3 # Currently, we just confine the mob user to the mob branch here.
5 # TODO: Generalized branches push permissions support.
9 # Make sure the current directory is where we expect to be
10 [ "${GIT_DIR+set}" != "set" ] ||
{ [ -n "$GIT_DIR" ] && [ -d "$GIT_DIR" ]; } ||
unset GIT_DIR
11 [ -n "$GIT_DIR" ] || GIT_DIR
="$(git rev-parse --git-dir)"
12 [ -n "$GIT_DIR" ] && cd -P "${GIT_DIR:-.}" ||
exit 1
13 case "${PWD%/*}" in */worktrees
)
16 # But it COULD just be a coincidence...
17 [ -s commondir
] && [ -s HEAD
] &&
18 _cmndir
= && read -r _cmndir
<commondir
2>/dev
/null
&&
19 [ -n "$_cmndir" ] && [ -d "$_cmndir" ]
21 # ...it is not, fix it!
22 cd -P "$_cmndir" ||
exit 1
25 GIT_DIR
="." GIT_PREFIX
= && export GIT_DIR
27 if ! [ -x @perlbin@
]; then
28 # We are INSIDE the chroot
30 reporoot
=/@jailreporoot@
31 reporoot
="$(cd "$reporoot" && pwd -P)"
34 proj
="$(pwd -P)"; proj
="${proj#$reporoot/}"
36 case "$proj" in *?
/mob
)
40 projbare
="${proj%.git}"
42 if ! [ -f "$reporoot/$proj/.nofetch" ]; then
43 echo "The $proj project is a mirror and may not be pushed to, sorry" >&2
47 if [ -n "$mobdir" ] && [ "$mob" != "mob" ]; then
48 # Should only get here if there's a misconfiguration
49 echo "Personal mob branches are not supported" >&2
52 if [ -n "$mobdir" ] && [ "$LOGNAME" = "mob" ]; then
53 # Should only get here if there's a misconfiguration
54 echo "The mob user may not use personal mob branches" >&2
57 if [ -n "$mobdir" ] && ! [ -d "$reporoot/$proj/mob" ]; then
58 # Should only get here if there's a misconfiguration
59 echo "The project '$proj' does not support personal mob branches" >&2
62 if [ -n "$mobdir" ] && ! can_user_push
"$projbare" mob
; then
63 # Should only get here if there's a misconfiguration
64 echo "The user 'mob' does not have push permissions for project '$proj'" >&2
65 echo "You may adjust push permissions at $webadmurl/editproj.cgi?name=$proj" >&2
68 if [ -n "$mobdir" ]; then
69 # All personal mob refs must start with refs/heads/mob.$USER,
70 # refs/heads/mob_$USER/, refs/mob/mob.$USER or refs/mob/mob_$USER/
72 "refs/heads/mob.$LOGNAME" | \
73 "refs/heads/mob_$LOGNAME/"?
* | \
74 "refs/mob/mob.$LOGNAME" | \
75 "refs/mob/mob_$LOGNAME/"?
* ) :;;
77 echo "The user '$LOGNAME' does not have push permissions for project '$proj'." >&2
78 echo "However '$proj' allows pushes to personal mob branches w/o push perms." >&2
79 echo "The ref '$1' is not a valid personal mob branch ref name." >&2
80 echo "Valid personal mob branch ref names are one of the following:" >&2
81 echo " refs/heads/mob.$LOGNAME or refs/mob/mob.$LOGNAME" >&2
82 echo "or refs that start with one of the following:" >&2
83 echo " refs/heads/mob_$LOGNAME/ or refs/mob/mob_$LOGNAME/" >&2
84 echo "No other personal mob branch ref names may be pushed to, sorry." >&2
85 echo "You may adjust push permissions at $webadmurl/editproj.cgi?name=$proj" >&2
91 if ! can_user_push
"$projbare"; then
92 echo "The user '$LOGNAME' does not have push permissions for project '$proj'" >&2
93 echo "You may adjust push permissions at $webadmurl/editproj.cgi?name=$proj" >&2
97 if [ "$mob" = "mob" ] && [ "$LOGNAME" = "mob" ]; then
98 if [ x
"$1" != x
"refs/heads/mob" ]; then
99 echo "The mob user may push only to the 'mob' branch, sorry" >&2
102 if [ x
"$2" = x
"0000000000000000000000000000000000000000" ]; then
103 echo "The mob user may not _create_ the 'mob' branch, sorry" >&2
106 if [ x
"$3" = x
"0000000000000000000000000000000000000000" ]; then
107 echo "The mob user may not _delete_ the 'mob' branch, smch, sorry"
112 if [ "$mob" = "mob" ]; then
114 "refs/heads/mob."?
* |
"refs/heads/mob_"?
*)
115 echo "Use of the ref '$1' is reserved for personal mob branch" >&2
116 echo "users who do not have push permission to project '$proj'." >&2
117 echo "Users with push permission may only access the personal" >&2
118 echo "mob branches using refs that start with 'refs/mob/'." >&2
126 # We are NOT inside the chroot
129 reporoot
="$cfg_reporoot"
130 v_get_proj_from_dir proj
131 projbare
="${proj%.git}"
133 if [ "$cfg_permission_control" = "Hooks" ]; then
134 # We have some permission control to do!
