Ensure non-repo ssh commands run as connecting user.

[repo_shell.git] / repo_shell.c

diff --git a/repo_shell.c b/repo_shell.c
index b51c0add25039ca49e31b232a50a9f3add431fa8..ecce7d3aebc8229f6bbee4e3cfe3ed7bc0ead514 100644 (file)
--- a/repo_shell.c
+++ b/repo_shell.c
@@ -19,6 +19,8 @@ typedef struct {
        char *owner;
 } cfg_t;
 
+static const char* shell_argv[] = { "/bin/bash", NULL };
+
 #undef USE_DEFAULTS
 #ifdef USE_DEFAULTS /* perhaps we want defaults?  Not sure */
 static cfg_t cfg {
@@ -344,9 +346,12 @@ int main(int argc, char **argv)
                        !strcmp(argv[1], "--version"))) {
                fprintf(stderr, "%s\n", version);
                return 0;
+       }
+
+       if (argc == 1 && check_ssh_interactive(getuid())) {
+               setuid(getuid());
+               execvp(shell_argv[0], (char *const *) shell_argv);
         }
-       if (argc < 3)
-               die("invalid arguments");
 
 #ifdef USE_DEFAULTS
        ini_parse("repo_shell.cfg", handler, &cfg);
@@ -385,6 +390,7 @@ int main(int argc, char **argv)
        if (!check_ssh_interactive(getuid()))
                die("only repository access is allowed");
 
+       setuid(getuid());
        cd_to_homedir();
        count = split_cmdline(prog, &user_argv);
        if (count >= 0) {