111 |
# Check if the REMOTE_ADDR is within the range of the 'private' address for this server |
# Check if the REMOTE_ADDR is within the range of the 'private' address for this server |
112 |
my $remote_addr = NetAddr::IP->new( $ENV\{'REMOTE_ADDR'\} ); |
my $remote_addr = NetAddr::IP->new( $ENV\{'REMOTE_ADDR'\} ); |
113 |
if( $remote_addr->within( new NetAddr::IP @network_setting[1], @network_setting[2] ) ) \{ |
if( $remote_addr->within( new NetAddr::IP @network_setting[1], @network_setting[2] ) ) \{ |
|
@@ -105,18 +102,18 @@ |
|
|
|
|
|
# For the remaining access from the internet, we need an authorised user |
|
|
# that is allowed to either pull or push this repository. |
|
|
- |
|
|
+ |
|
|
# Check if we have: |
|
|
# a) a user that is listed in the repository pull or push permissions |
|
|
# b) valid credentials i.e password can be validated. |
|
|
if( $ENV\{'HTTP_AUTHORIZATION'\} ) \{ |
|
|
my @http_authorisation = split(/ /, $ENV\{'HTTP_AUTHORIZATION'\} ); |
|
|
my @http_digest = split( /:/, decode_base64( @http_authorisation[1] ) ); |
|
|
- |
|
|
+ |
|
|
# See who the effective users are for this repository. The AccountsDB needs |
|
|
# to have world read permissions to allow this to work. |
|
|
- my $effective_pull_users = $git_db->effective_users_list_from( $properties\{'pull_groups'\}, |
|
|
- $properties\{'pull_users'\} ); |
|
|
+ my $effective_pull_users = $git_db->effective_users_list_from( $properties\{'pull_groups'\}, |
|
|
+ $properties\{'pull_users'\} ); |
|
|
if( @http_digest[0] ~~ $effective_pull_users ) \{ |
|
|
# USER IN AUTHORISED LIST -> CHECK PASSWORD |
|
|
if( trypass( @http_digest[0], @http_digest[1] ) == 0 ) \{ |
|
114 |
@@ -131,7 +128,7 @@ |
@@ -131,7 +128,7 @@ |
115 |
return 0; # EXIT NO AUTHORISATION SUPPLIED -> DENY REPOSITORY VIEW |
return 0; # EXIT NO AUTHORISATION SUPPLIED -> DENY REPOSITORY VIEW |
116 |
\} |
\} |