From b97c9e45ff37ee6d6135a525a3c784136adcf188 Mon Sep 17 00:00:00 2001
From: Andrew Cady <d@jerkface.net>
Date: Mon, 29 Jul 2019 18:42:41 -0400
Subject: query authorized_keys.d in ssh-forced-command

---
 forced-ssh-command | 33 ++++++++++++++++++++++++++++++++-
 hooks/post-receive | 33 ---------------------------------
 2 files changed, 32 insertions(+), 34 deletions(-)

diff --git a/forced-ssh-command b/forced-ssh-command
index 4af26c6..e06d96c 100755
--- a/forced-ssh-command
+++ b/forced-ssh-command
@@ -141,14 +141,45 @@ valid_new_public_repo()
   esac
 }
 
+GET_NOMIC_USER()
+{
+    local whitelist_dir="$1" a b keytype keyval keyname
+    if [ "$NOMIC_USER" ]
+    then
+        return
+    elif [ "$SSH_USER_AUTH" ] && [ -f "$SSH_USER_AUTH" ]
+    then
+        read authtype keytype keyval < "$SSH_USER_AUTH"
+        [ "$authtype" = publickey ] || exit
+
+        for keyname in "${whitelist_dir}"/*
+        do
+            while read a b _
+            do
+                case "$a $b" in
+                    "$keytype $keyval")
+                        NOMIC_USER=${keyname#authorized_keys.d/}
+                        break
+                        ;;
+                esac
+            done < "$keyname"
+        done
+        true
+    else
+        warn "\$SSH_USER_AUTH missing.  Try putting 'ExposeAuthInfo yes' in /etc/ssh/sshd_config"
+        false
+    fi
+}
+
 check_if_ssh_user_owns_repository()
 {
   git --git-dir "$git_dir" config --get-all samizdat.anonymous-ssh-owner | grep -xqF "$SSH_REMOTE_FINGERPRINT_TRIMMED"
 }
+
 ssh_user_owns_repository()
 {
   if [ -z "$SSH_USER_OWNS_REPOSITORY" ]; then
-    check_if_ssh_user_owns_repository
+    check_if_ssh_user_owns_repository || GET_NOMIC_USER "$git_dir"
     SSH_USER_OWNS_REPOSITORY=$?
   fi
   return $SSH_USER_OWNS_REPOSITORY
diff --git a/hooks/post-receive b/hooks/post-receive
index 74fe96b..72dc81d 100755
--- a/hooks/post-receive
+++ b/hooks/post-receive
@@ -15,38 +15,5 @@ warn()
     fi
 }
 
-GET_NOMIC_USER()
-{
-    if [ "$NOMIC_USER" ]
-    then
-        return
-    elif [ "$SSH_USER_AUTH" ] && [ -f "$SSH_USER_AUTH" ]
-    then
-        read authtype keytype keyval < "$SSH_USER_AUTH"
-        [ "$authtype" = publickey ] || exit
-
-        for keyname in authorized_keys.d/*
-        do
-            while read a b _
-            do
-                case "$a $b" in
-                    "$keytype $keyval")
-                        NOMIC_USER=${keyname#authorized_keys.d/}
-                        break
-                        ;;
-                esac
-            done < "$keyname"
-        done
-        true
-    else
-        warn "\$SSH_USER_AUTH missing.  Try putting 'ExposeAuthInfo yes' in /etc/ssh/sshd_config"
-        false
-    fi
-}
-
 GIT_WORK_TREE=. git checkout -f master -- authorized_keys.d/\*
 
-if GET_NOMIC_USER
-then
-    warn "NOMIC_USER=$NOMIC_USER"
-fi
-- 
cgit v1.2.3