#!/usr/bin/python3 import sys import os import re import yaml from sys import stderr repo_regex = re.compile(r'\'([a-zA-Z0-9-]+)(.git)?\'$') command_regex = re.compile('^[a-zA-Z0-9-]+') valid_ro_commands=('git-upload-pack') valid_rw_commands=('git-upload-pack', 'git-receive-pack') #print >>sys.stderr, "command d'org: %s" % os.environ['SSH_ORIGINAL_COMMAND'] if 'SSH_ORIGINAL_COMMAND' not in os.environ: print('You are not authorized to login directly.', file=stderr) sys.exit(1) ssh_original_command = os.environ['SSH_ORIGINAL_COMMAND'] user = sys.argv[1] conf = yaml.load(open('/home/calendros/seele/git/config.yaml', 'r')) #print('conf: ', conf) if user not in conf: print('access not allowed for user {}.'.format(user), file=stderr) sys.exit(1) if ssh_original_command == 'ls' or ssh_original_command == 'list': print('\n'.join([repo for repo in conf[user].keys()])) sys.exit(0) repo = repo_regex.findall(ssh_original_command)[0][0] if repo.endswith('.git'): repo = repo[:-4] if repo not in conf[user].keys(): print('repository {} not allowed for {}.'.format(repo, user), file=stderr) sys.exit(1) command = command_regex.findall(ssh_original_command)[0] if ((conf[user][repo] == 'rw' and command not in valid_rw_commands) or (conf[user][repo] == 'ro' and command not in valid_ro_commands)): print('command {} not allowed for {}.'.format(command, user), file=stderr) sys.exit(1) os.chdir(os.path.join( os.path.dirname(os.path.abspath(__file__)), 'repositories')) command_map = { 'git-upload-pack': lambda: os.execv('/usr/bin/git-upload-pack', ['/usr/bin/git-upload-pack', '--strict', '--timeout=600', repo]), 'git-receive-pack': lambda: os.execv('/usr/bin/git-receive-pack', ['/usr/bin/git-receive-pack', repo]) } command_map[command]()