11 our @ISA = qw(Exporter);
12 our @EXPORT = qw(scrypt html_esc jailed_file
13 filedb_atomic_append filedb_atomic_edit
14 valid_name valid_email valid_repo_url valid_web_url);
16 use CGI
qw(:standard :escapeHTML -nosticky);
17 use CGI
::Util
qw(unescape);
18 use CGI
::Carp
qw(fatalsToBrowser);
29 $repo->{cgi
} = CGI
->new;
31 print $repo->{cgi
}->header(-type
=>'text/html', -charset
=> 'utf-8');
34 <?xml version="1.0" encoding="utf-8"?>
35 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
36 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
39 <title>repo.or.cz :: $heading</title>
40 <link rel="stylesheet" type="text/css" href="/gitweb.css"/>
41 <link rel="shortcut icon" href="/git-favicon.png" type="image/png"/>
46 <div class="page_header">
47 <a href="http://git.or.cz/" title="Git homepage"><img src="/git-logo.png" width="72" height="27" alt="git" style="float:right; border-width:0px;"/></a>
48 <a href="/">repo.or.cz</a>
50 Administration Interface
74 print "<p style=\"text-color: red\">@_</p>\n";
80 my $err = $self->{err
};
81 $err and print "<p>Operation aborted due to $err errors.</p>\n";
88 my $val = $self->{cgi
}->param($param);
89 $val =~ s/^\s*(.*?)\s*$/$1/;
94 ### Random utility functions
98 crypt($pwd, join ('', ('.', '/', 2..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]));
104 $str =~ s/</</g; $str =~ s/>/>/g;
105 $str =~ s/"/"/g;
110 "/home/repo/j/$filename";
118 use Errno
qw(EEXIST);
120 my $handle = new IO
::Handle
;
122 unless (sysopen($handle, $path, O_WRITE
|O_CREAT
|O_EXCL
)) {
124 while (not sysopen($handle, $path, O_WRITE
|O_CREAT
|O_EXCL
)) {
125 ($! == EEXIST
) or die "$path open failed: $!";
126 ($cnt++ < 16) or die "$path open failed: cannot open lockfile";
130 # XXX: filedb-specific
131 chmod 0664, $path or die "$path g+w failed: $!";
139 rename "$path.lock", $path or die "$path unlock failed: $!";
142 sub filedb_atomic_append
{
143 my ($file, $line) = @_;
146 open my $src, $file or die "$file open for reading failed: $!";
147 my $dst = lock_file
($file);
150 my $aid = (split /:/)[2];
151 $id = $aid + 1 if ($aid >= $id);
153 print $dst $_ or die "$file(l) write failed: $!";
156 $line =~ s/\\i/$id/g;
157 print $dst "$line\n" or die "$file(l) write failed: $!";
159 close $dst or die "$file(l) close failed: $!";
167 sub filedb_atomic_edit
{
168 my ($file, $fn) = @_;
170 open my $src, $file or die "$file open for reading failed: $!";
171 my $dst = lock_file
($file);
174 print $dst $fn($_) or die "$file(l) write failed: $!";
177 close $dst or die "$file(l) close failed: $!";
183 # BOTH user AND project name!
190 /^[a-zA-Z0-9+._-]+@[a-zA-Z0-9-.]+$/;
194 /^http:\/\
/[a-zA-Z0-9-.]+\/[_\
%a-zA
-Z0
-9.\
/~-]+(#[a-zA-Z0-9._-]+)?$/;
198 /^http:\/\
/[a-zA-Z0-9-.]+\/[_\
%a-zA
-Z0
-9.\
/~-]+$/ or
199 /^git:\/\
/[a-zA-Z0-9-.]+\/[_\
%a-zA
-Z0
-9.\
/~-]+$/;
205 package Git
::RepoCGI
::Project
;
210 desc
=> 'description',
217 $self->{path
}.'/'.$propmap{$name};
224 $propmap{$name} or die "unknown property: $name";
225 open P
, $self->_property_path($name) or die "$name get failed: $!";
233 my ($name, $value) = @_;
234 $propmap{$name} or die "unknown property: $name";
235 open P
, '>'.$self->_property_path($name) or die "$name put failed: $!";
236 $value ne '' and print P
"$value\n";
238 chmod 0664, $self->_property_path($name) or die "$name chmod failed: $!";
241 sub _properties_load
{
243 foreach my $prop (keys %propmap) {
244 $self->{$prop} = $self->_property_fget($prop);
248 sub _properties_save
{
250 foreach my $prop (keys %propmap) {
251 $self->_property_fput($prop, $self->{$prop});
258 my $np = $self->_property_path('.nofetch');
260 open X
, '>'.$np or die "nofetch failed: $!";
263 unlink $np or die "yesfetch failed: $!";
270 $xtra .= join(',', @users);
271 filedb_atomic_append
(jailed_file
('/etc/group'),
272 join(':', $self->{name
}, $self->{crypt}, '\i', $xtra));
277 my $xtra = join(',', @users);
278 filedb_atomic_edit
(jailed_file
('/etc/group'),
282 if ($self->{name
} eq (split /:/)[0]) {
283 # preserve readonly flag
284 s/::([^:]*)$/:$1/ and $xtra = ":$xtra";
285 return join(':', $self->{name
}, $self->{crypt}, $self->{gid
}, $xtra)."\n";
293 # private constructor, do not use
296 my ($name, $path) = @_;
297 valid_name
($name) or die "refusing to create project with invalid name ($name)!";
298 my $proj = { name
=> $name, path
=> $path };
303 # public constructor #0
304 # creates a virtual project not connected to disk image
305 # you can conjure() it later to disk
308 my ($name, $mirror) = @_;
309 my $self = $class->_new($name, $mirror ?
