itBe fully C99 portable. - git-restrict - simple utility for git repo permission management Err parazyd.org 70 hgit clone https://git.parazyd.org/git-restrict URL:https://git.parazyd.org/git-restrict parazyd.org 70 1Log /git/git-restrict/log.gph parazyd.org 70 1Files /git/git-restrict/files.gph parazyd.org 70 1Refs /git/git-restrict/refs.gph parazyd.org 70 1README /git/git-restrict/file/README.md.gph parazyd.org 70 1LICENSE /git/git-restrict/file/LICENSE.gph parazyd.org 70 i--- Err parazyd.org 70 1commit 8afd2755b983911dbed4b06f1cd86eea4f14c42b /git/git-restrict/commit/8afd2755b983911dbed4b06f1cd86eea4f14c42b.gph parazyd.org 70 1parent d7a8d9d61816d229b7d1fe9214c01f8b8794204b /git/git-restrict/commit/d7a8d9d61816d229b7d1fe9214c01f8b8794204b.gph parazyd.org 70 hAuthor: parazyd URL:mailto:parazyd@dyne.org parazyd.org 70 iDate: Sun, 22 May 2022 14:12:04 +0200 Err parazyd.org 70 i Err parazyd.org 70 iBe fully C99 portable. Err parazyd.org 70 i Err parazyd.org 70 iDiffstat: Err parazyd.org 70 i M Makefile | 5 ++--- Err parazyd.org 70 i M README.md | 4 ++-- Err parazyd.org 70 i M git-restrict.c | 24 ++++++++++++++---------- Err parazyd.org 70 i Err parazyd.org 70 i3 files changed, 18 insertions(+), 15 deletions(-) Err parazyd.org 70 i--- Err parazyd.org 70 1diff --git a/Makefile b/Makefile /git/git-restrict/file/Makefile.gph parazyd.org 70 it@@ -5,8 +5,7 @@ PREFIX = /usr/local Err parazyd.org 70 i MANPREFIX = ${PREFIX}/share/man Err parazyd.org 70 i Err parazyd.org 70 i # Use system flags Err parazyd.org 70 i-GR_CFLAGS = $(CFLAGS) -Wall -Werror -pedantic -std=c99 Err parazyd.org 70 i-GR_CPPFLAGS = $(CPPFLAGS) -D_GNU_SOURCE Err parazyd.org 70 i+GR_CFLAGS = $(CFLAGS) -Wall -Wextra -Werror -pedantic -std=c99 Err parazyd.org 70 i GR_LDFLAGS = $(LDFLAGS) -static -s Err parazyd.org 70 i Err parazyd.org 70 i BIN = git-restrict Err parazyd.org 70 it@@ -16,7 +15,7 @@ OBJ = $(BIN:=.o) Err parazyd.org 70 i all: $(BIN) Err parazyd.org 70 i Err parazyd.org 70 i .c.o: Err parazyd.org 70 i- $(CC) -c $(GR_CFLAGS) $(GR_CPPFLAGS) $< Err parazyd.org 70 i+ $(CC) -c $(GR_CFLAGS) $< Err parazyd.org 70 i Err parazyd.org 70 i $(BIN): $(OBJ) Err parazyd.org 70 i $(CC) $(OBJ) $(GR_LDFLAGS) -o $@ Err parazyd.org 70 1diff --git a/README.md b/README.md /git/git-restrict/file/README.md.gph parazyd.org 70 it@@ -10,8 +10,8 @@ file. Err parazyd.org 70 i If used, it will only allow `git-upload-pack` and `git-receive-pack` as Err parazyd.org 70 i the commands allowed to be ran by a specific user/SSH key. Err parazyd.org 70 i Err parazyd.org 70 i-git-restrict is also compiled as a static binary so it's easy to use it Err parazyd.org 70 i-in chroot environments. This is obviously intentional. Err parazyd.org 70 i+git-restrict is C99 portable and compiled as a static binary so it's Err parazyd.org 70 i+easy to use it in chroot environments. This is obviously intentional. Err parazyd.org 70 i Err parazyd.org 70 i Err