diff options
| author | Aaron Ball <nullspoon@iohq.net> | 2015-07-26 14:02:26 -0600 |
|---|---|---|
| committer | Aaron Ball <nullspoon@iohq.net> | 2015-07-26 14:02:26 -0600 |
| commit | feb7ded6a33b93abeb905252f9159bfef1597c45 (patch) | |
| tree | 455f23c135e41295d13f00de3f7cfafc09454835 | |
| parent | 086dd2e0db18886bd1a0cc4e28338871d65cbb03 (diff) | |
| download | gitaccess-feb7ded6a33b93abeb905252f9159bfef1597c45.tar.gz gitaccess-feb7ded6a33b93abeb905252f9159bfef1597c45.tar.xz | |
Fixed issue with partial user matching
Grep wasn't specific enough, so a user who's name was a subset of another
user's (eg: user is allowed because user is in another user's username,
user-foo) would allow access. A rare scenario, but not safe for sure.
| -rwxr-xr-x | gitaccess.pre-receive | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/gitaccess.pre-receive b/gitaccess.pre-receive index 2b6f0e5..e91c59e 100755 --- a/gitaccess.pre-receive +++ b/gitaccess.pre-receive @@ -62,7 +62,7 @@ fi log "Attempted login for user ${GIT_USER} on ${commit_dest_str}" # See if user is permitted access to this repo -grep -v '^#' users | grep ${GIT_USER} 2>&1 1>/dev/null +grep -v '^#' users | grep "^${GIT_USER}\$" 2>&1 1>/dev/null if [[ $? != 0 ]]; then log "User is not permitted access to repo $(pwd)" |