search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
RepoCGI: add support for user passwords
[girocco/ztw.git] / cgi / Git / RepoCGI.pm
blob52bde6e6049180be1346171daa9d0c6629bd74c2
1 package Git::RepoCGI;
2
3 use strict;
4 use warnings;
5
6 ### Administrativa
7
8 my ( $bin_path, $jail_path, $repomgr_path, $repodata_path, $repo_path );
9 my ( $site_domain, $group_file, $user_file, $sshkeys_path );
10 BEGIN {
11 our $VERSION = '0.1';
12 our @ISA = qw(Exporter);
13 our @EXPORT = qw(scrypt html_esc jailed_file
14 lock_file unlock_file
15 filedb_atomic_append filedb_atomic_edit
16 proj_get_forkee_name proj_get_forkee_path
17 valid_proj_name valid_user_name valid_email valid_repo_url valid_web_url);
18
19 use CGI qw(:standard :escapeHTML -nosticky);
20 use CGI::Util qw(unescape);
21 use CGI::Carp qw(fatalsToBrowser);
22 use Digest::SHA1 qw(sha1_hex);
23
24 # TODO: remove hard-coded paths by using a config file
25 $bin_path = '/home/pasky/bin';
26 $jail_path = '/home/repo/j';
27 $repomgr_path = '/home/repo/repomgr';
28 $repodata_path = '/home/repo/repodata';
29 $repo_path = '/srv/git';
30
31 $group_file = '/etc/group';
32 $user_file = '/etc/passwd';
33 $sshkeys_path = '/etc/sshkeys';
34
35 $site_domain = 'repo.or.cz';
36
37 $ENV{PATH} = $bin_path . ':' . $ENV{PATH};
38 }
39
40
41 ### RepoCGI object
42
43 sub new {
44 my $class = shift;
45 my ($heading) = @_;
46 my $repo = {};
47
48 $repo->{cgi} = CGI->new;
49
50 print $repo->{cgi}->header(-type=>'text/html', -charset => 'utf-8');
51
52 print <<EOT;
53 <?xml version="1.0" encoding="utf-8"?>
54 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
55 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
56
57 <head>
58 <title>$site_domain :: $heading</title>
59 <link rel="stylesheet" type="text/css" href="/gitweb.css"/>
60 <link rel="shortcut icon" href="/git-favicon.png" type="image/png"/>
61 </head>
62
63 <body>
64
65 <div class="page_header">
66 <a href="http://git.or.cz/" title="Git homepage"><img src="/git-logo.png" width="72" height="27" alt="git" style="float:right; border-width:0px;"/></a>
67 <a href="/">$site_domain</a> / administration / $heading
68 </div>
69
70 EOT
71
72 bless $repo, $class;
73 }
74
75 sub DESTROY {
76 my $self = shift;
77 my $cgi = $self->cgi;
78 my $cginame = $cgi->url(-absolute => 1);
79 $cginame =~ s#^/m/##;
80 if ($cginame =~ /^[a-zA-Z0-9_.\/-]+\.cgi$/) {
81 print <<EOT;
82 <div align="right">
83 <a href="http://$site_domain/w/repo.git?a=blob;f=cgi/$cginame">(view source)</a>
84 </div>
85 EOT
86 }
87 print <<EOT;
88 </body>
89 </html>
90 EOT
91 }
92
93 sub cgi {
94 my $self = shift;
95 $self->{cgi};
96 }
97
98 sub bye {
99 my $self = shift;
100 print "<p>", @_, "</p>\n" if @_;
101 exit
102 }
103
104 sub err {
105 my $self = shift;
106 print "<p style=\"color: red\">@_</p>\n";
107 $self->{err}++;
108 }
109
110 sub err_check {
111 my $self = shift;
112 my $err = $self->{err};
113 $err and print "<p style=\"font-weight: bold\">Operation aborted due to $err errors.</p>\n";
114 $err;
115 }
116
117 sub sparam {
118 my ( $self, $param ) = @_;
119 $self->{cgi}->param($param) || '';
120 }
121 sub wparam {
