#!/usr/bin/perl # # Usage: check_access $CVSROOT/module_name # # Note that the term `module name' is being used loosely; I really mean # `top-level directory relative to $CVSROOT'. # # Permission can be via group or user; group permissions are given via # the associative array g_perm, user-specific permissions are via u_perm. # The first key as module name (can be '*'), the second is a white-space # separated list of allowed groups (users); * matches all groups (users); # an empty list means that no per-group (user) access is allowed. If you # feel generous, "'*', '*'" should give everyone total access. # # For example, # %g_perms = ( # groups permitted to access a module # "foo", "door wheel", # "bar", "*", # "*", "" # ); # %u_perms = ( # users permitted to access a module # "fb", "robert lupton", # "*", "rhl" # ); # would give members of groups `door' and `wheel' access to module `foo', # anyone access to module `bar', and users robert and lupton access to # module `fb'. In addition, user rhl can access any module. # # Robert Lupton (rhl@astro.princeton.edu), 22nd February, 1993. #======================================================================= # # Modified by Chih-Hao Huang on March 21, 1997 to add extra access # protection on the sub directory of a module. # # Now the module can be specified as a path. check_access will use the # longest path that can be matched in the %u_perms{} entry as the # module name. That is, one may specify "moduleA" and "moduleA/doc/html". # "moduleA/doc/html/private" will match "moduleA/doc/html" while # "moduleA/doc/contrib" will match "moduleA". # # By doing this, moduleA/doc/html may have different authors than that # of the rest of moduleA %g_perms = ( # groups permitted to access a module # universal access for no-one "*", "" ); ######################################################################## # Access for minoscvs repository -- initial list by # messier@indiana.edu # # Everything $core_grp = "brebel buckley bv gmieg kasahara jpaley kreymer lartey messier musser nwest rhatcher schubert tagg urheim west"; # Not core, but still trusted. $trusted_grp = "kordosky asousa avva niki msanchez boehm caius howcroft arms ishi scavan bckhouse"; # ControlRoomSoftware $controlroom_grp = "plunk shanahan habig bishai bv buckley cjames gfp rustem bspeak rahaman"; # should also have geoff pearce, tass belias when they have keys # ControlRoomSoftware/ShiftersGuide $shiftersguide_grp = "$controlroom_grp rustem"; %u_perms = ( # users permitted to access a module # # Core group has write permissions for everything # "*", "$core_grp $trusted_grp", # # minossoft permissions here # "minossoft/Alignment", "bbecker tobien rustem", "minossoft/AltDeMux", "thomson howcroft", "minossoft/AltReco", "costas", "minossoft/AnalysisNtuples", "brebel cbs litchfld raufer thosieck tinti llhsu", "minossoft/AstroUtil", "avva bbock", "minossoft/AtNuAna", "blake bspeak chapman", "minossoft/AtNuEvent", "blake bspeak caius howcroft thomson chapman", "minossoft/AtNuOutput", "blake bspeak caius chapman howcroft thomson", "minossoft/AtNuReco", "blake caius howcroft thomson chapman", "minossoft/AtNuUtils", "blake bspeak caius chapman howcroft thomson", "minossoft/AutoLibLoad", "rodriges", "minossoft/BeamData", "bishai mdier rustem loiacono", "minossoft/BeamDataDbi", "bishai mdier thosieck loiacono", "minossoft/BeamDataUtil", "bishai mdier thosieck habig rustem loiacono", "minossoft/BeamDataMonitoring", "bishai mdier thosieck", "minossoft/BeamDataNtuple", "mdier", "minossoft/BeamMegaFit", "vahle zarko ishi rearmstr", "minossoft/BField", "costas agoldst", "minossoft/BubbleSpeak", "psm miyagawa", "minossoft/CalDetPIDSR", "brebel mufson", "minossoft/CalDetPID", "vahle