dshadow · April 2, 2023 14:05
diff --git a/git-shell-check-access.py b/git-shell-check-access.py
 #!/usr/bin/env python3
 import os
 import sys
 import logging

 logger = logging.getLogger(__name__)
 logging.basicConfig(level=logging.INFO, format='%(levelname)s:%(message)s')

 path = '/path_to_my_super_repo'
 read_only = False if len(sys.argv) > 1 and sys.argv[1] == '-rw' else True

 def fatal(message):
    logger.error(message)
    sys.exit(1)

 full_cmd = os.getenv('SSH_ORIGINAL_COMMAND')
 if not full_cmd:
    fatal("SSH_ORIGINAL_COMMAND environment variable isn't set")

 req_list = full_cmd.split()
 if len(req_list) != 2:
    fatal('Invalid git command')

 req_cmd, req_path = req_list

 if req_cmd == 'git-receive-pack':
    if read_only:
        fatal('No write commands allowed, read-only.')
 elif req_cmd != 'git-upload-pack':
    fatal('Invalid git command')

 if req_path.strip("'") != path:
    fatal('The path is not allowed')

 code = os.system(f'/usr/bin/git-shell -c "{full_cmd}"')
 sys.exit(code)
	#!/usr/bin/env python3
	import os
	import sys
	import logging

	logger = logging.getLogger(__name__)
	logging.basicConfig(level=logging.INFO, format='%(levelname)s:%(message)s')

	path = '/path_to_my_super_repo'
	read_only = False if len(sys.argv) > 1 and sys.argv[1] == '-rw' else True

	def fatal(message):
	logger.error(message)
	sys.exit(1)

	full_cmd = os.getenv('SSH_ORIGINAL_COMMAND')
	if not full_cmd:
	fatal("SSH_ORIGINAL_COMMAND environment variable isn't set")

	req_list = full_cmd.split()
	if len(req_list) != 2:
	fatal('Invalid git command')

	req_cmd, req_path = req_list

	if req_cmd == 'git-receive-pack':
	if read_only:
	fatal('No write commands allowed, read-only.')
	elif req_cmd != 'git-upload-pack':
	fatal('Invalid git command')

	if req_path.strip("'") != path:
	fatal('The path is not allowed')

	code = os.system(f'/usr/bin/git-shell -c "{full_cmd}"')
	sys.exit(code)