diff --git a/conf/example.gitolite.rc b/conf/example.gitolite.rc
index b1a921f..5568055 100644
--- a/conf/example.gitolite.rc
+++ b/conf/example.gitolite.rc
@@ -170,6 +170,15 @@ $GL_WILDREPOS = 0;
 # $UPDATE_CHAINS_TO = "hooks/update.secondary";
 # $ADMIN_POST_UPDATE_CHAINS_TO = "hooks/post-update.secondary";
 
+# --------------------------------------
+# ADMIN DEFINED COMMANDS
+
+# WARNING: Use this feature only if (a) you really really know what you're
+# doing or (b) you really don't care too much about security.  Please read
+# doc/admin-defined-commands.mkd for details.
+
+# $GL_ADC_PATH = "";
+
 # --------------------------------------
 # per perl rules, this should be the last line in such a file:
 1;
diff --git a/src/gitolite.pm b/src/gitolite.pm
index 4a4cbae..a49ffa8 100644
--- a/src/gitolite.pm
+++ b/src/gitolite.pm
@@ -397,6 +397,14 @@ sub expand_wild
     }
 }
 
+# helper/convenience routine to get rights and ownership from a shell command
+sub cli_repo_rights {
+    my ($perm, $creater) = &repo_rights($_[0]);
+    $perm =~ s/ /_/g;
+    $creater =~ s/^\(|\)$//g;
+    print "$perm $creater\n";
+}
+
 # ----------------------------------------------------------------------------
 #       S P E C I A L   C O M M A N D S
 # ----------------------------------------------------------------------------
diff --git a/src/gl-auth-command b/src/gl-auth-command
index 1192916..5a3a894 100755
--- a/src/gl-auth-command
+++ b/src/gl-auth-command
@@ -24,7 +24,7 @@ use warnings;
 # ----------------------------------------------------------------------------
 
 # these are set by the "rc" file
-our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $REPO_UMASK, $GL_ADMINDIR, $RSYNC_BASE, $HTPASSWD_FILE, $GL_WILDREPOS);
+our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $REPO_UMASK, $GL_ADMINDIR, $RSYNC_BASE, $HTPASSWD_FILE, $GL_WILDREPOS, $GL_ADC_PATH);
 # and these are set by gitolite.pm
 our ($R_COMMANDS, $W_COMMANDS, $REPONAME_PATT, $REPOPATT_PATT);
 our %repos;
@@ -100,6 +100,20 @@ unless ($ENV{SSH_ORIGINAL_COMMAND}) {
     $ENV{SSH_ORIGINAL_COMMAND} = 'info';
 }
 
+# ----------------------------------------------------------------------------
+#       admin defined commands
+# ----------------------------------------------------------------------------
+
+# please see doc/admin-defined-commands.mkd for details
+if ($GL_ADC_PATH and -d $GL_ADC_PATH) {
+    my ($cmd, @args) = split ' ', $ENV{SSH_ORIGINAL_COMMAND};
+    if (-x "$GL_ADC_PATH/$cmd") {
+        # yes this is rather strict, sorry.
+        do { die "I don't like $_\n" unless $_ =~ $REPOPATT_PATT } for ($cmd, @args);
+        exec("$GL_ADC_PATH/$cmd", @args);
+    }
+}
+
 # ----------------------------------------------------------------------------
 #       get and set perms for actual repo created by wildcard-autoviv
 # ----------------------------------------------------------------------------