aboutsummaryrefslogtreecommitdiffstats
path: root/alternative-way
diff options
context:
space:
mode:
authorVG <vg@devys.org>2016-09-27 20:39:55 +0200
committerVG <vg@devys.org>2016-09-27 20:39:55 +0200
commitae1ffa7c7a6823423b6c9b961e7d1c28a86af9ef (patch)
tree6c621ffca8629ad3b67720ff4e9aa602c2cad8a7 /alternative-way
downloadssh-git-only-ae1ffa7c7a6823423b6c9b961e7d1c28a86af9ef.tar.gz
ssh-git-only-ae1ffa7c7a6823423b6c9b961e7d1c28a86af9ef.tar.bz2
ssh-git-only-ae1ffa7c7a6823423b6c9b961e7d1c28a86af9ef.zip
first commit
Diffstat (limited to 'alternative-way')
-rw-r--r--alternative-way/config.yaml11
-rwxr-xr-xalternative-way/gitserve61
2 files changed, 72 insertions, 0 deletions
diff --git a/alternative-way/config.yaml b/alternative-way/config.yaml
new file mode 100644
index 0000000..1a27a66
--- /dev/null
+++ b/alternative-way/config.yaml
@@ -0,0 +1,11 @@
+username:
+
+ # example of readwrite access
+ reponame: rw
+
+ # public
+ reponame2: ro
+
+username2:
+
+ reponame2: rw
diff --git a/alternative-way/gitserve b/alternative-way/gitserve
new file mode 100755
index 0000000..bfb9ea6
--- /dev/null
+++ b/alternative-way/gitserve
@@ -0,0 +1,61 @@
+#!/usr/bin/python3
+
+import sys
+import os
+import re
+import yaml
+from sys import stderr
+
+repo_regex = re.compile(r'\'([a-zA-Z0-9-]+)(.git)?\'$')
+command_regex = re.compile('^[a-zA-Z0-9-]+')
+
+valid_ro_commands=('git-upload-pack')
+valid_rw_commands=('git-upload-pack', 'git-receive-pack')
+
+#print >>sys.stderr, "command d'org: %s" % os.environ['SSH_ORIGINAL_COMMAND']
+
+if 'SSH_ORIGINAL_COMMAND' not in os.environ:
+ print('You are not authorized to login directly.', file=stderr)
+ sys.exit(1)
+
+ssh_original_command = os.environ['SSH_ORIGINAL_COMMAND']
+user = sys.argv[1]
+
+conf = yaml.load(open('/home/calendros/seele/git/config.yaml', 'r'))
+#print('conf: ', conf)
+
+if user not in conf:
+ print('access not allowed for user {}.'.format(user), file=stderr)
+ sys.exit(1)
+
+if ssh_original_command == 'ls' or ssh_original_command == 'list':
+ print('\n'.join([repo for repo in conf[user].keys()]))
+ sys.exit(0)
+
+repo = repo_regex.findall(ssh_original_command)[0][0]
+if repo.endswith('.git'):
+ repo = repo[:-4]
+
+if repo not in conf[user].keys():
+ print('repository {} not allowed for {}.'.format(repo, user), file=stderr)
+ sys.exit(1)
+
+command = command_regex.findall(ssh_original_command)[0]
+
+if ((conf[user][repo] == 'rw' and command not in valid_rw_commands)
+ or (conf[user][repo] == 'ro' and command not in valid_ro_commands)):
+ print('command {} not allowed for {}.'.format(command, user), file=stderr)
+ sys.exit(1)
+
+os.chdir(os.path.join(
+ os.path.dirname(os.path.abspath(__file__)),
+ 'repositories'))
+
+command_map = {
+ 'git-upload-pack': lambda: os.execv('/usr/bin/git-upload-pack',
+ ['/usr/bin/git-upload-pack', '--strict', '--timeout=600', repo]),
+ 'git-receive-pack': lambda: os.execv('/usr/bin/git-receive-pack',
+ ['/usr/bin/git-receive-pack', repo])
+ }
+
+command_map[command]()