From owner-svn-doc-all@FreeBSD.ORG Sat Sep 15 19:24:10 2012 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3F0B6106566B; Sat, 15 Sep 2012 19:24:10 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 1FF808FC0C; Sat, 15 Sep 2012 19:24:10 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q8FJO9Pu015501; Sat, 15 Sep 2012 19:24:09 GMT (envelope-from bz@svn.freebsd.org) Received: (from bz@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q8FJO9wY015498; Sat, 15 Sep 2012 19:24:09 GMT (envelope-from bz@svn.freebsd.org) Message-Id: <201209151924.q8FJO9wY015498@svn.freebsd.org> From: "Bjoern A. Zeeb" Date: Sat, 15 Sep 2012 19:24:09 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-svnadmin@freebsd.org X-SVN-Group: doc-svnadmin MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r39558 - svnadmin/tools/checkacl X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Sep 2012 19:24:10 -0000 Author: bz (src committer) Date: Sat Sep 15 19:24:09 2012 New Revision: 39558 URL: http://svn.freebsd.org/changeset/doc/39558 Log: In preparation of synching this file between repos, rename it to a common source file name. We still install as checkacl-doc. Approved by: doceng (gabor, implicit) Added: svnadmin/tools/checkacl/checkacl.c - copied unchanged from r39546, svnadmin/tools/checkacl/checkacl-doc.c Deleted: svnadmin/tools/checkacl/checkacl-doc.c Modified: svnadmin/tools/checkacl/Makefile Modified: svnadmin/tools/checkacl/Makefile ============================================================================== --- svnadmin/tools/checkacl/Makefile Sat Sep 15 18:52:16 2012 (r39557) +++ svnadmin/tools/checkacl/Makefile Sat Sep 15 19:24:09 2012 (r39558) @@ -1,6 +1,7 @@ # $FreeBSD$ PROG= checkacl-doc +SRCS= checkacl.c NO_MAN= too bad NO_SHARED=yes DESTDIR=/usr/local/bin Copied: svnadmin/tools/checkacl/checkacl.c (from r39546, svnadmin/tools/checkacl/checkacl-doc.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ svnadmin/tools/checkacl/checkacl.c Sat Sep 15 19:24:09 2012 (r39558, copy of r39546, svnadmin/tools/checkacl/checkacl-doc.c) @@ -0,0 +1,184 @@ +/* + * Ok, so this isn't exactly pretty, so sue me. + * + * FreeBSD Subversion tree ACL check helper. The program looks in + * relevant access files to find out if the committer may commit. + * + * From: Id: cvssh.c,v 1.38 2008/05/31 02:54:58 peter Exp + * $FreeBSD$ + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define SRCACCESS "/s/svn/base/conf/access" +#define DOCACCESS "/s/svn/doc/conf/access" +#define PORTSACCESS "/home/pcvs/CVSROOT/access" + + +static char username[32]; +static char committag[256]; + +static void +msg(const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + vfprintf(stderr, fmt, ap); + fprintf(stderr, "\n"); + va_end(ap); +} + +static int +karmacheck(FILE *fp, char *name) +{ + char buf[1024]; + char *p, *s; + int karma; + + karma = 0; + while ((p = fgets(buf, sizeof(buf) - 1, fp)) != NULL) { + while ((s = strsep(&p, " \t\n")) != NULL) { + if (*s == '\0') + continue; /* whitespace */ + if (*s == '#' || *s == '/' || *s == ';') + break; /* comment */ + if (strcmp(s, "*") == 0) { /* all */ + karma++; + break; + } + if (strcmp(s, name) == 0) { + karma++; + break; + } + break; /* ignore further tokens on line */ + } + } + return karma; +} + +/* ARGUSED */ +int +main(void) +{ + struct passwd *pw; + struct stat st; + FILE *fp; + int i; + gid_t repogid; + gid_t mygroups[NGROUPS_MAX]; + int ngroups; + int writeable; + int dockarma; +#ifdef PORTSACCESS + int portskarma; +#endif +#ifdef SRCACCESS + int srckarma; +#endif + const char *comma; + +#ifdef PORTSACCESS + portskarma = 0; +#endif +#ifdef SRCACCESS + srckarma = 0; +#endif + dockarma = 0; + writeable = 0; + pw = getpwuid(getuid()); + if (pw == NULL) { + msg("no user for uid %d", getuid()); + exit(1); + } + if (pw->pw_dir == NULL) { + msg("no home directory"); + exit(1); + } + + /* save in a static buffer */ + strlcpy(username, pw->pw_name, sizeof(username)); + + if (stat("/s/svn", &st) < 0) { + msg("Cannot stat %s", "/s/svn"); + exit(1); + } + repogid = st.st_gid; + if (repogid < 10) { + msg("unsafe repo gid %d\n", repogid); + exit(1); + } + ngroups = getgroups(NGROUPS_MAX, mygroups); + if (ngroups > 0) { + for (i = 0; i < ngroups; i++) + if (mygroups[i] == repogid) + writeable = 1; + } + if (!writeable) + printf("export SVN_READONLY=y\n"); + + fp = fopen(DOCACCESS, "r"); + if (fp == NULL) { + msg("Cannot open %s", DOCACCESS); + exit(1); + } else { + dockarma += karmacheck(fp, pw->pw_name); + fclose(fp); + } +#ifdef SRCACCESS + if (dockarma == 0 && (fp = fopen(SRCACCESS, "r")) != NULL) { + srckarma += karmacheck(fp, pw->pw_name); + fclose(fp); + } +#endif +#ifdef PORTSACCESS + if (dockarma == 0 && (fp = fopen(PORTSACCESS, "r")) != NULL) { + portskarma += karmacheck(fp, pw->pw_name); + fclose(fp); + } +#endif + + if (dockarma == 0) { + strcpy(committag, "SVN_COMMIT_ATTRIB="); + comma = ""; +#ifdef SRCACCESS + if (srckarma > 0) { + strcat(committag, comma); + strcat(committag, "src"); + comma = ","; + dockarma += srckarma; + } +#endif +#ifdef PORTSACCESS + if (portskarma > 0) { + strcat(committag, comma); + strcat(committag, "ports"); + comma = ","; + dockarma += portskarma; + } +#endif + if (dockarma != 0) { + printf("export %s\n", committag); + } + } + + if (dockarma == 0) { + /* If still zero, its a readonly access */ + printf("export SVN_READONLY=y\n"); + } + return (0); +}