22 require Digest
::SHA
::PurePerl
;
23 Digest
::SHA
::PurePerl
->import(
26 die "One of Digest::SHA or Digest::SHA1 or Digest::SHA::PurePerl "
27 . "must be available\n";
32 filedb_atomic_append
(jailed_file
('/etc/passwd'),
33 join(':', $self->{name
}, 'x', '\i', 65534, $self->{email
}, '/', '/bin/git-shell'));
38 '/etc/sshkeys/'.$self->{name
};
43 open F
, "<".jailed_file
($self->_sshkey_path) or die "sshkey load failed: $!";
48 if (/^ssh-(?:dss|rsa) /) {
50 } elsif (/^# REPOAUTH ([0-9a-f]+) (\d+)/) {
52 $auth = $1 unless (time >= $expire);
56 my $keys = join("\n", @keys); chomp $keys;
62 open F
, ">".jailed_file
($self->_sshkey_path) or die "sshkey failed: $!";
63 if (defined($self->{auth
}) && $self->{auth
}) {
64 my $expire = time + 24 * 3600;
65 print F
"# REPOAUTH $self->{auth} $expire\n";
67 print F
$self->{keys}."\n";
69 chmod 0664, jailed_file
($self->_sshkey_path);
72 # private constructor, do not use
76 Girocco
::User
::valid_name
($name) or die "refusing to create user with invalid name ($name)!";
77 my $proj = { name
=> $name };
82 # public constructor #0
83 # creates a virtual user not connected to disk record
84 # you can conjure() it later to disk
88 my $self = $class->_new($name);
92 # public constructor #1
97 open F
, jailed_file
("/etc/passwd") or die "user load failed: $!";
101 next unless (shift eq $name);
103 my $self = $class->_new($name);
105 (undef, $self->{uid
}, undef, $self->{email
}) = @_;
106 ($self->{keys}, $self->{auth
}) = $self->_sshkey_load;
114 # public constructor #2
119 open F
, jailed_file
("/etc/passwd") or die "user load failed: $!";
123 next unless ($_[2] eq $uid);
125 my $self = $class->_new($_[0]);
127 (undef, undef, $self->{uid
}, undef, $self->{email
}) = @_;
128 ($self->{keys}, $self->{auth
}) = $self->_sshkey_load;
136 # $user may not be in sane state if this returns false!
140 my $cgi = $gcgi->cgi;
142 $self->{name
} = $gcgi->wparam('name');
143 Girocco
::User
::valid_name
($self->{name
})
144 or $gcgi->err("Name contains invalid characters.");
146 $self->{email
} = $gcgi->wparam('email');
147 valid_email
($self->{email
})
148 or $gcgi->err("Your email sure looks weird...?");
150 $self->keys_fill($gcgi);
156 foreach (split /\r\n|\r|\n/, $keys) {
157 next if /^[ \t]*$/ || /^[ \t]*#/;
160 return join("\n", @lines);
166 my $cgi = $gcgi->cgi;
168 $self->{keys} = _trimkeys
($cgi->param('keys'));
169 length($self->{keys}) <= 4096
170 or $gcgi->err("The list of keys is more than 4kb. Do you really need that much?");
171 foreach (split /\r?\n/, $self->{keys}) {
172 /^ssh-(?:dss|rsa) [0-9A-Za-z+\/=]+ \S
+@\S
+$/
173 or $gcgi->err(<<EOT);
174 Your ssh key ("$_") appears to have an invalid format
175 (does not start with ssh-dss or ssh-rsa or does not end with <tt>\@</tt>-identifier) -
176 maybe your browser has split a single key onto multiple lines?
180 not $gcgi->err_check;
192 $self->{auth
} = sha1_hex
(time . $$ . rand() . $self->{keys});
200 delete $self->{auth
};
214 /^[a-zA-Z0-9+._-]+$/;
219 Girocco
::User
::valid_name
($name) or die "tried to query for user with invalid name $name!";
220 (-e jailed_file
("/etc/sshkeys/$name"));
225 $Girocco::Config
::chrooted
and undef; # TODO for ACLs within chroot
226 scalar(getpwnam($name));