diff options
| author | VG <vg@devys.org> | 2016-09-27 20:39:55 +0200 |
|---|---|---|
| committer | VG <vg@devys.org> | 2016-09-27 20:39:55 +0200 |
| commit | ae1ffa7c7a6823423b6c9b961e7d1c28a86af9ef (patch) | |
| tree | 6c621ffca8629ad3b67720ff4e9aa602c2cad8a7 /alternative-way | |
| download | ssh-git-only-ae1ffa7c7a6823423b6c9b961e7d1c28a86af9ef.tar.gz ssh-git-only-ae1ffa7c7a6823423b6c9b961e7d1c28a86af9ef.tar.bz2 ssh-git-only-ae1ffa7c7a6823423b6c9b961e7d1c28a86af9ef.zip | |
first commit
Diffstat (limited to 'alternative-way')
| -rw-r--r-- | alternative-way/config.yaml | 11 | ||||
| -rwxr-xr-x | alternative-way/gitserve | 61 |
2 files changed, 72 insertions, 0 deletions
diff --git a/alternative-way/config.yaml b/alternative-way/config.yaml new file mode 100644 index 0000000..1a27a66 --- /dev/null +++ b/alternative-way/config.yaml @@ -0,0 +1,11 @@ +username: + + # example of readwrite access + reponame: rw + + # public + reponame2: ro + +username2: + + reponame2: rw diff --git a/alternative-way/gitserve b/alternative-way/gitserve new file mode 100755 index 0000000..bfb9ea6 --- /dev/null +++ b/alternative-way/gitserve @@ -0,0 +1,61 @@ +#!/usr/bin/python3 + +import sys +import os +import re +import yaml +from sys import stderr + +repo_regex = re.compile(r'\'([a-zA-Z0-9-]+)(.git)?\'$') +command_regex = re.compile('^[a-zA-Z0-9-]+') + +valid_ro_commands=('git-upload-pack') +valid_rw_commands=('git-upload-pack', 'git-receive-pack') + +#print >>sys.stderr, "command d'org: %s" % os.environ['SSH_ORIGINAL_COMMAND'] + +if 'SSH_ORIGINAL_COMMAND' not in os.environ: + print('You are not authorized to login directly.', file=stderr) + sys.exit(1) + +ssh_original_command = os.environ['SSH_ORIGINAL_COMMAND'] +user = sys.argv[1] + +conf = yaml.load(open('/home/calendros/seele/git/config.yaml', 'r')) +#print('conf: ', conf) + +if user not in conf: + print('access not allowed for user {}.'.format(user), file=stderr) + sys.exit(1) + +if ssh_original_command == 'ls' or ssh_original_command == 'list': + print('\n'.join([repo for repo in conf[user].keys()])) + sys.exit(0) + +repo = repo_regex.findall(ssh_original_command)[0][0] +if repo.endswith('.git'): + repo = repo[:-4] + +if repo not in conf[user].keys(): + print('repository {} not allowed for {}.'.format(repo, user), file=stderr) + sys.exit(1) + +command = command_regex.findall(ssh_original_command)[0] + +if ((conf[user][repo] == 'rw' and command not in valid_rw_commands) + or (conf[user][repo] == 'ro' and command not in valid_ro_commands)): + print('command {} not allowed for {}.'.format(command, user), file=stderr) + sys.exit(1) + +os.chdir(os.path.join( + os.path.dirname(os.path.abspath(__file__)), + 'repositories')) + +command_map = { + 'git-upload-pack': lambda: os.execv('/usr/bin/git-upload-pack', + ['/usr/bin/git-upload-pack', '--strict', '--timeout=600', repo]), + 'git-receive-pack': lambda: os.execv('/usr/bin/git-receive-pack', + ['/usr/bin/git-receive-pack', repo]) + } + +command_map[command]() |