Check IP before submission

2013-09-19 04:52:29 +02:00 · 2013-09-19 04:52:29 +02:00 · 9038f49904
commit 9038f49904
parent 188931f0d4
3 changed files with 70 additions and 19 deletions
--- a/commands/first-install.sh
+++ b/commands/first-install.sh
@ -1,30 +1,58 @@
 #! /bin/bash

 # Install missing packets
-PACKAGES_LIST="libnet-ldap-perl libxml-libxml-perl libgearman-client-perl libmailtools-perl libmail-sendmail-perl libdate-manip-perl"
+DEB_PACKAGES_LIST="libnet-ldap-perl libxml-libxml-perl libgearman-client-perl libmailtools-perl libmail-sendmail-perl libdate-manip-perl"
+ARCH_PACKAGES_LIST="perl-io-socket-ssl perl-email-simple perl-email-mime perl-term-readkey perl-ldap perl-lwp-protocol-https"

-if ! whereis dpkg > /dev/null 2> /dev/null
+if [ -f "/etc/debian_version" ]
 then
-    aptitude install dpkg
-fi

-for PK in $PACKAGES_LIST
-do
-    if ! dpkg -l | grep "^ii" | grep "$PK" > /dev/null 2> /dev/null
+    if ! whereis dpkg > /dev/null 2> /dev/null
    then
-	aptitude install "$PK"
+	aptitude install dpkg
    fi
-done
+
+    for PK in $DEB_PACKAGES_LIST
+    do
+	if ! dpkg -l | grep "^ii" | grep "$PK" > /dev/null 2> /dev/null
+	then
+	    aptitude install "$PK"
+	fi
+    done


-# Add intradmin user if missing
-if ! getent passwd | grep "intradmin:" > /dev/null 2> /dev/null
+    # Add intradmin user if missing
+    if ! getent passwd | grep "intradmin:" > /dev/null 2> /dev/null
+    then
+	useradd --shell /bin/false --uid 942 intradmin &&
+	mkdir -p /home/intradmin
+    fi
+
+    chown -R intradmin:intradmin /home/intradmin
+
+elif [ -f "/etc/arch-release" ]
 then
-    useradd --shell /bin/false --uid 942 intradmin &&
-    mkdir -p /home/intradmin
-fi

-chown -R intradmin:intradmin /home/intradmin
+    for PK in $ARCH_PACKAGES_LIST
+    do
+	if ! pacman -Qi "$PK" > /dev/null 2> /dev/null
+	then
+	    pacman -S "$PK"
+	fi
+    done
+
+elif [ -f "/etc/freebsd-update.conf" ]
+then
+
+    echo "TODO: FreeBSD"
+    exit 1;
+
+else
+
+    echo "Unknown operating system :("
+    exit 1;
+
+fi

 # Git ?
 if egrep '^git:' /etc/passwd > /dev/null
@ -33,4 +61,4 @@ then
    chown git /var/log/hooks/
 fi

-echo "System ready!"
+echo "System ready!"
--- a/commands/manage-server.sh
+++ b/commands/manage-server.sh
@ -2,6 +2,7 @@

 cd $(dirname "$0")

+WKS_LIST="apl"
 SRV_LIST="moore noyce hamano cpp"

 ACTIONS="start stop restart update"
@ -43,6 +44,16 @@ do
    echo
 done

+for WKS in $WKS_LIST
+do
+    echo -e "\e[1;34m>>>\e[0m $ACTION on $WKS"
+    if [ "$ACTION" == "update" ]
+    then
+	ssh root@$SRV "make -C liblerdorf update upgrade"
+    fi
+    echo
+done
+
 cat "$LOG"

-exit $FAIL
+exit $FAIL
--- a/hooks/submissions.pl
+++ b/hooks/submissions.pl
@ -28,14 +28,26 @@ if ($ref =~ m<^refs/tags/(.+)$>)
    log DEBUG, "Pushed tag for repository $ENV{GL_REPO}: $tag with IP $ENV{'SSH_CLIENT'}";

    my $ip = $1 if ($ENV{'SSH_CLIENT'} =~ m/([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/);
-    say "[ACU] Your IP is: $ENV{'SSH_CLIENT'}.";
+    say "[ACU] Your IP is: $ip.";
+
+    $ip = ip2long($ip);
+
+    my $net = ip2long("10.41.0.0");
+    my $mask = ip2long("255.255.0.0");
+
+    if (($ip & $mask) != ($net & $mask))
+    {
+	log ERROR, "[ACU] You are not authorized to push from this IP. This will be reported.";
+	exit 1;
+    }

    # Get project informations
    my $project;
    eval {
 	$project = API::Projects::get($id_project, $promo);
    };
-    if ($@ or !$project) {
+    if ($@ or !$project)
+    {
 	my $err = $@;
 	log TRACE, $err;
 	log ERROR, "Impossible d'envoyer de tags ; si le problème persiste, passez au laboratoire.";