diff options
author | Pierre Schmitz <pierre@archlinux.de> | 2010-08-13 08:20:27 +0200 |
---|---|---|
committer | Pierre Schmitz <pierre@archlinux.de> | 2010-08-13 08:20:27 +0200 |
commit | e2c005b490df6762e23da3223944151c17d1de80 (patch) | |
tree | bb9619cb292a76a09eb0d6604d9871e35ebbb8ba | |
parent | af4f86808e8cd45cc171f55a1ec15bf30d858a0d (diff) | |
download | dbscripts-e2c005b490df6762e23da3223944151c17d1de80.tar.gz dbscripts-e2c005b490df6762e23da3223944151c17d1de80.tar.xz |
Check permission before any action
Added a function to check if user has permission to alter the repos
and db files.
-rw-r--r-- | db-functions | 29 | ||||
-rwxr-xr-x | db-move | 5 | ||||
-rwxr-xr-x | db-remove | 5 | ||||
-rwxr-xr-x | db-update | 10 | ||||
-rw-r--r-- | test/lib/common.inc | 49 |
5 files changed, 72 insertions, 26 deletions
diff --git a/db-functions b/db-functions index c4fc8f3..f22567b 100644 --- a/db-functions +++ b/db-functions @@ -73,7 +73,7 @@ die() { cleanup 1 } -trap abort INT QUIT TERM +trap abort INT QUIT TERM HUP trap cleanup EXIT @@ -274,3 +274,30 @@ pkgver_from_src() { tmp=${tmp%-any} echo $tmp | sed 's|.*-\(.*-.*\)$|\1|g' } + +check_repo_permission() { + local repo=$1 + + local repos="$(get_repos_for_host)" + local found=false + local r + for r in $repos; do + if [ "$r" = "$repo" ]; then + found=true + fi + done + [ $found ] || return 1 + + [ -w "$FTP_BASE/$(get_pkgpool_for_host)" ] || return 1 + + local arch + for arch in ${ARCHES} any; do + local w + local ws=("${FTP_BASE}/${repo}/os/${arch}/"{,${repo}${DBEXT}}) + for w in ws; do + [ -w ] || return 1 + done + done + + return 0 +} @@ -23,6 +23,11 @@ ftppath_to="$FTP_BASE/$repoto/os/" svnrepo_from="$repofrom-$arch" svnrepo_to="$repoto-$arch" +if ! check_repo_permission $repoto || ! check_repo_permission $repofrom; then + echo "Error: You don't have permission to move packages from ${repofrom} to ${repoto}" + exit 1 +fi + repo_lock $repoto $arch || exit 1 repo_lock $repofrom $arch || exit 1 @@ -15,6 +15,11 @@ arch="$3" ftppath="$FTP_BASE/$reponame/os" svnrepo="$reponame-$arch" +if ! check_repo_permission $reponame; then + echo "Error: You don't have permission to remove packages from ${reponam}" + exit 1 +fi + repo_lock $reponame $arch || exit 1 echo -n "Removing $packagebase from $reponame..." @@ -11,15 +11,7 @@ fi reponame="$1" current_arch="" -# ensure we should be playing with this DB on this server -repos="$(get_repos_for_host)" -found=0 -for r in $repos; do - if [ "$r" = "$reponame" ]; then - found=1 - fi -done -if [ $found -ne 1 ]; then +if ! check_repo_permission "$reponame"; then echo "error: you shouldn't be updating $reponame on this server!" exit 1 fi diff --git a/test/lib/common.inc b/test/lib/common.inc index 89155c7..795d01a 100644 --- a/test/lib/common.inc +++ b/test/lib/common.inc @@ -1,3 +1,5 @@ +set -E + . "${curdir}/../db-functions" oneTimeSetUp() { @@ -8,7 +10,9 @@ oneTimeSetUp() { for p in "${pkgdir}"/*; do pushd $p >/dev/null linux32 makepkg -cf --config ${curdir}/lib/makepkg-i686.conf >/dev/null 2>&1 || die 'makepkg failed' - [ -f *-any.pkg.tar.* ] || linux64 makepkg -cf --config ${curdir}/lib/makepkg-x86_64.conf >/dev/null 2>&1 || die 'makepkg failed' + [ -f *-any.pkg.tar.* ] \ + || linux64 makepkg -cf --config ${curdir}/lib/makepkg-x86_64.conf >/dev/null 2>&1 \ + || die 'makepkg failed' popd >/dev/null done echo 'done' @@ -23,7 +27,7 @@ setUp() { local p local pkg - [ -f "${curdir}/../config.local" ] && die "${curdir}/../config.local exists" + #[ -f "${curdir}/../config.local" ] && die "${curdir}/../config.local exists" TMP="$(mktemp -d /dev/shm/$(basename $0).XXXXXXXXXX)" #echo "Using ${TMP}" @@ -82,17 +86,20 @@ checkAnyPackage() { local pkg=$2 local arch - [ -f "${FTP_BASE}/$(get_pkgpool_for_host)/${pkg}" ] || fail "$(get_pkgpool_for_host)/${pkg} not found" + [ -r "${FTP_BASE}/$(get_pkgpool_for_host)/${pkg}" ] || fail "$(get_pkgpool_for_host)/${pkg} not found" for arch in i686 x86_64; do [ -L "${FTP_BASE}/${repo}/os/${arch}/${pkg}" ] || fail "${repo}/os/${arch}/${pkg} not a symlink" - [ "$(readlink -e "${FTP_BASE}/${repo}/os/${arch}/${pkg}")" == "${FTP_BASE}/$(get_pkgpool_for_host)/${pkg}" ] || fail "${repo}/os/${arch}/${pkg} does not link to $(get_pkgpool_for_host)/${pkg}" + [ "$(readlink -e "${FTP_BASE}/${repo}/os/${arch}/${pkg}")" == "${FTP_BASE}/$(get_pkgpool_for_host)/${pkg}" ] \ + || fail "${repo}/os/${arch}/${pkg} does not link to $(get_pkgpool_for_host)/${pkg}" done - [ -f "${STAGING}"/${repo}/${pkg} ] && fail "${repo}/${pkg} found in staging dir" + [ -r "${STAGING}"/${repo}/${pkg} ] && fail "${repo}/${pkg} found in staging dir" - bsdtar -xf "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" -O | grep -q ${pkg} || fail "${pkg} not in ${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" + ( [ -r "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" ] \ + && bsdtar -xf "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" -O | grep -q ${pkg}) \ + || fail "${pkg} not in ${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" - [ -f "${FTP_BASE}/${repo}/os/any/${pkg}" ] && fail "${repo}/os/any/${pkg} should not exist" + [ -r "${FTP_BASE}/${repo}/os/any/${pkg}" ] && fail "${repo}/os/any/${pkg} should not exist" } checkPackage() { @@ -100,17 +107,21 @@ checkPackage() { local pkg=$2 local arch=$3 - [ -f "${FTP_BASE}/$(get_pkgpool_for_host)/${pkg}" ] || fail "$(get_pkgpool_for_host)/${pkg} not found" + [ -r "${FTP_BASE}/$(get_pkgpool_for_host)/${pkg}" ] || fail "$(get_pkgpool_for_host)/${pkg} not found" [ -L "${FTP_BASE}/${repo}/os/${arch}/${pkg}" ] || fail "${repo}/os/${arch}/${pkg} not a symlink" - [ -f "${STAGING}"/${repo}/${pkg} ] && fail "${repo}/${pkg} found in staging dir" + [ -r "${STAGING}"/${repo}/${pkg} ] && fail "${repo}/${pkg} found in staging dir" - [ "$(readlink -e "${FTP_BASE}/${repo}/os/${arch}/${pkg}")" == "${FTP_BASE}/$(get_pkgpool_for_host)/${pkg}" ] || fail "${repo}/os/${arch}/${pkg} does not link to $(get_pkgpool_for_host)/${pkg}" + [ "$(readlink -e "${FTP_BASE}/${repo}/os/${arch}/${pkg}")" == "${FTP_BASE}/$(get_pkgpool_for_host)/${pkg}" ] \ + || fail "${repo}/os/${arch}/${pkg} does not link to $(get_pkgpool_for_host)/${pkg}" - bsdtar -xf "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" -O | grep -q ${pkg} || fail "${pkg} not in ${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" + ( [ -r "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" ] \ + && bsdtar -xf "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" -O | grep -q ${pkg}) \ + || fail "${pkg} not in ${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" local pkgbase=$(getpkgbase "${FTP_BASE}/$(get_pkgpool_for_host)/${pkg}") svn up -q "${TMP}/svn-packages-copy/${pkgbase}" - [ -d "${TMP}/svn-packages-copy/${pkgbase}/repos/${repo}-${arch}" ] || fail "svn-packages-copy/${pkgbase}/repos/${repo}-${arch} does not exist" + [ -d "${TMP}/svn-packages-copy/${pkgbase}/repos/${repo}-${arch}" ] \ + || fail "svn-packages-copy/${pkgbase}/repos/${repo}-${arch} does not exist" } checkRemovedPackage() { @@ -118,10 +129,13 @@ checkRemovedPackage() { local pkgbase=$2 local arch=$3 - bsdtar -xf "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" -O | grep -q ${pkgbase} && fail "${pkgbase} should not be in ${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" + ( [ -r "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" ] \ + && bsdtar -xf "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" -O | grep -q ${pkgbase}) \ + && fail "${pkgbase} should not be in ${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" svn up -q "${TMP}/svn-packages-copy/${pkgbase}" - [ -d "${TMP}/svn-packages-copy/${pkgbase}/repos/${repo}-${arch}" ] && fail "svn-packages-copy/${pkgbase}/repos/${repo}-${arch} should not exist" + [ -d "${TMP}/svn-packages-copy/${pkgbase}/repos/${repo}-${arch}" ] \ + && fail "svn-packages-copy/${pkgbase}/repos/${repo}-${arch} should not exist" } checkRemovedAnyPackage() { @@ -130,9 +144,12 @@ checkRemovedAnyPackage() { local arch for arch in i686 x86_64; do - bsdtar -xf "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" -O | grep -q ${pkgbase} && fail "${pkgbase} should not be in ${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" + ( [ -r "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" ] \ + && bsdtar -xf "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" -O | grep -q ${pkgbase}) \ + && fail "${pkgbase} should not be in ${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" done svn up -q "${TMP}/svn-packages-copy/${pkgbase}" - [ -d "${TMP}/svn-packages-copy/${pkgbase}/repos/${repo}-any" ] && fail "svn-packages-copy/${pkgbase}/repos/${repo}-any should not exist" + [ -d "${TMP}/svn-packages-copy/${pkgbase}/repos/${repo}-any" ] \ + && fail "svn-packages-copy/${pkgbase}/repos/${repo}-any should not exist" }
\ No newline at end of file |