From e861551f7330a17f89f2b0704c906dd3451f8fbd Mon Sep 17 00:00:00 2001
From: Rafael Laboissiere <rafael@laboissiere.net>
Date: Thu, 21 Jan 2016 18:23:51 -0200
Subject: Allow the inclusion of RSA keys with read-only access

This is accomplished by using option 'command="..."' that precede the
key sting in the authorized_keys file.  The add-authorized-keys script
accepts now the -r option for enabling the inclusion of the option
above.

The included option is actually 'command="read-only"', which points to
a new script named read-only that is installed in the
git-shell-commands directory of the Git user's login directory.  This
is done in the add-git-user script.

Also, this commit makes some improvement in the code.  The
add-authorized-keys script has now a usage function and accepts a -h
option.  The add-git-user script has been better documented
---
 add-authorized-keys | 48 ++++++++++++++++++++++++++++++++++++++++++------
 add-git-user        | 15 +++++++++++++++
 2 files changed, 57 insertions(+), 6 deletions(-)

diff --git a/add-authorized-keys b/add-authorized-keys
index a0add93..3eef03f 100755
--- a/add-authorized-keys
+++ b/add-authorized-keys
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 ### Add RSA keys to the authorized_keys file of a given user
 
@@ -20,15 +20,41 @@
 ### Get the program name
 prog=${0##*/}
 
+usage () {
+    local status=$1
+    echo "Usage: $prog [-h] [-r] user file" >&$(($status + 1))
+    echo "Options:" >&$(($status + 1))
+    echo "  -h  show this usage notice" >&$(($status + 1))
+    echo "  -r  force read-only access" >&$(($status + 1))
+    echo "Arguments:" >&$(($status + 1))
+    echo "  user  the Git user to act upon" >&$(($status + 1))
+    echo "  file  the RSA public key to be added" >&$(($status + 1))
+    exit $status
+}
+
+### Default value
+readonly=no
+
+### Parse arguments
+args=$(getopt rh $*)
+
+eval set -- "$args"
+
+while true ; do
+    case "$1" in
+        -h) usage 0 ; exit ;;
+        -r) readonly=yes ; shift ;;
+        --) shift ; break ;;
+    esac
+done
+
 ### Ensure that the correct number of arguments are given
 if [ $# != 2 ] ; then
-    echo "Usage: $prog user file" 1>&2
-    exit 1
+    usage 1
 fi
 
-### Get the input arguments and check their sanity
+### Get Git user name and check its sanity
 user=$1
-rsaid=$2
 
 ret=false
 id -u $user >/dev/null 2>&1 && ret=true
@@ -38,6 +64,9 @@ if [ $ret = false ] ; then
     exit 1
 fi
 
+### Get RSA file name and check its sanity
+rsaid=$2
+
 type="OpenSSH RSA public key"
 if [ "$(file --brief $rsaid)" != "$type" ] ; then
     echo "$prog:E: File $rsaid is not of type '$type'." 1>&2
@@ -45,5 +74,12 @@ if [ "$(file --brief $rsaid)" != "$type" ] ; then
 fi
 
 ### Install the key(s)
+tmp=$(tempfile)
+if [ "$readonly" = yes ] ; then
+    echo -n "command=\"read-only\" " > $tmp
+fi
+cat $rsaid >> $tmp
+
 home=$(getent passwd $user | cut -f6 -d:)
-cat $rsaid >> $home/.ssh/authorized_keys
+cat $tmp >> $home/.ssh/authorized_keys
+rm $tmp
diff --git a/add-git-user b/add-git-user
index 1f5eec1..84660cb 100755
--- a/add-git-user
+++ b/add-git-user
@@ -63,6 +63,21 @@ printf '%s\\n\\n' "provide interactive shell access."
 exit 128
 EOF
 chmod +x $nolog
+
+### Create the read-only script
+readonly=$gitshdir/read-only
+cat > $readonly <<EOF
+#!/bin/bash
+read -a tokens <<< "\$SSH_ORIGINAL_COMMAND"
+if [ "\${tokens[0]}" != git-receive-pack ] ; then
+    exec git-shell -c "\$SSH_ORIGINAL_COMMAND"
+else
+    exit 128
+fi
+EOF
+chmod +x $readonly
+
+### Adjust owner of git-shell-commands directory
 chown -R $user:$user $gitshdir
 
 ### Initialize the SSH directory
-- 
cgit v1.2.3