Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | add privilege check to hook execution |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | StvPrivateHook2 |
| Files: | files | file ages | folders |
| SHA1: |
abd05f296e238c348c1f7d230d0f7aff |
| User & Date: | wolfgang 2010-10-23 17:02:07.000 |
Context
|
2010-10-24
| ||
| 06:53 | add missing; check-in: e9fcc9afae user: Ratte tags: StvPrivateHook2 | |
|
2010-10-23
| ||
| 17:02 | add privilege check to hook execution check-in: abd05f296e user: wolfgang tags: StvPrivateHook2 | |
| 07:23 | added hook info to sync/push help check-in: ba5e03444b user: Ratte tags: StvPrivateHook2 | |
Changes
Changes to src/db.c.
| ︙ | ︙ | |||
1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 |
{ "push-hook-cmd", 0, 32, "" },
{ "push-hook-force",
0, 0, "" },
{ "push-hook-pattern-client",
0, 32, "" },
{ "push-hook-pattern-server",
0, 32, "" },
{ "ssh-command", 0, 32, "" },
{ "web-browser", 0, 32, "" },
{ 0,0,0,0 }
};
/*
** COMMAND: settings
| > > | 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 |
{ "push-hook-cmd", 0, 32, "" },
{ "push-hook-force",
0, 0, "" },
{ "push-hook-pattern-client",
0, 32, "" },
{ "push-hook-pattern-server",
0, 32, "" },
{ "push-hook-privilege",
0, 1, "" },
{ "ssh-command", 0, 32, "" },
{ "web-browser", 0, 32, "" },
{ 0,0,0,0 }
};
/*
** COMMAND: settings
|
| ︙ | ︙ | |||
1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 | ** server, to activate the push hook command. ** ** push-hook-pattern-server ** if set, and a client send this pattern at the end of ** a push, the push hook command will be executed. This ** might be a prefix of the pattern, sent by the client. ** ** ssh-command Command used to talk to a remote machine with ** the "ssh://" protocol. ** ** web-browser A shell command used to launch your preferred ** web browser when given a URL as an argument. ** Defaults to "start" on windows, "open" on Mac, ** and "firefox" on Unix. | > > > > > | 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 | ** server, to activate the push hook command. ** ** push-hook-pattern-server ** if set, and a client send this pattern at the end of ** a push, the push hook command will be executed. This ** might be a prefix of the pattern, sent by the client. ** ** push-hook-privilege ** if set, the user doing the push needs this privilege ** to trigger the hook. Valid privileges are: ** s (setup), a (admin), i (checkin) or o (checkout) ** ** ssh-command Command used to talk to a remote machine with ** the "ssh://" protocol. ** ** web-browser A shell command used to launch your preferred ** web browser when given a URL as an argument. ** Defaults to "start" on windows, "open" on Mac, ** and "firefox" on Unix. |
| ︙ | ︙ |
Changes to src/xfer.c.
| ︙ | ︙ | |||
89 90 91 92 93 94 95 96 |
void post_push_hook(char const * const zPushHookLine, const char requestType){
/*
** TO DO: get the string cmd from a config file? Or the database local
** settings, as someone suggested? Ditto output and error logs. /fatman
*/
const char *zCmd = db_get("push-hook-cmd", "");
int allowForced = db_get_boolean("push-hook-force", 0);
| > > > > > > > > > > > > > > > > > > > > > > > > > | | 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 |
void post_push_hook(char const * const zPushHookLine, const char requestType){
/*
** TO DO: get the string cmd from a config file? Or the database local
** settings, as someone suggested? Ditto output and error logs. /fatman
*/
const char *zCmd = db_get("push-hook-cmd", "");
int allowForced = db_get_boolean("push-hook-force", 0);
const char *zHookPriv = db_get("push-hook-privilege","");
int privOk = 0;
if( zHookPriv && *zHookPriv ){
switch( *zHookPriv ){
case 's':
if( g.okSetup ) privOk = 1;
break;
case 'a':
if( g.okAdmin ) privOk = 1;
break;
case 'i':
if( g.okWrite ) privOk = 1;
break;
case 'o':
if( g.okRead ) privOk = 1;
break;
default
fossil_print("Push hook wrong privilege type '%s'\n", zHookPriv);
}
}else{
privOk = 1;
}
if( !privOk ){
fossil_print("No privilege to activate hook!\n");
}else if( requestType!='P' && requestType!='C' && requestType!='F' ){
fossil_print("Push hook wrong request type '%c'\n", requestType);
}else if( requestType=='F' && !allowForced ){
fossil_print("Forced push call from client not allowed,"
" skipping call for '%s'\n", zPushHookLine);
}else if( zCmd && zCmd[0] ){
int rc;
char * zCalledCmd;
|
| ︙ | ︙ |