Check IP in gl-pre-git hook
This commit is contained in:
Mercier Pierre-Olivier
parent
8f5cd9a6be
commit
d7686f68c0
3 changed files with 77 additions and 59 deletions
|
|
@ -18,7 +18,7 @@ then
|
|||
fi
|
||||
done
|
||||
|
||||
elif [ "$KERNEL" = "Linux"]
|
||||
elif [ "$KERNEL" = "Linux" ]
|
||||
then
|
||||
|
||||
if [ -f "/etc/debian_version" ]
|
||||
|
|
|
|||
38
hooks/gl-pre-git
Executable file
38
hooks/gl-pre-git
Executable file
|
|
@ -0,0 +1,38 @@
|
|||
#!/usr/bin/env perl
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use v5.10;
|
||||
use File::Basename;
|
||||
use Net::IP;
|
||||
|
||||
use ACU::Log;
|
||||
$ACU::Log::log_file = "/var/log/hooks/" . basename($0) . ".log";
|
||||
|
||||
# First, check if the repository is in the YYYY/ directory
|
||||
exit 0 if ($ENV{GL_REPO} !~ /^2[0-9]{3}\/.+\/.+/);
|
||||
|
||||
|
||||
my $ip = $1 if ($ENV{'SSH_CLIENT'} =~ m/([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/);
|
||||
say "Votre IP est : $ip.";
|
||||
|
||||
$ip = Net::IP->new($ip) or die ("IP invalide");
|
||||
|
||||
my $schoolnetwork = Net::IP->new('192.168.0.0/16');
|
||||
|
||||
if ($ip->overlaps($schoolnetwork) != $IP_A_IN_B_OVERLAP)
|
||||
{
|
||||
log ERROR, "Vous n'êtes pas autorisé à envoyer vos modifications depuis cette IP.";
|
||||
exit 1;
|
||||
}
|
||||
|
||||
my $sshnetwork = Net::IP->new('10.41.253.0/24');
|
||||
|
||||
if ($ip->overlaps($sshnetwork) == $IP_A_IN_B_OVERLAP)
|
||||
{
|
||||
log ERROR, "Vous n'êtes pas autorisé à envoyer vos modifications depuis cette IP.";
|
||||
exit 1;
|
||||
}
|
||||
|
||||
|
||||
exit 0;
|
||||
|
|
@ -3,8 +3,10 @@
|
|||
use strict;
|
||||
use warnings;
|
||||
use v5.10;
|
||||
use Date::Manip;
|
||||
use DateTime::Format::ISO8601;
|
||||
use File::Basename;
|
||||
use Net::IP;
|
||||
use POSIX qw(strftime);
|
||||
use Socket;
|
||||
|
||||
use ACU::API::Projects;
|
||||
|
|
@ -28,29 +30,6 @@ if ($ref =~ m<^refs/tags/(.+)$>)
|
|||
my $tag = $1;
|
||||
log DEBUG, "Pushed tag for repository $ENV{GL_REPO}: $tag with IP $ENV{'SSH_CLIENT'}";
|
||||
|
||||
my $ip = $1 if ($ENV{'SSH_CLIENT'} =~ m/([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/);
|
||||
say "[ACU] Your IP is: $ip.";
|
||||
|
||||
$ip = ip2long($ip);
|
||||
|
||||
my $net = ip2long("10.41.0.0");
|
||||
my $mask = ip2long("255.255.0.0");
|
||||
|
||||
if (($ip & $mask) != ($net & $mask))
|
||||
{
|
||||
log ERROR, "[ACU] You are not authorized to push from this IP. This will be reported.";
|
||||
exit 1;
|
||||
}
|
||||
|
||||
$net = ip2long("10.41.253.0");
|
||||
$mask = ip2long("255.255.255.0");
|
||||
|
||||
if (($ip & $mask) == ($net & $mask))
|
||||
{
|
||||
log ERROR, "[ACU] You are not authorized to push from this IP. This will be reported.";
|
||||
exit 1;
|
||||
}
|
||||
|
||||
# Get project informations
|
||||
my $project;
|
||||
eval {
|
||||
|
|
@ -71,64 +50,65 @@ if ($ref =~ m<^refs/tags/(.+)$>)
|
|||
exists $_->{vcs} and $_->{vcs}{tag} eq $tag;
|
||||
} @{ $project->{submissions} };
|
||||
|
||||
my $date = $ENV{'GL_TS'};
|
||||
$date =~ s/\./ /;
|
||||
