1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
#!/usr/bin/python3
import sys
import os
import re
import yaml
from sys import stderr
repo_regex = re.compile(r'\'([a-zA-Z0-9-]+)(.git)?\'$')
command_regex = re.compile('^[a-zA-Z0-9-]+')
valid_ro_commands=('git-upload-pack')
valid_rw_commands=('git-upload-pack', 'git-receive-pack')
#print >>sys.stderr, "command d'org: %s" % os.environ['SSH_ORIGINAL_COMMAND']
if 'SSH_ORIGINAL_COMMAND' not in os.environ:
print('You are not authorized to login directly.', file=stderr)
sys.exit(1)
ssh_original_command = os.environ['SSH_ORIGINAL_COMMAND']
user = sys.argv[1]
conf = yaml.load(open('/home/calendros/seele/git/config.yaml', 'r'))
#print('conf: ', conf)
if user not in conf:
print('access not allowed for user {}.'.format(user), file=stderr)
sys.exit(1)
if ssh_original_command == 'ls' or ssh_original_command == 'list':
print('\n'.join([repo for repo in conf[user].keys()]))
sys.exit(0)
repo = repo_regex.findall(ssh_original_command)[0][0]
if repo.endswith('.git'):
repo = repo[:-4]
if repo not in conf[user].keys():
print('repository {} not allowed for {}.'.format(repo, user), file=stderr)
sys.exit(1)
command = command_regex.findall(ssh_original_command)[0]
if ((conf[user][repo] == 'rw' and command not in valid_rw_commands)
or (conf[user][repo] == 'ro' and command not in valid_ro_commands)):
print('command {} not allowed for {}.'.format(command, user), file=stderr)
sys.exit(1)
os.chdir(os.path.join(
os.path.dirname(os.path.abspath(__file__)),
'repositories'))
command_map = {
'git-upload-pack': lambda: os.execv('/usr/bin/git-upload-pack',
['/usr/bin/git-upload-pack', '--strict', '--timeout=600', repo]),
'git-receive-pack': lambda: os.execv('/usr/bin/git-receive-pack',
['/usr/bin/git-receive-pack', repo])
}
command_map[command]()
|
