diff options
| -rwxr-xr-x | add-authorized-keys | 48 | ||||
| -rwxr-xr-x | add-git-user | 15 |
2 files changed, 57 insertions, 6 deletions
diff --git a/add-authorized-keys b/add-authorized-keys index a0add93..3eef03f 100755 --- a/add-authorized-keys +++ b/add-authorized-keys @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash ### Add RSA keys to the authorized_keys file of a given user @@ -20,15 +20,41 @@ ### Get the program name prog=${0##*/} +usage () { + local status=$1 + echo "Usage: $prog [-h] [-r] user file" >&$(($status + 1)) + echo "Options:" >&$(($status + 1)) + echo " -h show this usage notice" >&$(($status + 1)) + echo " -r force read-only access" >&$(($status + 1)) + echo "Arguments:" >&$(($status + 1)) + echo " user the Git user to act upon" >&$(($status + 1)) + echo " file the RSA public key to be added" >&$(($status + 1)) + exit $status +} + +### Default value +readonly=no + +### Parse arguments +args=$(getopt rh $*) + +eval set -- "$args" + +while true ; do + case "$1" in + -h) usage 0 ; exit ;; + -r) readonly=yes ; shift ;; + --) shift ; break ;; + esac +done + ### Ensure that the correct number of arguments are given if [ $# != 2 ] ; then - echo "Usage: $prog user file" 1>&2 - exit 1 + usage 1 fi -### Get the input arguments and check their sanity +### Get Git user name and check its sanity user=$1 -rsaid=$2 ret=false id -u $user >/dev/null 2>&1 && ret=true @@ -38,6 +64,9 @@ if [ $ret = false ] ; then exit 1 fi +### Get RSA file name and check its sanity +rsaid=$2 + type="OpenSSH RSA public key" if [ "$(file --brief $rsaid)" != "$type" ] ; then echo "$prog:E: File $rsaid is not of type '$type'." 1>&2 @@ -45,5 +74,12 @@ if [ "$(file --brief $rsaid)" != "$type" ] ; then fi ### Install the key(s) +tmp=$(tempfile) +if [ "$readonly" = yes ] ; then + echo -n "command=\"read-only\" " > $tmp +fi +cat $rsaid >> $tmp + home=$(getent passwd $user | cut -f6 -d:) -cat $rsaid >> $home/.ssh/authorized_keys +cat $tmp >> $home/.ssh/authorized_keys +rm $tmp diff --git a/add-git-user b/add-git-user index 1f5eec1..84660cb 100755 --- a/add-git-user +++ b/add-git-user @@ -63,6 +63,21 @@ printf '%s\\n\\n' "provide interactive shell access." exit 128 EOF chmod +x $nolog + +### Create the read-only script +readonly=$gitshdir/read-only +cat > $readonly <<EOF +#!/bin/bash +read -a tokens <<< "\$SSH_ORIGINAL_COMMAND" +if [ "\${tokens[0]}" != git-receive-pack ] ; then + exec git-shell -c "\$SSH_ORIGINAL_COMMAND" +else + exit 128 +fi +EOF +chmod +x $readonly + +### Adjust owner of git-shell-commands directory chown -R $user:$user $gitshdir ### Initialize the SSH directory |