epita-std/ACU
Archived
1
0
Fork 0
Code Releases Activity

Check IP before submission

Browse source
This commit is contained in:
Mercier Pierre-Olivier 2013-09-19 04:52:29 +02:00
commit 9038f49904
3 changed files with 70 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

60
commands/first-install.sh
View file

@ -1,30 +1,58 @@
#! /bin/bash #! /bin/bash
# Install missing packets # Install missing packets
PACKAGES_LIST="libnet-ldap-perl libxml-libxml-perl libgearman-client-perl libmailtools-perl libmail-sendmail-perl libdate-manip-perl" DEB_PACKAGES_LIST="libnet-ldap-perl libxml-libxml-perl libgearman-client-perl libmailtools-perl libmail-sendmail-perl libdate-manip-perl"
ARCH_PACKAGES_LIST="perl-io-socket-ssl perl-email-simple perl-email-mime perl-term-readkey perl-ldap perl-lwp-protocol-https"
if ! whereis dpkg > /dev/null 2> /dev/null if [ -f "/etc/debian_version" ]
then then
aptitude install dpkg
fi
for PK in $PACKAGES_LIST if ! whereis dpkg > /dev/null 2> /dev/null
do
if ! dpkg -l | grep "^ii" | grep "$PK" > /dev/null 2> /dev/null
then then
aptitude install "$PK" aptitude install dpkg
fi fi
done
for PK in $DEB_PACKAGES_LIST
do
if ! dpkg -l | grep "^ii" | grep "$PK" > /dev/null 2> /dev/null
then
aptitude install "$PK"
fi
done
# Add intradmin user if missing # Add intradmin user if missing
if ! getent passwd | grep "intradmin:" > /dev/null 2> /dev/null if ! getent passwd | grep "intradmin:" > /dev/null 2> /dev/null
then
useradd --shell /bin/false --uid 942 intradmin &&
mkdir -p /home/intradmin
fi
chown -R intradmin:intradmin /home/intradmin
elif [ -f "/etc/arch-release" ]
then then
useradd --shell /bin/false --uid 942 intradmin &&
mkdir -p /home/intradmin
fi
chown -R intradmin:intradmin /home/intradmin for PK in $ARCH_PACKAGES_LIST
do
if ! pacman -Qi "$PK" > /dev/null 2> /dev/null
then
pacman -S "$PK"
fi
done
elif [ -f "/etc/freebsd-update.conf" ]
then
echo "TODO: FreeBSD"
exit 1;
else
echo "Unknown operating system :("
exit 1;
fi
# Git ? # Git ?
if egrep '^git:' /etc/passwd > /dev/null if egrep '^git:' /etc/passwd > /dev/null
@ -33,4 +61,4 @@ then
chown git /var/log/hooks/ chown git /var/log/hooks/
fi fi
echo "System ready!" echo "System ready!"

13
commands/manage-server.sh
View file

@ -2,6 +2,7 @@
cd $(dirname "$0") cd $(dirname "$0")
WKS_LIST="apl"
SRV_LIST="moore noyce hamano cpp" SRV_LIST="moore noyce hamano cpp"
ACTIONS="start stop restart update" ACTIONS="start stop restart update"
@ -43,6 +44,16 @@ do
echo echo
done done
for WKS in $WKS_LIST
do
echo -e "\e[1;34m>>>\e[0m $ACTION on $WKS"
if [ "$ACTION" == "update" ]
then
ssh root@$SRV "make -C liblerdorf update upgrade"
fi
echo
done
cat "$LOG" cat "$LOG"
exit $FAIL exit $FAIL

16
hooks/submissions.pl
View file

@ -28,14 +28,26 @@ if ($ref =~ m<^refs/tags/(.+)$>)
log DEBUG, "Pushed tag for repository $ENV{GL_REPO}: $tag with IP $ENV{'SSH_CLIENT'}"; log DEBUG, "Pushed tag for repository $ENV{GL_REPO}: $tag with IP $ENV{'SSH_CLIENT'}";
my $ip = $1 if ($ENV{'SSH_CLIENT'} =~ m/([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/); my $ip = $1 if ($ENV{'SSH_CLIENT'} =~ m/([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/);
say "[ACU] Your IP is: $ENV{'SSH_CLIENT'}."; say "[ACU] Your IP is: $ip.";
$ip = ip2long($ip);
my $net = ip2long("10.41.0.0");
my $mask = ip2long("255.255.0.0");
if (($ip & $mask) != ($net & $mask))
{
log ERROR, "[ACU] You are not authorized to push from this IP. This will be reported.";
exit 1;
}
# Get project informations # Get project informations
my $project; my $project;
eval { eval {
$project = API::Projects::get($id_project, $promo); $project = API::Projects::get($id_project, $promo);
}; };
if ($@ or !$project) { if ($@ or !$project)
{
my $err = $@; my $err = $@;
log TRACE, $err; log TRACE, $err;
log ERROR, "Impossible d'envoyer de tags ; si le problème persiste, passez au laboratoire."; log ERROR, "Impossible d'envoyer de tags ; si le problème persiste, passez au laboratoire.";