122 my $self = shift;
123 my $val = $self->sparam(@_);
124 $val =~ s/^\s*(.*?)\s*$/$1/;
125 $val;
126 }
127
128
129 ### Random utility functions
130
131 sub scrypt {
132 my ($pwd) = @_;
133 crypt($pwd, join ('', ('.', '/', 2..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]));
134 }
135
136 sub html_esc {
137 my ($str) = @_;
138 $str =~ s/&/&amp;/g;
139 $str =~ s/</&lt;/g; $str =~ s/>/&gt;/g;
140 $str =~ s/"/&quot;/g;
141 $str;
142 }
143
144 sub jailed_file {
145 my ($filename) = @_;
146 "$jail_path/$filename";
147 }
148
149 sub lock_file {
150 my ($path) = @_;
151
152 $path .= '.lock';
153
154 use Errno qw(EEXIST);
155 use Fcntl qw(O_WRONLY O_CREAT O_EXCL);
156 use IO::Handle;
157 my $handle = new IO::Handle;
158
159 unless (sysopen($handle, $path, O_WRONLY|O_CREAT|O_EXCL)) {
160 my $cnt = 0;
161 while (not sysopen($handle, $path, O_WRONLY|O_CREAT|O_EXCL)) {
162 ($! == EEXIST) or die "$path open failed: $!";
163 ($cnt++ < 16) or die "$path open failed: cannot open lockfile";
164 sleep(1);
165 }
166 }
167 # XXX: filedb-specific
168 chmod 0664, $path or die "$path g+w failed: $!";
169
170 $handle;
171 }
172
173 sub unlock_file {
174 my ($path) = @_;
175
176 rename "$path.lock", $path or die "$path unlock failed: $!";
177 }
178
179 sub filedb_atomic_append {
180 my ($file, $line) = @_;
181 my $id = 65536;
182
183 open my $src, $file or die "$file open for reading failed: $!";
184 my $dst = lock_file($file);
185
186 while (<$src>) {
187 my $aid = (split /:/)[2];
188 $id = $aid + 1 if ($aid >= $id);
189
190 print $dst $_ or die "$file(l) write failed: $!";
191 }
192
193 $line =~ s/\\i/$id/g;
194 print $dst "$line\n" or die "$file(l) write failed: $!";
195
196 close $dst or die "$file(l) close failed: $!";
197 close $src;
198
199 unlock_file($file);
200
201 $id;
202 }
203
204 sub filedb_atomic_edit {
205 my ($file, $fn) = @_;
206
207 open my $src, $file or die "$file open for reading failed: $!";
208 my $dst = lock_file($file);
209
210 while (<$src>) {
211 print $dst $fn->($_) or die "$file(l) write failed: $!";
212 }
213
214 close $dst or die "$file(l) close failed: $!";
215 close $src;
216
217 unlock_file($file);
218 }
219
220 sub proj_get_forkee_name {
221 $_ = $_[0];
222 (m#^(.*)/.*?$#)[0];
223 }
224 sub proj_get_forkee_path {
225 my $forkee = $repo_path . proj_get_forkee_name($_[0]).'.git';
226 -d $forkee ? $forkee : '';
227 }
228 sub valid_proj_name {
229 $_ = $_[0];
230 (not m#/# or -d proj_get_forkee_path($_)) # will also catch ^/
231 and (not m#\./#)
232 and (not m#/$#)
233 and m#^[a-zA-Z0-9+./_-]+$#;
234 }
235 sub valid_user_name {
236 $_ = $_[0];
237 /^[a-zA-Z0-9+._-]+$/;
238 }
239 sub valid_email {
240 $_ = $_[0];
241 /^[a-zA-Z0-9+._-]+@[a-zA-Z0-9-.]+$/;
242 }
243 sub valid_web_url {
244 $_ = $_[0];
245 /^http:\/\/[a-zA-Z0-9-.]+(\/[_\%a-zA-Z0-9.\/~-]*)?(#[a-zA-Z0-9._-]+)?$/;
246 }
247 sub valid_repo_url {
248 $_ = $_[0];
249 /^http:\/\/[a-zA-Z0-9-.]+(\/[_\%a-zA-Z0-9.\/~-]*)?$/ or
250 /^git:\/\/[a-zA-Z0-9-.]+(\/[_\%a-zA-Z0-9.\/~-]*)?$/;
251 }
252
253 sub load_project {
254 my ( $self, $name ) = @_;
255
256 $self->bye("I need the project name as an argument now.")