kordosky", "minossoft/CalDetDBUtils", "vahle kordosky", "minossoft/CalDetDST", "vahle kordosky", "minossoft/CalDetSI", "vahle kordosky", "minossoft/CalDetTracker", "hartnell rjn cbs", "minossoft/Calibrator", "phil.adamson pa rjn musser barr hartnell cbs cpw1 jjling murgia tjyang ochoa jpochoa evans evansj mskim tinti", "minossoft/CandCell3D", "grzelakk", "minossoft/CandChop", "evans musser thosieck niki", "minossoft/CandCluster3D", "grzelakk", "minossoft/CandClusterSR", "rlee brebel musser", "minossoft/CandDigit", "weber webera litchfld josh boehm hartnell", "minossoft/CandDeadChip", "caius howcroft", "minossoft/CandEventSR", "cbs rlee brebel musser rodriges", "minossoft/CandFitShowerEM", "cbs hzheng", "minossoft/CandFitTrack3", "rjn musser", "minossoft/CandFitTrackCam", "marshall musser blake", "minossoft/CandFitTrackMS", "rhbob bringley avva", "minossoft/CandFitTrackSA", "avva rustem", "minossoft/CandFitTrackSR", "rlee brebel musser seun", "minossoft/CandNtupleEM", "cbs hzheng", "minossoft/CandNtupleSR", "brebel musser tjyang raufer thosieck cbs hartnell blake litchfld", "minossoft/CandMorgue", "blake bspeak phil.adamson pa caius howcroft", "minossoft/CandShield", "bspeak jpochoa ochoa", "minossoft/CandShowerEM", "cbs hzheng", "minossoft/CandShowerSR", "rlee brebel musser cbs hzheng culling rodriges", "minossoft/CandSliceSR", "rlee brebel musser thosieck", "minossoft/CandStripSR", "rlee brebel musser rustem rodriges", "minossoft/CandSubShowerSR", "cbs hzheng rodriges", "minossoft/CandTrackCam", "marshall blake", "minossoft/CandTrack3D", "grzelakk", "minossoft/CandTrackSR", "rlee brebel musser", "minossoft/Caryatid", "cabrera raufer weber webera bspeak", "minossoft/CDFMonitoringFwk", "dap56 petyt", "minossoft/Cluster3D", "grzelakk", "minossoft/CodeMgtTools", "plunk", "minossoft/Contrib", "*", "minossoft/Contrib/kordosky", "kordosky", "minossoft/ControlRoomSoftware","$controlroom_grp", "minossoft/ControlRoomSoftware/ShiftersGuide","$shiftersguide_grp", "minossoft/Conventions", "vahle zarko litchfld rustem", "minossoft/CosmicMuonGenerator","rlee", "minossoft/DatabaseTables", "demuth brebel musser rjn phil.adamson pa rlee dbox bspeak ebeall beall", "minossoft/DatabaseUpdater", "hartnell", "minossoft/DataQualityMonitoring", "brebel med", "minossoft/DataValidation", "blake", "minossoft/DataUtil", "blake plunk avva hartnell rjn dap56 petyt musser mstrait pawloski rodriges", "minossoft/DcsDaemon", "ebeall beall habig bbock", "minossoft/DcsUser", "ebeall beall habig bbock cbs blake", "minossoft/Demo", "psm seun weber webera", "minossoft/DeMux", "brebel mufson", "minossoft/DetSim", "weber kordosky litchfld blake rodriges rbpatter pawloski", "minossoft/Digitization", "kordosky arms", "minossoft/ELogBook", "ngu", "minossoft/EventDisplay", "musser", "minossoft/EventKinematics", "rhatcher", "minossoft/EventMerge", "howcroft caius ochoa jpochoa cbs", "minossoft/Fabrication", "rhatcher dave_b", "minossoft/FarPlaneCheckout", "rlee", "minossoft/FarDetDataQuality", "blake", "minossoft/FCPCFilter", "caius howcroft jgogos bbecker chapman", "minossoft/FDSpecWErrs", "vahle", "minossoft/FilterDigitSR", "rlee brebel musser blake", "minossoft/FilterLI", "costas", "minossoft/Filtration", "rhatcher tagg murgia blake", "minossoft/G3PTSim", "ishi arms musser", "minossoft/G4I", "seun", "minossoft/GainCal", "nickd tagg", "minossoft/GMinosInterface", "rustem", "minossoft/HistMan", "mdier", "minossoft/HWDB", "habig jsharkey", "minossoft/IoModules", "arms", "minossoft/Islands", "larry tjyang", "minossoft/JobControl", "arms bckhouse", "minossoft/LISummary", "anatael cbs dja25 hartnell jjling mskim nickd phil.adamson pa r.morse raufer rlee tjyang", "minossoft/Mad", "blake bspeak cbs dap56 