diff options
| -rw-r--r-- | docs/architecture/data.mdwn | 29 | ||||
| -rw-r--r-- | libpiny/lib/Piny/Config.pm | 6 | ||||
| -rw-r--r-- | libpiny/lib/Piny/Repo.pm | 4 | ||||
| -rwxr-xr-x | pinyweb/cgi-bin/auth/addaccess.cgi | 2 | ||||
| -rwxr-xr-x | pinyweb/cgi-bin/auth/lsaccess.cgi | 24 | ||||
| -rwxr-xr-x | pinyweb/cgi-bin/auth/lsrepo.cgi | 18 | ||||
| -rwxr-xr-x | pinyweb/cgi-bin/auth/newrepo.cgi | 2 | ||||
| -rwxr-xr-x | pinyweb/cgi-bin/auth/pinyconfig.cgi | 26 | ||||
| -rwxr-xr-x | pinyweb/cgi-bin/auth/rebuildrepo.cgi | 22 | ||||
| -rwxr-xr-x | pinyweb/cgi-bin/auth/rmaccess.cgi | 2 | ||||
| -rwxr-xr-x | pinyweb/cgi-bin/auth/rmrepo.cgi | 2 |
11 files changed, 112 insertions, 25 deletions
diff --git a/docs/architecture/data.mdwn b/docs/architecture/data.mdwn index cc824ab..76e69ea 100644 --- a/docs/architecture/data.mdwn +++ b/docs/architecture/data.mdwn @@ -1,19 +1,16 @@ -Data model! - -Dynamic data lookup should opportunisticly cache any associated cheap data. For instance, there are three data from stat(/srv/git/$reponame.git), so looking up one should grab the others. Jules points out that everything here is inherently cached, and I should be using getpw*() for passwd parsing. +# Data model [[!table format=dsv delimiter=# data=""" -datum #stored location #constraint -username #usually $ENV{SUDO_USER} # !~ /^git-|^iki-/ and =~ /^[a-zA-Z][a-zA-Z0-9_.-]{0,30}$/ -uid #/etc/passwd # None -email #/etc/passwd GECOS #Email::Valid::Loose->new("-fqdn" => 1, "-fudge" => 0, "-local_rules" => 0, "-mxcheck" => 1, "-tldcheck" => 0 ); -repoaccess #/etc/group git-$reponame entry # None -reponame #/srv/git/$reponame.git # =~ /^[a-z0-9][a-z0-9.-]*$/ -repodescription #/srv/git/$reponame.git/description # =~ /^[\x{0020}-\x{FDCF}\x{FDF0}-\x{FFFD}]{1,80}$/ -repoowner #stat /srv/git/$reponame.git/objects uid; might be better as first non-ikiwiki user in /etc/group git-$reponame entry # None -repoglobalwritable #stat /srv/git/$reponame.git/objects o+w bit # None -repoglobalreadable #stat /srv/git/$reponame.git/objects o+r bit # None -repoikiwikidisable #probably in /srv/git/$reponame.git/config # None -repointernaltemplates #probably in /srv/git/$reponame.git/config # None -repospecialdomain #probably in /srv/git/$reponame.git/config # None +datum # stored location #constraint +username # usually $ENV{SUDO_USER} # !~ /^git-|^iki-/ and =~ /^[a-zA-Z][a-zA-Z0-9_.-]{0,30}$/ +uid # /etc/passwd # >= 1000 +user.email # pinyconfig # Email::Valid::Loose->new("-fqdn" => 1, "-fudge" => 0, "-local_rules" => 0, "-mxcheck" => 1, "-tldcheck" => 0 ); +repoaccess # /etc/group git-$reponame # None +reponame # /srv/git/$reponame.git # =~ /^[a-z0-9][a-z0-9.-]*$/ +repodescription # /srv/git/$reponame.git/description # =~ /^[\x{0020}-\x{FDCF}\x{FDF0}-\x{FFFD}]{1,80}$/ +repoowner # /srv/git/$reponame.git/objects owner # None +core.sharedrepository # pinyconfig # =~ /^(0666|0664|all|world|everybody|0660|group|true|0640)$/ +piny.ikiwiki # pinyconfig # =~ /^(1|0|true|false)$/ +piny.ikiwikitemplates # TODO, presumably pinyconfig # None +piny.ikiwikidomain # TODO, presumably pinyconfig # None """]] diff --git a/libpiny/lib/Piny/Config.pm b/libpiny/lib/Piny/Config.pm index acf63ff..4df09ba 100644 --- a/libpiny/lib/Piny/Config.pm +++ b/libpiny/lib/Piny/Config.pm @@ -49,8 +49,8 @@ subtype 'HttpsUrl' subtype 'RepoPermission' => as 'Str' - => where { $_ eq "666" or $_ eq "664" or $_ eq "660" or $_ eq "640" } - => message { 'Must be one of 666, 664, 660, or 640.' } + => where { $_ eq "0666" or $_ eq "0664" or $_ eq "0660" or $_ eq "0640" or $_ eq "group" or $_ eq "true" or $_ eq "all" or $_ eq "everybody" or $_ eq "world"} + => message { 'Must be one of 0666, 0664 (or all, everybody, world), 0660 (or true, group), or 0640.' } ; # Attributes @@ -263,7 +263,7 @@ tweakable "piny_ikiwikisrcdir" => "/srv/ikiwiki/", 'PathDir'; tweakable "piny_ikiwikiurl" => "http://piny.be/", 'HttpUrl'; tweakable "piny_ikiwikisecureurl" => "https://secure.piny.be/", 'HttpsUrl'; tweakable "piny_ikiwikisecurepath" => "/srv/www/secure.piny.be/", 'PathDir'; -tweakable "piny_permission" => '664', 'RepoPermission'; +tweakable "core_sharedrepository" => '0664', 'RepoPermission'; tweakable "receive_denynonfastforwards" => "true", 'GitBool'; # User-specific tweakables, in the users' ~/.gitconfig files. diff --git a/libpiny/lib/Piny/Repo.pm b/libpiny/lib/Piny/Repo.pm index f4dca6e..1f50957 100644 --- a/libpiny/lib/Piny/Repo.pm +++ b/libpiny/lib/Piny/Repo.pm @@ -355,8 +355,8 @@ sub destroy_ikiwiki { my $ikiuser = Piny::User::IkiWiki->new( "name" => "iki-" . $s->name ); - getpwnam( "iki-" . $s->shortname ) and system( "deluser", "--remove-home", "iki-" . $s->shortname ); - getgrnam( "iki-" . $s->shortname ) and system( "delgroup", "iki-" . $s->shortname ); + getpwnam( "iki-" . $s->shortname ) and system( "deluser", "--quiet", "--remove-home", "iki-" . $s->shortname ); + getgrnam( "iki-" . $s->shortname ) and system( "delgroup", "--quiet", "iki-" . $s->shortname ); }; diff --git a/pinyweb/cgi-bin/auth/addaccess.cgi b/pinyweb/cgi-bin/auth/addaccess.cgi index fca9574..f86c19e 100755 --- a/pinyweb/cgi-bin/auth/addaccess.cgi +++ b/pinyweb/cgi-bin/auth/addaccess.cgi @@ -13,7 +13,7 @@ $q = CGI->new; print( "Content-type: text/plain\n\n"); -if( $q->param('r') && $q->param('n') ) { +if( defined( $q->param('r') ) && defined( $q->param('n') ) ) { unless( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'addaccess', $q->param('r'), $q->param('n') ) == 0 ) { die( 'Addaccess was unsuccessful.' ); }; diff --git a/pinyweb/cgi-bin/auth/lsaccess.cgi b/pinyweb/cgi-bin/auth/lsaccess.cgi new file mode 100755 index 0000000..354ba32 --- /dev/null +++ b/pinyweb/cgi-bin/auth/lsaccess.cgi @@ -0,0 +1,24 @@ +#!/usr/bin/perl +$| = 1; + +open(STDERR, ">&STDOUT"); + +use warnings; + +use CGI; + +use IPC::Open2; + +$q = CGI->new; + +print( "Content-type: text/plain\n\n"); + +if( defined( $q->param('r') ) ) { + unless ( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'lsaccess', $q->param('r') ) == 0 ) { + die( 'lsaccess was unsuccessful.' ); + }; +} else { + unless ( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'lsaccess' ) == 0 ) { + die( 'lsaccess was unsuccessful.' ); + }; +}; diff --git a/pinyweb/cgi-bin/auth/lsrepo.cgi b/pinyweb/cgi-bin/auth/lsrepo.cgi new file mode 100755 index 0000000..599eb80 --- /dev/null +++ b/pinyweb/cgi-bin/auth/lsrepo.cgi @@ -0,0 +1,18 @@ +#!