gitolite/contrib/real-users/gl-shell

#!/usr/bin/perl

use strict;
use warnings;

# ------------------------------------------------------------------------------

# BEGIN site-local changes

    # the original login shell your users had (or) the shell to forward
    # non-gitolite commands to
    my $shell = "/usr/bin/passwd";

    # exceptions...
    my %shells = (
        'some.one'      =>  '/bin/bash',
    );

    # the gitolite host you want to forward git commands to.  Typically this will
    # be 'git' or perhaps 'gitolite', but actually could be anything.  Don't
    # forget to change the host part if needed and mind the quotes!
    my $gl_host = 'git@server2';

    # ADCs...
    # either list all the ADCs you wish to allow forwarding to (SPACE-separated):
    my $ADC_list = "";
    # -- OR --
    # if you upgraded to the new 'help' adc with the '-list' option, set this to 1:
    my $detect_ADCs = 0;
    # if you do neither, ADCs are not forwarded

# END site-local changes

# ------------------------------------------------------------------------------

# change the user's default shell if he is an 'exception'
$shell= $shells{$ENV{USER}} if $shells{$ENV{USER}};

# no arguments?  nothing to forward
exec($shell) if (not @ARGV and not $ENV{SSH_ORIGINAL_COMMAND});

# note: we attempt to work the same whether invoked via 'command=' of authkeys
# (in which case SSH_ORIGINAL_COMMAND is set) or via us being the login shell
# (chsh).  Only the latter has been *tested* though.

# massage SSHOC into @ARGV shape for ease of parsing
@ARGV = ("-c", $ENV{SSH_ORIGINAL_COMMAND}) if $ENV{SSH_ORIGINAL_COMMAND};
# we ignore SSHOC from now on...

# ------------------------------------------------------------------------------

# forward normal git ops
forward(@ARGV) if
    $ARGV[0] eq '-c' and
    $ARGV[1] =~ /^(git-receive-pack|git-upload-pack|git-upload-archive) '(\S+)'$/ and
    ( not -d "$2" );

# ------------------------------------------------------------------------------

# forward gitolite special commands
forward(@ARGV) if $ARGV[0] eq '-c' and $ARGV[1] =~ /^(info|expand|((set|get)(perms|desc)))( |$)/;

# ------------------------------------------------------------------------------

# forward ADCs
if ($ADC_list or $detect_ADCs) {
    $ADC_list ||= `ssh $gl_host help -list`;
    $ADC_list =~ s/\s+/ /g;

    # find the command he's running
    my $cmd = $1 if $ARGV[1] =~ /^(\S+)/;
    # forward if the command appears somewhere in the ADC list
    forward(@ARGV) if $ARGV[0] eq '-c' and $cmd and $ADC_list =~ /(^| )$cmd( |$)/;
}

# ------------------------------------------------------------------------------

# at this point it's back to local processing
exec($shell, @ARGV);

# ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------

# forward to the gitolite host
sub forward {
    # this message is important in debugging and trouble shooting; see
    # documentation
    print STDERR "[forwarding to $gl_host]\n";

    # but first we check for rsa key
    -f ".ssh/id_rsa" or die "ask your admin to add you to gitolite";

    shift if $_[0] eq '-c';
    exec("ssh", "$gl_host", @_);
}
password access to gitolite using real users 2011-09-13 11:41:51 +02:00			`#!/usr/bin/perl`

			`use strict;`
			`use warnings;`

			`# ------------------------------------------------------------------------------`

(password access) backward compat breakage for gl-shell-setup; read below gl-shell-setup has a "run as hosting user" piece that basically automates the adding of the user's (new) key to the admin repo. This is now gone. (It's not that hard to automate yourself if you want to do it anyway, using gl-admin-push). I did this because I needed to allow someone in through a gateway, and realised that that has the exact same needs. So the whole scheme has been changed to treat the proxy and the gitolite host as being two different servers. At that point it became cumbersome to do the second bit, and I left it out. Other changes: - you can define exceptions for the default shell in gl-shell - the doc has been simplified. 2011-11-15 12:47:16 +01:00			`# BEGIN site-local changes`