135 # XXX: Sanity check on project name and $USER here? Seems superfluous.
136 if ! "$cfg_basedir/bin/can_user_push_http" "$projbare" "$USER"; then
137 echo "The user '$USER' does not have push permissions for project '$proj'" >&2
138 echo "You may adjust push permissions at $cfg_webadmurl/editproj.cgi?name=$proj" >&2
143 if [ -n "$GIT_PROJECT_ROOT" ]; then
144 # We are doing a smart HTTP push
147 case "$proj" in *?
/mob
)
150 projbare
="${proj%.git}"
153 if ! [ -f "$reporoot/$proj/.nofetch" ]; then
154 echo "The $proj project is a mirror and may not be pushed to, sorry" >&2
158 authuser
="${REMOTE_USER#/UID=}"
159 authuser
="${authuser#UID = }"
161 authuser
="${authuser%/dnQualifier=*}"
162 authuser
="${authuser%, dnQualifier = *}"
163 authuuid
="${authuuid#$authuser}"
164 authuuid
="${authuuid#/dnQualifier=}"
165 authuuid
="${authuuid#, dnQualifier = }"
166 if [ -z "$authuser" ]; then
167 echo "Only authenticated users may push, sorry" >&2
170 if [ "$authuser" != "mob" ] ||
[ "$cfg_mob" != "mob" ]; then
171 if ! useruuid
="$("$cfg_basedir/bin
/get_user_uuid
" "$authuser")" ||
[ "$useruuid" != "$authuuid" ]; then
172 echo "The user '$authuser' certificate being used is no longer valid."
173 echo "You may download a new user certificate at $cfg_webadmurl/edituser.cgi"
178 if [ -n "$mobdir" ] && [ "$cfg_mob" != "mob" ]; then
179 # Should only get here if there's a misconfiguration
180 echo "Personal mob branches are not supported" >&2
183 if [ -n "$mobdir" ] && [ "$authuser" = "mob" ]; then
184 # Should only get here if there's a misconfiguration
185 echo "The mob user may not use personal mob branches" >&2
188 if [ -n "$mobdir" ] && ! [ -d "$reporoot/$proj/mob" ]; then
189 # Should only get here if there's a misconfiguration
190 echo "The project '$proj' does not support personal mob branches" >&2
193 if [ -n "$mobdir" ] && ! "$cfg_basedir/bin/can_user_push_http" "$projbare" "mob"; then
194 # Should only get here if there's a misconfiguration
195 echo "The user 'mob' does not have push permissions for project '$proj'" >&2
196 echo "You may adjust push permissions at $cfg_webadmurl/editproj.cgi?name=$proj" >&2
199 if [ -n "$mobdir" ]; then
200 # All personal mob refs must start with refs/heads/mob.$USER,
201 # refs/heads/mob_$USER/, refs/mob/mob.$USER or refs/mob/mob_$USER/
203 "refs/heads/mob.$authuser" | \
204 "refs/heads/mob_$authuser/"?
* | \
205 "refs/mob/mob.$authuser" | \
206 "refs/mob/mob_$authuser/"?
* ) :;;
208 echo "The user '$authuser' does not have push permissions for project '$proj'." >&2
209 echo "However '$proj' allows pushes to personal mob branches w/o push perms." >&2
210 echo "The ref '$1' is not a valid personal mob branch ref name." >&2
211 echo "Valid personal mob branch ref names are one of the following:" >&2
212 echo " refs/heads/mob.$authuser or refs/mob/mob.$authuser" >&2
213 echo "or refs that start with one of the following:" >&2
214 echo " refs/heads/mob_$authuser/ or refs/mob/mob_$authuser/" >&2
215 echo "No other personal mob branch ref names may be pushed to, sorry." >&2
216 echo "You may adjust push permissions at $cfg_webadmurl/editproj.cgi?name=$proj" >&2
222 if ! "$cfg_basedir/bin/can_user_push_http" "$projbare" "$authuser"; then
223 echo "The user '$authuser' does not have push permissions for project '$proj'" >&2
224 echo "You may adjust push permissions at $cfg_webadmurl/editproj.cgi?name=$proj" >&2
228 if [ "$cfg_mob" = "mob" ] && [ "$authuser" = "mob" ]; then
229 if [ x
"$1" != x
"refs/heads/mob" ]; then
230 echo "The mob user may push only to the 'mob' branch, sorry" >&2
233 if [ x
"$2" = x
"0000000000000000000000000000000000000000" ]; then
234 echo "The mob user may not _create_ the 'mob' branch, sorry" >&2
237 if [ x
"$3" = x
"0000000000000000000000000000000000000000" ]; then
238 echo "The mob user may not _delete_ the 'mob' branch, smch, sorry"
243 if [ "$cfg_mob" = "mob" ]; then
245 "refs/heads/mob."?
* |
"refs/heads/mob_"?
*)
246 echo "Use of the ref '$1' is reserved for personal mob branch" >&2
247 echo "users who do not have push permission to project '$proj'." >&2
248 echo "Users with push permission may only access the personal" >&2
249 echo "mob branches using refs that start with 'refs/mob/'." >&2