Girocco/Validator.pm

   1 # This install-only package contains validation, sanity and default
   2 # checks for the values set in Girocco::Config.
   3
   4 # It's only used during the install process.
   5 # Normally the Girocco::Config file will "require" this module
   6 # at the end (before it's frozen during installation).
   7 # However, the install process specifically "use"s this module to
   8 # guarantee the checks always run even if that "require" is removed.
   9
  10 package Girocco::Validator;
  11
  12 BEGIN {
  13         # This check MUST NOT be inside the Girocco::Config package
  14         scalar(eval 'keys %Girocco::Config::') or
  15                 die "Girocco::Config must already be 'use'd before ".__PACKAGE__." is 'use'd.\n";
  16 }
  17
  18 package Girocco::Config;
  19
  20 use strict;
  21 use warnings;
  22 no strict 'vars'; # required since Config.pm declares the variables
  23
  24 #
  25 ##  ------------------------
  26 ##  Sanity checks & defaults
  27 ##  ------------------------
  28 #
  29 #  Changing anything in this section can result in unexpected breakage
  30
  31 # Couple of sanity checks and default settings (do not change these)
  32 require Digest::MD5;
  33 require MIME::Base64;
  34 defined($name) or $name = "";
  35 $name =~ s/\s+/_/gs;
  36 $nickname = lc((split(/[.]/, $name))[0]) unless defined($nickname) && $nickname ne "";
  37 $nickname =~ s/\s+/_/gs;
  38 our $tmpsuffix = substr(MIME::Base64::encode_base64(Digest::MD5::md5($name.':'.$nickname)),0,6);
  39 $tmpsuffix =~ tr,+/,=_,;
  40 defined($mirror_user) && $mirror_user ne "" or
  41         die "Girocco::Config: \$mirror_user must be set even if to current user";
  42 defined($basedir) && $basedir ne "" or
  43         die "Girocco::Config: \$basedir must be set";
  44 defined($sendmail_bin) && $sendmail_bin ne "" or
  45         die "Girocco::Config: \$sendmail_bin must be set";
  46 $sendmail_bin eq "sendmail.pl" and $sendmail_bin = "$basedir/bin/sendmail.pl";
  47 defined($screen_acl_file) && $screen_acl_file ne "" or
  48         $screen_acl_file = "$basedir/screen/giroccoacl";
  49 defined($jailreporoot) or $jailreporoot = "";
  50 $jailreporoot =~ s,^/+,,;
  51 $reporoot ne "" or die "Girocco::Config: \$reporoot must be set";
  52 $jailreporoot ne "" or die "Girocco::Config: \$jailreporoot must be set";
  53 $disable_jailsetup = $disable_jailsetup ? 1 : '';
  54 $notify_single_level = $notify_single_level ? 1 : '';
  55 $fetch_stash_refs = $fetch_stash_refs ? 1 : '';
  56 !$mob || $mob eq 'mob' or die "Girocco::Config: \$mob must be undef (or '') or 'mob'";
  57 !defined($protect_fields) || ref($protect_fields) eq 'HASH' or
  58         die "Girocco::Config: \$protect_fields must be a HASH ref or undefined";
  59 ref($protect_fields) eq 'HASH' or $protect_fields = {};
  60 $project_edit_timeout =~ /^[1-9][0-9]*$/ or
  61         die "Girocco::Config: \$project_edit_timeout must be a positive integer";
  62 5 <= $project_edit_timeout && $project_edit_timeout <= 86400 or
  63         die "Girocco::Config: \$project_edit_timeout seems unreasonable: $project_edit_timeout";
  64 !$min_key_length || $min_key_length =~ /^[1-9][0-9]*$/ or
  65         die "Girocco::Config: \$min_key_length must be undef or numeric";
  66 !defined($max_readme_size) || $max_readme_size =~ /^[0-9]+$/ or
  67         die "Girocco::Config: \$max_readme_size must be a whole number";
  68 defined($mailsh_sizelimit) && $mailsh_sizelimit =~ /^[1-9][0-9]*$/ or
  69         die "Girocco::Config: \$mailsh_sizelimit must be a positive number";
  70 $admincc = $admincc ? 1 : 0;
  71 $rootcert = "$certsdir/girocco_root_crt.pem" if $httpspushurl && !$rootcert;
  72 $clientcert = "$certsdir/girocco_client_crt.pem" if $httpspushurl && !$clientcert;
