diff options
author | Joey Hess <joey@kodama.kitenet.net> | 2008-10-24 15:47:42 -0400 |
---|---|---|
committer | Joey Hess <joey@kodama.kitenet.net> | 2008-10-24 15:47:42 -0400 |
commit | 146192d5b01329bd8e5dfbf4045efded467151e0 (patch) | |
tree | 75752f4ffac35c5c4e32e4025e4d3a689d454cd6 | |
parent | 86ea8adaf3263babd401b7c2d73a1824b99ea908 (diff) |
the pre-receive wrapper needs to be suid after all
It needs to write to the user db.
-rw-r--r-- | IkiWiki/Plugin/git.pm | 2 | ||||
-rw-r--r-- | IkiWiki/Receive.pm | 26 |
2 files changed, 20 insertions, 8 deletions
diff --git a/IkiWiki/Plugin/git.pm b/IkiWiki/Plugin/git.pm index 84df56181..5bef92856 100644 --- a/IkiWiki/Plugin/git.pm +++ b/IkiWiki/Plugin/git.pm @@ -46,7 +46,7 @@ sub checkconfig () { #{{{ push @{$config{wrappers}}, { test_receive => 1, wrapper => $config{git_test_receive_wrapper}, - wrappermode => "0755", + wrappermode => (defined $config{git_wrappermode} ? $config{git_wrappermode} : "06755"), }; } } #}}} diff --git a/IkiWiki/Receive.pm b/IkiWiki/Receive.pm index 81b67d9b4..451a3fe8e 100644 --- a/IkiWiki/Receive.pm +++ b/IkiWiki/Receive.pm @@ -7,7 +7,8 @@ use strict; use IkiWiki; sub getuser () { #{{{ - my $user=(getpwuid($<))[0]; + # CALLER_UID is set by the suid wrapper, to the original uid + my $user=(getpwuid(exists $ENV{CALLER_UID} ? $ENV{CALLER_UID} : $<))[0]; if (! defined $user) { error("cannot determine username for $<"); } @@ -23,20 +24,31 @@ sub trusted () { #{{{ sub test () { #{{{ exit 0 if trusted(); + IkiWiki::lockwiki(); + IkiWiki::loadindex(); + # Dummy up a cgi environment to use when calling check_canedit # and friends. eval q{use CGI}; error($@) if $@; my $cgi=CGI->new; + $ENV{REMOTE_ADDR}='unknown' unless exists $ENV{REMOTE_ADDR}; + + # And dummy up a session object. require IkiWiki::CGI; my $session=IkiWiki::cgi_getsession($cgi); $session->param("name", getuser()); - $ENV{REMOTE_ADDR}='unknown' unless exists $ENV{REMOTE_ADDR}; - - # Wiki is not locked because we lack permission to do so. - # So, relying on atomic index file updates to avoid trouble. - IkiWiki::loadindex(); - + # Make sure whatever user was authed is in the + # userinfo db. + require IkiWiki::UserInfo; + if (! IkiWiki::userinfo_get($session->param("name"), "regdate")) { + IkiWiki::userinfo_setall($session->param("name"), { + email => "", + password => "", + regdate => time, + }) || error("failed adding user"); + } + my %newfiles; foreach my $change (IkiWiki::rcs_receive()) { |