			`# the original login shell your users had (or) the shell to forward`
			`# non-gitolite commands to`
			`my $shell = "/usr/bin/passwd";`

			`# exceptions...`
			`my %shells = (`
			`'some.one' => '/bin/bash',`
			`);`

			`# the gitolite host you want to forward git commands to. Typically this will`
			`# be 'git' or perhaps 'gitolite', but actually could be anything. Don't`
			`# forget to change the host part if needed and mind the quotes!`
			`my $gl_host = 'git@server2';`

			`# ADCs...`
			`# either list all the ADCs you wish to allow forwarding to (SPACE-separated):`
			`my $ADC_list = "";`
			`# -- OR --`
			`# if you upgraded to the new 'help' adc with the '-list' option, set this to 1:`
			`my $detect_ADCs = 0;`
			`# if you do neither, ADCs are not forwarded`

			`# END site-local changes`
password access to gitolite using real users 2011-09-13 11:41:51 +02:00
(password access) can now do ADCs also idea credit Jeff (though I'm sure he didn't ask this on behalf of the KDE folks ;-) 2011-09-15 17:53:51 +02:00			`# ------------------------------------------------------------------------------`
password access to gitolite using real users 2011-09-13 11:41:51 +02:00
(password access) backward compat breakage for gl-shell-setup; read below gl-shell-setup has a "run as hosting user" piece that basically automates the adding of the user's (new) key to the admin repo. This is now gone. (It's not that hard to automate yourself if you want to do it anyway, using gl-admin-push). I did this because I needed to allow someone in through a gateway, and realised that that has the exact same needs. So the whole scheme has been changed to treat the proxy and the gitolite host as being two different servers. At that point it became cumbersome to do the second bit, and I left it out. Other changes: - you can define exceptions for the default shell in gl-shell - the doc has been simplified. 2011-11-15 12:47:16 +01:00			`# change the user's default shell if he is an 'exception'`
			`$shell= $shells{$ENV{USER}} if $shells{$ENV{USER}};`

(password access) can now do ADCs also idea credit Jeff (though I'm sure he didn't ask this on behalf of the KDE folks ;-) 2011-09-15 17:53:51 +02:00			`# no arguments? nothing to forward`
(password access) backward compat breakage for gl-shell-setup; read below gl-shell-setup has a "run as hosting user" piece that basically automates the adding of the user's (new) key to the admin repo. This is now gone. (It's not that hard to automate yourself if you want to do it anyway, using gl-admin-push). I did this because I needed to allow someone in through a gateway, and realised that that has the exact same needs. So the whole scheme has been changed to treat the proxy and the gitolite host as being two different servers. At that point it became cumbersome to do the second bit, and I left it out. Other changes: - you can define exceptions for the default shell in gl-shell - the doc has been simplified. 2011-11-15 12:47:16 +01:00			`exec($shell) if (not @ARGV and not $ENV{SSH_ORIGINAL_COMMAND});`

			`# note: we attempt to work the same whether invoked via 'command=' of authkeys`
			`# (in which case SSH_ORIGINAL_COMMAND is set) or via us being the login shell`
			`# (chsh). Only the latter has been tested though.`

			`# massage SSHOC into @ARGV shape for ease of parsing`
			`@ARGV = ("-c", $ENV{SSH_ORIGINAL_COMMAND}) if $ENV{SSH_ORIGINAL_COMMAND};`
			`# we ignore SSHOC from now on...`

			`# ------------------------------------------------------------------------------`
password access to gitolite using real users 2011-09-13 11:41:51 +02:00
(password access) can now do ADCs also idea credit Jeff (though I'm sure he didn't ask this on behalf of the KDE folks ;-) 2011-09-15 17:53:51 +02:00			`# forward normal git ops`
			`forward(@ARGV) if`
			`$ARGV[0] eq '-c' and`
			`$ARGV[1] =~ /^(git-receive-pack\|git-upload-pack\|git-upload-archive) '(\S+)'$/ and`
			`( not -d "$2" );`