parazyd.org 70 i Basic usage Err parazyd.org 70 1diff --git a/git-restrict.c b/git-restrict.c /git/git-restrict/file/git-restrict.c.gph parazyd.org 70 it@@ -1,4 +1,4 @@ Err parazyd.org 70 i-/* Copyright (c) 2021 Ivan J. Err parazyd.org 70 i+/* Copyright (c) 2021-2022 Ivan J. Err parazyd.org 70 i * Err parazyd.org 70 i * This file is part of git-restrict Err parazyd.org 70 i * Err parazyd.org 70 it@@ -14,7 +14,6 @@ Err parazyd.org 70 i * You should have received a copy of the GNU Affero General Public License Err parazyd.org 70 i * along with this program. If not, see . Err parazyd.org 70 i */ Err parazyd.org 70 i-#include Err parazyd.org 70 i #include Err parazyd.org 70 i #include Err parazyd.org 70 i #include Err parazyd.org 70 it@@ -26,10 +25,18 @@ static void die(const char *msg) Err parazyd.org 70 i exit(1); Err parazyd.org 70 i } Err parazyd.org 70 i Err parazyd.org 70 i+static char *strdup(const char *s) Err parazyd.org 70 i+{ Err parazyd.org 70 i+ size_t l = strlen(s); Err parazyd.org 70 i+ char *d = malloc(l+1); Err parazyd.org 70 i+ if (!d) return NULL; Err parazyd.org 70 i+ return memcpy(d, s, l+1); Err parazyd.org 70 i+} Err parazyd.org 70 i+ Err parazyd.org 70 i int main(int argc, char *argv[]) Err parazyd.org 70 i { Err parazyd.org 70 i char *orig_cmd, *cmd, *repo, *buf; Err parazyd.org 70 i- char git_cmd[PATH_MAX]; Err parazyd.org 70 i+ char git_cmd[4096]; Err parazyd.org 70 i int i, authorized = 0; Err parazyd.org 70 i Err parazyd.org 70 i if (argc < 2) Err parazyd.org 70 it@@ -38,10 +45,9 @@ int main(int argc, char *argv[]) Err parazyd.org 70 i if ((orig_cmd = getenv("SSH_ORIGINAL_COMMAND")) == NULL) Err parazyd.org 70 i die("fatal: No $SSH_ORIGINAL_COMMAND in env."); Err parazyd.org 70 i Err parazyd.org 70 i- repo = strdup(orig_cmd); Err parazyd.org 70 i- Err parazyd.org 70 i- if ((cmd = strsep(&repo, " ")) == NULL) Err parazyd.org 70 i- die("fatal: Invalid command."); Err parazyd.org 70 i+ if ((repo = strdup(orig_cmd)) == NULL) die("fatal: Internal error."); Err parazyd.org 70 i+ if ((cmd = strtok(repo, " ")) == NULL) die("fatal: Invalid command."); Err parazyd.org 70 i+ repo = strtok(NULL, " "); Err parazyd.org 70 i Err parazyd.org 70 i if (strcmp("git-upload-pack", cmd) && strcmp("git-receive-pack", cmd)) Err parazyd.org 70 i die("fatal: Unauthorized command."); Err parazyd.org 70 it@@ -51,9 +57,7 @@ int main(int argc, char *argv[]) Err parazyd.org 70 i die("fatal: Invalid repository name."); Err parazyd.org 70 i Err parazyd.org 70 i /* Remove ' and / prefix and ' suffix */ Err parazyd.org 70 i- repo++; Err parazyd.org 70 i- if (repo[0] == '/') repo++; Err parazyd.org 70 i- repo[strlen(repo) - 1] = 0; Err parazyd.org 70 i+ repo++; if (repo[0] == '/') repo++; repo[strlen(repo) - 1] = 0; Err parazyd.org 70 i Err parazyd.org 70 i for (i = 1; i < argc; i++) { Err parazyd.org 70 i /* This is so both "foo" and "foo.git" are supported */ Err parazyd.org 70 .