Fossil SCM
add privilege check to hook execution
Commit
abd05f296e238c348c1f7d230d0f7aff52f044b3
Parent
ba5e03444b1f5af…
2 files changed
+7
+26
-1
M
src/db.c
+7
| --- src/db.c | ||
| +++ src/db.c | ||
| @@ -1532,10 +1532,12 @@ | ||
| 1532 | 1532 | 0, 0, "" }, |
| 1533 | 1533 | { "push-hook-pattern-client", |
| 1534 | 1534 | 0, 32, "" }, |
| 1535 | 1535 | { "push-hook-pattern-server", |
| 1536 | 1536 | 0, 32, "" }, |
| 1537 | + { "push-hook-privilege", | |
| 1538 | + 0, 1, "" }, | |
| 1537 | 1539 | { "ssh-command", 0, 32, "" }, |
| 1538 | 1540 | { "web-browser", 0, 32, "" }, |
| 1539 | 1541 | { 0,0,0,0 } |
| 1540 | 1542 | }; |
| 1541 | 1543 | |
| @@ -1630,10 +1632,15 @@ | ||
| 1630 | 1632 | ** push-hook-pattern-server |
| 1631 | 1633 | ** if set, and a client send this pattern at the end of |
| 1632 | 1634 | ** a push, the push hook command will be executed. This |
| 1633 | 1635 | ** might be a prefix of the pattern, sent by the client. |
| 1634 | 1636 | ** |
| 1637 | +** push-hook-privilege | |
| 1638 | +** if set, the user doing the push needs this privilege | |
| 1639 | +** to trigger the hook. Valid privileges are: | |
| 1640 | +** s (setup), a (admin), i (checkin) or o (checkout) | |
| 1641 | +** | |
| 1635 | 1642 | ** ssh-command Command used to talk to a remote machine with |
| 1636 | 1643 | ** the "ssh://" protocol. |
| 1637 | 1644 | ** |
| 1638 | 1645 | ** web-browser A shell command used to launch your preferred |
| 1639 | 1646 | ** web browser when given a URL as an argument. |
| 1640 | 1647 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -1532,10 +1532,12 @@ | |
| 1532 | 0, 0, "" }, |
| 1533 | { "push-hook-pattern-client", |
| 1534 | 0, 32, "" }, |
| 1535 | { "push-hook-pattern-server", |
| 1536 | 0, 32, "" }, |
| 1537 | { "ssh-command", 0, 32, "" }, |
| 1538 | { "web-browser", 0, 32, "" }, |
| 1539 | { 0,0,0,0 } |
| 1540 | }; |
| 1541 | |
| @@ -1630,10 +1632,15 @@ | |
| 1630 | ** push-hook-pattern-server |
| 1631 | ** if set, and a client send this pattern at the end of |
| 1632 | ** a push, the push hook command will be executed. This |
| 1633 | ** might be a prefix of the pattern, sent by the client. |
| 1634 | ** |
| 1635 | ** ssh-command Command used to talk to a remote machine with |
| 1636 | ** the "ssh://" protocol. |
| 1637 | ** |
| 1638 | ** web-browser A shell command used to launch your preferred |
| 1639 | ** web browser when given a URL as an argument. |
| 1640 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -1532,10 +1532,12 @@ | |
| 1532 | 0, 0, "" }, |
| 1533 | { "push-hook-pattern-client", |
| 1534 | 0, 32, "" }, |
| 1535 | { "push-hook-pattern-server", |
| 1536 | 0, 32, "" }, |
| 1537 | { "push-hook-privilege", |
| 1538 | 0, 1, "" }, |
| 1539 | { "ssh-command", 0, 32, "" }, |
| 1540 | { "web-browser", 0, 32, "" }, |
| 1541 | { 0,0,0,0 } |
| 1542 | }; |
| 1543 | |
| @@ -1630,10 +1632,15 @@ | |
| 1632 | ** push-hook-pattern-server |
| 1633 | ** if set, and a client send this pattern at the end of |
| 1634 | ** a push, the push hook command will be executed. This |
| 1635 | ** might be a prefix of the pattern, sent by the client. |
| 1636 | ** |
| 1637 | ** push-hook-privilege |
| 1638 | ** if set, the user doing the push needs this privilege |
| 1639 | ** to trigger the hook. Valid privileges are: |
| 1640 | ** s (setup), a (admin), i (checkin) or o (checkout) |
| 1641 | ** |
| 1642 | ** ssh-command Command used to talk to a remote machine with |
| 1643 | ** the "ssh://" protocol. |
| 1644 | ** |
| 1645 | ** web-browser A shell command used to launch your preferred |
| 1646 | ** web browser when given a URL as an argument. |
| 1647 |
+26
-1
| --- src/xfer.c | ||
| +++ src/xfer.c | ||
| @@ -91,12 +91,37 @@ | ||
| 91 | 91 | ** TO DO: get the string cmd from a config file? Or the database local |
