diff options
author | Andrew Cady <d@cryptonomic.net> | 2021-10-24 20:57:36 -0400 |
---|---|---|
committer | Andrew Cady <d@cryptonomic.net> | 2021-10-24 21:00:01 -0400 |
commit | 19815f519d331e770bdea3938825c65ff5c8df6a (patch) | |
tree | 7f59335844665e297f73506789c58172c4e7ee09 /EndoForge/src/AnonymousAccessCommand | |
parent | f847476ae7388d09ed951422b297c93687f110f8 (diff) |
cleanup in AnonymousAccessCommand
Diffstat (limited to 'EndoForge/src/AnonymousAccessCommand')
-rwxr-xr-x | EndoForge/src/AnonymousAccessCommand | 49 |
1 files changed, 23 insertions, 26 deletions
diff --git a/EndoForge/src/AnonymousAccessCommand b/EndoForge/src/AnonymousAccessCommand index 5146da4..526f53d 100755 --- a/EndoForge/src/AnonymousAccessCommand +++ b/EndoForge/src/AnonymousAccessCommand | |||
@@ -52,18 +52,12 @@ ssh_client_fingerprint_base16() | |||
52 | echo $6 | 52 | echo $6 |
53 | } | 53 | } |
54 | 54 | ||
55 | check_if_self_forge() | 55 | is_self_forge() |
56 | { | 56 | { |
57 | # TODO: don't use description, but something else. | 57 | local dir="$1" confval |
58 | local dir="$1" | 58 | [ -d "$dir" ] || return |
59 | [ -d "$dir" ] || exit | 59 | confval=$(GIT_DIR=$dir git config core.self-forge) || return |
60 | [ -r "$dir"/description ] || exit | 60 | [ "$confval" = true ] |
61 | read description < "$dir"/description | ||
62 | if [ "$description" != self-forge ] && [ "$(GIT_DIR=$dir git config core.self-forge)" != true ] | ||
63 | then | ||
64 | echo 'Error: access denied. The specified directory is not a self-forge.' >&2 | ||
65 | exit | ||
66 | fi | ||
67 | } | 61 | } |
68 | 62 | ||
69 | with_soul_bare() | 63 | with_soul_bare() |
@@ -85,14 +79,8 @@ read authtype authline < "$SSH_USER_AUTH" || exit | |||
85 | 79 | ||
86 | cmd=${SSH_ORIGINAL_COMMAND%% *} | 80 | cmd=${SSH_ORIGINAL_COMMAND%% *} |
87 | case "$cmd" in | 81 | case "$cmd" in |
88 | git-send-pack | git-upload-pack) | 82 | git-send-pack | git-upload-pack | git-receive-pack ) ;; |
89 | GIT_NAMESPACE= | 83 | * ) |
90 | ;; | ||
91 | git-receive-pack) | ||
92 | export GIT_NAMESPACE="$(ssh_client_fingerprint_base16)" | ||
93 | [ "$GIT_NAMESPACE" ] || exit | ||
94 | ;; | ||
95 | *) | ||
96 | default_msg | 84 | default_msg |
97 | exit | 85 | exit |
98 | ;; | 86 | ;; |
@@ -102,18 +90,27 @@ arg=${SSH_ORIGINAL_COMMAND#* } | |||
102 | arg=${arg%\'} | 90 | arg=${arg%\'} |
103 | arg=${arg#\'} | 91 | arg=${arg#\'} |
104 | case "$arg" in | 92 | case "$arg" in |
105 | *\'*) exit ;; | 93 | *\'*) exit ;; # we should support these wtf |
106 | *.git) ;; | 94 | *.git) ;; |
107 | *) arg=$arg/.git ;; | 95 | *) arg=$arg/.git ;; |
108 | esac | 96 | esac |
109 | 97 | ||
110 | dir=$(readlink -e "$arg") || exit | 98 | dir=$(readlink -e "$arg") || exit |
111 | 99 | ||
112 | check_if_self_forge "$dir" | 100 | if ! is_self_forge "$dir" |
113 | |||
114 | if [ "$GIT_NAMESPACE" ] | ||
115 | then | 101 | then |
116 | GIT_DIR=$dir with_soul_bare "$cmd" "$dir" | 102 | echo 'Error: access denied. The specified directory is not a self-forge.' >&2 |
117 | else | 103 | exit |
118 | "$cmd" "$dir" | ||
119 | fi | 104 | fi |
105 | |||
106 | case "$cmd" in | ||
107 | git-send-pack | git-upload-pack ) | ||
108 | GIT_NAMESPACE= | ||
109 | "$cmd" "$dir" | ||
110 | ;; | ||
111 | git-receive-pack ) | ||
112 | export GIT_NAMESPACE="$(ssh_client_fingerprint_base16)" | ||
113 | [ "$GIT_NAMESPACE" ] | ||
114 | GIT_DIR=$dir with_soul_bare "$cmd" "$dir" | ||
115 | ;; | ||
116 | esac | ||