From a19a7f01d74fae087b3e7882b47754d881446257 Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Wed, 28 Oct 2009 13:33:24 +0530 Subject: [PATCH] auth, doc/3: print useful information when no command given --- doc/3-faq-tips-etc.mkd | 39 +++++++++++++++++++++++++-------------- src/gl-auth-command | 22 ++++++++++++++++------ 2 files changed, 41 insertions(+), 20 deletions(-) diff --git a/doc/3-faq-tips-etc.mkd b/doc/3-faq-tips-etc.mkd index 3fced01..0dc851a 100644 --- a/doc/3-faq-tips-etc.mkd +++ b/doc/3-faq-tips-etc.mkd @@ -16,7 +16,7 @@ In this document: * better logging * one user, many keys * support for git installed outside default PATH - * who am I? + * what repos do I have access to? * other cool things * "personal" branches * design choices @@ -348,24 +348,35 @@ attempting to run git stuff. Very easy, very simple, and completely transparent to the users :-) -#### who am I? + -As a developer, I send a file called `id_rsa.pub` to the gitolite admin. He -would rename it to "sitaram.pub" and put it in the key directory. Then he'd -add "sitaram" to the config file for the repos which I have access to. +#### what repos do I have access to? -But he could have called me "foobar" instead of "sitaram" -- as long as he -uses it consistently, it'll all work the same and look the same to me, because -the public key is all that matters. +Sometimes there are too many repos, maybe even named similarly, or with the +potential for typos, confusion about hyphens/underscores or upper/lower case, +etc. You'd just like a simple way to know what repos you have access to. -So do I have no reason to know what the admin named me? Well -- maybe (see -next section for one possible use). Anyway how do I find out? +Easy! Just use ssh and try to log in as if you were attempting to get a +shell: -In gitolite, it's simple: just ask nicely :-) - - $ ssh git@my.gitolite.server + $ ssh gitolite PTY allocation request failed on channel 0 - no SSH_ORIGINAL_COMMAND? I'm not a shell, sitaram! + hello sitaram, the gitolite version here is v0.6-17-g94ed189 + you have the following permissions: + R W Anu-WSD + R ROtest + R W SecureBrowse + R W entrans + R W git-notes + R W gitolite + R W gitolite-admin + R W indic_web_input + R W proxy + R W vkc + +Note that until this version, we used to put out an ugly `need +SSH_ORIGINAL_COMMAND` error, just like gitosis used to. All we did is put +that code path to better use :-) ### other cool things diff --git a/src/gl-auth-command b/src/gl-auth-command index 62e5add..4d9b805 100755 --- a/src/gl-auth-command +++ b/src/gl-auth-command @@ -24,7 +24,7 @@ use warnings; # ---------------------------------------------------------------------------- -our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH); +our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $GL_ADMINDIR); our %repos; # the common setup module is in the same directory as this running program is @@ -60,11 +60,21 @@ my $user=$ENV{GL_USER}=shift; # there; now that's available everywhere! # sanity checks on SSH_ORIGINAL_COMMAND # ---------------------------------------------------------------------------- -# SSH_ORIGINAL_COMMAND must exist. Since we also captured $user, we print -# that in the message so people saying "ssh git@server" can see which gitolite -# user he is being recognised as -my $cmd = $ENV{SSH_ORIGINAL_COMMAND} - or die "no SSH_ORIGINAL_COMMAND? I'm not a shell, $user!\n"; +# SSH_ORIGINAL_COMMAND must exist; if not, we die with a nice message +unless ($ENV{SSH_ORIGINAL_COMMAND}) { + # send back some useful info if no command was given + print "hello $user, the gitolite version here is "; + system("cat", "$GL_ADMINDIR/src/VERSION"); + print "\ryou have the following permissions:\n\r"; + for my $r (sort keys %repos) { + my $perm .= " R" if $repos{$r}{R}{$user}; + $perm .= " W" if $repos{$r}{W}{$user}; + print "$perm\t$r\n\r" if $perm; + } + exit 1; +} + +my $cmd = $ENV{SSH_ORIGINAL_COMMAND}; # split into command and arguments; the pattern allows old style as well as # new style: "git-subcommand arg" or "git subcommand arg", just like gitosis