From c0d54dce30ddb38e99397ec7055be7e367797b6e Mon Sep 17 00:00:00 2001
From: Andrew Cady <d@jerkface.net>
Date: Wed, 14 Oct 2020 12:57:34 -0400
Subject: cryptonomic.net in the namespace

---
 bin/samizdat-ssh-command | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/bin/samizdat-ssh-command b/bin/samizdat-ssh-command
index a03b554..3c1bd5d 100755
--- a/bin/samizdat-ssh-command
+++ b/bin/samizdat-ssh-command
@@ -35,7 +35,7 @@ add_before_sentinel()
 password_authentication()
 {
   [ "$USER" ] || { echo 'Error: no $USER' >&2; exit 1; }
-  [ "$SSH_CLIENT_FINGERPRINT" ] || { echo 'Error: no $SSH_CLIENT_FINGERPRINT' >&2; exit 1; }
+  [ "$SSH_CLIENT_DOMAIN" ] || { echo 'Error: no $SSH_CLIENT_DOMAIN' >&2; exit 1; }
 
   tty=$(tty) && [ "$tty" != 'not a tty' ] || tty=
 
@@ -153,7 +153,7 @@ valid_new_public_repo()
 
 check_if_ssh_user_owns_repository()
 {
-  git --git-dir "$git_dir" config --get-all samizdat.anonymous-ssh-owner | grep -xqF "$SSH_CLIENT_FINGERPRINT"
+  git --git-dir "$git_dir" config --get-all samizdat.anonymous-ssh-owner | grep -xqF "$SSH_CLIENT_DOMAIN"
 }
 ssh_user_owns_repository()
 {
@@ -175,11 +175,11 @@ is_public_repository()
 
 authorized()
 {
-  # TODO: check SSH_CLIENT_FINGERPRINT against a blacklist
+  # TODO: check SSH_CLIENT_DOMAIN against a blacklist
   ssh_user_owns_repository && return
   is_public_repository && return
   test "$(git --git-dir "$1" config --bool --get samizdat.allow-anonymous-access)" = true 2>/dev/null && return 0
-  # TODO: check SSH_CLIENT_FINGERPRINT against a whitelist
+  # TODO: check SSH_CLIENT_DOMAIN against a whitelist
 }
 
 maybe_initialize_heads()
@@ -245,6 +245,12 @@ case "$SSH_ORIGINAL_COMMAND" in
     homedir_expand
 
     case "$git_dir" in
+      $HOME/????????????????????????????????????????????????.cryptonomic.net/public_git/*)
+        IFS=/ set -- "${git_dir#$HOME}"
+        git_ns_subdir=${git_dir#$HOME/}
+        git_ns=${git_ns_subdir%%/*}
+        git_dir=$HOME/${git_ns_subdir#$git_ns/}
+        ;;
       $HOME/git_namespace/*/public_git/*)
         git_ns_subdir=${git_dir#$HOME/git_namespace/}
         git_ns=${git_ns_subdir%%/*}
@@ -267,8 +273,8 @@ case "$SSH_ORIGINAL_COMMAND" in
     exit 1
   ;;
   rsync\ --server\ *)
-    [ -d "$HOME"/incoming_rsync -a "${SSH_CLIENT_FINGERPRINT}" ] || { password_authentication; exit 1; }
-    destdir=$HOME/incoming_rsync/$SSH_CLIENT_FINGERPRINT/
+    [ -d "$HOME"/incoming_rsync -a "${SSH_CLIENT_DOMAIN}" ] || { password_authentication; exit 1; }
+    destdir=$HOME/incoming_rsync/$SSH_CLIENT_DOMAIN/
     mkdir -p "$destdir" && exec rrsync "$destdir"
     exit 1
   ;;
@@ -299,7 +305,7 @@ elif [ "$git_cmd" = 'git-receive-pack' ]; then
 
   if [ ! -d "$git_dir" ]; then
     if valid_new_public_repo "$git_dir"; then
-      initialize_git "$git_dir" "$SSH_CLIENT_FINGERPRINT"
+      initialize_git "$git_dir" "$SSH_CLIENT_DOMAIN"
     else
       deny
     fi
@@ -311,9 +317,9 @@ if authorized "$git_dir"; then
   if [ "$git_cmd" = 'git-receive-pack' ]; then
     if ! ssh_user_owns_repository
     then
-      export GIT_NAMESPACE="$SSH_CLIENT_FINGERPRINT"
+      export GIT_NAMESPACE="$SSH_CLIENT_DOMAIN"
       maybe_initialize_heads
-      printf '%s:%s\n' 'd@cryptonomic.net' "git_namespace/$GIT_NAMESPACE/${git_dir#${HOME}/}" >&2
+      printf '%s:%s\n' 'd@cryptonomic.net' "$GIT_NAMESPACE/${git_dir#${HOME}/}" >&2
     fi
   fi
   exec "$git_cmd" "$git_dir"
-- 
cgit v1.2.3