(password access) backward compat breakage for gl-shell-setup; read below gl-shell-setup has a "run as hosting user" piece that basically automates the adding of the user's (new) key to the admin repo. This is now gone. (It's not that hard to automate yourself if you want to do it anyway, using gl-admin-push). I did this because I needed to allow someone in through a gateway, and realised that that has the exact same needs. So the whole scheme has been changed to treat the proxy and the gitolite host as being two different servers. At that point it became cumbersome to do the second bit, and I left it out. Other changes: - you can define exceptions for the default shell in gl-shell - the doc has been simplified. 2011-11-15 12:47:16 +01:00			`# ------------------------------------------------------------------------------`

(password access) can now do ADCs also idea credit Jeff (though I'm sure he didn't ask this on behalf of the KDE folks ;-) 2011-09-15 17:53:51 +02:00			`# forward gitolite special commands`
			`forward(@ARGV) if $ARGV[0] eq '-c' and $ARGV[1] =~ /^(info\|expand\|((set\|get)(perms\|desc)))( \|$)/;`
password access to gitolite using real users 2011-09-13 11:41:51 +02:00
(password access) backward compat breakage for gl-shell-setup; read below gl-shell-setup has a "run as hosting user" piece that basically automates the adding of the user's (new) key to the admin repo. This is now gone. (It's not that hard to automate yourself if you want to do it anyway, using gl-admin-push). I did this because I needed to allow someone in through a gateway, and realised that that has the exact same needs. So the whole scheme has been changed to treat the proxy and the gitolite host as being two different servers. At that point it became cumbersome to do the second bit, and I left it out. Other changes: - you can define exceptions for the default shell in gl-shell - the doc has been simplified. 2011-11-15 12:47:16 +01:00			`# ------------------------------------------------------------------------------`

(password access) can now do ADCs also idea credit Jeff (though I'm sure he didn't ask this on behalf of the KDE folks ;-) 2011-09-15 17:53:51 +02:00			`# forward ADCs`
			`if ($ADC_list or $detect_ADCs) {`
(password access) backward compat breakage for gl-shell-setup; read below gl-shell-setup has a "run as hosting user" piece that basically automates the adding of the user's (new) key to the admin repo. This is now gone. (It's not that hard to automate yourself if you want to do it anyway, using gl-admin-push). I did this because I needed to allow someone in through a gateway, and realised that that has the exact same needs. So the whole scheme has been changed to treat the proxy and the gitolite host as being two different servers. At that point it became cumbersome to do the second bit, and I left it out. Other changes: - you can define exceptions for the default shell in gl-shell - the doc has been simplified. 2011-11-15 12:47:16 +01:00			$ADC_list \|\|= `ssh $gl_host help -list`;
(password access) can now do ADCs also idea credit Jeff (though I'm sure he didn't ask this on behalf of the KDE folks ;-) 2011-09-15 17:53:51 +02:00			`$ADC_list =~ s/\s+/ /g;`

			`# find the command he's running`
			`my $cmd = $1 if $ARGV[1] =~ /^(\S+)/;`
			`# forward if the command appears somewhere in the ADC list`
			`forward(@ARGV) if $ARGV[0] eq '-c' and $cmd and $ADC_list =~ /(^\| )$cmd( \|$)/;`
			`}`

(password access) backward compat breakage for gl-shell-setup; read below gl-shell-setup has a "run as hosting user" piece that basically automates the adding of the user's (new) key to the admin repo. This is now gone. (It's not that hard to automate yourself if you want to do it anyway, using gl-admin-push). I did this because I needed to allow someone in through a gateway, and realised that that has the exact same needs. So the whole scheme has been changed to treat the proxy and the gitolite host as being two different servers. At that point it became cumbersome to do the second bit, and I left it out. Other changes: - you can define exceptions for the default shell in gl-shell - the doc has been simplified. 2011-11-15 12:47:16 +01:00			`# ------------------------------------------------------------------------------`

(password access) can now do ADCs also idea credit Jeff (though I'm sure he didn't ask this on behalf of the KDE folks ;-) 2011-09-15 17:53:51 +02:00			`# at this point it's back to local processing`
			`exec($shell, @ARGV);`

