move all files to EndoForge

1 files changed, 126 insertions, 0 deletions

diff --git a/EndoForge/src/AnonymousAccessCommand b/EndoForge/src/AnonymousAccessCommand
new file mode 100755
index 0000000..443d25e
--- /dev/null
+++ b/EndoForge/src/AnonymousAccessCommand
@@ -0,0 +1,126 @@
+#!/bin/sh
+default_msg()
+{
+    sshfpline="$(get_sshfp_authline ${SSH_CLIENT%% *})"
+    cat <<EOF >&2
+
+    You are:
+
+        $authline
+        $sshfpline
+
+EOF
+}
+
+get_sshfp_authline()
+{
+    (
+        r=${1:-.}
+        key=$(mktemp) || exit
+        trap 'rm -rf "$key"' EXIT
+        echo "$authline" > "$key"
+        get_sshfp "$key" "$r"
+    )
+}
+
+get_sshfp()
+{
+    (
+        key="$1"
+        r="${2:-.}"
+        dns=$(mktemp) || exit
+        trap 'rm -rf "$dns"' EXIT
+
+        ssh-keygen -r "$r" -f "$key" > "$dns"
+        exec < "$dns"
+        while read line
+        do
+            set -- $line
+            if [ "$3 $5" = "SSHFP 2" ]
+            then
+                echo "$line"
+                break
+            fi
+        done
+    )
+}
+
+ssh_client_fingerprint_base16()
+{
+    set -- $(get_sshfp_authline)
+    [ "$6" ]
+    echo $6
+}
+
+check_if_self_forge()
+{
+    # TODO: don't use description, but something else.
+    local dir="$1"
+    [ -d "$dir" ] || exit
+    [ -r "$dir"/description ] || exit
+    read description < "$dir"/description
+    if [ "$description" != self-forge ] && [ "$(GIT_DIR=$dir git config core.self-forge)" != true ]
+    then
+        echo 'Error: access denied.  The specified directory is not a self-forge.' >&2
+        exit
+    fi
+}
+
+read authtype authline < "$SSH_USER_AUTH" || exit
+[ "$authtype" = publickey ] || exit
+
+cmd=${SSH_ORIGINAL_COMMAND%% *}
+
+case "$cmd" in
+    git-send-pack | git-upload-pack)
+        GIT_NAMESPACE=
+        ;;
+    git-receive-pack)
+        export GIT_NAMESPACE="$(ssh_client_fingerprint_base16)"
+        [ "$GIT_NAMESPACE" ] || exit
+        ;;
+    *)
+        default_msg
+        exit
+        ;;
+esac
+
+arg=${SSH_ORIGINAL_COMMAND#* }
+arg=${arg%\'}
+arg=${arg#\'}
+case "$arg" in
+    *\'*) exit ;;
+    *.git) ;;
+    *) arg=$arg/.git ;;
+esac
+
+dir=$(readlink -e "$arg") || exit
+
+check_if_self_forge "$dir"
+
+with_allowCurrentBranch()
+{
+    local cmd="$1" dir="$2"
+    (
+        set -eC
+        lockfile=$GIT_DIR/index.lock
+        echo $$ > "$lockfile"
+        trap 'rm -f "$lockfile"' EXIT
+
+        # This doesn't seem very secure. Need to patch git probably.
+        for deny in CurrentBranch # DeleteCurrent
+        do git config receive.deny$deny false
+        done
+        "$@"
+        for deny in CurrentBranch # DeleteCurrent
+        do git config receive.deny$deny true
+        done
+    )
+}
+
+if [ "$GIT_NAMESPACE" ]
+then
+    GIT_DIR=$dir with_allowCurrentBranch "$cmd" "$dir"
+else
+    "$cmd" "$dir"
+fi