endoforge proof of concept

2 files changed, 36 insertions, 4 deletions

diff --git a/.gitignore b/.gitignore
index a7db9aa..372cbed 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
-work/
+/work/
+/remotes/
 /db
diff --git a/src/endofossil b/src/endofossil
index 401806f..c4ae60d 100644
--- a/src/endofossil
+++ b/src/endofossil
@@ -1,15 +1,18 @@
 #!/bin/bash
-set -e
-
+set -e -o pipefail
 
 IFS=/ read n pid uid <<< "$1"
 [ "$pid" ]
 
+[ "$uid" -gt 0 ]
+IFS=: read username realname _ _ gecos homedir shell < <(getent passwd "$uid")
+
 authtype=
 while read -d ''
 do
     case "${REPLY%%=*}" in
         'SSH_USER_AUTH' ) read authtype keytype keyvalue < "${REPLY#*=}" ;;
+        'SSH_ORIGINAL_COMMAND' ) SSH_ORIGINAL_COMMAND=${REPLY#*=} ;;
     esac
 done < /proc/$pid/environ
 [ "$authtype" = publickey ]
@@ -26,4 +29,32 @@ do
 done < <(ssh-keygen -f <(printf '%s\n' "$keytype $keyvalue") -r .)
 [ "$keyhash" ]
 
-printf '%s\n' "$keyhash"
+case "$SSH_ORIGINAL_COMMAND" in
+    *\"* ) exit 1 ;;
+    fossil\ test-http\ * ) ;;
+    *) exit 1 ;;
+esac
+
+# This is no way to do it.
+# Let's just share /home/*/src and /srv/src and /usr/src.
+fossil_dir=$homedir/src/fossil
+upstreamDatabase=$fossil_dir/db
+readWriteDbName=db.fossil # Must end in .fossil for 'fossil test-http' to find it.
+readWriteDir=$fossil_dir/remotes/$keyhash
+
+as_user()
+{
+    setpriv --reuid="$username" --init-groups --inh-caps=-all "$@"
+}
+if ! [ -d "$readWriteDir" ]
+then
+        as_user mkdir "$readWriteDir"
+fi
+as_user cp -n --reflink -- "$upstreamDatabase" "$readWriteDir"/"$readWriteDbName"
+
+exec systemd-run -P \
+     --property=User="$username" \
+     --property=ReadOnlyPaths=/ \
+     --property=ReadWritePaths="$readWriteDir" \
+     --property=WorkingDirectory="$readWriteDir" \
+     -- fossil test-http "$readWriteDbName"