From e6f31e56797cf45b13c0d98499d647125521feeb Mon Sep 17 00:00:00 2001 From: Andrew Cady Date: Sat, 27 May 2023 22:11:22 -0400 Subject: endoforge proof of concept --- .gitignore | 3 ++- src/endofossil | 37 ++++++++++++++++++++++++++++++++++--- 2 files changed, 36 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index a7db9aa..372cbed 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ -work/ +/work/ +/remotes/ /db diff --git a/src/endofossil b/src/endofossil index 401806f..c4ae60d 100644 --- a/src/endofossil +++ b/src/endofossil @@ -1,15 +1,18 @@ #!/bin/bash -set -e - +set -e -o pipefail IFS=/ read n pid uid <<< "$1" [ "$pid" ] +[ "$uid" -gt 0 ] +IFS=: read username realname _ _ gecos homedir shell < <(getent passwd "$uid") + authtype= while read -d '' do case "${REPLY%%=*}" in 'SSH_USER_AUTH' ) read authtype keytype keyvalue < "${REPLY#*=}" ;; + 'SSH_ORIGINAL_COMMAND' ) SSH_ORIGINAL_COMMAND=${REPLY#*=} ;; esac done < /proc/$pid/environ [ "$authtype" = publickey ] @@ -26,4 +29,32 @@ do done < <(ssh-keygen -f <(printf '%s\n' "$keytype $keyvalue") -r .) [ "$keyhash" ] -printf '%s\n' "$keyhash" +case "$SSH_ORIGINAL_COMMAND" in + *\"* ) exit 1 ;; + fossil\ test-http\ * ) ;; + *) exit 1 ;; +esac + +# This is no way to do it. +# Let's just share /home/*/src and /srv/src and /usr/src. +fossil_dir=$homedir/src/fossil +upstreamDatabase=$fossil_dir/db +readWriteDbName=db.fossil # Must end in .fossil for 'fossil test-http' to find it. +readWriteDir=$fossil_dir/remotes/$keyhash + +as_user() +{ + setpriv --reuid="$username" --init-groups --inh-caps=-all "$@" +} +if ! [ -d "$readWriteDir" ] +then + as_user mkdir "$readWriteDir" +fi +as_user cp -n --reflink -- "$upstreamDatabase" "$readWriteDir"/"$readWriteDbName" + +exec systemd-run -P \ + --property=User="$username" \ + --property=ReadOnlyPaths=/ \ + --property=ReadWritePaths="$readWriteDir" \ + --property=WorkingDirectory="$readWriteDir" \ + -- fossil test-http "$readWriteDbName" -- cgit v1.2.3