11 our @ISA = qw(Exporter);
12 our @EXPORT = qw(scrypt html_esc jailed_file
14 filedb_atomic_append filedb_atomic_edit
15 valid_name valid_email valid_repo_url valid_web_url);
17 use CGI
qw(:standard :escapeHTML -nosticky);
18 use CGI
::Util
qw(unescape);
19 use CGI
::Carp
qw(fatalsToBrowser);
30 $repo->{cgi
} = CGI
->new;
32 print $repo->{cgi
}->header(-type
=>'text/html', -charset
=> 'utf-8');
35 <?xml version="1.0" encoding="utf-8"?>
36 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
37 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
40 <title>repo.or.cz :: $heading</title>
41 <link rel="stylesheet" type="text/css" href="/gitweb.css"/>
42 <link rel="shortcut icon" href="/git-favicon.png" type="image/png"/>
47 <div class="page_header">
48 <a href="http://git.or.cz/" title="Git homepage"><img src="/git-logo.png" width="72" height="27" alt="git" style="float:right; border-width:0px;"/></a>
49 <a href="/">repo.or.cz</a> / administration / $heading
60 my $cginame = $cgi->url(-absolute
=> 1);
62 if ($cginame =~ /^[a-zA-Z0-9_.\/-]+\
.cgi
$/) {
65 <a href="http://repo.or.cz/w/repo.git?a=blob;f=cgi/$cginame">(view source)</a>
82 print "<p style=\"text-color: red\">@_</p>\n";
88 my $err = $self->{err
};
89 $err and print "<p>Operation aborted due to $err errors.</p>\n";
96 my $val = $self->{cgi
}->param($param);
97 $val =~ s/^\s*(.*?)\s*$/$1/;
102 ### Random utility functions
106 crypt($pwd, join ('', ('.', '/', 2..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]));
112 $str =~ s/</</g; $str =~ s/>/>/g;
113 $str =~ s/"/"/g;
119 "/home/repo/j/$filename";
127 use Errno
qw(EEXIST);
128 use Fcntl
qw(O_WRONLY O_CREAT O_EXCL);
130 my $handle = new IO
::Handle
;
132 unless (sysopen($handle, $path, O_WRONLY
|O_CREAT
|O_EXCL
)) {
134 while (not sysopen($handle, $path, O_WRONLY
|O_CREAT
|O_EXCL
)) {
135 ($! == EEXIST
) or die "$path open failed: $!";
136 ($cnt++ < 16) or die "$path open failed: cannot open lockfile";
140 # XXX: filedb-specific
141 chmod 0664, $path or die "$path g+w failed: $!";
149 rename "$path.lock", $path or die "$path unlock failed: $!";
152 sub filedb_atomic_append
{
153 my ($file, $line) = @_;
156 open my $src, $file or die "$file open for reading failed: $!";
157 my $dst = lock_file
($file);
160 my $aid = (split /:/)[2];
161 $id = $aid + 1 if ($aid >= $id);
163 print $dst $_ or die "$file(l) write failed: $!";
166 $line =~ s/\\i/$id/g;
167 print $dst "$line\n" or die "$file(l) write failed: $!";
169 close $dst or die "$file(l) close failed: $!";
177 sub filedb_atomic_edit
{
178 my ($file, $fn) = @_;
180 open my $src, $file or die "$file open for reading failed: $!";
181 my $dst = lock_file
($file);
184 print $dst $fn->($_) or die "$file(l) write failed: $!";
187 close $dst or die "$file(l) close failed: $!";
193 # BOTH user AND project name!
