From: "Vanush \"Misha\" Paturyan" <misha(a)cs.nuim.ie>
In our particular setup we are planning to host repositories that can be
accessed both "gitano" way (ssh as gitano@gitserver, with properly set
up public keys and authorization controlled by gitano-auth/hooks
interaction), and directly over ssh by internal (to the server) users
with auhtorization handled by the file system itself (with POSIX ACLs
attached to the files, potentially with SELinux policies in the
chagnes included in this patch set an extra environmental variable in
gitano-auth.in, which in turn is checked in three hooks gitano sets
up, and hooks are exited if that particular variable is missing,
allowing direct interaction with repositories to happen.
Comments/corrections are welcome!
Gavin Lee (1):
Short-circuiting hooks if repository is accessed directly
bin/gitano-auth.in | 1 +
bin/gitano-post-receive-hook.in | 6 ++++++
bin/gitano-pre-receive-hook.in | 6 ++++++
bin/gitano-update-hook.in | 6 ++++++
4 files changed, 19 insertions(+)
These improvements have been in the back of my mind for a while now.
Back when http support was added to Gitano, the authorization checks that
gitano-auth performs were added to the gitano library, so we can take them out
of gitano-auth now. We also decided to wrap up the debug messages and
error checking we do when we run a command, for now that has been put in util.
Richard Ipsum (7):
Move runcmd into util
Add repo_root parameter to is_authorized
Make gitano-command pass repo_root to is_authorized
Make gitano-smart-http pass repo_root to is_authorized
Make gitano-auth use is_authorized and runcmd
Make gitano-command cgi use runcmd
Make runcmd output "Unable to continue"
bin/gitano-auth.in | 142 +++---------------------------------------
bin/gitano-command.cgi.in | 24 +------
bin/gitano-smart-http.cgi.in | 3 +-
lib/gitano/auth.lua | 3 +-
lib/gitano/util.lua | 24 +++++++
5 files changed, 38 insertions(+), 158 deletions(-)