3 # Currently, we just confine the mob user to the mob branch here.
5 # TODO: Generalized branches push permissions support.
9 # Make sure the current directory is where we expect to be
10 [ "${GIT_DIR+set}" != "set" ] ||
cd "${GIT_DIR:-.}" ||
exit 1
11 case "${PWD%/*}" in */worktrees
)
14 # But it COULD just be a coincidence...
15 [ -s commondir
] && [ -s HEAD
] &&
16 _cmndir
= && read -r _cmndir
<commondir
2>/dev
/null
&&
17 [ -n "$_cmndir" ] && [ -d "$_cmndir" ]
19 # ...it is not, fix it!
20 cd "$_cmndir" ||
exit 1
23 [ "${GIT_DIR+set}" != "set" ] || GIT_DIR
="."
25 if ! [ -x @perlbin@
]; then
26 # We are INSIDE the chroot
28 reporoot
=/@jailreporoot@
29 reporoot
="$(cd "$reporoot" && pwd -P)"
32 proj
="$(pwd -P)"; proj
="${proj#$reporoot/}"
34 case "$proj" in *?
/mob
)
38 projbare
="${proj%.git}"
40 if ! [ -f "$reporoot/$proj/.nofetch" ]; then
41 echo "The $proj project is a mirror and may not be pushed to, sorry" >&2
45 if [ -n "$mobdir" ] && [ "$mob" != "mob" ]; then
46 # Should only get here if there's a misconfiguration
47 echo "Personal mob branches are not supported" >&2
50 if [ -n "$mobdir" ] && [ "$LOGNAME" = "mob" ]; then
51 # Should only get here if there's a misconfiguration
52 echo "The mob user may not use personal mob branches" >&2
55 if [ -n "$mobdir" ] && ! [ -d "$reporoot/$proj/mob" ]; then
56 # Should only get here if there's a misconfiguration
57 echo "The project '$proj' does not support personal mob branches" >&2
60 if [ -n "$mobdir" ] && ! can_user_push
"$projbare" mob
; then
61 # Should only get here if there's a misconfiguration
62 echo "The user 'mob' does not have push permissions for project '$proj'" >&2
63 echo "You may adjust push permissions at $webadmurl/editproj.cgi?name=$proj" >&2
66 if [ -n "$mobdir" ]; then
67 # All personal mob refs must start with refs/heads/mob.$USER,
68 # refs/heads/mob_$USER/, refs/mob/mob.$USER or refs/mob/mob_$USER/
70 "refs/heads/mob.$LOGNAME" | \
71 "refs/heads/mob_$LOGNAME/"?
* | \
72 "refs/mob/mob.$LOGNAME" | \
73 "refs/mob/mob_$LOGNAME/"?
* ) :;;
75 echo "The user '$LOGNAME' does not have push permissions for project '$proj'." >&2
76 echo "However '$proj' allows pushes to personal mob branches w/o push perms." >&2
77 echo "The ref '$1' is not a valid personal mob branch ref name." >&2
78 echo "Valid personal mob branch ref names are one of the following:" >&2
79 echo " refs/heads/mob.$LOGNAME or refs/mob/mob.$LOGNAME" >&2
80 echo "or refs that start with one of the following:" >&2
81 echo " refs/heads/mob_$LOGNAME/ or refs/mob/mob_$LOGNAME/" >&2
82 echo "No other personal mob branch ref names may be pushed to, sorry." >&2
83 echo "You may adjust push permissions at $webadmurl/editproj.cgi?name=$proj" >&2
89 if ! can_user_push
"$projbare"; then
90 echo "The user '$LOGNAME' does not have push permissions for project '$proj'" >&2
91 echo "You may adjust push permissions at $webadmurl/editproj.cgi?name=$proj" >&2
95 if [ "$mob" = "mob" ] && [ "$LOGNAME" = "mob" ]; then
96 if [ x
"$1" != x
"refs/heads/mob" ]; then
97 echo "The mob user may push only to the 'mob' branch, sorry" >&2
100 if [ x
"$2" = x
"0000000000000000000000000000000000000000" ]; then
101 echo "The mob user may not _create_ the 'mob' branch, sorry" >&2
104 if [ x
"$3" = x
"0000000000000000000000000000000000000000" ]; then
105 echo "The mob user may not _delete_ the 'mob' branch, smch, sorry"
110 if [ "$mob" = "mob" ]; then
112 "refs/heads/mob."?
* |
"refs/heads/mob_"?
*)
113 echo "Use of the ref '$1' is reserved for personal mob branch" >&2
114 echo "users who do not have push permission to project '$proj'." >&2
115 echo "Users with push permission may only access the personal" >&2
116 echo "mob branches using refs that start with 'refs/mob/'." >&2
124 # We are NOT inside the chroot
127 reporoot
="$(cd "$cfg_reporoot" && pwd -P)"
129 if [ "$cfg_permission_control" = "Hooks" ]; then
130 # We have some permission control to do!
131 proj
="$(pwd -P)"; proj
="${proj#$reporoot/}"; projbare
="${proj%.git}"
132 # XXX: Sanity check on project name and $USER here? Seems superfluous.
