kubicek · March 31, 2009 08:14
diff --git a/repositories.yml b/repositories.yml
 users:
  kubicek:
    repositories:
      - "xnet/superstudent.git"
      - "xnet/aukce.git"
diff --git a/ssh_git.rb b/ssh_git.rb
 class SshGit

  def self.execute_command
    cmd = "git-receive-pack 'xnet/superstudent.git/kubicek/nejaky-hash-commitu'" #ENV["SSH_ORIGINAL_COMMAND"]
    
    raise "Need SSH_ORIGINAL_COMMAND in environment." if cmd.nil?
    raise "Command may not contain newlines." if cmd.include?("\n")
    
    reg = /\Agit-(receive|upload)-pack 'xnet\/([a-zA-Z][a-zA-Z0-9@._-]*)\/([a-zA-Z][a-zA-Z0-9@._-]*)(\/[a-zA-Z][a-zA-Z0-9@._-]*)*'\z/
    cmd_match = cmd.match(reg)   
    
    if cmd_match.nil?
      raise "Command to run looks dangerous"
    else
      command = cmd_match[1]
      user_name = cmd_match[3]
      repository = cmd_match[2]
      
      unless authenticated?(user_name, repository)
        raise "User is not authorized to access this repository"
      else
        unless %w(receive upload).include?(command)
          raise "Command not allowed"
        else
          exec cmd
        end          
      end      
    end     
  end
  
  def self.authenticated?(user_name, repository)
    yml = open('repositories.yml') {|f| YAML.load(f) }
    unless ARGV[0] == user_name and yml['users'].include?(user_name) and yml['users'][user_name]['repositories'].include?(repository)
      return false
    else
      return true
    end
  end

 end

 if $0 == __FILE__ 
  SshGit.execute_command
 end
	users:
	kubicek:
	repositories:
	- "xnet/superstudent.git"
	- "xnet/aukce.git"
	class SshGit

	def self.execute_command
	cmd = "git-receive-pack 'xnet/superstudent.git/kubicek/nejaky-hash-commitu'" #ENV["SSH_ORIGINAL_COMMAND"]

	raise "Need SSH_ORIGINAL_COMMAND in environment." if cmd.nil?
	raise "Command may not contain newlines." if cmd.include?("\n")

	reg = /\Agit-(receive\|upload)-pack 'xnet\/([a-zA-Z][a-zA-Z0-9@._-])\/([a-zA-Z][a-zA-Z0-9@._-])(\/[a-zA-Z][a-zA-Z0-9@._-])'\z/
	cmd_match = cmd.match(reg)

	if cmd_match.nil?
	raise "Command to run looks dangerous"
	else
	command = cmd_match[1]
	user_name = cmd_match[3]
	repository = cmd_match[2]

	unless authenticated?(user_name, repository)
	raise "User is not authorized to access this repository"
	else
	unless %w(receive upload).include?(command)
	raise "Command not allowed"
	else
	exec cmd
	end
	end
	end
	end

	def self.authenticated?(user_name, repository)
	yml = open('repositories.yml') {\|f\| YAML.load(f) }
	unless ARGV[0] == user_name and yml['users'].include?(user_name) and yml['users'][user_name]['repositories'].include?(repository)
	return false
	else
	return true
	end
	end

	end

	if $0 == __FILE__
	SshGit.execute_command
	end