ishi jpaley kordosky lartey med musser petyt mstrait vahle", "minossoft/MCApplication", "ishi", "minossoft/MCMerge", "arms", "minossoft/MCMonitor", "arms", "minossoft/MCNtuple", "vahle arms hartnell litchfld", "minossoft/MCReweight", "cbs vahle hgallag gallagher gallaghr gallag deb4 zarko rearmstr rustem loiacono", "minossoft/MarquardtFit", "brebel ishi thosieck", "minossoft/MessageService", "", "minossoft/MeuCal", "hartnell tjyang howcroft caius med jjling litchfld", "minossoft/MIDAD", "musser", "minossoft/Midad", "musser tjyang", "minossoft/MiniBooNEAna", "murgia tjyang hjkang", "minossoft/Monitoring", "dap56 petyt bspeak", "minossoft/MuCal", "cbs musser phil.adamson pa rjn rlee", "minossoft/MuELoss", "costas hartnell", "minossoft/MuonCalibratorSR", "rlee brebel musser", "minossoft/MuonPhysics", "loiacono", "minossoft/MuonRemoval", "howcroft caius ochoa jpochoa cbs tjyang pawlowski", "minossoft/NCUtils", "brebel niki shanahan thosieck litchfld raufer admarino rodriges pittam tinti llhsu koskinen bckhouse", "minossoft/NeugenInterface", "cbs vahle hgallag gallagher gallaghr gallag deb4 rustem", "minossoft/NoiseFilter", "rlee musser weber webera", "minossoft/Ntuple3D", "grzelakk", "minossoft/NtupleBase", "rlee musser", "minossoft/NtupleUtils", "ahimmel dja25 djauty evans evansj hartnell himmel idanko izdanko jpochoa mtavera naples nickd ochoa rbpatter rmehdi rodriges nickd zeynep zisvan zei1", "minossoft/NuBarPID", "jpochoa ochoa rodriges zeynep zisvan zei1", "minossoft/NueAna", "vahle mdier asousa msanchez josh boehm cbs tjyang hzheng scavan danche annah annah1 ochoa jpochoa pawloski whitehd", "minossoft/NuMuBar", "ahimmel dja25 djauty evans evansj hartnell himmel idanko izdanko jpochoa mtavera naples nickd ochoa rbpatter rmehdi rodriges nickd zeynep zisvan zei1", "minossoft/NumericalMethods", "rlee psm seun", "minossoft/OfflineHistograms", "avva", "minossoft/OfflineTrigger", "phil.adamson pa", "minossoft/OnlineEventDisplay", "thomson bspeak", "minossoft/ParticleTransportSim", "ishi arms", "minossoft/PackageMaintenanceSupport", "*", "minossoft/PEGain", "cbs rjn musser", "minossoft/PerfTools", "paterno wb", "minossoft/Persistency", "arms", "minossoft/PhotonTransport", "brebel hartnell rustem rodriges", "minossoft/PhysicsFit", "rustem loiacono", "minossoft/PhysicsNtuple", "rustem jyuko loiacono", "minossoft/Plex", "brebel", "minossoft/PMTSim", "kordosky", "minossoft/Production", "arms asousa bckhouse boehm bspeak josh masaki msanchez mstrait rubin", "minossoft/PulserCalibration", "phil.adamson pa murgia tjyang cpw1", "minossoft/RawData", "beall ebeall", "minossoft/RDBC", "onuchin dbox", "minossoft/RecoBase", "cbs rlee musser avva admarino culling rodriges", "minossoft/RootUtil", "*", "minossoft/RunQuality", "blake", "minossoft/RunSummary", "bspeak jgogos", "minossoft/setup", "bspeak", "minossoft/SexyPedestal", "anatael", "minossoft/ShieldCalibrator", "ochoa jpochoa", "minossoft/ShieldPlank", "howcroft caius", "minossoft/SpillTiming", "tagg blake", "minossoft/StandardNtuple", "vahle rustem hartnell blake litchfld", "minossoft/Swimmer", "seun avva", "minossoft/GeoSwimmer", "ishi", "minossoft/TimeCalibratorSR", "rlee brebel musser", "minossoft/TimeCalibratorCam", "blake chapman", "minossoft/TruthHelperNtuple", "kasahara musser arms hartnell rustem litchfld rodriges", "minossoft/OscProb", "larry", "minossoft/UnfoldingData", "rustem", "minossoft/Util", "bspeak", "minossoft/VALinCalibration", "barr bspeak", "minossoft/VADynodeScan", "weber webera bspeak raufer", "minossoft/Validation", "", "minossoft/VertexFinder", "musser josh boehm", "minossoft/WebDocs", "rlee musser anatael asousa avva blake brebel bspeak costas dbox masaki mdier " . "beall ebeall caius howcroft