/usr/bin/perl +$| = 1; + +open(STDERR, ">&STDOUT"); + +use warnings; + +use CGI; + +use IPC::Open2; + +$q = CGI->new; + +print( "Content-type: text/plain\n\n"); + +unless ( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'lsrepo' ) == 0 ) { + die( 'lsrepo was unsuccessful.' ); +}; diff --git a/pinyweb/cgi-bin/auth/newrepo.cgi b/pinyweb/cgi-bin/auth/newrepo.cgi index 000be02..aa42732 100755 --- a/pinyweb/cgi-bin/auth/newrepo.cgi +++ b/pinyweb/cgi-bin/auth/newrepo.cgi @@ -13,7 +13,7 @@ $q = CGI->new; print( "Content-type: text/plain\n\n"); -if( $q->param('r') && $q->param('d') ) { +if( defined( $q->param('r') ) && defined( $q->param('d') ) ) { unless( open2( OUT, IN, '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'newrepo', '--batch', $q->param('r') ) ) { die 'could not execute newrepo'; }; diff --git a/pinyweb/cgi-bin/auth/pinyconfig.cgi b/pinyweb/cgi-bin/auth/pinyconfig.cgi new file mode 100755 index 0000000..4fd8e89 --- /dev/null +++ b/pinyweb/cgi-bin/auth/pinyconfig.cgi @@ -0,0 +1,26 @@ +#!/usr/bin/perl +$| = 1; + +open(STDERR, ">&STDOUT"); + +use warnings; + +use CGI; + +use IPC::Open2; + +$q = CGI->new; + +print( "Content-type: text/plain\n\n"); + +if( defined( $q->param('r') ) && defined( $q->param('n') ) && defined( $q->param('v') ) ) { + unless( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'pinyconfig', $q->param('r'), $q->param('n'), $q->param('v') ) == 0 ) { + die( 'pinyconfig was unsuccessful.' ); + }; +} elsif( defined( $q->param('r') ) ) { + unless( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'pinyconfig', $q->param('r') ) == 0 ) { + die( 'pinyconfig was unsuccessful.' ); + }; +} else { + print 'Missing parameters.'; +}; diff --git a/pinyweb/cgi-bin/auth/rebuildrepo.cgi b/pinyweb/cgi-bin/auth/rebuildrepo.cgi new file mode 100755 index 0000000..912e004 --- /dev/null +++ b/pinyweb/cgi-bin/auth/rebuildrepo.cgi @@ -0,0 +1,22 @@ +#!/usr/bin/perl +$| = 1; + +open(STDERR, ">&STDOUT"); + +use warnings; + +use CGI; + +use IPC::Open2; + +$q = CGI->new; + +print( "Content-type: text/plain\n\n"); + +if( defined( $q->param('r') ) ) { + unless ( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'rebuildrepo', $q->param('r') ) == 0 ) { + die( 'rebuildrepo was unsuccessful.' ); + }; +} else { + print 'Missing parameters.'; +}; diff --git a/pinyweb/cgi-bin/auth/rmaccess.cgi b/pinyweb/cgi-bin/auth/rmaccess.cgi index 5123041..35736ab 100755 --- a/pinyweb/cgi-bin/auth/rmaccess.cgi +++ b/pinyweb/cgi-bin/auth/rmaccess.cgi @@ -13,7 +13,7 @@ $q = CGI->new; print( "Content-type: text/plain\n\n"); -if( $q->param('r') && $q->param('n') ) { +if( defined( $q->param('r') ) && defined( $q->param('n') ) ) { unless ( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'rmaccess', $q->param('r'), $q->param('n') ) == 0 ) { die( 'rmaccess was unsuccessful.' ); }; diff --git a/pinyweb/cgi-bin/auth/rmrepo.cgi b/pinyweb/cgi-bin/auth/rmrepo.cgi index 2d0ff23..f57170a 100755 --- a/pinyweb/cgi-bin/auth/rmrepo.cgi +++ b/pinyweb/cgi-bin/auth/rmrepo.cgi @@ -13,7 +13,7 @@ $q = CGI->new; print( "Content-type: text/plain\n\n"); -if( $q->param('r') ) { +if( defined( $q->param('r') ) ) { unless ( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'rmrepo', $q->param('r') ) == 0 ) { die( 'rmrepo was unsuccessful.' ); }; |