ACU/hooks/gl-pre-git

#!/usr/bin/env perl

use strict;
use warnings;
use v5.10;
use File::Basename;
use Net::IP;

use ACU::Log;
$ACU::Log::log_file = "/var/log/hooks/" . basename($0) . ".log";

my $ip = $1 if ($ENV{'SSH_CLIENT'} =~ m/([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/);

exit 0 if (!$ip);

log DEBUG, "Connection to $ENV{GL_REPO} from $ip";

# First, check if the repository is in the YYYY/ directory
exit 0 if ($ENV{GL_REPO} !~ /^2[0-9]{3}\/.+\/.+/);


my $read = ($ARGV[0] =~ /R/);
my $write = ($ARGV[0] =~ /W/);

my $promo = $1 if ($ENV{'GL_REPO'} =~ m/([0-9]{4}).*/);
my $id_project = $1 if ($ENV{'GL_REPO'} =~ m/.*\/(.*)\//);
my $repo_login = $1 if ($ENV{'GL_REPO'} =~ m/.*\/.*\/(.*)/);


$ip = Net::IP->new($ip) or die ("IP invalide");

my $schoolnetwork = Net::IP->new('10.41.0.0/16');

if ($ip->overlaps($schoolnetwork) != $IP_A_IN_B_OVERLAP)
{
    say "Votre IP est : $ip.";

    log ERROR, "Vous n'êtes pas autorisé à envoyer vos modifications depuis cette IP." if ($write);
    log ERROR, "Vous n'êtes pas autorisé à accéder à ce dépôt depuis cette IP." if ($read);
    exit 1;
}

my $sshnetwork = Net::IP->new('10.41.253.0/24');

if ($ip->overlaps($sshnetwork) == $IP_A_IN_B_OVERLAP)
{
    say "Votre IP est : $ip.";

    log ERROR, "Vous n'êtes pas autorisé à envoyer vos modifications depuis cette IP." if ($write);
    log ERROR, "Vous n'êtes pas autorisé à accéder à ce dépôt depuis cette IP." if ($read);
    exit 1;
}


exit 0;
Check IP in gl-pre-git hook 2013-09-28 09:15:31 +00:00			`#!/usr/bin/env perl`

			`use strict;`
			`use warnings;`
			`use v5.10;`
			`use File::Basename;`
			`use Net::IP;`

			`use ACU::Log;`
			`$ACU::Log::log_file = "/var/log/hooks/" . basename($0) . ".log";`

Add debug information in gl-pre-git hook 2013-09-30 08:53:21 +00:00			`my $ip = $1 if ($ENV{'SSH_CLIENT'} =~ m/([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/);`

Install gl-pre-git at the right place 2013-10-07 14:42:02 +00:00			`exit 0 if (!$ip);`

Add debug information in gl-pre-git hook 2013-09-30 08:53:21 +00:00			`log DEBUG, "Connection to $ENV{GL_REPO} from $ip";`

Check IP in gl-pre-git hook 2013-09-28 09:15:31 +00:00			`# First, check if the repository is in the YYYY/ directory`
			`exit 0 if ($ENV{GL_REPO} !~ /^2[0-9]{3}\/.+\/.+/);`


Differenciate R and W access to repo 2013-10-07 18:19:07 +00:00			`my $read = ($ARGV[0] =~ /R/);`
			`my $write = ($ARGV[0] =~ /W/);`

gl-pre-git: display IP only if not authorized 2013-10-12 00:47:57 +00:00			`my $promo = $1 if ($ENV{'GL_REPO'} =~ m/([0-9]{4}).*/);`
			`my $id_project = $1 if ($ENV{'GL_REPO'} =~ m/.\/(.)\//);`
			`my $repo_login = $1 if ($ENV{'GL_REPO'} =~ m/.\/.\/(.*)/);`

Check IP in gl-pre-git hook 2013-09-28 09:15:31 +00:00
			`$ip = Net::IP->new($ip) or die ("IP invalide");`

Allow SM to clone and push 2013-09-30 08:27:44 +00:00			`my $schoolnetwork = Net::IP->new('10.41.0.0/16');`
Check IP in gl-pre-git hook 2013-09-28 09:15:31 +00:00
			`if ($ip->overlaps($schoolnetwork) != $IP_A_IN_B_OVERLAP)`
			`{`
gl-pre-git: display IP only if not authorized 2013-10-12 00:47:57 +00:00			`say "Votre IP est : $ip.";`

Differenciate R and W access to repo 2013-10-07 18:19:07 +00:00			`log ERROR, "Vous n'êtes pas autorisé à envoyer vos modifications depuis cette IP." if ($write);`
			`log ERROR, "Vous n'êtes pas autorisé à accéder à ce dépôt depuis cette IP." if ($read);`
Check IP in gl-pre-git hook 2013-09-28 09:15:31 +00:00			`exit 1;`
			`}`

			`my $sshnetwork = Net::IP->new('10.41.253.0/24');`

			`if ($ip->overlaps($sshnetwork) == $IP_A_IN_B_OVERLAP)`
			`{`
gl-pre-git: display IP only if not authorized 2013-10-12 00:47:57 +00:00			`say "Votre IP est : $ip.";`

Differenciate R and W access to repo 2013-10-07 18:19:07 +00:00			`log ERROR, "Vous n'êtes pas autorisé à envoyer vos modifications depuis cette IP." if ($write);`
			`log ERROR, "Vous n'êtes pas autorisé à accéder à ce dépôt depuis cette IP." if ($read);`
Check IP in gl-pre-git hook 2013-09-28 09:15:31 +00:00			`exit 1;`
			`}`


			`exit 0;`