#!/bin/sh default_msg() { sshfpline="$(authline_to_sshfp "$authline" "${SSH_CLIENT%% *}")" cat <&2 You are: $authline $sshfpline EOF } not_self_forge_message() { cat <&2 Error: access denied. The specified directory is not a self-forge. To enable anonymous access, use the following commands: ssh $(id -un)@$(hostname) cd "$1" git config core.self-forge true EOF } authline_to_sshfp() { ( authline=$1 dnsname=${2:-.} authfile=$(mktemp) || exit trap 'rm -f "$authfile"' EXIT echo "$authline" > "$authfile" ssh-keygen -f "$authfile" -r "$dnsname" | while read line do set -- $line if [ "$3 $5" = "SSHFP 2" ] then echo "$line" break fi done ) } ssh_client_fingerprint_base16() { set -- $(authline_to_sshfp "$authline") [ "$6" ] echo $6 } is_self_forge() { local dir="$1" confval [ -d "$dir" ] || return confval=$(GIT_DIR=$dir git config core.self-forge) || return [ "$confval" = true ] } with_soul_bare() { ( set -eC lockfile=$GIT_DIR/index.lock echo $$ > "$lockfile" trap 'rm -f "$lockfile"' EXIT git config core.bare true "$@" git config core.bare false ) } unsupported() { echo "$0: Error: unsupported" >&2 } read authtype authline < "$SSH_USER_AUTH" || exit [ "$authtype" = publickey ] || exit cmd=${SSH_ORIGINAL_COMMAND%% *} case "$cmd" in git-send-pack | git-upload-pack | git-receive-pack ) ;; * ) default_msg exit ;; esac arg=${SSH_ORIGINAL_COMMAND#* } arg=${arg%\'} arg=${arg#\'} case "$arg" in *\'* ) unsupported exit ;; esac if ! dir=$(readlink -e "$arg") then exit elif [ -d "$dir"/.git ] then dir=$dir/.git fi if ! is_self_forge "$dir" then not_self_forge_message "$arg" exit fi case "$cmd" in git-send-pack | git-upload-pack ) GIT_NAMESPACE= "$cmd" "$dir" ;; git-receive-pack ) export GIT_NAMESPACE="$(ssh_client_fingerprint_base16)" [ "$GIT_NAMESPACE" ] GIT_DIR=$dir with_soul_bare "$cmd" "$dir" ;; esac