| Age | Commit message (Collapse) | Author |
|---|
|
This fully implements support provided by the old shell script into C.
This improves performance, stability, and logging. Upgraded license to
GPLv3 and copyright to 2020. Added Makefile, with install support. Also
added a gitignore so the binary never gets contributed accidentally.
|
|
|
|
Also fixed author's email address.
|
|
|
|
|
|
The pre-receive hook script was cumbersome as it required that each
repository have it present for access controls to work. This also
introduced a second script into the already-complicated [setup] process.
The gitaccess script now handles all of the functionality that the
pre-receive hook script handled, but in a much more standardized and
maintainable way.
Removed gitaccess.pre-receive
Updated Description to detail how it works now.
Moved all primary process code into a new main function.
Created git_resolve_path and git_check_access functions to make code
easier to maintain and read.
Implemented logging functions to ensure log output is standardized and
to reduce the chances that user messages will corrupt git-shell output.
Also implemented logging wrapper functions lerror, lwarn, lfatal, and
linfo to make logging easier to write.
Added more error checking in several places.
|
|
|
|
If a user logged in with a non-interractive shell requesting the command
'gitaccess' be executed, an infinite loop would be created in the
foreground of the connected shell where the gitaccess script would call
itself. This is now checked for.
If a user tried executing any command in a non-interractive shell, it
would succeed if they could authenticate. This was becuase the user's
command was passed through verbatim to a bash subshell, which doesn't
check for command allowance like git-shell does. Now we pass the user's
command through to 'git shell -c', which performs permissions checking
on the command.
NOTE: This fixes 2 attack vectors. However, these vectors were only
available to users that had successfully authenticated via a
private key.
|
|
Grep wasn't specific enough, so a user who's name was a subset of another
user's (eg: user is allowed because user is in another user's username,
user-foo) would allow access. A rare scenario, but not safe for sure.
|
|
Now printing repo and branch information on logs and messages.
Introduced new "repo" and "branch" variables.
|
|
This is a working version. It includes the license, pre-receive hook, variable
parsing script, and documentation for how to set it up.
|