  73 $clientkey = "$certsdir/girocco_client_key.pem" if $httpspushurl && !$clientkey;
  74 $clientcertsuffix = "$certsdir/girocco_client_suffix.pem" if $httpspushurl && !$clientcertsuffix;
  75 $mobusercert = "$certsdir/girocco_mob_user_crt.pem" if $httpspushurl && $mob && !$mobusercert;
  76 $mobuserkey = "$certsdir/girocco_mob_user_key.pem" if $httpspushurl && $mob && !$mobuserkey;
  77 our $mobpushurl = $pushurl;
  78 $mobpushurl =~ s,^ssh://,ssh://mob@,i if $mobpushurl;
  79 $disable_dsa = 1 unless $pushurl;
  80 $disable_dsa = $disable_dsa ? 1 : '';
  81 our $httpdnsname = ($gitweburl =~ m,https?://([A-Za-z0-9.-]+),i) ? lc($1) : undef if $gitweburl;
  82 our $httpsdnsname = ($httpspushurl =~ m,https://([A-Za-z0-9.-]+),i) ? lc($1) : undef if $httpspushurl;
  83 $SmartHTTPOnly = $SmartHTTPOnly ? 1 : '';
  84 $TLSHost = $TLSHost ? 1 : '';
  85 $pretrustedroot = $pretrustedroot ? 1 : '';
  86 $suppress_git_ssh_logging = $suppress_git_ssh_logging ? 1 : '';
  87 $git_daemon_any_host = $git_daemon_any_host ? 1 : '';
  88 if ((!defined($git_daemon_host_list) || $git_daemon_host_list =~ /^\s*$/) &&
  89     (defined($gitpullurl) && $gitpullurl =~ m{^git://\[?[A-Za-z0-9.-:]}i)) {
  90         if ($gitpullurl =~ m{^[gG][iI][tT]://([A-Za-z0-9.-]+)(?:[/:]|$)} ||
  91             $gitpullurl =~ m{^[gG][iI][tT]://\[([0-9a-zA-Z.:%]+)\](?:[/:]|$)}) {
  92                 my $gdhn = lc($1);
  93                 $gdhn ne "." and $gdhn =~ s/\.$//;
  94                 my $gdhnl = $gdhn; $gdhnl =~ s/(?<!^)(?<!\.)\..*$//;
  95                 $git_daemon_host_list="$gdhn";
  96                 do {$git_daemon_host_list.=" $_" unless index(" $git_daemon_host_list "," $_ ")>=0}
  97                         foreach $gdhnl, qw"localhost ::1 127.0.0.1";
  98         }
  99 }
 100 if (defined($git_daemon_host_list)) {
 101         $git_daemon_host_list = lc($git_daemon_host_list);
 102         $git_daemon_host_list =~ s/^\s+//;
 103         $git_daemon_host_list =~ s/\s+$//;
 104         $git_daemon_host_list = undef if $git_daemon_host_list eq "";
 105 }
 106 $mirror || $push or
 107         die "Girocco::Config: neither \$mirror nor \$push is set?!";
 108 !$push || ($pushurl || $httpspushurl || $gitpullurl || $httppullurl) or
 109         die "Girocco::Config: no pull URL is set";
 110 !$push || ($pushurl || $httpspushurl) or
 111         die "Girocco::Config: \$push set but \$pushurl and \$httpspushurl are undef";
 112 !$mirror || $mirror_user or
 113         die "Girocco::Config: \$mirror set but \$mirror_user is undef";
 114 $TLSHost = $TLSHost ? 1 : '';
 115 $manage_users = $manage_users ? 1 : 0;
 116 $chrooted = $chrooted ? 1 : 0;
 117 $manage_users == $chrooted or
 118         die "Girocco::Config: \$manage_users and \$chrooted must be set to the same value";
 119 !$chrooted || uc($permission_control) ne 'ACL' or
 120         die "Girocco::Config: resolving uids for ACL not supported when using chroot";
 121 defined($permission_control) or $permission_control = '';
 122 $permission_control = ucfirst(lc($permission_control));
 123 (grep { $permission_control eq $_ } qw(Group Hooks)) or
 124         die "Girocco::Config: \$permission_control must be set to Group or Hooks";
 125 $chrooted || !$mob or
 126         die "Girocco::Config: mob user supported only in the chrooted mode";
 127 !$httpspushurl || $httpsdnsname or
 128         die "Girocco::Config: \$httpspushurl invalid does not start with https://domainname";
 129 !$svn_log_window_size || $svn_log_window_size =~ /^[1-9][0-9]*$/ or
 130         die "Girocco::Config: \$svn_log_window_size must be undef or numeric";
 131 defined($max_file_size512) && !$max_file_size512 and $max_file_size512 = undef;
 132 !defined($max_file_size512) || $max_file_size512 =~ /^[1-9][0-9]*$/ && $max_file_size512 <= 2147483647 or
