| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
Now the validate_git function takes an additional argument: repo. This
is because rather than having repo be parsed out of the environment
varibale within validate_git via the unwrap function, we now use sscanf
to read it, since the input string is so consistent. This also deletes
the unwrap function completely.
Finally, this updates many of the log messages to be more helpful, since
the repo path is now readily available within main.
|
|
There already existed a string buffer for the original ssh command
string, but this still made repeated calls to get that environment
variable. Now we only use the `cmd` buffer.
This also prints "No soup for you!" to stderr, rather than stdout.
|
|
|
|
The previously used for loop is easily replaced by the strchr function
provided by string.h.
|
|
|
|
Signed-off-by: Aaron Ball <nullspoon@oper.io>
|
|
This fully implements support provided by the old shell script into C.
This improves performance, stability, and logging. Upgraded license to
GPLv3 and copyright to 2020. Added Makefile, with install support. Also
added a gitignore so the binary never gets contributed accidentally.
|
|
|
|
Also fixed author's email address.
|
|
|
|
|
|
The pre-receive hook script was cumbersome as it required that each
repository have it present for access controls to work. This also
introduced a second script into the already-complicated [setup] process.
The gitaccess script now handles all of the functionality that the
pre-receive hook script handled, but in a much more standardized and
maintainable way.
Removed gitaccess.pre-receive
Updated Description to detail how it works now.
Moved all primary process code into a new main function.
Created git_resolve_path and git_check_access functions to make code
easier to maintain and read.
Implemented logging functions to ensure log output is standardized and
to reduce the chances that user messages will corrupt git-shell output.
Also implemented logging wrapper functions lerror, lwarn, lfatal, and
linfo to make logging easier to write.
Added more error checking in several places.
|
|
|
|
If a user logged in with a non-interractive shell requesting the command
'gitaccess' be executed, an infinite loop would be created in the
foreground of the connected shell where the gitaccess script would call
itself. This is now checked for.
If a user tried executing any command in a non-interractive shell, it
would succeed if they could authenticate. This was becuase the user's
command was passed through verbatim to a bash subshell, which doesn't
check for command allowance like git-shell does. Now we pass the user's
command through to 'git shell -c', which performs permissions checking
on the command.
NOTE: This fixes 2 attack vectors. However, these vectors were only
available to users that had successfully authenticated via a
private key.
|
|
Grep wasn't specific enough, so a user who's name was a subset of another
user's (eg: user is allowed because user is in another user's username,
user-foo) would allow access. A rare scenario, but not safe for sure.
|
|
Now printing repo and branch information on logs and messages.
Introduced new "repo" and "branch" variables.
|
|
This is a working version. It includes the license, pre-receive hook, variable
parsing script, and documentation for how to set it up.
|