(password access) backward compat breakage for gl-shell-setup; read below gl-shell-setup has a "run as hosting user" piece that basically automates the adding of the user's (new) key to the admin repo. This is now gone. (It's not that hard to automate yourself if you want to do it anyway, using gl-admin-push). I did this because I needed to allow someone in through a gateway, and realised that that has the exact same needs. So the whole scheme has been changed to treat the proxy and the gitolite host as being two different servers. At that point it became cumbersome to do the second bit, and I left it out. Other changes: - you can define exceptions for the default shell in gl-shell - the doc has been simplified. 2011-11-15 12:47:16 +01:00			`# ------------------------------------------------------------------------------`
(password access) can now do ADCs also idea credit Jeff (though I'm sure he didn't ask this on behalf of the KDE folks ;-) 2011-09-15 17:53:51 +02:00			`# ------------------------------------------------------------------------------`
password access to gitolite using real users 2011-09-13 11:41:51 +02:00
(password access) backward compat breakage for gl-shell-setup; read below gl-shell-setup has a "run as hosting user" piece that basically automates the adding of the user's (new) key to the admin repo. This is now gone. (It's not that hard to automate yourself if you want to do it anyway, using gl-admin-push). I did this because I needed to allow someone in through a gateway, and realised that that has the exact same needs. So the whole scheme has been changed to treat the proxy and the gitolite host as being two different servers. At that point it became cumbersome to do the second bit, and I left it out. Other changes: - you can define exceptions for the default shell in gl-shell - the doc has been simplified. 2011-11-15 12:47:16 +01:00			`# forward to the gitolite host`
(password access) can now do ADCs also idea credit Jeff (though I'm sure he didn't ask this on behalf of the KDE folks ;-) 2011-09-15 17:53:51 +02:00			`sub forward {`
			`# this message is important in debugging and trouble shooting; see`
			`# documentation`
(password access) backward compat breakage for gl-shell-setup; read below gl-shell-setup has a "run as hosting user" piece that basically automates the adding of the user's (new) key to the admin repo. This is now gone. (It's not that hard to automate yourself if you want to do it anyway, using gl-admin-push). I did this because I needed to allow someone in through a gateway, and realised that that has the exact same needs. So the whole scheme has been changed to treat the proxy and the gitolite host as being two different servers. At that point it became cumbersome to do the second bit, and I left it out. Other changes: - you can define exceptions for the default shell in gl-shell - the doc has been simplified. 2011-11-15 12:47:16 +01:00			`print STDERR "[forwarding to $gl_host]\n";`
password access to gitolite using real users 2011-09-13 11:41:51 +02:00
(password access) can now do ADCs also idea credit Jeff (though I'm sure he didn't ask this on behalf of the KDE folks ;-) 2011-09-15 17:53:51 +02:00			`# but first we check for rsa key`
			`-f ".ssh/id_rsa" or die "ask your admin to add you to gitolite";`
password access to gitolite using real users 2011-09-13 11:41:51 +02:00
(password access) can now do ADCs also idea credit Jeff (though I'm sure he didn't ask this on behalf of the KDE folks ;-) 2011-09-15 17:53:51 +02:00			`shift if $_[0] eq '-c';`
(password access) backward compat breakage for gl-shell-setup; read below gl-shell-setup has a "run as hosting user" piece that basically automates the adding of the user's (new) key to the admin repo. This is now gone. (It's not that hard to automate yourself if you want to do it anyway, using gl-admin-push). I did this because I needed to allow someone in through a gateway, and realised that that has the exact same needs. So the whole scheme has been changed to treat the proxy and the gitolite host as being two different servers. At that point it became cumbersome to do the second bit, and I left it out. Other changes: - you can define exceptions for the default shell in gl-shell - the doc has been simplified. 2011-11-15 12:47:16 +01:00			`exec("ssh", "$gl_host", @_);`
(password access) can now do ADCs also idea credit Jeff (though I'm sure he didn't ask this on behalf of the KDE folks ;-) 2011-09-15 17:53:51 +02:00			`}`