From 75de6c0438090d0d4d4e593867739d638cb7f8d6 Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Sat, 19 Dec 2009 20:52:30 +0530 Subject: [PATCH] auth: (WDITOT?) allow special users to get a shell ".../gl-auth-command username" is the normal command that authkeys forces, and this prevents that key from being used to get a shell. We now allow the user to get a shell if the forced command has a "-s" before the "username", like ".../gl-auth-command -s sitaram". (Now that a plain "ssh gitolite" gets you a shell, there's a new "info" command that such privileged keys can use to get basic access info). Thanks to Jesse Keating for the idea! I can't believe this never occurred to me before, but I guess I was so enamoured of my "innovation" in converting what used to be an error into some useful info I didn't think a bit more :/ --- src/gl-auth-command | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/src/gl-auth-command b/src/gl-auth-command index 463439e..2de7d43 100755 --- a/src/gl-auth-command +++ b/src/gl-auth-command @@ -53,6 +53,14 @@ umask($REPO_UMASK); # start... # ---------------------------------------------------------------------------- +# if the first argument is a "-s", this user is allowed to get a shell using +# this key +my $shell_allowed = 0; +if ($ARGV[0] eq '-s') { + $shell_allowed = 1; + shift; +} + # first, fix the biggest gripe I have with gitosis, a 1-line change my $user=$ENV{GL_USER}=shift; # there; now that's available everywhere! @@ -60,13 +68,24 @@ my $user=$ENV{GL_USER}=shift; # there; now that's available everywhere! # sanity checks on SSH_ORIGINAL_COMMAND # ---------------------------------------------------------------------------- -# SSH_ORIGINAL_COMMAND must exist; if not, we die with a nice message +# print basic access info if SSH_ORIGINAL_COMMAND does not exist unless ($ENV{SSH_ORIGINAL_COMMAND}) { + # unless the user is allowed to use a shell + if ($shell_allowed) { + my $shell = $ENV{SHELL}; + $shell =~ s/.*\//-/; # change "/bin/bash" to "-bash" + exec { $ENV{SHELL} } $shell; + } &report_basic($GL_ADMINDIR, $GL_CONF_COMPILED, $user); exit 1; } my $cmd = $ENV{SSH_ORIGINAL_COMMAND}; +# people allowed to get a shell can get basic access info by asking nicely +if ($shell_allowed and $cmd eq 'info') { + &report_basic($GL_ADMINDIR, $GL_CONF_COMPILED, $user); + exit 1; +} # split into command and arguments; the pattern allows old style as well as # new style: "git-subcommand arg" or "git subcommand arg", just like gitosis @@ -77,9 +96,12 @@ my $cmd = $ENV{SSH_ORIGINAL_COMMAND}; # including the single quotes my ($verb, $repo) = ($cmd =~ /^\s*(git\s+\S+|\S+)\s+'\/?(.*?)(?:.git)?'/); -die "bad command: $cmd. Make sure the repo name is exactly as in your config\n" - unless ( $verb and ( $verb =~ $R_COMMANDS or $verb =~ $W_COMMANDS ) - and $repo and $repo =~ $REPONAME_PATT ); +unless ( $verb and ( $verb =~ $R_COMMANDS or $verb =~ $W_COMMANDS ) and $repo and $repo =~ $REPONAME_PATT ) { + # if the user is allowed a shell, just run the command + exec $ENV{SHELL}, "-c", $ENV{SSH_ORIGINAL_COMMAND} if $shell_allowed; + # otherwise, whine + die "bad command: $cmd\n"; +} # ---------------------------------------------------------------------------- # first level permissions check