3 # Abort any push early if the pushing user doesn't have any push permissions
4 # at all. This avoids unnecessary traffic and unpacked object pollution.
6 # This script is intended for use from within the chroot jail and may or may
7 # not work properly outside it.
11 if ! [ -x /usr
/bin
/perl
]; then
12 # We are INSIDE the chroot
13 reporoot
=/@jailreporoot@
15 # We are NOT INSIDE the chroot
20 # Only the following commands are allowed:
22 # git-shell -c 'git-receive-pack dir'
23 # git-shell -c 'git receive-pack dir'
24 # git-shell -c 'git-upload-pack dir'
25 # git-shell -c 'git upload-pack dir'
26 # git-shell -c 'git-upload-archive dir'
27 # git-shell -c 'git upload-archive dir'
29 # where dir must start with $reporoot/ but a leading/trailing '/' is optional
31 if [ "$1" != "-c" ]; then
32 echo 403 forbidden
>&2
39 "git-receive-pack "*) type='receive-pack'; dir
="${dir#git-receive-pack }";;
40 "git receive-pack "*) type='receive-pack'; dir
="${dir#git receive-pack }";;
41 "git-upload-pack "*) type='upload-pack'; dir
="${dir#git-upload-pack }";;
42 "git upload-pack "*) type='upload-pack'; dir
="${dir#git upload-pack }";;
43 "git-upload-archive "*) type='upload-archive'; dir
="${dir#git-upload-archive }";;
44 "git upload-archive "*) type='upload-archive'; dir
="${dir#git upload-archive }";;
46 echo 403 forbidden
>&2
50 # valid project names only allow 0-9A-Za-z._+- plus the / separator and they
51 # are always single quoted so the only valid directory names will always start
52 # with a single quote and end with a single quote and not contain any internal
53 # character that needs to be escaped.
58 echo 403 forbidden
>&2
64 echo 403 forbidden
>&2
68 dir
="${dir#\'}"; dir
="${dir%\'}"
70 # add a missing leading /
86 echo 403 forbidden
>&2
90 if ! [ -d "$dir" ] ||
! [ -f "$dir/HEAD" ] ||
! [ -d "$dir/objects" ]; then
91 echo 403 forbidden
>&2
95 proj
="${dir#$reporoot/}"; projbare
="${proj%.git}"
97 if [ "$type" = 'receive-pack' ] && ! [ -f "$dir/.nofetch" ]; then
98 echo "The $proj project is a mirror and may not be pushed to, sorry" >&2
102 if ! [ -x /usr
/bin
/perl
] && [ "$type" = 'receive-pack' ]; then
103 # We are INSIDE the chroot trying to push
105 if ! can_user_push
"$projbare"; then
106 echo "The user '$LOGNAME' does not have push permissions for project '$proj'" >&2
107 echo "You may adjust push permissions at $webadmurl/editproj.cgi?name=$proj" >&2