133 if ! "$cfg_basedir/bin/can_user_push_http" "$projbare" "$USER"; then
134 echo "The user '$USER' does not have push permissions for project '$proj'" >&2
135 echo "You may adjust push permissions at $cfg_webadmurl/editproj.cgi?name=$proj" >&2
140 if [ -n "$GIT_PROJECT_ROOT" ]; then
141 # We are doing a smart HTTP push
143 proj
="$(pwd -P)"; proj
="${proj#$reporoot/}"
145 case "$proj" in *?
/mob
)
149 projbare
="${proj%.git}"
151 if ! [ -f "$reporoot/$proj/.nofetch" ]; then
152 echo "The $proj project is a mirror and may not be pushed to, sorry" >&2
156 authuser
="${REMOTE_USER#/UID=}"
158 authuser
="${authuser%/dnQualifier=*}"
159 authuuid
="${authuuid#$authuser}"
160 authuuid
="${authuuid#/dnQualifier=}"
161 if [ -z "$authuser" ]; then
162 echo "Only authenticated users may push, sorry" >&2
165 if [ "$authuser" != "mob" ] ||
[ "$cfg_mob" != "mob" ]; then
166 if ! useruuid
="$("$cfg_basedir/bin
/get_user_uuid
" "$authuser")" ||
[ "$useruuid" != "$authuuid" ]; then
167 echo "The user '$authuser' certificate being used is no longer valid."
168 echo "You may download a new user certificate at $cfg_webadmurl/edituser.cgi"
173 if [ -n "$mobdir" ] && [ "$cfg_mob" != "mob" ]; then
174 # Should only get here if there's a misconfiguration
175 echo "Personal mob branches are not supported" >&2
178 if [ -n "$mobdir" ] && [ "$authuser" = "mob" ]; then
179 # Should only get here if there's a misconfiguration
180 echo "The mob user may not use personal mob branches" >&2
183 if [ -n "$mobdir" ] && ! [ -d "$reporoot/$proj/mob" ]; then
184 # Should only get here if there's a misconfiguration
185 echo "The project '$proj' does not support personal mob branches" >&2
188 if [ -n "$mobdir" ] && ! "$cfg_basedir/bin/can_user_push_http" "$projbare" "mob"; then
189 # Should only get here if there's a misconfiguration
190 echo "The user 'mob' does not have push permissions for project '$proj'" >&2
191 echo "You may adjust push permissions at $cfg_webadmurl/editproj.cgi?name=$proj" >&2
194 if [ -n "$mobdir" ]; then
195 # All personal mob refs must start with refs/heads/mob.$USER,
196 # refs/heads/mob_$USER/, refs/mob/mob.$USER or refs/mob/mob_$USER/
198 "refs/heads/mob.$authuser" | \
199 "refs/heads/mob_$authuser/"?
* | \
200 "refs/mob/mob.$authuser" | \
201 "refs/mob/mob_$authuser/"?
* ) :;;
203 echo "The user '$authuser' does not have push permissions for project '$proj'." >&2
204 echo "However '$proj' allows pushes to personal mob branches w/o push perms." >&2
205 echo "The ref '$1' is not a valid personal mob branch ref name." >&2
206 echo "Valid personal mob branch ref names are one of the following:" >&2
207 echo " refs/heads/mob.$authuser or refs/mob/mob.$authuser" >&2
208 echo "or refs that start with one of the following:" >&2
209 echo " refs/heads/mob_$authuser/ or refs/mob/mob_$authuser/" >&2
210 echo "No other personal mob branch ref names may be pushed to, sorry." >&2
211 echo "You may adjust push permissions at $cfg_webadmurl/editproj.cgi?name=$proj" >&2
217 if ! "$cfg_basedir/bin/can_user_push_http" "$projbare" "$authuser"; then
218 echo "The user '$authuser' does not have push permissions for project '$proj'" >&2
219 echo "You may adjust push permissions at $cfg_webadmurl/editproj.cgi?name=$proj" >&2
223 if [ "$cfg_mob" = "mob" ] && [ "$authuser" = "mob" ]; then
224 if [ x
"$1" != x
"refs/heads/mob" ]; then
225 echo "The mob user may push only to the 'mob' branch, sorry" >&2
228 if [ x
"$2" = x
"0000000000000000000000000000000000000000" ]; then
229 echo "The mob user may not _create_ the 'mob' branch, sorry" >&2
232 if [ x
"$3" = x
"0000000000000000000000000000000000000000" ]; then
233 echo "The mob user may not _delete_ the 'mob' branch, smch, sorry"
238 if [ "$cfg_mob" = "mob" ]; then
240 "refs/heads/mob."?
* |
"refs/heads/mob_"?
*)
241 echo "Use of the ref '$1' is reserved for personal mob branch" >&2
242 echo "users who do not have push permission to project '$proj'." >&2
243 echo "Users with push permission may only access the personal" >&2
244 echo "mob branches using refs that start with 'refs/mob/'." >&2