257 unless $name;
258
259 $self->bye("Invalid project name. Go away, sorcerer.")
260 unless valid_proj_name($name);
261
262 $self->bye("Sorry but this project does not exist. "
263 . "Now, how did you <em>get</em> here?!")
264 unless Git::RepoCGI::Project::does_exist($name);
265
266 $self->bye("Sorry but your project has not finished mirroring yet. "
267 . "If this process takes excessive time, "
268 . "please inform the site administrator.")
269 unless Git::RepoCGI::Project::available($name);
270
271 my $proj = Git::RepoCGI::Project->load($name);
272 die "not found project $name, that's really weird!" unless $proj;
273 $proj
274 }
275
276 sub load_user {
277 my ( $self, $name ) = @_;
278 $self->bye("User '$name' is not registered.")
279 unless valid_user_name($name)
280 && Git::RepoCGI::User::does_exist($name);
281
282 my $user = Git::RepoCGI::User->load($name);
283 $self->bye("User '$name' failed to load") unless $user;
284 return $user;
285 }
286
287 ### Project object
288
289 package Git::RepoCGI::Project;
290
291 BEGIN { use Git::RepoCGI; }
292
293 sub _mkdir_forkees {
294 my $self = shift;
295 my @pelems = split('/', $self->{name});
296 pop @pelems; # do not create dir for the project itself
297 my $path = $self->{base_path};
298 foreach my $pelem (@pelems) {
299 $path .= "/$pelem";
300 (-d "$path") or mkdir $path or die "mkdir $path: $!";
301 chmod 0775, $path; # ok if fails (dir may already exist and be owned by someone else)
302 }
303 }
304
305 our %propmap = (
306 url => 'base_url',
307 email => 'owner',
308 desc => 'description',
309 README => 'README.html',
310 hp => 'homepage',
311 );
312
313 sub _property_path {
314 my $self = shift;
315 my ($name) = @_;
316 $self->{path}.'/'.$name;
317 }
318
319 sub _property_fget {
320 my $self = shift;
321 my ($name) = @_;
322 $propmap{$name} or die "unknown property: $name";
323 open P, $self->_property_path($propmap{$name}) or return undef;
324 my @value = <P>;
325 close P;
326 my $value = join('', @value); chomp $value;
327 $value;
328 }
329
330 sub _property_fput {
331 my $self = shift;
332 my ($name, $value) = @_;
333 $propmap{$name} or die "unknown property: $name";
334
335 my $P = lock_file($self->_property_path($propmap{$name}));
336 $value ne '' and print $P "$value\n";
337 close $P;
338 unlock_file($self->_property_path($propmap{$name}));
339 }
340
341 sub _properties_load {
342 my $self = shift;
343 foreach my $prop (keys %propmap) {
344 $self->{$prop} = $self->_property_fget($prop);
345 }
346 }
347
348 sub _properties_save {
349 my $self = shift;
350 foreach my $prop (keys %propmap) {
351 $self->_property_fput($prop, $self->{$prop});
352 }
353 }
354
355 sub _nofetch_path {
356 my $self = shift;
357 $self->_property_path('.nofetch');
358 }
359
360 sub _nofetch {
361 my $self = shift;
362 my ($nofetch) = @_;
363 my $np = $self->_nofetch_path;
364 if ($nofetch) {
365 open X, '>'.$np or die "nofetch failed: $!";
366 close X;
367 } else {
368 unlink $np or die "yesfetch failed: $!";
369 }
370 }
371
372 sub _alternates_setup {
373 my $self = shift;
374 return unless $self->{name} =~ m#/#;
375 my $forkee_name = proj_get_forkee_name($self->{name});
376 my $forkee_path = proj_get_forkee_path($self->{name});
377 return unless -d $forkee_path;
378 mkdir $self->{path}.'/refs'; chmod 0775, $self->{path}.'/refs';
379 mkdir $self->{path}.'/objects'; chmod 0775, $self->{path}.'/objects';
380 mkdir $self->{path}.'/objects/info'; chmod 0775, $self->{path}.'/objects/info';
381
382 # We set up both alternates and http_alternates since we cannot use
383 # relative path in alternates - that doesn't work recursively.
