diff options
-rwxr-xr-x | EndoForge/src/AnonymousAccessCommand | 49 |
1 files changed, 23 insertions, 26 deletions
diff --git a/EndoForge/src/AnonymousAccessCommand b/EndoForge/src/AnonymousAccessCommand index 5146da4..526f53d 100755 --- a/EndoForge/src/AnonymousAccessCommand +++ b/EndoForge/src/AnonymousAccessCommand | |||
@@ -52,18 +52,12 @@ ssh_client_fingerprint_base16() | |||
52 | echo $6 | 52 | echo $6 |
53 | } | 53 | } |
54 | 54 | ||
55 | check_if_self_forge() | 55 | is_self_forge() |
56 | { | 56 | { |
57 | # TODO: don't use description, but something else. | 57 | local dir="$1" confval |
58 | local dir="$1" | 58 | [ -d "$dir" ] || return |
59 | [ -d "$dir" ] || exit | 59 | confval=$(GIT_DIR=$dir git config core.self-forge) || return |
60 | [ -r "$dir"/description ] || exit | 60 | [ "$confval" = true ] |
61 | read description < "$dir"/description | ||
62 | if [ "$description" != self-forge ] && [ "$(GIT_DIR=$dir git config core.self-forge)" != true ] | ||
63 | then | ||
64 | echo 'Error: access denied. The specified directory is not a self-forge.' >&2 | ||
65 | exit | ||
66 | fi | ||
67 | } | 61 | } |
68 | 62 | ||
69 | with_soul_bare() | 63 | with_soul_bare() |
@@ -85,14 +79,8 @@ read authtype authline < "$SSH_USER_AUTH" || exit | |||
85 | 79 | ||
86 | cmd=${SSH_ORIGINAL_COMMAND%% *} | 80 | cmd=${SSH_ORIGINAL_COMMAND%% *} |
87 | case "$cmd" in | 81 | case "$cmd" in |
88 | git-send-pack | git-upload-pack) | 82 | git-send-pack | git-upload-pack | git-receive-pack ) ;; |
89 | GIT_NAMESPACE= | 83 | * ) |
90 | ;; | ||
91 | git-receive-pack) | ||
92 | export GIT_NAMESPACE="$(ssh_client_fingerprint_base16)" | ||
93 | [ "$GIT_NAMESPACE" ] || exit | ||
94 | ;; | ||
95 | *) | ||
96 | default_msg | 84 | default_msg |
97 | exit | 85 | exit |
98 | ;; | 86 | ;; |
@@ -102,18 +90,27 @@ arg=${SSH_ORIGINAL_COMMAND#* } | |||
102 | arg=${arg%\'} | 90 | arg=${arg%\'} |
103 | arg=${arg#\'} | 91 | arg=${arg#\'} |
104 | case "$arg" in | 92 | case "$arg" in |
105 | *\'*) exit ;; | 93 | *\'*) exit ;; # we should support these wtf |
106 | *.git) ;; | 94 | *.git) ;; |
107 | *) arg=$arg/.git ;; | 95 | *) arg=$arg/.git ;; |
108 | esac | 96 | esac |
109 | 97 | ||
110 | dir=$(readlink -e "$arg") || exit | 98 | dir=$(readlink -e "$arg") || exit |
111 | 99 | ||
112 | check_if_self_forge "$dir" | 100 | if ! is_self_forge "$dir" |
113 | |||
114 | if [ "$GIT_NAMESPACE" ] | ||
115 | then | 101 | then |
116 | GIT_DIR=$dir with_soul_bare "$cmd" "$dir" | 102 | echo 'Error: access denied. The specified directory is not a self-forge.' >&2 |
117 | else | 103 | exit |
118 | "$cmd" "$dir" | ||
119 | fi | 104 | fi |
105 | |||
106 | case "$cmd" in | ||
107 | git-send-pack | git-upload-pack ) | ||
108 | GIT_NAMESPACE= | ||
109 | "$cmd" "$dir" | ||
110 | ;; | ||
111 | git-receive-pack ) | ||
112 | export GIT_NAMESPACE="$(ssh_client_fingerprint_base16)" | ||
113 | [ "$GIT_NAMESPACE" ] | ||
114 | GIT_DIR=$dir with_soul_bare "$cmd" "$dir" | ||
115 | ;; | ||
116 | esac | ||