svn commit: r304342 - svnadmin/tools/checkacl
Bjoern A. Zeeb
bz at FreeBSD.org
Sun Sep 16 11:30:22 UTC 2012
Author: bz (src committer)
Date: Sun Sep 16 11:30:21 2012
New Revision: 304342
URL: http://svn.freebsd.org/changeset/ports/304342
Log:
In preparation of synching this file between repos, rename it to a
common source file name. We still install as checkacl-ports.
Approved by: portmgr (implicit, beat)
Added:
svnadmin/tools/checkacl/checkacl.c
- copied unchanged from r304293, svnadmin/tools/checkacl/checkacl-ports.c
Deleted:
svnadmin/tools/checkacl/checkacl-ports.c
Modified:
svnadmin/tools/checkacl/Makefile
Modified: svnadmin/tools/checkacl/Makefile
==============================================================================
--- svnadmin/tools/checkacl/Makefile Sun Sep 16 11:27:06 2012 (r304341)
+++ svnadmin/tools/checkacl/Makefile Sun Sep 16 11:30:21 2012 (r304342)
@@ -1,6 +1,7 @@
# $FreeBSD$
PROG= checkacl-ports
+SRCS= checkacl.c
NO_MAN= too bad
NO_SHARED=yes
DESTDIR=/usr/local/bin
Copied: svnadmin/tools/checkacl/checkacl.c (from r304293, svnadmin/tools/checkacl/checkacl-ports.c)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ svnadmin/tools/checkacl/checkacl.c Sun Sep 16 11:30:21 2012 (r304342, copy of r304293, svnadmin/tools/checkacl/checkacl-ports.c)
@@ -0,0 +1,214 @@
+/*
+ * Ok, so this isn't exactly pretty, so sue me.
+ *
+ * FreeBSD Subversion tree ACL check helper. The program looks in
+ * relevant access files to find out if the committer may commit.
+ *
+ * From: Id: cvssh.c,v 1.38 2008/05/31 02:54:58 peter Exp
+ * $FreeBSD$
+ */
+
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <paths.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <string.h>
+#include <err.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <fcntl.h>
+
+#define SRCACCESS "/s/svn/base/conf/access"
+#define DOCACCESS "/s/svn/doc/conf/access"
+#define PORTSACCESS "/s/svn/ports/conf/access"
+
+
+static char username[32];
+static char committag[256];
+
+static void
+msg(const char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ vfprintf(stderr, fmt, ap);
+ fprintf(stderr, "\n");
+ va_end(ap);
+}
+
+static int
+karmacheck(FILE *fp, char *name)
+{
+ char buf[1024];
+ char *p, *s;
+ int karma;
+
+ karma = 0;
+ while ((p = fgets(buf, sizeof(buf) - 1, fp)) != NULL) {
+ while ((s = strsep(&p, " \t\n")) != NULL) {
+ if (*s == '\0')
+ continue; /* whitespace */
+ if (*s == '#' || *s == '/' || *s == ';')
+ break; /* comment */
+ if (strcmp(s, "*") == 0) { /* all */
+ karma++;
+ break;
+ }
+ if (strcmp(s, name) == 0) {
+ karma++;
+ break;
+ }
+ break; /* ignore further tokens on line */
+ }
+ }
+ return karma;
+}
+
+int
+main(int argc, char *argv[])
+{
+ struct passwd *pw;
+ struct stat st;
+ FILE *fp;
+ int i;
+ gid_t repogid;
+ gid_t mygroups[NGROUPS_MAX];
+ int ngroups;
+ int writeable;
+ int karma;
+ int doccommit;
+ int portscommit;
+ int srccommit;
+ int srckarma;
+#ifdef PORTSACCESS
+ int portskarma;
+#endif
+#ifdef DOCACCESS
+ int dockarma;
+#endif
+ const char *comma;
+
+ srckarma = 0;
+#ifdef PORTSACCESS
+ portskarma = 0;
+#endif
+#ifdef DOCACCESS
+ dockarma = 0;
+#endif
+ karma = 0;
+ doccommit = 0;
+ portscommit = 0;
+ srccommit = 0;
+ writeable = 0;
+ pw = getpwuid(getuid());
+ if (pw == NULL) {
+ msg("no user for uid %d", getuid());
+ exit(1);
+ }
+ if (pw->pw_dir == NULL) {
+ msg("no home directory");
+ exit(1);
+ }
+
+ if (argc == 2) {
+ if (strcmp(argv[1], "src") == 0)
+ srccommit = 1;
+ if (strcmp(argv[1], "ports") == 0)
+ portscommit = 1;
+ if (strcmp(argv[1], "doc") == 0)
+ doccommit = 1;
+ } else {
+ srccommit = 1;
+ }
+
+ /* save in a static buffer */
+ strlcpy(username, pw->pw_name, sizeof(username));
+
+ if (stat("/s/svn", &st) < 0) {
+ msg("Cannot stat %s", "/s/svn");
+ exit(1);
+ }
+ repogid = st.st_gid;
+ if (repogid < 10) {
+ msg("unsafe repo gid %d\n", repogid);
+ exit(1);
+ }
+ ngroups = getgroups(NGROUPS_MAX, mygroups);
+ if (ngroups > 0) {
+ for (i = 0; i < ngroups; i++)
+ if (mygroups[i] == repogid)
+ writeable = 1;
+ }
+ if (!writeable)
+ printf("export SVN_READONLY=y\n");
+
+ fp = fopen(SRCACCESS, "r");
+ if (fp == NULL) {
+ msg("Cannot open %s", SRCACCESS);
+ exit(1);
+ } else {
+ srckarma += karmacheck(fp, pw->pw_name);
+ fclose(fp);
+ }
+#ifdef DOCACCESS
+ if ((fp = fopen(DOCACCESS, "r")) != NULL) {
+ dockarma += karmacheck(fp, pw->pw_name);
+ fclose(fp);
+ }
+#endif
+#ifdef PORTSACCESS
+ if ((fp = fopen(PORTSACCESS, "r")) != NULL) {
+ portskarma += karmacheck(fp, pw->pw_name);
+ fclose(fp);
+ }
+#endif
+
+ if ((srccommit == 1 && srckarma == 0) ||
+ (portscommit == 1 && portskarma == 0) ||
+ (doccommit == 1 && dockarma == 0)) {
+ strcpy(committag, "SVN_COMMIT_ATTRIB=");
+ comma = "";
+#ifdef DOCACCESS
+ if (dockarma > 0) {
+ strcat(committag, comma);
+ strcat(committag, "doc");
+ comma = ",";
+ karma += dockarma;
+ }
+#endif
+#ifdef PORTSACCESS
+ if (portskarma > 0) {
+ strcat(committag, comma);
+ strcat(committag, "ports");
+ comma = ",";
+ karma += portskarma;
+ }
+#endif
+ if (srckarma > 0) {
+ strcat(committag, comma);
+ strcat(committag, "src");
+ comma = ",";
+ karma += srckarma;
+ }
+ if (karma != 0) {
+ printf("export %s\n", committag);
+ }
+ } else {
+ karma += dockarma;
+ karma += portskarma;
+ karma += srckarma;
+ }
+
+ if (karma == 0) {
+ /* If still zero, its a readonly access */
+ printf("export SVN_READONLY=y\n");
+ }
+ return (0);
+}
More information about the svn-ports-svnadmin
mailing list