384
385 my $filename = $self->{path}.'/objects/info/alternates';
386 open X, '>'.$filename or die "alternates failed: $!";
387 print X "$forkee_path/objects\n";
388 close X;
389 chmod 0664, $filename or warn "cannot chmod $filename: $!";
390
391 $filename = $self->{path}.'/objects/info/http-alternates';
392 open X, '>'.$filename or die "http-alternates failed: $!";
393 my $upfork = $forkee_name;
394 do { print X "/r/$upfork.git/objects\n"; } while ($upfork =~ s#/?.+?$## and $upfork);
395 close X;
396 chmod 0664, $filename or warn "cannot chmod $filename: $!";
397
398 symlink "$forkee_path/refs", $self->{path}.'/refs/forkee';
399 }
400
401 sub _ctags_setup {
402 my $self = shift;
403 mkdir $self->{path}.'/ctags'; chmod 0775, $self->{path}.'/ctags';
404 }
405
406 sub _group_add {
407 my $self = shift;
408 my ($xtra) = @_;
409 $xtra .= join(',', @{$self->{users}});
410 filedb_atomic_append(jailed_file($group_file),
411 join(':', $self->{name}, $self->{crypt}, '\i', $xtra));
412 }
413
414 sub _group_update {
415 my $self = shift;
416 my $xtra = join(',', @{$self->{users}});
417 filedb_atomic_edit(jailed_file($group_file),
418 sub {
419 $_ = $_[0];
420 chomp;
421 if ($self->{name} eq (split /:/)[0]) {
422 # preserve readonly flag
423 s/::([^:]*)$/:$1/ and $xtra = ":$xtra";
424 return join(':', $self->{name}, $self->{crypt}, $self->{gid}, $xtra)."\n";
425 } else {
426 return "$_\n";
427 }
428 }
429 );
430 }
431
432 sub _group_remove {
433 my $self = shift;
434 filedb_atomic_edit(jailed_file($group_file),
435 sub {
436 $self->{name} ne (split /:/)[0] and return $_;
437 }
438 );
439 }
440
441 sub _hook_path {
442 my $self = shift;
443 my ($name) = @_;
444 $self->{path}.'/hooks/'.$name;
445 }
446
447 sub _hook_install {
448 my $self = shift;
449 my ($name) = @_;
450 open SRC, "$repomgr_path/$name-hook" or die "cannot open hook $name: $!";
451 open DST, '>'.$self->_hook_path($name) or die "cannot open hook $name for writing: $!";
452 while (<SRC>) { print DST $_; }
453 close DST;
454 close SRC;
455 chmod 0775, $self->_hook_path($name) or die "cannot chmod hook $name: $!";
456 }
457
458 sub _hooks_install {
459 my $self = shift;
460 foreach my $hook ('update') {
461 $self->_hook_install($hook);
462 }
463 }
464
465 # private constructor, do not use
466 sub _new {
467 my $class = shift;
468 my ($name, $base_path, $path) = @_;
469 valid_proj_name($name) or die "refusing to create project with invalid name ($name)!";
470 $path ||= "$base_path/$name.git";
471 my $proj = { name => $name, base_path => $base_path, path => $path };
472
473 bless $proj, $class;
474 }
475
476 # public constructor #0
477 # creates a virtual project not connected to disk image
478 # you can conjure() it later to disk
479 sub ghost {
480 my $class = shift;
481 my ($name, $mirror) = @_;
482
483 my $path = $mirror ? "$repodata_path/to-clone" : $repo_path;
484 my $repo = "$path/$name";
485 $repo .= '.git' unless $mirror;
486
487 my $self = $class->_new($name, $path, $repo);
488 $self->{users} = [];
489 $self->{mirror} = $mirror;
490 $self;
491 }
492
493 # public constructor #1
494 sub load {
495 my $class = shift;
496 my ($name) = @_;
497
498 open F, jailed_file($group_file) or die "project load failed: $!";
499 while (<F>) {
500 chomp;
501 @_ = split /:+/;
502 next unless (shift eq $name);
503
504 my $self = $class->_new($name, $repo_path);
505 (-d $self->{path}) or die "invalid path (".$self->{path}.") for project ".$self->{name};
506
507 my $ulist;
508 ($self->{crypt}, $self->{gid}, $ulist) = @_;
509 $ulist ||= '';
510 $self->{users} = [split /,/, $ulist];
511 $self->{mirror} = ! -e $self->_nofetch_path;
512 $self->{ccrypt} = $self->{crypt};
513
514 $self->_properties_load;
515 return $self;
516 }
517 close F;
518 undef;
519 }
520
521 # $proj may not be in sane state if this returns false!