 133         die "Girocco::Config: \$max_file_size512 must be undef or a positive integer <= 2147483647";
 134 defined($max_clone_objects) && !$max_clone_objects and $max_clone_objects = undef;
 135 !defined($max_clone_objects) || $max_clone_objects =~ /^[1-9][0-9]*$/ or
 136         die "Girocco::Config: \$max_clone_objects must be undef or a positive integer";
 137 !defined($posix_sh_bin) || $posix_sh_bin !~ /\s/ or
 138         die "Girocco::Config: \$posix_sh_bin must not contain any whitespace";
 139 !defined($perl_bin) || $perl_bin !~ /\s/ or
 140         die "Girocco::Config: \$perl_bin must not contain any whitespace";
 141 !$delay_gfi_redelta and $delay_gfi_redelta = undef;
 142 !$git_no_mmap and $git_no_mmap = undef;
 143 !$suppress_x_girocco and $suppress_x_girocco = undef;
 144 !$jgit_compatible_bitmaps and $jgit_compatible_bitmaps = undef;
 145 !$autogchack and $autogchack = undef;
 146 !$reflogs_lifetime || $reflogs_lifetime !~ /^[1-9][0-9]*$/ and $reflogs_lifetime = 1;
 147 $reflogs_lifetime = 0 + $reflogs_lifetime;
 148 $reflogs_lifetime >= 0 or $reflogs_lifetime = 1;
 149 $reflogs_lifetime <= 30 or $reflogs_lifetime = 30;
 150 !defined $upload_pack_window || $upload_pack_window =~ /^[1-9][0-9]*$/ or
 151         die "Girocco::Config: \$upload_pack_window must be undef or numeric";
 152 !defined $upload_pack_window || (2 <= $upload_pack_window && $upload_pack_window <= 50) or
 153         die "Girocco::Config: \$upload_pack_window must be in range 2..50";
 154 !defined $max_receive_size || $max_receive_size =~ /^\d+[kKmMgG]?$/ or
 155         die "Girocco::Config: \$max_receive_size setting is invalid";
 156 defined($ENV{'SENDMAIL_PL_HOST'}) and eval 'our $sendmail_pl_host = $ENV{"SENDMAIL_PL_HOST"}';
 157 defined($ENV{'SENDMAIL_PL_PORT'}) and eval 'our $sendmail_pl_port = $ENV{"SENDMAIL_PL_PORT"}';
 158 defined($ENV{'SENDMAIL_PL_NCBIN'}) and eval 'our $sendmail_pl_ncbin = $ENV{"SENDMAIL_PL_NCBIN"}';
 159 defined($ENV{'SENDMAIL_PL_NCOPT'}) and eval 'our $sendmail_pl_ncopt = $ENV{"SENDMAIL_PL_NCOPT"}';
 160 defined($ENV{'PYTHON'}) and eval 'our $python = $ENV{"PYTHON"}';
 161
 162 # jailreporoot MUST NOT be absolute
 163 defined($jailreporoot) && substr($jailreporoot, 0, 1) ne "/" or
 164         die "Girocco::Config: \$jailreporoot MUST NOT be an absolute path\n";
 165
 166 # webreporoot can be undef
 167 !defined($webreporoot) || substr($webreporoot, 0, 1) eq "/" or
 168         die "Girocco::Config: \$webreporoot MUST be an absolute path if not undef\n";
 169
 170 # All these MUST be absolute paths
 171 {
 172         no strict 'refs';
 173         defined(${$_}) && substr(${$_}, 0, 1) eq "/" or
 174                 die "Girocco::Config: \$$_ MUST be an absolute path\n"
 175         foreach qw(basedir certsdir reporoot chroot webroot cgiroot projlist_cache_dir);
 176 }
 177
 178 # Make sure Git has a consistent and reproducible environment
 179
 180 $ENV{'XDG_CONFIG_HOME'} = $chroot.'/var/empty';
 181 $ENV{'HOME'} = $chroot.'/etc/girocco';
 182 $ENV{'TMPDIR'} = '/tmp';
 183 $ENV{'GIT_CONFIG_NOSYSTEM'} = 1;
 184 $ENV{'GIT_ATTR_NOSYSTEM'} = 1;
 185 $ENV{'GIT_NO_REPLACE_OBJECTS'} = 1;
 186 $ENV{'GIT_TERMINAL_PROMPT'} = 0;
 187 $ENV{'GIT_ASKPASS'} = $basedir.'/bin/git-askpass-password';
 188 delete $ENV{'GIT_USER_AGENT'};
 189 $ENV{'GIT_USER_AGENT'} = $git_client_ua if defined($git_client_ua);
 190 delete $ENV{'GIT_HTTP_USER_AGENT'};
 191 delete $ENV{'GIT_CONFIG_PARAMETERS'};
 192 delete $ENV{'GIT_ALTERNATE_OBJECT_DIRECTORIES'};
 193 delete $ENV{'GIT_CONFIG'};
 194 delete $ENV{'GIT_DIR'};
 195 delete $ENV{'GIT_GRAFT_FILE'};
 196 delete $ENV{'GIT_INDEX_FILE'};
 197 delete $ENV{'GIT_OBJECT_DIRECTORY'};
 198 delete $ENV{'GIT_NAMESPACE'};
 199
 200 # Guarantee a sane umask for Girocco
 201
 202 umask(umask() & ~0770);
 203
 204 1;