#define SHELL "/bin/bash"
#define GIT_ACL_FILE ".gitacls"
+enum { REPO_UMASK = 027 };
+
typedef struct {
char *user;
char *svn_root;
if (!pw)
die("invalid user %s", user);
+ setgid(pw->pw_gid);
setuid(pw->pw_uid);
}
+/* Set the user and group permissions back to the requesting user */
+static void reset_user()
+{
+ setgid(getgid());
+ setuid(getuid());
+}
+
static char *dequote(char *arg)
{
char* narg = NULL;
die("bad command");
change_user(cfg.owner);
+ umask(REPO_UMASK);
if (!git_check_access(cmd, arg, user))
die("insufficient ACL permissions");
int ret;
change_user(cfg.owner);
+ umask(REPO_UMASK);
return execvp(svnserve_argv[0], (char *const *) svnserve_argv);
}
die("opening /dev/null failed");
close (devnull_fd);
+ if (argc == 2 && (!strcmp(argv[1], "-h") || !strcmp(argv[1], "--help"))) {
+ fprintf(stderr, "%s is a replacement login shell.\n"
+ " May be ran from the command line with one of these options:\n"
+ " -h|--help this text\n"
+ " -v|--version program version string\n"
+ " -t|--test <user> <repo> test access\n"
+ " -d|--detail <user> <repo> test access, outputting more detail\n"
+ , argv[0]);
+ return 0;
+ }
+
if (argc == 2 && (!strcmp(argv[1], "-v") || !strcmp(argv[1], "--version"))) {
fprintf(stderr, "%s\n", version);
return 0;
fprintf(stderr, "\n");
die("only repository access is allowed");
}
- setuid(getuid());
+ reset_user();
argv[0] = SHELL;
execvp(argv[0], (char *const *) argv);
return 1;
}
- if ((!strcmp(argv[1], "-t") || !strcmp(argv[1], "--test"))) {
+ if ((!strcmp(argv[1], "-d") || !strcmp(argv[1], "--detail"))) {
perms_t p;
if (argc !=4)
- die("usage: %s -t <user> <repo>", argv[0]);
+ die("usage: %s -d|--detail <user> <repo>", argv[0]);
p = git_acl(argv[2], argv[3], cfg.git_acl_file);
fprintf(stderr,
"user '%s' repo '%s' perms '%s'\n via userid '%s' repoid '%s'\n",
return 0;
}
+ if ((!strcmp(argv[1], "-t") || !strcmp(argv[1], "--test"))) {
+ perms_t p;
+
+ if (argc !=4)
+ die("usage: %s -t|--test <user> <repo>", argv[0]);
+ p = git_acl(argv[2], argv[3], cfg.git_acl_file);
+ printf("%s\n", git_acl_perms_as_str(p));
+ return 0;
+ }
+
if (argc == 3) {
/* argv[0] = repo_shell, argv[1] = -c, argv[2] = cmd
* cmd = "svnserve -t" or "git-xxx '/path/to/repo.git'"
if (!cfg.allow_interactive)
die("only repository access is allowed");
- setuid(getuid());
+ reset_user();
cd_to_homedir();
argv[0] = SHELL;
execvp(argv[0], (char *const *) argv);