522 sub cgi_fill {
523 my $self = shift;
524 my ($repo) = @_;
525 my $cgi = $repo->cgi;
526
527 my $pwd = $cgi->param('pwd');
528 if ($pwd ne '' or not $self->{crypt}) {
529 $self->{crypt} = scrypt($pwd);
530 }
531
532 if ($cgi->param('pwd2') and $pwd ne $cgi->param('pwd2')) {
533 $repo->err("Our high-paid security consultants have determined that the admin passwords you have entered do not match each other.");
534 }
535
536 $self->{cpwd} = $cgi->param('cpwd');
537
538 $self->{email} = $repo->wparam('email');
539 valid_email($self->{email})
540 or $repo->err("Your email sure looks weird...?");
541
542 $self->{url} = $repo->wparam('url');
543 if ($self->{url}) {
544 valid_repo_url($self->{url})
545 or $repo->err("Invalid URL. Note that only HTTP and Git protocol is supported. If the URL contains funny characters, contact me.");
546 }
547
548 $self->{desc} = $repo->wparam('desc');
549 length($self->{desc}) <= 1024
550 or $repo->err("<b>Short</b> description length > 1kb!");
551
552 $self->{README} = $repo->wparam('README');
553 length($self->{README}) <= 8192
554 or $repo->err("README length > 8kb!");
555
556 $self->{hp} = $repo->wparam('hp');
557 if ($self->{hp}) {
558 valid_web_url($self->{hp})
559 or $repo->err("Invalid homepage URL. Note that only HTTP protocol is supported. If the URL contains funny characters, contact me.");
560 }
561
562 # FIXME: Permit only existing users
563 $self->{users} = [grep { valid_user_name($_) } $cgi->param('user')];
564
565 not $repo->err_check;
566 }
567
568 sub form_defaults {
569 my $self = shift;
570 (
571 name => $self->{name},
572 email => $self->{email},
573 url => $self->{url},
574 desc => html_esc($self->{desc}),
575 README => html_esc($self->{README}),
576 hp => $self->{hp},
577 users => $self->{users},
578 );
579 }
580
581 sub authenticate {
582 my $self = shift;
583 my ($repo) = @_;
584
585 $self->{ccrypt} or die "Can't authenticate against a project with no password";
586 $self->{cpwd} or $repo->err("No password entered.");
587 unless ($self->{ccrypt} eq crypt($self->{cpwd}, $self->{ccrypt})) {
588 $repo->err("Your admin password does not match!");
589 return 0;
590 }
591 return 1;
592 }
593
594 sub premirror {
595 my $self = shift;
596
597 $self->_mkdir_forkees;
598 mkdir $self->{path} or die "mkdir failed: $!";
599 chmod 0775, $self->{path} or die "chmod failed: $!";
600 $self->_properties_save;
601 $self->_alternates_setup;
602 $self->_ctags_setup;
603 $self->_group_add(':');
604 }
605
606 sub conjure {
607 my $self = shift;
608
609 $self->_mkdir_forkees;
610 system('cg-admin-setuprepo', '-g', 'repo', $self->{path}) == 0
611 or die "cg-admin-setuprepo failed: $?";
612 system('git', '--git-dir='.$self->{path}, 'config', 'receive.denyNonFastforwards', 'false');
613 $self->_nofetch(1);
614 $self->_properties_save;
615 $self->_alternates_setup;
616 $self->_ctags_setup;
617 $self->_group_add;
618 $self->_hooks_install;
619 }
620
621 sub update {
622 my $self = shift;
623
624 $self->_properties_save;
625 $self->_group_update;
626 }
627
628 sub update_password {
629 my $self = shift;
630 my ($pwd) = @_;
631
632 $self->{crypt} = scrypt($pwd);
633 $self->_group_update;
634 }
635
636 # You can explicitly do this just on a ghost() repository too.
