blob: f4907fd15cbc6129bf58fd07f934cc6be5ffdc6b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
#!/bin/bash
# gitwrapper.sh
#
# A wrapper for the 'git upload-pack' command
# to automatically create repositories if they are
# pushed to
#
# Set command="" in .ssh/authorized_keys:
#
# command="/path/to/wrapper.sh myrepos" ssh-rsa ... user@example
#
# requires an empty repo called "empty.git" in home of git user to offer
# an empty repo for requests for non-existant repos
function perror() {
>&2 echo "$@"
}
# 1: exit code
function usage() {
>&2 cat << EOF
$(basename $0) [options]
Options:
-r <DIR> Allow pull from DIR
-w <DIR> Allow push to DIR
-a <DIR> Allow push/pull from/to DIR
-i Allow inetractive Login
EOF
exit $1
}
# checks, if this instance has access rights to git repo and
# for a valid path and repo name: 'folder/name.git'. paths containing '..'
# will allways fail.
# 1: path 2: w/r
function has_access() {
local array=()
[ "$2" = "w" ] && array=("${WRITING[@]}")
[ "$2" = "r" ] && array=("${READING[@]}")
readonly path_regex='^\s*/.*$|\.\.'
if [[ "$1" =~ $path_regex ]]; then
perror "Invalid file name."
return 1
fi
readonly reponame_regex='^[A-Za-z0-9_\-]+\.git$'
if [[ ! "$(basename "$1")" =~ $reponame_regex ]]; then
perror "Invalid repository"
return 1
fi
for dir in "${array[@]}"; do
[ "$(dirname "$1")" = "$dir" ] && return 0
done
perror Invalid repository2
return 1
}
unset INTERACTIVE READING WRITING
READING=()
WRITING=()
while getopts "r:w:a:i" options; do
case "$options" in
i)
INTERACTIVE="yes";;
r)
READING+=( "$OPTARG" );;
w)
WRITING+=( "$OPTARG" );;
a)
WRITING+=( "$OPTARG" )
READING+=( "$OPTARG" );;
:)
perror "-$OPTARG requires argument"
usage 1;;
*)
perror "Unknown option $options"
usage 1;;
esac
done
if [ -z "$SSH_ORIGINAL_COMMAND" ]; then
[ "$INTERACTIVE" = "yes" ] && bash
exit $?
fi
read direction repo_path < <( echo "$SSH_ORIGINAL_COMMAND" | sed -n 's/^git[ -]\(receive\|upload\)-pack \(.*\)$/\1 \2/p' | tr -d "'" )
[ -z "$repo_path" ] && exit 1
if [ "$direction" = "receive" ]; then
if ! has_access "$repo_path" "w"; then
perror "An error occured: No such file or directory."
exit 1
fi
[ ! -e "$repo_path" ] && git init --bare "$repo_path" > /dev/null
git-receive-pack "$repo_path"
elif [ "$direction" = "upload" ]; then
if ! has_access "$repo_path" "r"; then
perror "An error occured: No such file or directory."
exit 1
fi
[ -e "$repo_path" ] && git-upload-pack "$repo_path" || git-upload-pack empty.git
fi
exit $?
|