svn commit: r39558 - svnadmin/tools/checkacl

Sat Sep 15 19:24:10 UTC 2012

Author: bz (src committer)
Date: Sat Sep 15 19:24:09 2012
New Revision: 39558
URL: http://svn.freebsd.org/changeset/doc/39558

Log:
  In preparation of synching this file between repos, rename it to a
  common source file name.  We still install as checkacl-doc.
  
  Approved by:	doceng (gabor, implicit)

Added:
  svnadmin/tools/checkacl/checkacl.c
     - copied unchanged from r39546, svnadmin/tools/checkacl/checkacl-doc.c
Deleted:
  svnadmin/tools/checkacl/checkacl-doc.c
Modified:
  svnadmin/tools/checkacl/Makefile

Modified: svnadmin/tools/checkacl/Makefile
==============================================================================

--- svnadmin/tools/checkacl/Makefile	Sat Sep 15 18:52:16 2012	(r39557)
+++ svnadmin/tools/checkacl/Makefile	Sat Sep 15 19:24:09 2012	(r39558)
@@ -1,6 +1,7 @@
 # $FreeBSD$
 
 PROG=	checkacl-doc
+SRCS=	checkacl.c
 NO_MAN=	too bad
 NO_SHARED=yes
 DESTDIR=/usr/local/bin

Copied: svnadmin/tools/checkacl/checkacl.c (from r39546, svnadmin/tools/checkacl/checkacl-doc.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ svnadmin/tools/checkacl/checkacl.c	Sat Sep 15 19:24:09 2012	(r39558, copy of r39546, svnadmin/tools/checkacl/checkacl-doc.c)
@@ -0,0 +1,184 @@
+/*
+ * Ok, so this isn't exactly pretty, so sue me.
+ *
+ * FreeBSD Subversion tree ACL check helper.  The program looks in
+ * relevant access files to find out if the committer may commit.
+ *
+ * From: Id: cvssh.c,v 1.38 2008/05/31 02:54:58 peter Exp
+ * $FreeBSD$
+ */
+
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <paths.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <string.h>
+#include <err.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <fcntl.h>
+
+#define SRCACCESS	"/s/svn/base/conf/access"
+#define DOCACCESS	"/s/svn/doc/conf/access"
+#define PORTSACCESS	"/home/pcvs/CVSROOT/access"
+
+
+static char username[32];
+static char committag[256];
+
+static void
+msg(const char *fmt, ...)
+{
+	va_list ap;
+
+	va_start(ap, fmt);
+	vfprintf(stderr, fmt, ap);
+	fprintf(stderr, "\n");
+	va_end(ap);
+}
+
+static int
+karmacheck(FILE *fp, char *name)
+{
+	char buf[1024];
+	char *p, *s;
+	int karma;
+
+	karma = 0;
+	while ((p = fgets(buf, sizeof(buf) - 1, fp)) != NULL) {
+		while ((s = strsep(&p, " \t\n")) != NULL) {
+			if (*s == '\0')
+				continue;	/* whitespace */
+			if (*s == '#' || *s == '/' || *s == ';')
+				break;		/* comment */
+			if (strcmp(s, "*") == 0) {	/* all */
+				karma++;
+				break;
+			}
+			if (strcmp(s, name) == 0) {
+				karma++;
+				break;
+			}
+			break;	/* ignore further tokens on line */
+		}
+	}
+	return karma;
+}
+
+/* ARGUSED */
+int
+main(void)
+{
+	struct passwd *pw;
+	struct stat st;
+	FILE *fp;
+	int i;
+	gid_t repogid;
+	gid_t mygroups[NGROUPS_MAX];
+	int ngroups;
+	int writeable;
+	int dockarma;
+#ifdef PORTSACCESS
+	int portskarma;
+#endif
+#ifdef SRCACCESS
+	int srckarma;
+#endif
+	const char *comma;
+
+#ifdef PORTSACCESS
+	portskarma = 0;
+#endif
+#ifdef SRCACCESS
+	srckarma = 0;
+#endif
+	dockarma = 0;
+	writeable = 0;
+	pw = getpwuid(getuid());
+	if (pw == NULL) {
+		msg("no user for uid %d", getuid());
+		exit(1);
+	}
+	if (pw->pw_dir == NULL) {
+		msg("no home directory");
+		exit(1);
+	}
+
+	/* save in a static buffer */
+	strlcpy(username, pw->pw_name, sizeof(username));
+
+	if (stat("/s/svn", &st) < 0) {
+		msg("Cannot stat %s", "/s/svn");
+		exit(1);
+	}
+	repogid = st.st_gid;
+	if (repogid < 10) {
+		msg("unsafe repo gid %d\n", repogid);
+		exit(1);
+	}
+	ngroups = getgroups(NGROUPS_MAX, mygroups);
+	if (ngroups > 0) {
+		for (i = 0; i < ngroups; i++)
+			if (mygroups[i] == repogid)
+				writeable = 1;
+	}
+	if (!writeable)
+		printf("export SVN_READONLY=y\n");
+
+	fp = fopen(DOCACCESS, "r");
+	if (fp == NULL) {
+		msg("Cannot open %s", DOCACCESS);
+		exit(1);
+	} else {
+		dockarma += karmacheck(fp, pw->pw_name);
+		fclose(fp);
+	}
+#ifdef SRCACCESS
+	if (dockarma == 0 && (fp = fopen(SRCACCESS, "r")) != NULL) {
+		srckarma += karmacheck(fp, pw->pw_name);
+		fclose(fp);
+	}
+#endif
+#ifdef PORTSACCESS
+	if (dockarma == 0 && (fp = fopen(PORTSACCESS, "r")) != NULL) {
+		portskarma += karmacheck(fp, pw->pw_name);
+		fclose(fp);
+	}
+#endif
+
+	if (dockarma == 0) {
+		strcpy(committag, "SVN_COMMIT_ATTRIB=");
+		comma = "";
+#ifdef SRCACCESS
+		if (srckarma > 0) {
+			strcat(committag, comma);
+			strcat(committag, "src");
+			comma = ",";
+			dockarma += srckarma;
+		}
+#endif
+#ifdef PORTSACCESS
+		if (portskarma > 0) {
+			strcat(committag, comma);
+			strcat(committag, "ports");
+			comma = ",";
+			dockarma += portskarma;
+		}
+#endif
+		if (dockarma != 0) {
+			printf("export %s\n", committag);
+		}
+	}
+		
+	if (dockarma == 0) {
+		/* If still zero, its a readonly access */
+		printf("export SVN_READONLY=y\n");
+	}
+	return (0);
+}