637 sub delete {
638 my $self = shift;
639
640 if (-d $self->{path}) {
641 system('rm', '-r', $self->{path}) == 0
642 or die "rm -r failed: $?";
643 }
644 $self->_group_remove;
645 }
646
647 # static method
648 sub does_exist {
649 my ($name) = @_;
650 valid_proj_name($name) or die "tried to query for project with invalid name $name!";
651 (available($name)
652 or -d "$repodata_path/cloning/$name"
653 or -d "$repodata_path/to-clone/$name");
654 }
655 sub available {
656 my ($name) = @_;
657 valid_proj_name($name) or die "tried to query for project with invalid name $name!";
658 (-d "$repo_path/$name.git");
659 }
660
661
662 ### User object
663
664 package Git::RepoCGI::User;
665
666 BEGIN { use Git::RepoCGI; }
667
668 sub _passwd_text {
669 my $self = shift;
670 join(':', $self->{name}, $self->{crypt}, $self->{uid}, 65534, $self->{email}, '/', '/bin/git-shell')
671 }
672
673 sub _user_update {
674 my $self = shift;
675 my $xtra = join(',', @{$self->{users}});
676 filedb_atomic_edit(jailed_file($user_file),
677 sub {
678 $_ = $_[0];
679 chomp;
680 if ($self->{name} eq (split /:/)[0]) {
681 return $self->_passwd_text . "\n";
682 } else {
683 return "$_\n";
684 }
685 }
686 );
687 }
688
689 sub _passwd_add {
690 my $self = shift;
691 $self->{uid} = '\i';
692 filedb_atomic_append(jailed_file($user_file), $self->_passwd_text);
693 }
694
695 sub update_password {
696 my $self = shift;
697 my ($pwd) = @_;
698
699 $self->{crypt} = scrypt($pwd);
700 $self->_user_update;
701 }
702 sub authenticate {
703 my $self = shift;
704 my ($repo) = @_;
705
706 $self->{ccrypt} or die "Can't authenticate against a user with no password";
707 $self->{cpwd} or $repo->err("No password entered.");
708 unless ($self->{ccrypt} eq crypt($self->{cpwd}, $self->{ccrypt})) {
709 $repo->err("Your admin password does not match!");
710 return 0;
711 }
712 return 1;
713 }
714
715 sub _sshkey_path {
716 my $self = shift;
717 $sshkeys_path . '/' . $self->{name};
718 }
719
720 sub _sshkey_load {
721 my $self = shift;
722 open F, "<".jailed_file($self->_sshkey_path) or die "sshkey load failed: $!";
723 my @keys;
724 my $auth;
725 while (<F>) {
726 chomp;
727 if (/^ssh-(?:dss|rsa) /) {
728 push @keys, $_;
729 } elsif (/^# REPOAUTH ([0-9a-f]+) (\d+)/) {
730 my $expire = $2;
731 $auth = $1 unless (time >= $expire);
732 }
733 }
734 close F;
735 my $keys = join('', @keys); chomp $keys;
736 ($keys, $auth);
737 }
738
739 sub _sshkey_save {
740 my $self = shift;
741 open F, ">".jailed_file($self->_sshkey_path) or die "sshkey failed: $!";
742 if (defined($self->{auth}) && $self->{auth}) {
743 my $expire = time + 24 * 3600;
744 print F "# REPOAUTH $self->{auth} $expire\n";
745 }
746 print F $self->{keys}."\n";
747 close F;
748 chmod 0664, jailed_file($self->_sshkey_path);
749 }
750
751 # private constructor, do not use
752 sub _new {
753 my $class = shift;
754 my ($name) = @_;
755 valid_user_name($name) or die "refusing to create user with invalid name ($name)!";
