hyung-hwan/codepot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

changed AccessHandler.pm to handle authenticated-insider in svn_read_access

Browse Source
This commit is contained in:
hyung-hwan 2016-12-01 15:11:47 +00:00
parent 34bf2f3116
commit 330cdb4996
2 changed files with 43 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
codepot/etc/codepot.ini.in
View File

@ -328,9 +328,10 @@ svn_tag_property = "codepot:tag"
;------------------------------------------------------------------------------ ;------------------------------------------------------------------------------
; Subversion read access is limited to the specified user type. The types ; Subversion read access is limited to the specified user type. The types
; include anonymous, authenticated, member. This applies to a public project ; include anonymous, authenticated, authenticated-insider, member.
; only. Write access to any projects and read access to a non-public project ; This applies to a public project only. Write access to any projects
; require membership regardless of this item. ; and read access to a non-public project require membership regardless
; of this item.
;------------------------------------------------------------------------------ ;------------------------------------------------------------------------------
svn_read_access = "member" svn_read_access = "member"

47
codepot/etc/perl/Codepot/AccessHandler.pm
View File

@ -65,6 +65,8 @@ sub get_config
ldap_admin_password => $cfg->param ('ldap_admin_password'), ldap_admin_password => $cfg->param ('ldap_admin_password'),
ldap_userid_search_base => $cfg->param ('ldap_userid_search_base'), ldap_userid_search_base => $cfg->param ('ldap_userid_search_base'),
ldap_userid_search_filter => $cfg->param ('ldap_userid_search_filter'), ldap_userid_search_filter => $cfg->param ('ldap_userid_search_filter'),
ldap_insider_attribute_name => $cfg->param ('ldap_insider_attribute_name'),
ldap_insider_attribute_value => $cfg->param ('ldap_insider_attribute_value'),
database_hostname => $cfg->param ('database_hostname'), database_hostname => $cfg->param ('database_hostname'),
database_port => $cfg->param ("database_port"), database_port => $cfg->param ("database_port"),
@ -120,15 +122,15 @@ sub authenticate_ldap
my $res = $ldap->bind ($f_rootdn, password => $f_rootpw); my $res = $ldap->bind ($f_rootdn, password => $f_rootpw);
if ($res->code != LDAP_SUCCESS) if ($res->code != LDAP_SUCCESS)
{ {
$r->log_error ("Cannot bind LDAP as $f_rootdn - " . $res->error()); $r->log_error ("Cannot bind LDAP as $f_rootdn - " . $res->error());
$ldap->unbind(); $ldap->unbind();
return -1; return -1;
} }
$res = $ldap->search (base => $f_basedn, scope => 'sub', filter => $f_filter); $res = $ldap->search (base => $f_basedn, scope => 'sub', filter => $f_filter);
if ($res->code != LDAP_SUCCESS) if ($res->code != LDAP_SUCCESS)
{ {
$ldap->unbind(); $ldap->unbind();
return 0; return 0;
} }
@ -156,8 +158,30 @@ sub authenticate_ldap
return 0; return 0;
} }
my $authenticated = 1;
if ($cfg->{ldap_insider_attribute_name} ne '' && $cfg->{ldap_insider_attribute_value} ne '')
{
my $f_filter = '(' . $cfg->{ldap_insider_attribute_name} . '=*)';
$res = $ldap->search (base => $binddn, scope => 'base', filter => $f_filter, [ $cfg->{ldap_insider_attribute_name} ]);
if ($res->code == LDAP_SUCCESS)
{
foreach my $entry ($res->entries)
{
my @va = $entry->get_value($cfg->{ldap_insider_attribute_name});
foreach my $v (@va)
{
if (lc($v) eq lc($cfg->{ldap_insider_attribute_value}))
{
$authenticated = 2;
last;
}
}
}
}
}
$ldap->unbind(); $ldap->unbind();
return 1; return $authenticated;
} }
sub authenticate_database sub authenticate_database
@ -357,11 +381,18 @@ sub __handler
} }
# authentication successful. # authentication successful.
if ($is_method_r && $public >= 1 && lc($cfg->{svn_read_access}) eq 'authenticated') if ($is_method_r && $public >= 1)
{ {
# grant read access to an authenticated user regardless of membership if (lc($cfg->{svn_read_access}) eq 'authenticated')
# this applies to a public project only {
return Apache2::Const::OK; # grant read access to an authenticated user regardless of membership
# this applies to a public project only
return Apache2::Const::OK;
}
elsif (lc($cfg->{svn_read_access}) eq 'authenticated-insider')
{
if ($auth >= 2) { return Apache2::Const::OK; }
}
} }
($member, $errmsg) = is_project_member ($dbh, $cfg->{database_prefix}, $repo, $userid, $qc); ($member, $errmsg) = is_project_member ($dbh, $cfg->{database_prefix}, $repo, $userid, $qc);