1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
#!/usr/bin/python3
import sys
import os
def printerr(*l, **d): return print(*l, **d, file=sys.stderr)
def fail(*l, **d): printerr(*l, **d); raise SystemExit(1)
try:
user = sys.argv[1]
except IndexError:
fail('Bad adminsys, he forgot to set user associated with this key.')
try:
with open(user + '.listro', 'r', encoding='utf8') as f:
repositories_ro = f.read().splitlines()
except FileNotFoundError:
repositories_ro = []
try:
with open(user + '.listrw', 'r', encoding='utf8') as f:
repositories_rw = f.read().splitlines()
except FileNotFoundError:
repositories_rw = []
try:
ssh_original_command = os.environ['SSH_ORIGINAL_COMMAND'].split()
command = ssh_original_command[0]
repository = ssh_original_command[1].split('.git')[0].strip("'")
except IndexError:
if command == 'ls':
print('\n'.join(repositories_ro + repositories_rw or ['Empty list']))
raise SystemExit(0)
fail('Invalid repository name or git usage')
except KeyError:
fail('Bad boy, git only access authorized.')
repositories_ro = repositories_ro + repositories_rw
if command == 'git-upload-pack' and repository in repositories_ro:
os.execv('/usr/bin/git-upload-pack',
['/usr/bin/git-upload-pack', '--strict', '--timeout=600',
repository])
elif command == 'git-receive-pack' and repository in repositories_rw:
os.execv('/usr/bin/git-receive-pack',
['/usr/bin/git-receive-pack', repository])
else:
fail('Bad git command or inexistant repository or access denied')
|