use IkiWiki;
sub getuser () { #{{{
- # CALLER_UID is set by the suid wrapper, to the original uid
my $user=(getpwuid(exists $ENV{CALLER_UID} ? $ENV{CALLER_UID} : $<))[0];
if (! defined $user) {
error("cannot determine username for $<");
! grep { $_ eq $user } @{$config{untrusted_committers}};
} #}}}
+sub gen_wrapper () { #{{{
+ # Test for commits from untrusted committers in the wrapper, to
+ # avoid loading ikiwiki at all for trusted commits.
+
+ my $ret=<<"EOF";
+ {
+ int u=getuid();
+EOF
+ $ret.="\t\tif ( ".
+ join("&&", map {
+ my $uid=getpwnam($_);
+ if (! defined $uid) {
+ error(sprintf(gettext("cannot determine id of untrusted committer %s"), $_));
+ }
+ "u != $uid";
+ } @{$config{untrusted_committers}}).
+ ") exit(0);\n";
+ $ret.=<<"EOF";
+ asprintf(&s, "CALLER_UID=%i", u);
+ newenviron[i++]=s;
+ }
+EOF
+ return $ret;
+} #}}}
+
sub test () { #{{{
exit 0 if trusted();
addenv("$var", s);
EOF
}
-
+
+ my $test_receive="";
+ if ($config{test_receive}) {
+ require IkiWiki::Receive;
+ $test_receive=IkiWiki::Receive::gen_wrapper();
+ }
+
$Data::Dumper::Indent=0; # no newlines
my $configstring=Data::Dumper->Dump([\%config], ['*config']);
$configstring=~s/\\/\\\\/g;
}
int main (int argc, char **argv) {
- /* Sanitize environment. */
char *s;
+
+$test_receive
$envsave
newenviron[i++]="HOME=$ENV{HOME}";
newenviron[i++]="WRAPPED_OPTIONS=$configstring";
- asprintf(&s, "CALLER_UID=%i", getuid());
- newenviron[i++]=s;
newenviron[i]=NULL;
environ=newenviron;
# optimisation for no-op post_commit
exit 0;
}
- elsif ($config{test_receive}) {
- # quick success if the user is trusted
- require IkiWiki::Receive;
- exit 0 if IkiWiki::Receive::trusted();
- }
loadplugins();
checkconfig();
sipb-www / ikiwiki.git / commitdiff