hartnell grzelakk kordosky phil.adamson pa " . "dap56 psm miyagawa rhbob rjn seun cbs thomson vahle barr kreymer admarino boehm petyt", # # admin permissions here # "minossoft/admin", "kreymer rbpatter rhatcher svetlana", # # minospub permissions here # "minospub/prd06", "dap56 kordosky petyt", "minospub/range_vs_curvature", "musser rhatcher jkn kordosky urheim rustem ishi", "minospub/had_roadmap" , "kordosky hgallag dytman", "minospub/had_syst_07", "kordosky hgallag dytman", "minospub/inukerw", "kordosky", "minospub/qel_fit", "kordosky med", "minospub/DebdattasPaper", "rgran deb4 kordosky shanahan hgallag naples", # # numisoft permissions here # "numisoft", "zarko yumiceva koskinen ahimmel pa", "numisoft/fluka", "zarko zwaska yumiceva", "numisoft/g4numi", "zarko ahimmel jyuko koskinen loiacono yumiceva", "numisoft/gnumi", "zarko dharris hylen kostin zwaska ngu admarino tjyang hjkang yumiceva koskinen", "numisoft/pbeam", "zarko dharris ngu smart", "numisoft/mars", "zarko cjames rameika kostin larry dfab admarino", "numisoft/hp-experiment", "zarko larry", "numisoft/mars-real_target", "admarino", # # labyrinth permissions here # "labyrinth/alt_geant321_inc", "rhatcher", "labyrinth/analysis", "rhatcher kordosky drw1", "labyrinth/bfield", "rhatcher jkn yumiceva", "labyrinth/ev_display", "rhatcher", "labyrinth/fluxdata", "rhatcher hylen", "labyrinth/generator", "rhatcher gallagher gallaghr gallag", "labyrinth/gminos", "rhatcher kordosky drw1", "labyrinth/gminos_old", "rhatcher", "labyrinth/gminosaux", "rhatcher kordosky drw1", "labyrinth/labyrinth", "rhatcher bspeak kordosky drw1", "labyrinth/misc", "rhatcher", "labyrinth/mixing", "rhatcher dap56 petyt", "labyrinth/utilities", "rhatcher", # # neugen3 permissions here # "neugen3", "hgallag gallagher gallaghr gallag rhatcher deb4 kordosky" ); ######################################################################## { $module = $ARGV[0]; shift(@ARGV); if($module eq "") { die "Please specify a module name\n"; } # modified by Chih-Hao Huang to support additional access control on # subdirectories # $module =~ s#@ENV{'CVSROOT'}/+([^/]+).*#\1#; $module =~ s#@ENV{'CVSROOT'}/+(.*)#\1#; while ($module =~ /\// && ! $u_perms{$module}) { $module =~ s#(.*)/[^/]*$#\1#; } # $name = getpwuid($<); $name = $ENV{'LOGNAME'}; # @grps = split(" ",$( ); shift(@grps); # get list of groups # @grps = grep($_ = getgrgid($_) || 1, @grps); # convert to names @grps = (dss); $ci_ok = 0; if($g_perms{$module} eq "*" || $u_perms{$module} eq "*") { $ci_ok = 0; } if(!$ci_ok && (@allowed = split(" ", $g_perms{$module} . " " . $g_perms{"*"})) ne "") { if(grep($_ eq "*",@allowed)) { $ci_ok = 1; } else { foreach $g (@grps) { if(grep($_ eq $g,@allowed)) { $ci_ok = 1; last; } } } } if(!$ci_ok && (@list = split(" ",$u_perms{$module} . " " . $u_perms{"*"}))){ if(grep($_ eq $name,@list) || grep($_ eq "*",@list)) { $ci_ok = 1; } } if($ci_ok) { exit 0; } else { print "*============================================================\n"; print "User $name is not permitted to modify module `$module'\n"; print "*============================================================\n"; print "*\n"; print "* If you think you have received this message in error try\n"; print "* the following steps:\n"; print "* [1] Make sure you are using ssh to connect:\n"; print "* % setenv CVS_RSH ssh\n"; print "* [2] Make sure you have agent forwarding set up\n"; print "* % eval `ssh-agent -c`\n"; print "* % ssh-add\n"; print "* [3] Make sure ssh is configured to forward your ID to\n"; print "* this host:\n"; print "* % cat ~/.ssh/config\n"; print "* Host minos1.fnal.gov\n"; print "* ForwardAgent yes\n"; print "* Host minoscvs.fnal.gov\n"; print "* ForwardAgent yes\n"; print "*\n"; exit 1; } }