| 92 | 92 | ** settings, as someone suggested? Ditto output and error logs. /fatman |
| 93 | 93 | */ |
| 94 | 94 | const char *zCmd = db_get("push-hook-cmd", ""); |
| 95 | 95 | int allowForced = db_get_boolean("push-hook-force", 0); |
| 96 | + const char *zHookPriv = db_get("push-hook-privilege",""); | |
| 97 | + int privOk = 0; | |
| 96 | 98 | |
| 97 | - if( requestType!='P' && requestType!='C' && requestType!='F' ){ | |
| 99 | + if( zHookPriv && *zHookPriv ){ | |
| 100 | + switch( *zHookPriv ){ | |
| 101 | + | |
| 102 | + case 's': | |
| 103 | + if( g.okSetup ) privOk = 1; | |
| 104 | + break; | |
| 105 | + case 'a': | |
| 106 | + if( g.okAdmin ) privOk = 1; | |
| 107 | + break; | |
| 108 | + case 'i': | |
| 109 | + if( g.okWrite ) privOk = 1; | |
| 110 | + break; | |
| 111 | + case 'o': | |
| 112 | + if( g.okRead ) privOk = 1; | |
| 113 | + break; | |
| 114 | + default | |
| 115 | + fossil_print("Push hook wrong privilege type '%s'\n", zHookPriv); | |
| 116 | + } | |
| 117 | + }else{ | |
| 118 | + privOk = 1; | |
| 119 | + } | |
| 120 | + if( !privOk ){ | |
| 121 | + fossil_print("No privilege to activate hook!\n"); | |
| 122 | + }else if( requestType!='P' && requestType!='C' && requestType!='F' ){ | |
| 98 | 123 | fossil_print("Push hook wrong request type '%c'\n", requestType); |
| 99 | 124 | }else if( requestType=='F' && !allowForced ){ |
| 100 | 125 | fossil_print("Forced push call from client not allowed," |
| 101 | 126 | " skipping call for '%s'\n", zPushHookLine); |
| 102 | 127 | }else if( zCmd && zCmd[0] ){ |
| 103 | 128 |
| --- src/xfer.c | |
| +++ src/xfer.c | |
| @@ -91,12 +91,37 @@ | |
| 91 | ** TO DO: get the string cmd from a config file? Or the database local |
| 92 | ** settings, as someone suggested? Ditto output and error logs. /fatman |
| 93 | */ |
| 94 | const char *zCmd = db_get("push-hook-cmd", ""); |
| 95 | int allowForced = db_get_boolean("push-hook-force", 0); |
| 96 | |
| 97 | if( requestType!='P' && requestType!='C' && requestType!='F' ){ |
| 98 | fossil_print("Push hook wrong request type '%c'\n", requestType); |
| 99 | }else if( requestType=='F' && !allowForced ){ |
| 100 | fossil_print("Forced push call from client not allowed," |
| 101 | " skipping call for '%s'\n", zPushHookLine); |
| 102 | }else if( zCmd && zCmd[0] ){ |
| 103 |
| --- src/xfer.c | |
| +++ src/xfer.c | |
| @@ -91,12 +91,37 @@ | |
| 91 | ** TO DO: get the string cmd from a config file? Or the database local |
| 92 | ** settings, as someone suggested? Ditto output and error logs. /fatman |
| 93 | */ |
| 94 | const char *zCmd = db_get("push-hook-cmd", ""); |
| 95 | int allowForced = db_get_boolean("push-hook-force", 0); |
| 96 | const char *zHookPriv = db_get("push-hook-privilege",""); |
| 97 | int privOk = 0; |
| 98 | |
| 99 | if( zHookPriv && *zHookPriv ){ |
| 100 | switch( *zHookPriv ){ |
| 101 | |
| 102 | case 's': |
| 103 | if( g.okSetup ) privOk = 1; |
| 104 | break; |
| 105 | case 'a': |
| 106 | if( g.okAdmin ) privOk = 1; |
| 107 | break; |
| 108 | case 'i': |
| 109 | if( g.okWrite ) privOk = 1; |
| 110 | break; |
| 111 | case 'o': |
| 112 | if( g.okRead ) privOk = 1; |
| 113 | break; |
| 114 | default |
| 115 | fossil_print("Push hook wrong privilege type '%s'\n", zHookPriv); |
| 116 | } |
| 117 | }else{ |
| 118 | privOk = 1; |
| 119 | } |
| 120 | if( !privOk ){ |
| 121 | fossil_print("No privilege to activate hook!\n"); |
| 122 | }else if( requestType!='P' && requestType!='C' && requestType!='F' ){ |
| 123 | fossil_print("Push hook wrong request type '%c'\n", requestType); |
| 124 | }else if( requestType=='F' && !allowForced ){ |
| 125 | fossil_print("Forced push call from client not allowed," |
| 126 | " skipping call for '%s'\n", zPushHookLine); |
| 127 | }else if( zCmd && zCmd[0] ){ |
| 128 |