tAdd code. - git-restrict - simple utility for git repo permission management
HTML git clone https://git.parazyd.org/git-restrict
DIR Log
DIR Files
DIR Refs
DIR README
DIR LICENSE
---
DIR commit d11979654e183e95b46501dba3c364c187db5397
DIR parent 6736d870dd7bf83a4f067db3116abc10cb9b5d21
HTML Author: parazyd <parazyd@dyne.org>
Date: Wed, 31 Mar 2021 03:35:01 +0200
Add code.
Diffstat:
A Makefile | 38 +++++++++++++++++++++++++++++++
A git-restrict.c | 64 +++++++++++++++++++++++++++++++
2 files changed, 102 insertions(+), 0 deletions(-)
---
DIR diff --git a/Makefile b/Makefile
t@@ -0,0 +1,38 @@
+.POSIX:
+
+# paths
+PREFIX = /usr/local
+MANPREFIX = ${PREFIX}/share/man
+
+# Use system flags
+GR_CFLAGS = $(CFLAGS) -Wall -Werror -pedantic -std=c99
+GR_CPPFLAGS = $(CPPFLAGS) -D_GNU_SOURCE
+GR_LDFLAGS = $(LDFLAGS) -static
+
+BIN = git-restrict
+MAN = $(BIN).1
+OBJ = $(BIN:=.o)
+
+all: $(BIN)
+
+.c.o:
+ $(CC) -c $(GR_CFLAGS) $(GR_CPPFLAGS) $<
+
+$(BIN): $(OBJ)
+ $(CC) $(OBJ) $(GR_LDFLAGS) -o $@
+
+clean:
+ rm -f $(BIN) $(OBJ)
+
+install: all
+ mkdir -p $(DESTDIR)$(PREFIX)/bin
+ mkdir -p $(DESTDIR)$(MANPREFIX)/man1
+ cp -f $(BIN) $(DESTDIR)$(PREFIX)/bin
+ cp -f $(MAN) $(DESTDIR)$(MANPREFIX)/man1
+ chmod 755 $(DESTDIR)$(PREFIX)/bin/$(BIN)
+
+uninstall:
+ rm -f $(DESTDIR)$(PREFIX)/bin/$(BIN)
+ rm -f $(DESTDIR)$(MANPREFIX)/man1/$(MAN)
+
+.PHONY: all clean install uninstall
DIR diff --git a/git-restrict.c b/git-restrict.c
t@@ -0,0 +1,64 @@
+/* Copyright (c) 2021 Ivan J. <parazyd@dyne.org>
+ *
+ * This file is part of git-restrict
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License version 3
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+int main(int argc, char *argv[])
+{
+ char *orig_cmd, *cmd, *repo;
+ int i, authorized = 0;
+
+ if (argc < 2) {
+ fprintf(stderr, "usage: git-restrict repo0 repo1 ...\n");
+ return 1;
+ }
+
+ if ((orig_cmd = getenv("SSH_ORIGINAL_COMMAND")) == NULL) {
+ fprintf(stderr, "fatal: No $SSH_ORIGINAL_COMMAND in env.\n");
+ return 1;
+ }
+
+ repo = strdup(orig_cmd);
+
+ if ((cmd = strsep(&repo, " ")) == NULL)
+ return 1;
+
+ if (strcmp("git-upload-pack", cmd) && strcmp("git-receive-pack", cmd)) {
+ fprintf(stderr, "fatal: Unauthorized command.\n");
+ return 1;
+ }
+
+ /* Remove ' prefix and suffix */
+ repo++; repo[strlen(repo)-1] = 0;
+
+ for (i = 1; i < argc; i++) {
+ if (!strcmp(argv[i], repo)) {
+ authorized = 1;
+ break;
+ }
+ }
+
+ if (authorized)
+ if (execlp("git-shell", " ", "-c", orig_cmd, (char *)NULL) < 0)
+ perror("execlp");
+
+ fprintf(stderr, "fatal: Access to repository denied.\n");
+ return 1;
+}