diff options
| author | Daniel Silverstone <daniel.silverstone@codethink.co.uk> | 2017-05-13 14:26:01 +0100 |
|---|---|---|
| committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2017-07-02 11:56:43 +0100 |
| commit | 1cfe35922f0da06d249a367e2d476265ac41a499 (patch) | |
| tree | 85d7574e3de0866fe5578ed073e48a823d38df60 | |
| parent | db21cb141751bee3602c68cd7d608f6234459e6f (diff) | |
| download | gitano-1cfe35922f0da06d249a367e2d476265ac41a499.tar.gz | |
Add pre-authorisation commandline hook
This hook is permitted to adjust the command line before it is
passed on to command authorisation. This is needed for a number
of use-cases requested around permitting a plugin to provide domain
specific command line shapes without needing to adjust Gitano's
core command structures.
| -rw-r--r-- | lang/en.lua | 3 | ||||
| -rw-r--r-- | lib/gitano/auth.lua | 18 |
2 files changed, 20 insertions, 1 deletions
diff --git a/lang/en.lua b/lang/en.lua index ff69968..96af43b 100644 --- a/lang/en.lua +++ b/lang/en.lua @@ -162,7 +162,8 @@ example administration repository rules and an admin user and group. BYPASS_USER_BANNER_HEADER = "**** ALERT **** ALERT **** PAY CAREFUL ATTENTION **** ALERT **** ALERT ****", BYPASS_USER_ALERT_MESSAGE = "**** You are acting as the bypass user. Rules and hooks WILL NOT APPLY ****", BYPASS_USER_BANNER_FOOTER = "**** ALERT **** ALERT **** DO NOT DO THIS NORMALLY **** ALERT **** ALERT ****", - + PREAUTH_CMDLINE_HOOK_DECLINED = "Pre-authorization command line hook declined to permit action: ${reason}", + PREAUTH_CMDLINE_HOOK_ABORTED = "Pre-authorization command line hook aborted: ${reason}", -- Messages from the config module NO_SITE_CONF = "No site.conf", NO_CORE_RULES = "No core rules file", diff --git a/lib/gitano/auth.lua b/lib/gitano/auth.lua index c5a1095..bf3260f 100644 --- a/lib/gitano/auth.lua +++ b/lib/gitano/auth.lua @@ -37,6 +37,7 @@ local log = require 'gitano.log' local repository = require 'gitano.repository' local util = require 'gitano.util' local i18n = require 'gitano.i18n' +local hooks = require 'gitano.hooks' local gall = require 'gall' local luxio = require 'luxio' @@ -121,6 +122,23 @@ local function is_authorized(user, source, cmdline, repo_root, i18n.expand("CLIENT_CONNECTED", { ip=ip, user=user, key=keytag, cmdline=cmdline})) + local cancel + cancel, ip, user, keytag, parsed_cmdline = + (function(c,i,u,k,...) + return c, i, u, k, {...} + end)(hooks.run(hooks.names.PREAUTH_CMDLINE, false, + ip, user, keytag, unpack(parsed_cmdline))) + + if cancel == nil then + log.syslog.err(i18n.expand("PREAUTH_CMDLINE_HOOK_ABORTED", {reason=ip})) + log.critical(i18n.expand("PREAUTH_CMDLINE_HOOK_DECLINED", {reason=ip})) + return nil + end + if cancel then + log.critical(i18n.expand("PREAUTH_CMDLINE_HOOK_DECLINED", {reason=ip})) + return nil + end + local cmd = command.get(parsed_cmdline[1]) if not cmd then |