200 /^[a-zA-Z0-9+._-]+@[a-zA-Z0-9-.]+$/;
204 /^http:\/\
/[a-zA-Z0-9-.]+(\/[_\
%a-zA
-Z0
-9.\
/~-]*)?(#[a-zA-Z0-9._-]+)?$/;
208 /^http:\/\
/[a-zA-Z0-9-.]+(\/[_\
%a-zA
-Z0
-9.\
/~-]*)?$/ or
209 /^git:\/\
/[a-zA-Z0-9-.]+(\/[_\
%a-zA
-Z0
-9.\
/~-]*)?$/;
215 package Git
::RepoCGI
::Project
;
217 BEGIN { use Git
::RepoCGI
; }
222 desc
=> 'description',
230 $self->{path
}.'/'.$name;
237 $propmap{$name} or die "unknown property: $name";
238 open P
, $self->_property_path($propmap{$name}) or return undef;
246 my ($name, $value) = @_;
247 $propmap{$name} or die "unknown property: $name";
249 my $P = lock_file
($self->_property_path($propmap{$name}));
250 $value ne '' and print $P "$value\n";
252 unlock_file
($self->_property_path($propmap{$name}));
255 sub _properties_load
{
257 foreach my $prop (keys %propmap) {
258 $self->{$prop} = $self->_property_fget($prop);
262 sub _properties_save
{
264 foreach my $prop (keys %propmap) {
265 $self->_property_fput($prop, $self->{$prop});
271 $self->_property_path('.nofetch');
277 my $np = $self->_nofetch_path;
279 open X
, '>'.$np or die "nofetch failed: $!";
282 unlink $np or die "yesfetch failed: $!";
289 $xtra .= join(',', @
{$self->{users
}});
290 filedb_atomic_append
(jailed_file
('/etc/group'),
291 join(':', $self->{name
}, $self->{crypt}, '\i', $xtra));
296 my $xtra = join(',', @
{$self->{users
}});
297 filedb_atomic_edit
(jailed_file
('/etc/group'),
301 if ($self->{name
} eq (split /:/)[0]) {
302 # preserve readonly flag
303 s/::([^:]*)$/:$1/ and $xtra = ":$xtra";
304 return join(':', $self->{name
}, $self->{crypt}, $self->{gid
}, $xtra)."\n";
314 filedb_atomic_edit
(jailed_file
('/etc/group'),
316 $self->{name
} ne (split /:/)[0] and return $_;
324 $self->{path
}.'/hooks/'.$name;
330 open SRC
, "/home/repo/repomgr/$name-hook" or die "cannot open hook $name: $!";
331 open DST
, '>'.$self->_hook_path($name) or die "cannot open hook $name for writing: $!";
332 while (<SRC
>) { print DST
$_; }
335 chmod 0775, $self->_hook_path($name) or die "cannot chmod hook $name: $!";
340 foreach my $hook ('update') {
341 $self->_hook_install($hook);
345 # private constructor, do not use
348 my ($name, $path) = @_;
349 valid_name
($name) or die "refusing to create project with invalid name ($name)!";
350 my $proj = { name
=> $name, path
=> $path };
355 # public constructor #0
356 # creates a virtual project not connected to disk image
357 # you can conjure() it later to disk
360 my ($name, $mirror) = @_;
361 my $self = $class->_new($name, $mirror ?
"/home/repo/repodata/to-clone/$name" : "/srv/git/$name.git");
363 $self->{mirror
} = $mirror;
367 # public constructor #1
372 open F
, jailed_file
("/etc/group") or die "project load failed: $!";
376 next unless (shift eq $name);
378 my $self = $class->_new($name, "/srv/git/$name.git");
379 (-d
$self->{path
}) or die "invalid path (".$self->{path
}.") for project ".$self->{name
};
382 ($self->{crypt}, $self->{gid
}, $ulist) = @_;
384 $self->{users
} = [split /,/, $ulist];
385 $self->{mirror
} = ! -e
$self->_nofetch_path;
387 $self->_properties_load;
394 # $proj may not be in sane state if this returns false!
