blob: 3039d1076d0ad03f022c279a913bb3e11bc065dd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
#!/bin/bash
# This script acts as a wrapper for git commands when the git user connects via SSH. It ensures that only allowed git commands are executed and that they are executed in the correct context.
# Check if the SSH_ORIGINAL_COMMAND environment variable is set. This variable contains the command that the user attempted to execute when connecting via SSH.
if [ -z "$SSH_ORIGINAL_COMMAND" ]; then
echo "Interactive login not permitted" >&2
exit 1
fi
# Parse the SSH_ORIGINAL_COMMAND to extract the git command and the repository path. The expected format is something like "git-upload-pack 'repository.git'".
cmd=$(echo "$SSH_ORIGINAL_COMMAND" | cut -d' ' -f1)
path=$(echo "$SSH_ORIGINAL_COMMAND" | cut -d"'" -f2)
# Block path traversal attempts
if [[ "$path" == *..* ]]; then
echo "Invalid path" >&2
exit 1
fi
case "$cmd" in
# Allow only specific git commands and ensure that the repository path is correctly prefixed with /repositories if it's not an absolute path.
git-upload-pack|git-receive-pack|git-upload-archive)
# If the path is not an absolute path, prefix it with /repositories to ensure that all git operations are confined to the /repositories directory.
[[ "$path" != /* ]] && path="/repositories/$path"
exec "$cmd" "$path"
;;
# If the command is not one of the allowed git commands, reject it and print an error message.
*)
echo "Command not allowed: $cmd" >&2
exit 1
;;
esac
|
