1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
|
-- @@SHEBANG
-- -*- Lua -*-
-- gitano-auth
--
-- Git (with) Augmented network operations -- User authentication wrapper
--
-- Copyright 2012 Daniel Silverstone <dsilvers@digital-scurf.org>
--
--
-- @@GITANO_LUA_PATH
local gitano = require "gitano"
local gall = require "gall"
local luxio = require "luxio"
local sio = require "luxio.simple"
local sp = require "luxio.subprocess"
-- @@GITANO_BIN_PATH
-- @@GITANO_SHARE_PATH
-- @@GITANO_PLUGIN_PATH
local repo_root, username, keytag = ...
gitano.config.repo_path(repo_root)
local cmdline = luxio.getenv "SSH_ORIGINAL_COMMAND" or ""
local transactionid = gitano.log.syslog.open()
if cmdline:match("^[ \t\n]*$") then
gitano.log.fatal("No command provided, cannot continue")
end
local parsed_cmdline, warnings = gitano.util.parse_cmdline(cmdline)
local start_log_level = gitano.log.get_level()
-- Clamp level at info until we have checked if the caller
-- is an admin or not
gitano.log.cap_level(gitano.log.level.INFO)
if (#warnings > 0) then
gitano.log.error("Warnings encountered parsing commandline.");
gitano.log.warn("\t" .. cmdline)
gitano.log.warn("")
gitano.log.warn("Parsed as:")
for i = 1, #parsed_cmdline do
gitano.log.warn((" =[%2d]> %s"):format(i, parsed_cmdline[i]))
end
gitano.log.warn("\nWarnings were:")
for i = 1, #warnings do
gitano.log.warn(" * " .. warnings[i])
end
gitano.log.warn("")
gitano.log.fatal("Game over, sorry\n")
end
-- Now load the administration data
local admin_repo = gall.repository.new((repo_root or "") .. "/gitano-admin.git")
if not admin_repo then
gitano.log.fatal("Unable to locate administration repository. Cannot continue");
end
local admin_head = admin_repo:get(admin_repo.HEAD)
if not admin_head then
gitano.log.fatal("Unable to find the HEAD of the administration repository. Cannot continue");
end
local config, msg = gitano.config.parse(admin_head)
if not config then
gitano.log.critical("Unable to parse administration repository.")
gitano.log.critical(" * " .. (msg or "No error?"))
gitano.log.fatal("Cannot continue")
end
-- Now, are we an admin?
if config.groups["gitano-admin"].filtered_members[username] then
-- Yep, so blithely reset logging level
gitano.log.set_level(start_log_level)
end
if not config.global.silent then
-- Not silent, bump to chatty level automatically
gitano.log.bump_level(gitano.log.level.CHAT)
end
local repo
-- Find the command
ip = string.match(luxio.getenv "SSH_CLIENT", "^[^ ]+") or ""
gitano.log.syslog.info("Client connected from", ip, "as", username,
"(" .. keytag .. ")", "Executing command:",
cmdline)
local cmd = gitano.command.get(parsed_cmdline[1])
if not cmd then
gitano.log.fatal("Unknown command: " .. parsed_cmdline[1])
end
if cmd.takes_repo then
repo, parsed_cmdline = cmd.detect_repo(config, parsed_cmdline)
if not repo and not parsed_cmdline then
gitano.log.fatal("Failed to acquire repository object")
end
end
-- Validate the commandline, massaging it as necessary.
if not cmd.validate(config, repo, parsed_cmdline) then
gitano.log.fatal("Validation of command line failed")
end
-- Construct our context ready for prep
local context = {
source = "ssh",
user = username,
keytag = keytag,
}
local action, reason = cmd.prep(config, repo, parsed_cmdline, context)
if not action then
gitano.log.crit(reason)
gitano.log.fatal("Ruleset did not complete cleanly")
end
if action == "allow" then
gitano.log.info(reason or "Ruleset permitted action")
else
gitano.log.critical(reason)
gitano.log.fatal("Ruleset denied action. Sorry.")
end
gitano.log.debug("Welcome to " .. config.global.site_name)
gitano.log.debug("Running:")
for i = 1, #parsed_cmdline do
gitano.log.debug(" => " .. parsed_cmdline[i])
end
gitano.log.debug("")
gitano.log.debug("On behalf of " .. username .. " using key " .. keytag)
-- Set up some useful environment variables
local env = {
["GITANO_ROOT"] = repo_root,
["GITANO_USER"] = username,
["GITANO_KEYTAG"] = keytag,
["GITANO_PROJECT"] = (repo or {}).name,
["GITANO_SOURCE"] = "ssh",
["GITANO_TRANSACTION_ID"] = transactionid,
}
local how, why = cmd.run(config, repo, parsed_cmdline, env)
if how ~= "exit" or why ~= 0 then
gitano.log.critical("Error running sub-process:",
("%s (%d)"):format(how, why))
gitano.log.fatal("Unable to continue")
else
gitano.log.syslog.info(cmdline, "completed successfully")
end
gitano.log.syslog.close()
return 0
|