gitcreate: add option to set description

[repo_shell.git] / repo_shell.c

diff --git a/repo_shell.c b/repo_shell.c
index f5ec2680fdcf9e2f408a860cfc5eddff30a0365a..07e5cf7e4b24e0d5a4275fc1b542def979af7052 100644 (file)
--- a/repo_shell.c
+++ b/repo_shell.c
@@ -18,6 +18,8 @@
 #define SHELL "/bin/bash"
 #define GIT_ACL_FILE ".gitacls"
 
+enum { REPO_UMASK = 027 };
+
 typedef struct {
   char *user;
   char *svn_root;
@@ -36,9 +38,17 @@ static void change_user(char *user)
 
   if (!pw)
     die("invalid user %s", user);
+  setgid(pw->pw_gid);
   setuid(pw->pw_uid);
 }
 
+/* Set the user and group permissions back to the requesting user */
+static void reset_user()
+{
+  setgid(getgid());
+  setuid(getuid());
+}
+
 static char *dequote(char *arg)
 {
   char* narg = NULL;
@@ -94,6 +104,7 @@ static int do_git_cmd(const char *cmd, char *arg, char *user)
     die("bad command");
 
   change_user(cfg.owner);
+  umask(REPO_UMASK);
   if (!git_check_access(cmd, arg, user))
     die("insufficient ACL permissions");
 
@@ -116,6 +127,7 @@ static int do_svnserve_cmd(const char *cmd, char *arg, char *user)
   int ret;
 
   change_user(cfg.owner);
+  umask(REPO_UMASK);
   return execvp(svnserve_argv[0], (char *const *) svnserve_argv);
 }
 
@@ -179,6 +191,17 @@ int main(int argc, char **argv)
     die("opening /dev/null failed");
   close (devnull_fd);
 
+  if (argc == 2 && (!strcmp(argv[1], "-h") || !strcmp(argv[1], "--help"))) {
+    fprintf(stderr, "%s is a replacement login shell.\n"
+        "  May be ran from the command line with one of these options:\n"
+        "    -h|--help                 this text\n"
+        "    -v|--version              program version string\n"
+        "    -t|--test <user> <repo>   test access\n"
+        "    -d|--detail <user> <repo> test access, outputting more detail\n"
+        , argv[0]);
+    return 0;
+  }
+
   if (argc == 2 && (!strcmp(argv[1], "-v") || !strcmp(argv[1], "--version"))) {
     fprintf(stderr, "%s\n", version);
     return 0;
@@ -194,17 +217,17 @@ int main(int argc, char **argv)
       fprintf(stderr, "\n");
       die("only repository access is allowed");
     }
-    setuid(getuid());
+    reset_user();
     argv[0] = SHELL;
     execvp(argv[0], (char *const *) argv);
     return 1;
   }
 
-  if ((!strcmp(argv[1], "-t") || !strcmp(argv[1], "--test"))) {
+  if ((!strcmp(argv[1], "-d") || !strcmp(argv[1], "--detail"))) {
     perms_t p;
 
     if (argc !=4)
-      die("usage: %s -t <user> <repo>", argv[0]);
+      die("usage: %s -d|--detail <user> <repo>", argv[0]);
     p = git_acl(argv[2], argv[3], cfg.git_acl_file);
     fprintf(stderr,
         "user '%s' repo '%s' perms '%s'\n  via userid '%s' repoid '%s'\n",
@@ -213,6 +236,16 @@ int main(int argc, char **argv)
     return 0;
   }
 
+  if ((!strcmp(argv[1], "-t") || !strcmp(argv[1], "--test"))) {
+    perms_t p;
+
+    if (argc !=4)
+      die("usage: %s -t|--test <user> <repo>", argv[0]);
+    p = git_acl(argv[2], argv[3], cfg.git_acl_file);
+    printf("%s\n", git_acl_perms_as_str(p));
+    return 0;
+  }
+
   if (argc == 3) {
     /* argv[0] = repo_shell, argv[1] = -c, argv[2] = cmd
      * cmd = "svnserve -t" or "git-xxx '/path/to/repo.git'"
@@ -245,7 +278,7 @@ int main(int argc, char **argv)
 
   if (!cfg.allow_interactive)
     die("only repository access is allowed");
-  setuid(getuid());
+  reset_user();
   cd_to_homedir();
   argv[0] = SHELL;
   execvp(argv[0], (char *const *) argv);