my $glts = ParseDate($date);
|
||||
my $glts = DateTime::Format::ISO8601->parse_datetime(
|
||||
do {
|
||||
my $t = $ENV{'GL_TS'};
|
||||
$t =~ tr/./T/;
|
||||
$t
|
||||
});
|
||||
|
||||
chomp (my $tokengiven = `git cat-file tag $newsha 2> /dev/null | sed -e '1,/^\$/d'`);
|
||||
for my $rendu (@rendus)
|
||||
{
|
||||
my $open = ParseDate($rendu->{period}{begin});
|
||||
my $close = ParseDate($rendu->{period}{end});
|
||||
my $open = DateTime::Format::ISO8601->parse_datetime($rendu->{period}{begin});
|
||||
my $close = DateTime::Format::ISO8601->parse_datetime($rendu->{period}{end});
|
||||
|
||||
# TODO: check exceptions by login/group
|
||||
|
||||
say "[ACU] Date courante: ", $glts;
|
||||
say "[ACU] Date fermeture: ", $close;
|
||||
say "Date courante : ", $glts->strftime("%d/%m/%Y %H:%M:%S");
|
||||
|
||||
if ((Date_Cmp($glts, $open) == -1))
|
||||
if (DateTime->compare($glts, $open) == -1)
|
||||
{
|
||||
say "[ACU] Tag not allowed: upload not yet opened!";
|
||||
say "Date d'ouverture : ", $open->strftime("%d/%m/%Y %H:%M:%S");
|
||||
log ERROR, "Tag rejeté : le rendu n'est pas encore ouvert.";
|
||||
exit(4);
|
||||
}
|
||||
|
||||
if ((Date_Cmp($glts, $close) == 1))
|
||||
say "Date de fermeture : ", $close->strftime("%d/%m/%Y %H:%M:%S");
|
||||
|
||||
if (DateTime->compare($glts, $close) == 1)
|
||||
{
|
||||
say "[ACU] Tag not allowed: upload closed!";
|
||||
log ERROR, "Tag rejeté : le rendu est clos.";
|
||||
exit(5);
|
||||
}
|
||||
|
||||
my $token = $rendu->{vcs}{token};
|
||||
if ($token ne "" and $token ne $tokengiven)
|
||||
if ($token ne "" and $token ne $tokengiven and $newsha ne '0' x 40)
|
||||
{
|
||||
say "[ACU] Error 0x65cd58: Bad token.";
|
||||
log ERROR, "Tag rejeté : mauvais token.";
|
||||
exit(6);
|
||||
}
|
||||
}
|
||||
|
||||
# Send data to API
|
||||
my $last_commit = `git log -1 --name-status`;
|
||||
eval {
|
||||
API::Submission::add($promo, $id_project, $tag, $repo_login, $last_commit);
|
||||
};
|
||||
if ($@) {
|
||||
my $err = $@;
|
||||
log DEBUG, "ERROR: ".$err;
|
||||
log DONE, "[ACU] Upload successful";
|
||||
if ($newsha eq '0' x 40) {
|
||||
log USAGE, "Mais pour quelle raison voudriez-vous supprimer un tag ?!";
|
||||
}
|
||||
else {
|
||||
log DONE, "[ACU] Upload successful, please check this information on the intranet";
|
||||
else
|
||||
{
|
||||
# Send data to API
|
||||
my $last_commit = `git log $newsha -1 --decorate --tags`;
|
||||
eval {
|
||||
API::Submission::add($promo, $id_project, $tag, $repo_login, $last_commit);
|
||||
};
|
||||
if ($@) {
|
||||
my $err = $@;
|
||||
log DEBUG, "ERROR: ".$err;
|
||||
log DONE, "Tag '$tag' effectué avec succès !";
|
||||
}
|
||||
else {
|
||||
log DONE, "Tag '$tag' effectué avec succès ! Vérifiez-le sur l'intranet.";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
exit 0;
|
||||
|
||||
sub ip2long
|
||||
{
|
||||
return unpack("l*", pack("l*", unpack("N*", inet_aton(shift))));
|
||||
}
|
||||
|
||||
sub long2ip
|
||||
{
|
||||
return inet_ntoa(pack("N*", shift));
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue