#include "ini.h"
#define CFG_FILE "/etc/repo_shell.cfg"
+#define GIT_ACL_FILE "git_acl.cfg"
typedef struct {
char *svn_root;
return 1; /* for now */
}
-static int git_check_access(const char *cmd, const char *arg, const char *user)
+static int git_acl(const char *user, const char *repo)
{
- /* TODO: Read some configuration file which maps users and access
- * to a boolean true/false value.
- *
- * The git command can support read and write.
- * git-receive-pack is ok for readers and writers
- * git-upload-pack is ok only for writers
- * git-upload-archive is ok only for writers
+ /* TODO: Read GIT_ACL_FILE from cfg.owner's home directory. Look for
+ * the access level afforded user for repo. A return of 0 means no
+ * access, a return of 1 means read only, and a return of 2 means
+ * read/write.
*/
- return 1; /* assume OK for now */
+ struct passwd *pw;
+ char *file;
+ int len = strlen(cfg.owner) + strlen(GIT_ACL_FILE) + 8;
+
+ pw = getpwnam(cfg.owner);
+ if (!pw)
+ die("owner %s has no passwd entry?", cfg.owner);
+ len = strlen(pw->pw_dir) + strlen(GIT_ACL_FILE) + 2;
+ file = xmalloc(sizeof(char) * len);
+ sprintf(file, "%s/%s", pw->pw_dir, GIT_ACL_FILE);
+ fprintf(stderr, "[someday check %s]\n", file);
+ free(file);
+ return 2; /* assume read/write for now */
+}
+
+static int git_check_access(const char *cmd, const char *repo, const char *user)
+{
+ int rw = 1; /* 0=no access, 1=read only, 2=read/write */
+
+ /* What access is required per the incoming command? */
+ if (!strcmp(cmd, "git-upload-pack") ||
+ !strcmp(cmd, "git-upload-archive"))
+ rw = 2;
+
+ /* Return true (1) if the user permissions >= those required */
+ return (git_acl(user, repo) >= rw) ? 1 : 0;
}
static int do_git_cmd(const char *cmd, char *arg, char *user)
projects / repo_shell.git / commitdiff