summaryrefslogtreecommitdiff
path: root/gitaccess.pre-receive
blob: 6231caba1070a4744cf9fe3d06e20ed22c0ed36d (plain) 
    1 #!/usr/bin/env bash
    2 #
    3 # Gitaccess implements basic access controls for git.
    4 # Copyright (C) 2015 Aaron Ball <nullspoon@iohq.net>
    5 # 
    6 # This program is free software; you can redistribute it and/or modify it under
    7 # the terms of the GNU General Public License as published by the Free Software
    8 # Foundation; either version 2 of the License, or (at your option) any later
    9 # version.
   10 # 
   11 # This program is distributed in the hope that it will be useful, but WITHOUT
   12 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
   13 # FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
   14 # details.
   15 # 
   16 # You should have received a copy of the GNU General Public License along with
   17 # this program; if not, write to the Free Software Foundation, Inc., 51
   18 # Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
   19 #
   20 
   21 #
   22 # Description
   23 # -----------
   24 #
   25 # This is the pre-receive hook which allows for user filtering to the current
   26 # working repo.
   27 #
   28 # Not that this REQUIRES the GIT_USER variable to be set. This is set by the
   29 # gitaccess script.
   30 #
   31 # This script reads in the user's name as passed by the GIT_USER variable, and
   32 # checks a users file (one user per line) for the given username. These
   33 # usernames are directly associated with ssh keys used to log in.
   34 #
   35 # If the user is found, git proceeds as normal with a "user permitted" message.
   36 #
   37 # If the user is not found in the users file, an error message is printed and
   38 # the git push is aborted.
   39 #
   40 
   41 # Log whatever we want to
   42 function log {
   43   d=$(date '+%s')
   44   echo "${d}: ${@}" >> ~/git.log
   45 }
   46 
   47 # Check if user variable is set. Abort if it is not.
   48 if [[ -z ${GIT_USER} ]]; then
   49   echo "Error: Unknown ssh key. Rejecting push."
   50   exit 1
   51 fi
   52 
   53 log "Attempted login for user ${GIT_USER}"
   54 
   55 # See if user is permitted access to this repo
   56 grep -v '^#' users | grep ${GIT_USER} 2>&1 1>/dev/null
   57 
   58 if [[ $? != 0 ]]; then
   59   log "User is not permitted access to repo $(pwd)"
   60   echo "Error: Permission denied for user ${GIT_USER}. Aborting."
   61   exit 1
   62 else
   63   echo "User ${GIT_USER} accepted. Allowing push."
   64 fi

Generated by cgit