auth, doc/3: print useful information when no command given
This commit is contained in:
parent
fd6fb9e9e1
commit
a19a7f01d7
|
@ -16,7 +16,7 @@ In this document:
|
|||
* better logging
|
||||
* one user, many keys
|
||||
* support for git installed outside default PATH
|
||||
* who am I?
|
||||
* what repos do I have access to?
|
||||
* other cool things
|
||||
* "personal" branches
|
||||
* design choices
|
||||
|
@ -348,24 +348,35 @@ attempting to run git stuff.
|
|||
|
||||
Very easy, very simple, and completely transparent to the users :-)
|
||||
|
||||
#### who am I?
|
||||
<a name="myrights"></a>
|
||||
|
||||
As a developer, I send a file called `id_rsa.pub` to the gitolite admin. He
|
||||
would rename it to "sitaram.pub" and put it in the key directory. Then he'd
|
||||
add "sitaram" to the config file for the repos which I have access to.
|
||||
#### what repos do I have access to?
|
||||
|
||||
But he could have called me "foobar" instead of "sitaram" -- as long as he
|
||||
uses it consistently, it'll all work the same and look the same to me, because
|
||||
the public key is all that matters.
|
||||
Sometimes there are too many repos, maybe even named similarly, or with the
|
||||
potential for typos, confusion about hyphens/underscores or upper/lower case,
|
||||
etc. You'd just like a simple way to know what repos you have access to.
|
||||
|
||||
So do I have no reason to know what the admin named me? Well -- maybe (see
|
||||
next section for one possible use). Anyway how do I find out?
|
||||
Easy! Just use ssh and try to log in as if you were attempting to get a
|
||||
shell:
|
||||
|
||||
In gitolite, it's simple: just ask nicely :-)
|
||||
|
||||
$ ssh git@my.gitolite.server
|
||||
$ ssh gitolite
|
||||
PTY allocation request failed on channel 0
|
||||
no SSH_ORIGINAL_COMMAND? I'm not a shell, sitaram!
|
||||
hello sitaram, the gitolite version here is v0.6-17-g94ed189
|
||||
you have the following permissions:
|
||||
R W Anu-WSD
|
||||
R ROtest
|
||||
R W SecureBrowse
|
||||
R W entrans
|
||||
R W git-notes
|
||||
R W gitolite
|
||||
R W gitolite-admin
|
||||
R W indic_web_input
|
||||
R W proxy
|
||||
R W vkc
|
||||
|
||||
Note that until this version, we used to put out an ugly `need
|
||||
SSH_ORIGINAL_COMMAND` error, just like gitosis used to. All we did is put
|
||||
that code path to better use :-)
|
||||
|
||||
### other cool things
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ use warnings;
|
|||
# ----------------------------------------------------------------------------
|
||||
|
||||
|
||||
our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH);
|
||||
our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $GL_ADMINDIR);
|
||||
our %repos;
|
||||
|
||||
# the common setup module is in the same directory as this running program is
|
||||
|
@ -60,11 +60,21 @@ my $user=$ENV{GL_USER}=shift; # there; now that's available everywhere!
|
|||
# sanity checks on SSH_ORIGINAL_COMMAND
|
||||
# ----------------------------------------------------------------------------
|
||||
|
||||
# SSH_ORIGINAL_COMMAND must exist. Since we also captured $user, we print
|
||||
# that in the message so people saying "ssh git@server" can see which gitolite
|
||||
# user he is being recognised as
|
||||
my $cmd = $ENV{SSH_ORIGINAL_COMMAND}
|
||||
or die "no SSH_ORIGINAL_COMMAND? I'm not a shell, $user!\n";
|
||||
# SSH_ORIGINAL_COMMAND must exist; if not, we die with a nice message
|
||||
unless ($ENV{SSH_ORIGINAL_COMMAND}) {
|
||||
# send back some useful info if no command was given
|
||||
print "hello $user, the gitolite version here is ";
|
||||
system("cat", "$GL_ADMINDIR/src/VERSION");
|
||||
print "\ryou have the following permissions:\n\r";
|
||||
for my $r (sort keys %repos) {
|
||||
my $perm .= " R" if $repos{$r}{R}{$user};
|
||||
$perm .= " W" if $repos{$r}{W}{$user};
|
||||
print "$perm\t$r\n\r" if $perm;
|
||||
}
|
||||
exit 1;
|
||||
}
|
||||
|
||||
my $cmd = $ENV{SSH_ORIGINAL_COMMAND};
|
||||
|
||||
# split into command and arguments; the pattern allows old style as well as
|
||||
# new style: "git-subcommand arg" or "git subcommand arg", just like gitosis
|
||||
|
|
Loading…
Reference in a new issue