bin/git-shell-verify

   1 #!/bin/sh
   2 #
   3 # Abort any push early if the pushing user doesn't have any push permissions
   4 # at all.  This avoids unnecessary traffic and unpacked object pollution.
   5 #
   6 # This script is intended for use from within the chroot jail and may or may
   7 # not work properly outside it.
   8
   9 set -e
  10
  11 if ! [ -x /usr/bin/perl ]; then
  12         # We are INSIDE the chroot
  13         reporoot=/@jailreporoot@
  14 else
  15         # We are NOT INSIDE the chroot
  16         reporoot=@reporoot@
  17 fi
  18 webadmurl=@webadmurl@
  19
  20 # Only the following commands are allowed:
  21 #
  22 #   git-shell -c 'git-receive-pack dir'
  23 #   git-shell -c 'git receive-pack dir'
  24 #   git-shell -c 'git-upload-pack dir'
  25 #   git-shell -c 'git upload-pack dir'
  26 #   git-shell -c 'git-upload-archive dir'
  27 #   git-shell -c 'git upload-archive dir'
  28 #
  29 # where dir must start with $reporoot/ but a leading/trailing '/' is optional
  30 # as well as the final .git
  31
  32 if [ "$1" != "-c" ]; then
  33         echo forbidden >&2
  34         exit 1
  35 fi
  36
  37 dir="$2"
  38 type=''
  39 case "$2" in
  40         "git-receive-pack "*)   type='receive-pack';   dir="${dir#git-receive-pack }";;
  41         "git receive-pack "*)   type='receive-pack';   dir="${dir#git receive-pack }";;
  42         "git-upload-pack "*)    type='upload-pack';    dir="${dir#git-upload-pack }";;
  43         "git upload-pack "*)    type='upload-pack';    dir="${dir#git upload-pack }";;
  44         "git-upload-archive "*) type='upload-archive'; dir="${dir#git-upload-archive }";;
  45         "git upload-archive "*) type='upload-archive'; dir="${dir#git upload-archive }";;
  46         *)
  47                 echo forbidden >&2
  48                 exit 1
  49 esac
  50
  51 # valid project names only allow 0-9A-Za-z._+- plus the / separator and they
  52 # are always single quoted so the only valid directory names will always start
  53 # with a single quote and end with a single quote and not contain any internal
  54 # character that needs to be escaped.
  55
  56 case "$dir" in
  57         "'"*) :;;
  58         *)
  59                 echo forbidden >&2
  60                 exit 1
  61 esac
  62 case "$dir" in
  63         *"'") :;;
  64         *)
  65                 echo forbidden >&2
  66                 exit 1
  67 esac
  68
  69 dir="${dir#\'}"; dir="${dir%\'}"
  70
  71 # add a missing leading /
  72 case "$dir" in
  73         /*) :;;
  74         *)
  75                 dir="/$dir"
  76 esac
  77
  78 # remove a trailing /
  79 case "$dir" in
  80         *?/)
  81                 dir="${dir%/}"
  82 esac
  83
  84 # add a missing trailing .git
  85 case "$dir" in
  86         *.git) :;;
  87         *)
  88                 dir="$dir.git"
  89 esac
  90
  91 case "$dir" in
  92         "$reporoot/"*) :;;
  93         *)
  94                 echo forbidden >&2
  95                 exit 1
  96 esac
  97
  98 if ! [ -d "$dir" ] || ! [ -f "$dir/HEAD" ] || ! [ -d "$dir/objects" ]; then
  99         echo forbidden >&2
 100         exit 1
 101 fi
 102
 103 proj="${dir#$reporoot/}"; projbare="${proj%.git}"
 104
 105 if [ "$type" = 'receive-pack' ] && ! [ -f "$dir/.nofetch" ]; then
 106         echo "The $proj project is a mirror and may not be pushed to, sorry" >&2
 107         exit 3
 108 fi
 109
 110 if ! [ -x /usr/bin/perl ] && [ "$type" = 'receive-pack' ]; then
 111         # We are INSIDE the chroot trying to push
 112
 113         if ! can_user_push "$projbare"; then
 114                 echo "The user '$LOGNAME' does not have push permissions for project '$proj'" >&2
 115                 echo "You may adjust push permissions at $webadmurl/editproj.cgi?name=$proj" >&2
 116                 exit 3
 117         fi
 118 fi
 119
 120 exec git-shell "$@"
 121 exit 1