summaryrefslogtreecommitdiff
path: root/gitaccess
blob: bc72e03414c031793b87055863a8471b80ba560b (plain)
    1 #!/usr/bin/env bash
    2 #
    3 # Gitaccess implements basic access controls for git.
    4 # Copyright (C) 2015 Aaron Ball <nullspoon@iohq.net>
    5 # 
    6 # This program is free software; you can redistribute it and/or modify it under
    7 # the terms of the GNU General Public License as published by the Free Software
    8 # Foundation; either version 2 of the License, or (at your option) any later
    9 # version.
   10 # 
   11 # This program is distributed in the hope that it will be useful, but WITHOUT
   12 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
   13 # FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
   14 # details.
   15 # 
   16 # You should have received a copy of the GNU General Public License along with
   17 # this program; if not, write to the Free Software Foundation, Inc., 51
   18 # Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
   19 #
   20 #
   21 # Description
   22 # -----------
   23 #
   24 # This script provides basic access controls to git repos. For this script to
   25 # work, it requires that each repository has a 'users' file. This script reads
   26 # that file and determines if the user associated with the logged in ssh key
   27 # has access to that repo.
   28 #
   29 # This script also provides support for interactive git shell, interactive
   30 # shell rejection via the no-interactive-shell script, and any other scripts
   31 # that are placed inside the ~/git-shell-commands directory.
   32 #
   33 # To use this script for a specified ssh key, call it using the command
   34 # directive in the ~/.ssh/authorized keys file using the following syntax
   35 #
   36 #     # Key for user <username>
   37 #     command="gitaccess <username>" ecdsa-sha2-nistp521 AAAAE2v....
   38 #
   39 
   40 
   41 #
   42 # Logging function for standardized log output. This also ensures that log
   43 # messages don't cause perceived corruption in git responses, as they always
   44 # report to stderr.
   45 #
   46 # @param lvl Log level string. Can be anything, but error, info, warn, fatal,
   47 #            etc. are recomended
   48 # @param msg Log message
   49 #
   50 log() {
   51   local lvl=${1}
   52   shift
   53   local msg=${@}
   54 
   55   d=$(date '+%F %T')
   56   printf "%s   %s   %s\n" "${d}" "${lvl}" "${msg[@]}" >> ~/git.log
   57   printf "%s   %s   %s\n" "${d}" "${lvl}" "${msg[@]}" >&2
   58 }
   59 
   60 # Some logging macros to save typing time and space
   61 lerror() { log 'error' ${@}; }
   62 linfo()  { log 'info ' ${@}; }
   63 lwarn()  { log 'warn ' ${@}; }
   64 lwarn()  { log 'fatal' ${@}; }
   65 
   66 
   67 #
   68 # Resolves the specified git repo path. Returns failure if...
   69 #   No repo exists at the path
   70 #   No repo exists at the path with .git appended
   71 #   The specified path exists, but is no a bare repository
   72 #
   73 # If the path is able to be resolved, the updated path is returned with an exit
   74 # code of 0.
   75 #
   76 # @param repopath Path to the repo to resolve
   77 #
   78 git_resolve_path() {
   79   local repopath=${1:-}
   80   local isbare
   81 
   82   # Resolve the path correctly if it has .git on the end that was not specified
   83   [ -d ${repopath}.git ] && repopath=${repopath}.git
   84   # If no repo can be found still, return failure
   85   [ ! -d ${repopath} ] && lerror "No repo exists at ${repopath}" && return 1
   86 
   87   isbare=$(git --git-dir="${repopath}" rev-parse --is-bare-repository 2>/dev/null)
   88   [ "${isbare:-}" = 'true' ] && printf ${repopath} && return 0
   89 
   90   lerror "Not a git repository: ${repopath}"
   91   return 1
   92 }
   93 
   94 
   95 #
   96 # Checks if the specified user has acccess to the specified repo.
   97 # Requires the presence of the users file at the top level of the bare repo.
   98 # This file should contain one username per line
   99 #
  100 # @param repopath Path to the repo we're checking access to
  101 # @param user     Username to check for access
  102 #
  103 git_check_access() {
  104   local repopath=${1}
  105   local user=${2}
  106 
  107   local found=0 # Number of times the user is found in the users file
  108   
  109   if [ -d ${repopath} ]; then
  110     # Fail if users file is not found
  111     if [ ! -f ${repopath}/users ]; then
  112       lerror "No users file found in ${repopath}."
  113       lerror "Access denied"
  114       printf 0
  115       return 1
  116     fi
  117   
  118     # Check if the user is in the users file
  119     found=$(grep -c "^[ 	]*${user}[ 	]*$" ${repopath}/users)
  120     if [ ${found} -eq 0 ]; then
  121       lerror "Permission denied for ${user} to ${repopath}"
  122       printf 0
  123     else
  124       linfo "Permission granted for ${user} to ${repopath}"
  125       printf 1
  126     fi
  127   else
  128     lerror "Could not find repo at ${repopath}."
  129     return 3
  130   fi
  131 }
  132 
  133 
  134 #
  135 # Ye olde main
  136 #
  137 main() {
  138   local user="${1:-}"
  139 
  140   local repopath='none'
  141 
  142   # Detect if someone tries to launch this script from this script, thus creating
  143   # an infinite recursive loop spawning subshells.
  144   if [ "${SSH_ORIGINAL_COMMAND:-}" = "$(basename ${0})" ]; then
  145     log error "Blocking infinite recursion"
  146     exit 1
  147   fi
  148 
  149   # Launch git interractive shell if no commands were specified
  150   if [ -z "${SSH_ORIGINAL_COMMAND:-}" ]; then
  151     /usr/bin/env git shell
  152     return $?
  153   fi
  154   
  155   # If the user specified a git-* command, check if they have access to run it.
  156   if [ "${SSH_ORIGINAL_COMMAND:0:4}" = 'git-' ]; then
  157     # Parse the repo path out from the git command
  158     repopath="$(echo ${SSH_ORIGINAL_COMMAND} | cut -d ' ' -f 2 | tr -d "'")"
  159 
  160     # Resolve the repo path (in case it needs a .git or something else)
  161     repopath=$(git_resolve_path "${repopath}")
  162     [ $? -gt 0 ] && return 1
  163 
  164     # Verify the user has access to this repo
  165     allowed=$(git_check_access "${repopath}" "${user}")
  166     [ ${allowed} -ne 1 ] && exit 1
  167   fi
  168   
  169   # All checks passed. Run the command
  170   /usr/bin/env git shell -c "${SSH_ORIGINAL_COMMAND}"
  171 }
  172 
  173 main ${@}

Generated by cgit