auth: (WDITOT?) allow special users to get a shell
".../gl-auth-command username" is the normal command that authkeys forces, and this prevents that key from being used to get a shell. We now allow the user to get a shell if the forced command has a "-s" before the "username", like ".../gl-auth-command -s sitaram". (Now that a plain "ssh gitolite" gets you a shell, there's a new "info" command that such privileged keys can use to get basic access info). Thanks to Jesse Keating for the idea! I can't believe this never occurred to me before, but I guess I was so enamoured of my "innovation" in converting what used to be an error into some useful info I didn't think a bit more :/
This commit is contained in:
Sitaram Chamarty
parent
b679bbb56b
commit
75de6c0438
|
|
@ -53,6 +53,14 @@ umask($REPO_UMASK);
|
|||
# start...
|
||||
# ----------------------------------------------------------------------------
|
||||
|
||||
# if the first argument is a "-s", this user is allowed to get a shell using
|
||||
# this key
|
||||
my $shell_allowed = 0;
|
||||
if ($ARGV[0] eq '-s') {
|
||||
$shell_allowed = 1;
|
||||
shift;
|
||||
}
|
||||
|
||||
# first, fix the biggest gripe I have with gitosis, a 1-line change
|
||||
my $user=$ENV{GL_USER}=shift; # there; now that's available everywhere!
|
||||
|
||||
|
|
@ -60,13 +68,24 @@ my $user=$ENV{GL_USER}=shift; # there; now that's available everywhere!
|
|||
# sanity checks on SSH_ORIGINAL_COMMAND
|
||||
# ----------------------------------------------------------------------------
|
||||
|
||||
# SSH_ORIGINAL_COMMAND must exist; if not, we die with a nice message
|
||||
# print basic access info if SSH_ORIGINAL_COMMAND does not exist
|
||||
unless ($ENV{SSH_ORIGINAL_COMMAND}) {
|
||||
# unless the user is allowed to use a shell
|
||||
if ($shell_allowed) {
|
||||
my $shell = $ENV{SHELL};
|
||||
$shell =~ s/.*\//-/; # change "/bin/bash" to "-bash"
|
||||
exec { $ENV{SHELL} } $shell;
|
||||
}
|
||||
&report_basic($GL_ADMINDIR, $GL_CONF_COMPILED, $user);
|
||||
exit 1;
|
||||
}
|
||||
|
||||
my $cmd = $ENV{SSH_ORIGINAL_COMMAND};
|
||||
# people allowed to get a shell can get basic access info by asking nicely
|
||||
if ($shell_allowed and $cmd eq 'info') {
|
||||
&report_basic($GL_ADMINDIR, $GL_CONF_COMPILED, $user);
|
||||
exit 1;
|
||||
}
|
||||
|
||||
# split into command and arguments; the pattern allows old style as well as
|
||||
# new style: "git-subcommand arg" or "git subcommand arg", just like gitosis
|
||||
|
|
@ -77,9 +96,12 @@ my $cmd = $ENV{SSH_ORIGINAL_COMMAND};
|
|||
# including the single quotes
|
||||
|
||||
my ($verb, $repo) = ($cmd =~ /^\s*(git\s+\S+|\S+)\s+'\/?(.*?)(?:.git)?'/);
|
||||
die "bad command: $cmd. Make sure the repo name is exactly as in your config\n"
|
||||
unless ( $verb and ( $verb =~ $R_COMMANDS or $verb =~ $W_COMMANDS )
|
||||
and $repo and $repo =~ $REPONAME_PATT );
|
||||
unless ( $verb and ( $verb =~ $R_COMMANDS or $verb =~ $W_COMMANDS ) and $repo and $repo =~ $REPONAME_PATT ) {
|
||||
# if the user is allowed a shell, just run the command
|
||||
exec $ENV{SHELL}, "-c", $ENV{SSH_ORIGINAL_COMMAND} if $shell_allowed;
|
||||
# otherwise, whine
|
||||
die "bad command: $cmd\n";
|
||||
}
|
||||
|
||||
# ----------------------------------------------------------------------------
|
||||
# first level permissions check
|
||||
|
|
|
|||
Loading…
Reference in a new issue