398 my $cgi = $repo->cgi;
400 my $pwd = $cgi->param('pwd');
401 if ($pwd ne '' or not $self->{crypt}) {
402 $self->{crypt} = scrypt
($pwd);
405 $self->{email
} = $repo->wparam('email');
406 valid_email
($self->{email
})
407 or $repo->err("Your email sure looks weird...?");
409 $self->{url
} = $repo->wparam('url');
411 valid_repo_url
($self->{url
})
412 or $repo->err("Invalid URL. Note that only HTTP and Git protocol is supported. If the URL contains funny characters, contact me.");
415 $self->{desc
} = $repo->wparam('desc');
416 length($self->{desc
}) <= 1024
417 or $repo->err("<b>Short</b> description length > 1kb!");
419 $self->{README
} = $repo->wparam('README');
420 length($self->{README
}) <= 8192
421 or $repo->err("README length > 8kb!");
423 $self->{hp
} = $repo->wparam('hp');
425 valid_web_url
($self->{hp
})
426 or $repo->err("Invalid homepage URL. Note that only HTTP protocol is supported. If the URL contains funny characters, contact me.");
429 # FIXME: Permit only existing users
430 $self->{users
} = [grep { valid_name
($_) } $cgi->param('user')];
432 not $repo->err_check;
438 name
=> $self->{name
},
439 email
=> $self->{email
},
441 desc
=> html_esc
($self->{desc
}),
442 README
=> html_esc
($self->{README
}),
444 users
=> $self->{users
},
451 mkdir $self->{path
} or die "mkdir failed: $!";
452 chmod 0775, $self->{path
} or die "chmod failed: $!";
453 $self->_properties_save;
454 $self->_group_add(':');
460 system('cg-admin-setuprepo', '-g', 'repo', $self->{path
}) == 0
461 or die "cg-admin-setuprepo failed: $?";
463 $self->_properties_save;
465 $self->_hooks_install;
471 $self->_properties_save;
472 $self->_group_update;
475 # You can explicitly do this just on a ghost() repository too.
479 if (-d
$self->{path
}) {
480 system('rm', '-r', $self->{path
}) == 0
481 or die "rm -r failed: $?";
483 $self->_group_remove;
489 valid_name
($name) or die "tried to query for project with invalid name $name!";
491 or -d
"/home/repo/repodata/cloning/$name"
492 or -d
"/home/repo/repodata/to-clone/$name");
496 valid_name
($name) or die "tried to query for project with invalid name $name!";
497 (-d
"/srv/git/$name.git");
503 package Git
::RepoCGI
::User
;
505 BEGIN { use Git
::RepoCGI
; }
509 filedb_atomic_append
(jailed_file
('/etc/passwd'),
510 join(':', $self->{name
}, 'x', '\i', 65534, $self->{email
}, '/', '/bin/git-shell'));
515 '/etc/sshkeys/'.$self->{name
};
520 open F
, ">".jailed_file
($self->_sshkey_path) or die "sshkey failed: $!";
521 print F
$self->{keys}."\n";
523 chmod 0664, jailed_file
($self->_sshkey_path);
526 # private constructor, do not use
530 valid_name
($name) or die "refusing to create user with invalid name ($name)!";
531 my $proj = { name
=> $name };
536 # public constructor #0
537 # creates a virtual user not connected to disk record
538 # you can conjure() it later to disk
542 my $self = $class->_new($name);
546 # $user may not be in sane state if this returns false!
550 my $cgi = $repo->cgi;
552 $self->{name
} = $repo->wparam('name');
553 valid_name
($self->{name
})
554 or $repo->err("Name contains invalid characters.");
556 $self->{email
} = $repo->wparam('email');
557 valid_email
($self->{email
})
558 or $repo->err("Your email sure looks weird...?");
560 $self->{keys} = $cgi->param('keys');
561 length($self->{keys}) <= 4096
562 or $repo->err("The list of keys is more than 4kb. Do you really need that much?");
564 not $repo->err_check;
577 valid_name
($name) or die "tried to query for user with invalid name $name!";
578 (-e jailed_file
("/etc/sshkeys/$name"));