# # # patch "cmd_netsync.cc" # from [c2bc11a37824a01bb4ba40bbda1736e0301cd41c] # to [d0b9187d61aa08ccb4e822f5a8a045758f02cac7] # # patch "lua_hooks.cc" # from [0044b4eafa513561907184fd83a7e134337be697] # to [b2d0a25544aa0fa6683a9a17e7cd9afc029bc6d7] # # patch "lua_hooks.hh" # from [26f2aad582a13103a319e1742e959826b3246b17] # to [042f2b10a20616bf449b2b1326f9f2a8c293d19b] # ============================================================ --- cmd_netsync.cc c2bc11a37824a01bb4ba40bbda1736e0301cd41c +++ cmd_netsync.cc d0b9187d61aa08ccb4e822f5a8a045758f02cac7 @@ -56,8 +56,33 @@ static void } static void -find_key_if_needed(utf8 & addr, app_state & app) +find_key(utf8 const & addr, + globish const & include, + globish const & exclude, + app_state & app, + bool needed = true) { + rsa_keypair_id key; + if (!app.lua.hook_get_netsync_key(app.opts.bind_address, + include, exclude, + key) + || key() == "") + { + if (needed) + { + get_user_key(key, app); + } + } + app.opts.signing_key = key; +} + +static void +find_key_if_needed(utf8 const & addr, + globish const & include, + globish const & exclude, + app_state & app, + bool needed = true) +{ uri u; bool transport_requires_auth(true); if (parse_uri(addr(), u)) @@ -66,9 +91,7 @@ find_key_if_needed(utf8 & addr, app_stat } if (transport_requires_auth) { - rsa_keypair_id key; - get_user_key(key, app); - app.opts.signing_key = key; + find_key(addr, include, exclude, app, needed); } } @@ -132,8 +155,8 @@ CMD(push, "push", "", CMD_REF(network), arg_type addr; globish include_pattern, exclude_pattern; extract_address(args, addr, app); - find_key_if_needed(addr, app); extract_patterns(args, include_pattern, exclude_pattern, app); + find_key_if_needed(addr, include_pattern, exclude_pattern, app); run_netsync_protocol(client_voice, source_role, addr, include_pattern, exclude_pattern, app); @@ -150,6 +173,7 @@ CMD(pull, "pull", "", CMD_REF(network), globish include_pattern, exclude_pattern; extract_address(args, addr, app); extract_patterns(args, include_pattern, exclude_pattern, app); + find_key_if_needed(addr, include_pattern, exclude_pattern, app, false); if (app.opts.signing_key() == "") P(F("doing anonymous pull; use -kKEYNAME if you need authentication")); @@ -169,8 +193,8 @@ CMD(sync, "sync", "", CMD_REF(network), arg_type addr; globish include_pattern, exclude_pattern; extract_address(args, addr, app); - find_key_if_needed(addr, app); extract_patterns(args, include_pattern, exclude_pattern, app); + find_key_if_needed(addr, include_pattern, exclude_pattern, app); run_netsync_protocol(client_voice, source_and_sink_role, addr, include_pattern, exclude_pattern, app); @@ -259,10 +283,21 @@ CMD(clone, "clone", "", CMD_REF(network) app.db.set_var(default_server_key, var_value(addr())); } + globish include_pattern(app.opts.branchname()); + + globish exclude_pattern; + { + vector excludes; + typecast_vocab_container(app.opts.exclude_patterns, excludes); + combine_and_check_globish(excludes, exclude_pattern); + } + + find_key_if_needed(addr, include_pattern, exclude_pattern, + app, false); + if (app.opts.signing_key() == "") P(F("doing anonymous pull; use -kKEYNAME if you need authentication")); - globish include_pattern(app.opts.branchname()); if (!app.db.var_exists(default_include_pattern_key) || app.opts.set_default) { @@ -270,12 +305,8 @@ CMD(clone, "clone", "", CMD_REF(network) app.db.set_var(default_include_pattern_key, var_value(include_pattern())); } - globish exclude_pattern; if (app.opts.exclude_given) { - vector excludes; - typecast_vocab_container(app.opts.exclude_patterns, excludes); - combine_and_check_globish(excludes, exclude_pattern); if (!app.db.var_exists(default_exclude_pattern_key) || app.opts.set_default) { @@ -283,10 +314,6 @@ CMD(clone, "clone", "", CMD_REF(network) app.db.set_var(default_exclude_pattern_key, var_value(exclude_pattern())); } } - else - { - exclude_pattern = globish(); - } // make sure we're back in the original dir so that file: URIs work change_current_working_dir(start_dir); @@ -404,13 +431,11 @@ CMD_NO_WORKSPACE(serve, "serve", "", CMD if (app.opts.use_transport_auth) { - rsa_keypair_id key; - get_user_key(key, app); - app.opts.signing_key = key; + find_key(app.opts.bind_address, globish("*"), globish(""), app); N(app.lua.hook_persist_phrase_ok(), F("need permission to store persistent passphrase (see hook persist_phrase_ok())")); - require_password(key, app); + require_password(app.opts.signing_key, app); } else { ============================================================ --- lua_hooks.cc 0044b4eafa513561907184fd83a7e134337be697 +++ lua_hooks.cc b2d0a25544aa0fa6683a9a17e7cd9afc029bc6d7 @@ -503,6 +503,29 @@ lua_hooks::hook_use_inodeprints() return use && exec_ok; } +bool +lua_hooks::hook_get_netsync_key(utf8 const & server_address, + globish const & include, + globish const & exclude, + rsa_keypair_id & k) +{ + string key_id; + bool exec_ok + = Lua(st) + .func("get_netsync_key") + .push_str(server_address()) + .push_str(include()) + .push_str(exclude()) + .call(3, 1) + .extract_str(key_id) + .ok(); + + if (!exec_ok) + key_id = ""; + k = rsa_keypair_id(key_id); + return exec_ok; +} + static void push_uri(uri const & u, Lua & ll) { ============================================================ --- lua_hooks.hh 26f2aad582a13103a319e1742e959826b3246b17 +++ lua_hooks.hh 042f2b10a20616bf449b2b1326f9f2a8c293d19b @@ -67,6 +67,10 @@ public: std::map const & new_results); // network hooks + bool hook_get_netsync_key(utf8 const & server_address, + globish const & include, + globish const & exclude, + rsa_keypair_id & k); bool hook_get_netsync_connect_command(uri const & u, globish const & include_pattern, globish const & exclude_pattern,