blob: 2dd6643e6e922d245c5843a71cc9ebb048355283 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
#!/usr/bin/perl
use strict;
use warnings;
use lib $ENV{GL_LIBDIR};
use Gitolite::Rc;
use Gitolite::Common;
$|++;
my $akfile = "$ENV{HOME}/.ssh/authorized_keys";
# ----------------------------------------------------------------------
my $aktext = slurp($akfile);
for my $su ( shell_users() ) {
$aktext =~ s(/gitolite-shell $su([" ].*?),no-pty )(/gitolite-shell -s $su$1 )g;
}
_print( $akfile, $aktext );
# two methods to specify list of shell-capable users. (1) list of usernames
# as arguments to 'Shell' in rc file, (2) list of usernames in a plain text
# file whose name is the first argument to 'Shell' in the rc file. Or both!
sub shell_users {
my ($sufile, @ret);
# backward compat for 3.6 and below. This code will be removed in 3.7.
# Also, the variable is ignored if you end up using the new variant (i.e.,
# put a file name on the 'Shell' line itself).
$sufile = $rc{SHELL_USERS_LIST} if $rc{SHELL_USERS_LIST} and -r $rc{SHELL_USERS_LIST};
$sufile = shift @ARGV if @ARGV and -r $ARGV[0];
if ($sufile) {
@ret = grep { not /^#/ } slurp($sufile);
chomp(@ret);
}
for my $u (@ARGV) {
# arguments placed in the rc file appear before the trigger name
last if $u eq 'POST_COMPILE';
push @ret, $u;
# no sanity checking, since the rc file can only be created by someone
# who already has shell access
}
_die "'Shell': enabled but no usernames supplied" unless @ret;
return @ret;
}
|
