epita-std/ACU
Archived
1
0
Fork 0
Code Releases Activity

Check IP in gl-pre-git hook

Browse source
This commit is contained in:
Mercier Pierre-Olivier 2013-09-28 11:15:31 +02:00
parent 8f5cd9a6be
commit d7686f68c0
3 changed files with 77 additions and 59 deletions
Download patch file Download diff file Expand all files Collapse all files

2
commands/first-install.sh
View file

@ -18,7 +18,7 @@ then
fi fi
done done
elif [ "$KERNEL" = "Linux"] elif [ "$KERNEL" = "Linux" ]
then then
if [ -f "/etc/debian_version" ] if [ -f "/etc/debian_version" ]

38
hooks/gl-pre-git Executable file
View file

@ -0,0 +1,38 @@
#!/usr/bin/env perl
use strict;
use warnings;
use v5.10;
use File::Basename;
use Net::IP;
use ACU::Log;
$ACU::Log::log_file = "/var/log/hooks/" . basename($0) . ".log";
# First, check if the repository is in the YYYY/ directory
exit 0 if ($ENV{GL_REPO} !~ /^2[0-9]{3}\/.+\/.+/);
my $ip = $1 if ($ENV{'SSH_CLIENT'} =~ m/([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/);
say "Votre IP est : $ip.";
$ip = Net::IP->new($ip) or die ("IP invalide");
my $schoolnetwork = Net::IP->new('192.168.0.0/16');
if ($ip->overlaps($schoolnetwork) != $IP_A_IN_B_OVERLAP)
{
log ERROR, "Vous n'êtes pas autorisé à envoyer vos modifications depuis cette IP.";
exit 1;
}
my $sshnetwork = Net::IP->new('10.41.253.0/24');
if ($ip->overlaps($sshnetwork) == $IP_A_IN_B_OVERLAP)
{
log ERROR, "Vous n'êtes pas autorisé à envoyer vos modifications depuis cette IP.";
exit 1;
}
exit 0;

96
hooks/submissions.pl
View file

@ -3,8 +3,10 @@
use strict; use strict;
use warnings; use warnings;
use v5.10; use v5.10;
use Date::Manip; use DateTime::Format::ISO8601;
use File::Basename; use File::Basename;
use Net::IP;
use POSIX qw(strftime);
use Socket; use Socket;
use ACU::API::Projects; use ACU::API::Projects;
@ -28,29 +30,6 @@ if ($ref =~ m<^refs/tags/(.+)$>)
my $tag = $1; my $tag = $1;
log DEBUG, "Pushed tag for repository $ENV{GL_REPO}: $tag with IP $ENV{'SSH_CLIENT'}"; log DEBUG, "Pushed tag for repository $ENV{GL_REPO}: $tag with IP $ENV{'SSH_CLIENT'}";
my $ip = $1 if ($ENV{'SSH_CLIENT'} =~ m/([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/);
say "[ACU] Your IP is: $ip.";
$ip = ip2long($ip);
my $net = ip2long("10.41.0.0");
my $mask = ip2long("255.255.0.0");
if (($ip & $mask) != ($net & $mask))
{
log ERROR, "[ACU] You are not authorized to push from this IP. This will be reported.";
exit 1;
}
$net = ip2long("10.41.253.0");
$mask = ip2long("255.255.255.0");
if (($ip & $mask) == ($net & $mask))
{
log ERROR, "[ACU] You are not authorized to push from this IP. This will be reported.";
exit 1;
}
# Get project informations # Get project informations
my $project; my $project;
eval { eval {
@ -71,64 +50,65 @@ if ($ref =~ m<^refs/tags/(.+)$>)
exists $_->{vcs} and $_->{vcs}{tag} eq $tag; exists $_->{vcs} and $_->{vcs}{tag} eq $tag;
} @{ $project->{submissions} }; } @{ $project->{submissions} };
my $date = $ENV{'GL_TS'}; my $glts = DateTime::Format::ISO8601->parse_datetime(
$date =~ s/\./ /; do {
my $glts = ParseDate($date); my $t = $ENV{'GL_TS'};
$t =~ tr/./T/;
$t
});
chomp (my $tokengiven = `git cat-file tag $newsha 2> /dev/null | sed -e '1,/^\$/d'`); chomp (my $tokengiven = `git cat-file tag $newsha 2> /dev/null | sed -e '1,/^\$/d'`);
for my $rendu (@rendus) for my $rendu (@rendus)
{ {
my $open = ParseDate($rendu->{period}{begin}); my $open = DateTime::Format::ISO8601->parse_datetime($rendu->{period}{begin});
my $close = ParseDate($rendu->{period}{end}); my $close = DateTime::Format::ISO8601->parse_datetime($rendu->{period}{end});
# TODO: check exceptions by login/group # TODO: check exceptions by login/group
say "[ACU] Date courante: ", $glts; say "Date courante : ", $glts->strftime("%d/%m/%Y %H:%M:%S");
say "[ACU] Date fermeture: ", $close;
if ((Date_Cmp($glts, $open) == -1)) if (DateTime->compare($glts, $open) == -1)
{ {
say "[ACU] Tag not allowed: upload not yet opened!"; say "Date d'ouverture : ", $open->strftime("%d/%m/%Y %H:%M:%S");
log ERROR, "Tag rejeté : le rendu n'est pas encore ouvert.";
exit(4); exit(4);
} }
if ((Date_Cmp($glts, $close) == 1)) say "Date de fermeture : ", $close->strftime("%d/%m/%Y %H:%M:%S");
if (DateTime->compare($glts, $close) == 1)
{ {
say "[ACU] Tag not allowed: upload closed!"; log ERROR, "Tag rejeté : le rendu est clos.";
exit(5); exit(5);
} }
my $token = $rendu->{vcs}{token}; my $token = $rendu->{vcs}{token};
if ($token ne "" and $token ne $tokengiven) if ($token ne "" and $token ne $tokengiven and $newsha ne '0' x 40)
{ {
say "[ACU] Error 0x65cd58: Bad token."; log ERROR, "Tag rejeté : mauvais token.";
exit(6); exit(6);
} }
} }
# Send data to API if ($newsha eq '0' x 40) {
my $last_commit = `git log -1 --name-status`; log USAGE, "Mais pour quelle raison voudriez-vous supprimer un tag ?!";
eval {
API::Submission::add($promo, $id_project, $tag, $repo_login, $last_commit);
};
if ($@) {
my $err = $@;
log DEBUG, "ERROR: ".$err;
log DONE, "[ACU] Upload successful";
} }
else { else
log DONE, "[ACU] Upload successful, please check this information on the intranet"; {
# Send data to API
my $last_commit = `git log $newsha -1 --decorate --tags`;
eval {
API::Submission::add($promo, $id_project, $tag, $repo_login, $last_commit);
};
if ($@) {
my $err = $@;
log DEBUG, "ERROR: ".$err;
log DONE, "Tag '$tag' effectué avec succès !";
}
else {
log DONE, "Tag '$tag' effectué avec succès ! Vérifiez-le sur l'intranet.";
}
} }
} }
exit 0; exit 0;
sub ip2long
{
return unpack("l*", pack("l*", unpack("N*", inet_aton(shift))));
}
sub long2ip
{
return inet_ntoa(pack("N*", shift));
}