"/home/repo/repodata/to-clone/$name" : "/srv/git/$name.git");
311 $self->{mirror
} = $mirror;
315 # public constructor #1
320 open F
, jailed_file
("/etc/group") or die "project load failed: $!";
324 next unless (shift eq $name);
326 my $self = $class->_new($name, "/srv/git/$name.git");
327 (-d
$self->{path
}) or die "invalid path (".$self->{path
}.") for project ".$self->{name
};
330 ($self->{crypt}, $self->{gid
}, $ulist) = @_;
331 $self->{users
} = [split /,/, $ulist];
333 $self->_properties_load;
340 # $proj may not be in sane state if this returns false!
344 my $cgi = $repo->cgi;
346 my $pwd = $cgi->param('pwd');
347 if ($pwd ne '' or not $self->{crypt}) {
348 $self->{crypt} = scrypt
($pwd);
351 $self->{email
} = $repo->wparam('email');
352 valid_email
($self->{email
})
353 or $repo->err "Your email sure looks weird...?";
355 $self->{url
} = $repo->wparam('url');
357 valid_repo_url
($self->{url
})
358 or $repo->err "Invalid URL. Note that only HTTP and Git protocol is supported. If the URL contains funny characters, contact me.";
361 $self->{desc
} = $repo->wparam('desc');
362 length($self->{desc
}) <= 1024
363 or $repo->err "<b>Short</b> description length > 1kb!";
365 $self->{hp
} = $repo->wparam('hp');
367 valid_web_url
($self->{hp
})
368 or $repo->err "Invalid homepage URL. Note that only HTTP protocol is supported. If the URL contains funny characters, contact me.";
371 # FIXME: Permit only existing users
372 $self->{users
} = grep { valid_name
($_) } $cgi->param('user');
380 name
=> $self->{name
},
381 email
=> $self->{email
},
383 desc
=> html_esc
($self->{desc
}),
385 users
=> $self->{users
},
392 mkdir $self->{path
} or die "mkdir failed: $!";
393 $self->_properties_save;
400 system('cg-admin-setuprepo', '-g', 'repo', $self->{path
}) == 0
401 or die "cg-admin-setuprepo failed: $?";
403 $self->_properties_save;
404 chmod 0775, $self->{path
} or die "chmod failed: $!";
405 $self->_group_add(':');
411 $self->_properties_save;
412 $self->_group_update;
418 package Git
::RepoCGI
::User
;
422 filedb_atomic_append
(jailed_file
('/etc/passwd'),
423 join(':', $self->{name
}, 'x', '\i', $self->{email
}, '/', '/bin/git-shell'));
428 '/etc/sshkeys/'.$self->{name
};
433 open F
, ">".jailed_file
($self->_sshkey_path) or die "sshkey failed: $!";
434 print F
$self->{keys}."\n";
436 chmod 0664, jailed_file
($self->_sshkey_path);
439 # private constructor, do not use
443 valid_name
($name) or die "refusing to create user with invalid name ($name)!";
444 my $proj = { name
=> $name };
449 # public constructor #0
450 # creates a virtual user not connected to disk record
451 # you can conjure() it later to disk
455 my $self = $class->_new($name);
459 # $user may not be in sane state if this returns false!
463 my $cgi = $repo->cgi;
465 $self->{name
} = $repo->wparam('name');
466 valid_name
($self->{name
})
467 or $repo->err "Name contains invalid characters.";
469 $self->{email
} = $repo->wparam('email');
470 valid_email
($self->{email
})
471 or $repo->err "Your email sure looks weird...?";
473 $self->{keys} = $cgi->param('keys');
474 length($self->{keys}) <= 4096
475 or $repo->err "The list of keys is more than 4kb. Do you really need that much?";