]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blob - IkiWiki/Receive.pm
useragent: Don't allow non-HTTP protocols to be used
[git.ikiwiki.info.git] / IkiWiki / Receive.pm
1 #!/usr/bin/perl
2 package IkiWiki::Receive;
4 use warnings;
5 use strict;
6 use IkiWiki;
8 sub getuser () {
9         my $user=(getpwuid(exists $ENV{CALLER_UID} ? $ENV{CALLER_UID} : $<))[0];
10         if (! defined $user) {
11                 error("cannot determine username for $<");
12         }
13         return $user;
14 }
16 sub trusted () {
17         my $user=getuser();
18         return ! ref $config{untrusted_committers} ||
19                 ! grep { $_ eq $user } @{$config{untrusted_committers}};
20 }
22 sub genwrapper () {
23         # Test for commits from untrusted committers in the wrapper, to
24         # avoid starting ikiwiki proper at all for trusted commits.
26         my $ret=<<"EOF";
27         {
28                 int u=getuid();
29                 /* 3 characters per byte is certainly enough */
30                 char uid_string[sizeof(u) * 3 + 1];
31 EOF
32         $ret.="\t\tif ( ".
33                 join("&&", map {
34                         my $uid=getpwnam($_);
35                         if (! defined $uid) {
36                                 error(sprintf(gettext("cannot determine id of untrusted committer %s"), $_));
37                         }
38                         "u != $uid";
39                 } @{$config{untrusted_committers}}).
40                 ") {\n";
42         
43         $ret.=<<"EOF";
44                         /* Trusted user.
45                          * Consume all stdin before exiting, as git may
46                          * otherwise be unhappy. */
47                         char buf[256];
48                         while (read(0, &buf, 256) != 0) {}
49                         exit(0);
50                 }
51                 snprintf(uid_string, sizeof(uid_string), "%i", u);
52                 addenv("CALLER_UID", uid_string);
53         }
54 EOF
55         return $ret;
56 }
58 sub test () {
59         exit 0 if trusted();
61         IkiWiki::lockwiki();
62         IkiWiki::loadindex();
64         # Dummy up a cgi environment to use when calling check_canedit
65         # and friends.
66         eval q{use CGI};
67         error($@) if $@;
68         my $cgi=CGI->new;
70         # And dummy up a session object.
71         require IkiWiki::CGI;
72         my $session=IkiWiki::cgi_getsession($cgi);
73         $session->param("name", getuser());
74         # Make sure whatever user was authed is in the
75         # userinfo db.
76         require IkiWiki::UserInfo;
77         if (! IkiWiki::userinfo_get($session->param("name"), "regdate")) {
78                 IkiWiki::userinfo_setall($session->param("name"), {
79                         email => "",
80                         password => "",
81                         regdate => time,
82                 }) || error("failed adding user");
83         }
85         IkiWiki::check_canchange(
86                 cgi => $cgi,
87                 session => $session,
88                 changes => [IkiWiki::rcs_receive()]
89         );
90         exit 0;
91 }
93 1