| [825] | 1 | #!/usr/bin/perl |
|---|
| 2 | |
|---|
| 3 | use strict; |
|---|
| 4 | use warnings; |
|---|
| 5 | |
|---|
| 6 | use Net::LDAP; |
|---|
| 7 | use Net::LDAP::Filter; |
|---|
| 8 | |
|---|
| 9 | my $url = $ARGV[0]; |
|---|
| 10 | my ($proto, $hostname, $path) = $url =~ m|^(.*?)://([^/]*)(.*)| or die "Could not match URL"; |
|---|
| 11 | my $mesg; |
|---|
| 12 | |
|---|
| [1823] | 13 | my $vhostName = $hostname; |
|---|
| 14 | |
|---|
| 15 | vhost: |
|---|
| [825] | 16 | # oh my gosh Net::LDAP::Filter SUCKS |
|---|
| [828] | 17 | my $filter = bless({and => |
|---|
| 18 | [{equalityMatch => {attributeDesc => 'objectClass', |
|---|
| 19 | assertionValue => 'scriptsVhost'}}, |
|---|
| 20 | {or => |
|---|
| 21 | [{equalityMatch => {attributeDesc => 'scriptsVhostName', |
|---|
| [1823] | 22 | assertionValue => $vhostName}}, |
|---|
| [828] | 23 | {equalityMatch => {attributeDesc => 'scriptsVhostAlias', |
|---|
| [1823] | 24 | assertionValue => $vhostName}}]}]}, |
|---|
| [825] | 25 | 'Net::LDAP::Filter'); |
|---|
| 26 | |
|---|
| [1818] | 27 | my $ldap = Net::LDAP->new("ldapi://%2fvar%2frun%2fslapd-scripts.socket/"); |
|---|
| [825] | 28 | $mesg = $ldap->bind(); |
|---|
| 29 | $mesg->code && die $mesg->error; |
|---|
| 30 | |
|---|
| 31 | $mesg = $ldap->search(base => "ou=VirtualHosts,dc=scripts,dc=mit,dc=edu", |
|---|
| 32 | filter => $filter); |
|---|
| 33 | $mesg->code && die $mesg->error; |
|---|
| 34 | |
|---|
| 35 | my $vhostEntry = $mesg->pop_entry; |
|---|
| [1823] | 36 | if (!defined $vhostEntry) { |
|---|
| 37 | $vhostName ne '*' or die 'No vhost for *'; |
|---|
| 38 | $vhostName =~ s/^(?:\*\.)?[^.]*/*/; # Try next wildcard |
|---|
| 39 | goto vhost; |
|---|
| 40 | } |
|---|
| 41 | |
|---|
| [825] | 42 | my $vhostDirectory = $vhostEntry->get_value('scriptsVhostDirectory'); |
|---|
| 43 | |
|---|
| 44 | $mesg = $ldap->search(base => $vhostEntry->get_value('scriptsVhostAccount'), |
|---|
| 45 | scope => 'base', filter => 'objectClass=posixAccount'); |
|---|
| 46 | $mesg->code && die $mesg->error; |
|---|
| 47 | |
|---|
| 48 | my $userEntry = $mesg->pop_entry; |
|---|
| 49 | my ($homeDirectory, $uidNumber, $gidNumber) = |
|---|
| 50 | map { $userEntry->get_value($_) } qw(homeDirectory uidNumber gidNumber); |
|---|
| [1822] | 51 | (my $scriptsdir = $homeDirectory) =~ s{(?:/Scripts)?$}{/Scripts}; |
|---|
| [825] | 52 | |
|---|
| 53 | if ($proto eq 'svn') { |
|---|
| 54 | chdir '/usr/libexec/scripts-trusted'; |
|---|
| [1822] | 55 | exec('/usr/sbin/suexec', $uidNumber, $gidNumber, '/usr/libexec/scripts-trusted/svn', "$scriptsdir/svn/$vhostDirectory"); |
|---|
| [849] | 56 | } elsif ($proto eq 'git') { |
|---|
| 57 | chdir '/usr/libexec/scripts-trusted'; |
|---|
| [1822] | 58 | exec('/usr/sbin/suexec', $uidNumber, $gidNumber, '/usr/libexec/scripts-trusted/git', "$scriptsdir/git/$vhostDirectory"); |
|---|
| [825] | 59 | } elsif ($proto eq 'http') { |
|---|
| [1822] | 60 | print "suexec $uidNumber $gidNumber $scriptsdir/web/$vhostDirectory/$path\n"; |
|---|
| [825] | 61 | } else { |
|---|
| 62 | die "Unknown protocol\n"; |
|---|
| 63 | } |
|---|
