blob: 12c6d21df1d920f9b43ee537a8e4be45ff64b88b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
#!/bin/bash
# This script acts as a wrapper for git commands when the git user connects via SSH. It ensures that only allowed git commands are executed and that they are executed in the correct context.
# Check if the SSH_ORIGINAL_COMMAND environment variable is set. This variable contains the command that the user attempted to execute when connecting via SSH.
if [ -z "$SSH_ORIGINAL_COMMAND" ]; then
echo "Interactive login not permitted" >&2
exit 1
fi
# Normalize the SSH_ORIGINAL_COMMAND as modern Git clients can send either form depending on version and protocol negotiation
SSH_ORIGINAL_COMMAND=$(echo "$SSH_ORIGINAL_COMMAND" | sed \
's/^git upload-pack/git-upload-pack/;
s/^git receive-pack/git-receive-pack/;
s/^git upload-archive/git-upload-archive/')
# Parse the SSH_ORIGINAL_COMMAND to extract the git command and the repository path. The expected format is something like "git-upload-pack 'repository.git'".
cmd=$(echo "$SSH_ORIGINAL_COMMAND" | cut -d' ' -f1)
path=$(echo "$SSH_ORIGINAL_COMMAND" | cut -d"'" -f2)
# Block path traversal attempts
if [[ "$path" == *..* ]]; then
echo "Invalid path" >&2
exit 1
fi
case "$cmd" in
# Allow only specific git commands and ensure that the repository path is correctly prefixed with /repositories if it's not an absolute path.
git-upload-pack|git-receive-pack|git-upload-archive)
# If the path is not an absolute path, prefix it with /repositories to ensure that all git operations are confined to the /repositories directory.
[[ "$path" != /* ]] && path="/repositories/$path"
# Check if the repository exists at the specified path
if [ ! -d "$path" ]; then
echo "Repository not found: $path" >&2
exit 1
fi
exec "$cmd" "$path"
;;
# If the command is not one of the allowed git commands, reject it and print an error message.
*)
echo "Command not allowed: $cmd" >&2
exit 1
;;
esac
|
