X-Git-Url: https://oss.titaniummirror.com/gitweb?a=blobdiff_plain;f=repo_shell.c;h=07e5cf7e4b24e0d5a4275fc1b542def979af7052;hb=HEAD;hp=f5ec2680fdcf9e2f408a860cfc5eddff30a0365a;hpb=bcc0e47c0c7bebbcc6abc30390894fa2ca93f5c8;p=repo_shell.git diff --git a/repo_shell.c b/repo_shell.c index f5ec268..07e5cf7 100644 --- a/repo_shell.c +++ b/repo_shell.c @@ -18,6 +18,8 @@ #define SHELL "/bin/bash" #define GIT_ACL_FILE ".gitacls" +enum { REPO_UMASK = 027 }; + typedef struct { char *user; char *svn_root; @@ -36,9 +38,17 @@ static void change_user(char *user) if (!pw) die("invalid user %s", user); + setgid(pw->pw_gid); setuid(pw->pw_uid); } +/* Set the user and group permissions back to the requesting user */ +static void reset_user() +{ + setgid(getgid()); + setuid(getuid()); +} + static char *dequote(char *arg) { char* narg = NULL; @@ -94,6 +104,7 @@ static int do_git_cmd(const char *cmd, char *arg, char *user) die("bad command"); change_user(cfg.owner); + umask(REPO_UMASK); if (!git_check_access(cmd, arg, user)) die("insufficient ACL permissions"); @@ -116,6 +127,7 @@ static int do_svnserve_cmd(const char *cmd, char *arg, char *user) int ret; change_user(cfg.owner); + umask(REPO_UMASK); return execvp(svnserve_argv[0], (char *const *) svnserve_argv); } @@ -179,6 +191,17 @@ int main(int argc, char **argv) die("opening /dev/null failed"); close (devnull_fd); + if (argc == 2 && (!strcmp(argv[1], "-h") || !strcmp(argv[1], "--help"))) { + fprintf(stderr, "%s is a replacement login shell.\n" + " May be ran from the command line with one of these options:\n" + " -h|--help this text\n" + " -v|--version program version string\n" + " -t|--test test access\n" + " -d|--detail test access, outputting more detail\n" + , argv[0]); + return 0; + } + if (argc == 2 && (!strcmp(argv[1], "-v") || !strcmp(argv[1], "--version"))) { fprintf(stderr, "%s\n", version); return 0; @@ -194,17 +217,17 @@ int main(int argc, char **argv) fprintf(stderr, "\n"); die("only repository access is allowed"); } - setuid(getuid()); + reset_user(); argv[0] = SHELL; execvp(argv[0], (char *const *) argv); return 1; } - if ((!strcmp(argv[1], "-t") || !strcmp(argv[1], "--test"))) { + if ((!strcmp(argv[1], "-d") || !strcmp(argv[1], "--detail"))) { perms_t p; if (argc !=4) - die("usage: %s -t ", argv[0]); + die("usage: %s -d|--detail ", argv[0]); p = git_acl(argv[2], argv[3], cfg.git_acl_file); fprintf(stderr, "user '%s' repo '%s' perms '%s'\n via userid '%s' repoid '%s'\n", @@ -213,6 +236,16 @@ int main(int argc, char **argv) return 0; } + if ((!strcmp(argv[1], "-t") || !strcmp(argv[1], "--test"))) { + perms_t p; + + if (argc !=4) + die("usage: %s -t|--test ", argv[0]); + p = git_acl(argv[2], argv[3], cfg.git_acl_file); + printf("%s\n", git_acl_perms_as_str(p)); + return 0; + } + if (argc == 3) { /* argv[0] = repo_shell, argv[1] = -c, argv[2] = cmd * cmd = "svnserve -t" or "git-xxx '/path/to/repo.git'" @@ -245,7 +278,7 @@ int main(int argc, char **argv) if (!cfg.allow_interactive) die("only repository access is allowed"); - setuid(getuid()); + reset_user(); cd_to_homedir(); argv[0] = SHELL; execvp(argv[0], (char *const *) argv);