git-restrict

simple utility for git repo permission management
git clone https://git.parazyd.org/git-restrict
Log | Files | Refs | README | LICENSE
commit d11979654e183e95b46501dba3c364c187db5397
parent 6736d870dd7bf83a4f067db3116abc10cb9b5d21
Author: parazyd <parazyd@dyne.org>
Date:   Wed, 31 Mar 2021 03:35:01 +0200

Add code.

Diffstat:

AMakefile | 38++++++++++++++++++++++++++++++++++++++


Agit-restrict.c | 64++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


2 files changed, 102 insertions(+), 0 deletions(-)

diff --git a/Makefile b/Makefile
@@ -0,0 +1,38 @@
+.POSIX:
+
+# paths
+PREFIX = /usr/local
+MANPREFIX = ${PREFIX}/share/man
+
+# Use system flags
+GR_CFLAGS = $(CFLAGS) -Wall -Werror -pedantic -std=c99
+GR_CPPFLAGS = $(CPPFLAGS) -D_GNU_SOURCE
+GR_LDFLAGS = $(LDFLAGS) -static
+
+BIN = git-restrict
+MAN = $(BIN).1
+OBJ = $(BIN:=.o)
+
+all: $(BIN)
+
+.c.o:
+	$(CC) -c $(GR_CFLAGS) $(GR_CPPFLAGS) $<
+
+$(BIN): $(OBJ)
+	$(CC) $(OBJ) $(GR_LDFLAGS) -o $@
+
+clean:
+	rm -f $(BIN) $(OBJ)
+
+install: all
+	mkdir -p $(DESTDIR)$(PREFIX)/bin
+	mkdir -p $(DESTDIR)$(MANPREFIX)/man1
+	cp -f $(BIN) $(DESTDIR)$(PREFIX)/bin
+	cp -f $(MAN) $(DESTDIR)$(MANPREFIX)/man1
+	chmod 755 $(DESTDIR)$(PREFIX)/bin/$(BIN)
+
+uninstall:
+	rm -f $(DESTDIR)$(PREFIX)/bin/$(BIN)
+	rm -f $(DESTDIR)$(MANPREFIX)/man1/$(MAN)
+
+.PHONY: all clean install uninstall
diff --git a/git-restrict.c b/git-restrict.c
@@ -0,0 +1,64 @@
+/* Copyright (c) 2021 Ivan J. <parazyd@dyne.org>
+ *
+ * This file is part of git-restrict
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License version 3
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+int main(int argc, char *argv[])
+{
+	char *orig_cmd, *cmd, *repo;
+	int i, authorized = 0;
+
+	if (argc < 2) {
+		fprintf(stderr, "usage: git-restrict repo0 repo1 ...\n");
+		return 1;
+	}
+
+	if ((orig_cmd = getenv("SSH_ORIGINAL_COMMAND")) == NULL) {
+		fprintf(stderr, "fatal: No $SSH_ORIGINAL_COMMAND in env.\n");
+		return 1;
+	}
+
+	repo = strdup(orig_cmd);
+
+	if ((cmd = strsep(&repo, " ")) == NULL)
+		return 1;
+
+	if (strcmp("git-upload-pack", cmd) && strcmp("git-receive-pack", cmd)) {
+		fprintf(stderr, "fatal: Unauthorized command.\n");
+		return 1;
+	}
+
+	/* Remove ' prefix and suffix */
+	repo++; repo[strlen(repo)-1] = 0;
+
+	for (i = 1; i < argc; i++) {
+		if (!strcmp(argv[i], repo)) {
+			authorized = 1;
+			break;
+		}
+	}
+
+	if (authorized)
+		if (execlp("git-shell", " ", "-c", orig_cmd, (char *)NULL) < 0)
+			perror("execlp");
+
+	fprintf(stderr, "fatal: Access to repository denied.\n");
+	return 1;
+}