2
votes

We're hosting a subversion repository for distrubuted software development. So non-employees have access to some of our sorce code. Our company's IT security policy requires us to virusscan all files uploaded from outside of our corporate intranet. All internal computers are equipped with up to date virus scanners.

We're planning on integration the virus scan in a Subversion precommit-hook. But this causes delays when performing large commits. So we would like to scan only the commits, that are originated outside of our intranet. To identify the origin, we need the IP adress of the user performing the commit. Since some of our employees work from home we can't use the usernames to identify commits from the internet.

Thus finally my question:

How can I get the IP-adress from which a commit ist performed in a subversion precommit hook?

2

2 Answers

2
votes

Let me imagine that you write your hook in Perl, in that case, you can use the following lib : DocumentationClientIP

you can install the lib from Git thru this link : GITClientIP (or use the code included).

After installation, you need to add something like that in your code :

    use SVN::Utils::ClientIP qw(ssh_client_ip);

    print "The client's IP address is ", ssh_client_ip();
2
votes

I'm using lsof (bash-script pre-commit):

srcip=$(/usr/sbin/lsof -Pn -p $PPID | grep ESTABLISHED)

or, to get only the IP:

srcip=$(/usr/sbin/lsof -Pn|grep ssh|grep ESTA|cut -d\> -f 2|cut -d: -f 1)

While client connects to server, pre-commit is executed. lsof shows all open files (including TCP connections etc); I select all "files" for this process (-p $PPID) and grep for ESTABLISHED (this is the connection between client and server).