( MAIL ); + print( "Done!" ); }; } else { - print 'Missing parameters.'; + print( "Missing parameters." ); }; |