756 my $proj = { name => $name };
757
758 bless $proj, $class;
759 }
760
761 # public constructor #0
762 # creates a virtual user not connected to disk record
763 # you can conjure() it later to disk
764 sub ghost {
765 my $class = shift;
766 my ($name) = @_;
767 my $self = $class->_new($name);
768 $self;
769 }
770
771 # public constructor #1
772 sub load {
773 my $class = shift;
774 my ($name) = @_;
775
776 open F, jailed_file($user_file) or die "user load failed: $!";
777 while (<F>) {
778 chomp;
779 @_ = split /:+/;
780 next unless (shift eq $name);
781
782 my $self = $class->_new($name);
783
784 ($self->{crypt}, $self->{uid}, undef, $self->{email}) = @_;
785 ($self->{keys}, $self->{auth}) = $self->_sshkey_load;
786 $self->{ccrypt} = $self->{crypt};
787
788 return $self;
789 }
790 close F;
791 undef;
792 }
793
794 # $user may not be in sane state if this returns false!
795 sub cgi_fill {
796 my $self = shift;
797 my ($repo) = @_;
798
799 $self->{name} = $repo->wparam('name');
800 valid_user_name($self->{name})
801 or $repo->err("Name contains invalid characters.");
802
803 $self->{email} = $repo->wparam('email');
804 valid_email($self->{email})
805 or $repo->err("Your email sure looks weird...?");
806
807 my $pwd = $repo->sparam('pwd');
808 if ($pwd ne '' or not $self->{crypt}) {
809 $self->{crypt} = scrypt($pwd);
810 }
811
812 if ($repo->sparam('pwd2') and $pwd ne $repo->sparam('pwd2')) {
813 $repo->err("Our high-paid security consultants have determined that the passwords you have entered do not match each other.");
814 }
815
816 $self->{cpwd} = $repo->sparam('cpwd');
817
818 $self->keys_fill($repo);
819 }
820
821 sub keys_fill {
822 my $self = shift;
823 my ($repo) = @_;
824 my $cgi = $repo->cgi;
825
826 $self->{keys} = $cgi->param('keys');
827 length($self->{keys}) <= 4096
828 or $repo->err("The list of keys is more than 4kb. Do you really need that much?");
829 foreach (split /\r?\n/, $self->{keys}) {
830 /^ssh-(?:dss|rsa) .* \S+@\S+$/ or $repo->err("Your ssh key (\"$_\") appears to have invalid format (does not start by ssh-dss|rsa or does not end with @-identifier) - maybe your browser has split a single key to multiple lines?");
831 }
832
833 not $repo->err_check;
834 }
835
836 sub keys_save {
837 my $self = shift;
838
839 $self->_sshkey_save;
840 }
841
842 sub gen_auth {
843 my $self = shift;
844
845 $self->{auth} = Digest::SHA1::sha1_hex(time . $$ . rand() . $self->{keys});
846 $self->_sshkey_save;
847 $self->{auth};
848 }
849
850 sub del_auth {
851 my $self = shift;
852
853 delete $self->{auth};
854 }
855
856 sub conjure {
857 my $self = shift;
858
859 $self->_passwd_add;
860 $self->_sshkey_save;
861 }
862
863 # static method
864 sub does_exist {
865 my ($name) = @_;
866 valid_user_name($name) or die "tried to query for user with invalid name $name!";
867 (-e jailed_file("$sshkeys_path/$name"));
868 }
869 sub available {
870 does_exist(@_);
871 }
872
873
874 1;
cleanup, watchpoints, and more