#!/usr/bin/env fish # load environment source (status dirname)/env # global variables set gitCommand set repoDir set currentUser (whoami) function log --on-event log_event echo "$(date -Is): $argv[1..2] user=$currentUser $argv[3..] ip=$SSH_CONNECTION" >> $_LOG end function verifyGitCommand # check given git command # basic form is '' set -l matcher $argv if test (count $matcher) -ne 2 emit log_event DENY bad_format "argv=$argv" return 1 end end function verifyRepoJail set -l realPath (realpath $repoDir) if not string match -r -q -- "/srv/repos/.*" "$realPath" emit log_event DENY jail_escape "realPath=$realPath" return 2 end end function verifyPermissions set -l permission switch "$gitCommand" case "git-upload-pack" # allow clone/fetch/pull set permission [rw] case "git-upload-archive" # allow remote archive set permission [rw] case "git-receive-pack" # only allow for write users set permission [w] case '*' # this should not happend because we sanitize above the git command emit log_event DENY unkown_git_command "gitCommand=$gitCommand" return 3 end # check for permissions if not cat $_REPO_PERMISSIONS_FILE | grep -q -E "^$repoDir:$currentUser:$permission\$" emit log_event DENY no_permissions return 4 end end # redirect stdout/stderr to file, no information to potential attacker begin set -l matcher (string match -r -g $_GIT_VALIDATION_REGEX -- "$argv") verifyGitCommand $matcher; or exit $status # extract variables set gitCommand $matcher[1] set -l repo $matcher[2] # adjust repo path to /srv/repos set repoDir /(string join -n '/' srv repos (string split '/' $repo)) # check if realPath is in jail under /srv/repos verifyRepoJail; or exit $status # check for permissions needed verifyPermissions; or exit $status # info logging emit log_event ALLOW ok "argv=$argv" end &>>$_LOG # execute parsed git command /usr/bin/sudo -u git /usr/bin/git-shell -c "$gitCommand '$repoDir'"