Browse files

Rough cut of some glue code.

  • Loading branch information...
0 parents commit dc26598bee81445954027619a94ba5106023b3b8 @epriestley committed Sep 19, 2011
11 .gitignore
@@ -0,0 +1,11 @@
+.DS_Store
+
+/tmp/sshd_config
+/tmp/sshd-vcs.pid
+/src/.phutil_module_cache
+
+/key/host_dsa_key
+/key/host_dsa_key.pub
+/key/host_rsa_key
+/key/host_rsa_key.pub
+
14 LICENSE
@@ -0,0 +1,14 @@
+Copyright 2011 Evan Priestley
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
4 README
@@ -0,0 +1,4 @@
+These are two scripts which you can use to glue sshd-vcs together with
+Phabricator and thus host repositories.
+
+This is a preliminary, nonfunctional, hacky mess right now.
1 bin/sshd-vcs-auth
1 bin/sshd-vcs-serve
15 conf/sshd_config
@@ -0,0 +1,15 @@
+Protocol 2
+Port 2222
+PermitRootLogin no
+AllowAgentForwarding no
+AllowTcpForwarding no
+PrintMotd no
+PrintLastLog no
+PasswordAuthentication no
+
+AuthorizedKeysFile none
+AuthorizedKeysFile2 none
+
+PidFile {ROOT}/tmp/sshd-vcs.pid
+AuthorizedKeysScript {ROOT}/bin/sshd-vcs-auth
+ForceUser dweller
0 key/.keep
No changes.
20 launch.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -x
+set -e
+
+ROOT=$PWD
+
+if [ -f $ROOT/tmp/sshd-vcs.pid ]
+then
+ echo "Killing running daemon.."
+ kill `cat $ROOT/tmp/sshd-vcs.pid`
+fi
+
+sed s@{ROOT}@$ROOT@g conf/sshd_config > $ROOT/tmp/sshd_config
+
+sshd-vcs -f $ROOT/tmp/sshd_config \
+ -h $ROOT/key/host_dsa_key \
+ -h $ROOT/key/host_rsa_key
+
+tail -f /var/log/secure.log
51 scripts/sshd-vcs-auth.php
@@ -0,0 +1,51 @@
+#!/usr/bin/env php
+<?php
+
+$_SERVER['PHABRICATOR_ENV'] = 'custom/vault.phabricator.com';
+
+require_once dirname(__FILE__).'/__init_script__.php';
+
+phutil_require_module('phabricator', 'storage/queryfx');
+
+$root = dirname(dirname(__FILE__));
+$cmd = $root.'/bin/sshd-vcs-serve';
+
+$cert = file_get_contents('php://stdin');
+
+$user = null;
+if ($cert) {
+ $user_dao = new PhabricatorUser();
+ $ssh_dao = new PhabricatorUserSSHKey();
+ $conn = $user_dao->establishConnection('r');
+
+ list($type, $body) = array_merge(
+ explode(' ', $cert),
+ array('', ''));
+
+ $user = queryfx_one(
+ $conn,
+ 'SELECT userName FROM %T u JOIN %T ssh ON u.phid = ssh.userPHID
+ WHERE ssh.keyBody = %s AND ssh.keyType = %s',
+ $user_dao->getTableName(),
+ $ssh_dao->getTableName(),
+ $body,
+ $type);
+ if ($user) {
+ $user = idx($user, 'userName');
+ }
+}
+
+if (!$user) {
+ exit(1);
+}
+
+$options = array(
+ 'command="'.$cmd.' '.$user.'"',
+ 'no-port-forwarding',
+ 'no-X11-forwarding',
+ 'no-agent-forwarding',
+ 'no-pty',
+);
+
+echo implode(',', $options);
+exit(0);
147 scripts/sshd-vcs-serve.php
@@ -0,0 +1,147 @@
+#!/usr/bin/env php
+<?php
+
+$user = $argv[1];
+$command = getenv('SSH_ORIGINAL_COMMAND');
+
+require_once '../libphutil/src/__phutil_library_init__.php';
+
+if (empty($command)) {
+ echo "Authenticated as {$user}. No interactive logins.\r\n";
+ exit(1);
+}
+
+$svn_regexp = '/^svnserve/';
+if (preg_match($svn_regexp, $command)) {
+ $err = exec_svn_tunnel($user);
+ exit($err);
+}
+
+$matches = null;
+$git_regexp = '/^git(?:-| )(receive|upload)-pack (.*)$/';
+if (preg_match($git_regexp, $command, $matches)) {
+
+ $path = $matches[2];
+ $path = trim($path, "'");
+ if (!preg_match('#^[/a-zA-Z0-9@._-]+$#', $path)) {
+ echo "Bad git path.\r\n";
+ exit(1);
+ }
+
+ $err = exec_git_tunnel($user, $matches[1], $path);
+ exit($err);
+}
+
+echo "'{$command}'? How about a dinosaur instead?\r\n\r\n";
+echo dino();
+exit(1);
+
+function dino() {
+ $dino = <<<EODINO
+ . .
+ / `. .' \
+ .---. < > < > .---.
+ | \ \ - ~ ~ - / / |
+ ~-..-~ ~-..-~
+ \~~~\.' `./~~~/
+ \__/ \__/
+ / .- . \
+ _._ _.- .-~ ~-. / } \/~~~/
+ _.-'q }~ / } { ; \__/
+ {'__, / ( / { / `. ,~~| . .
+ `''''='~~-.__( /_ | /- _ `..-' \\\\ //
+ / \ =/ ~~--~~{ ./| ~-. `-..__\\\\_//_.-'
+ { \ +\ \ =\ ( ~ - . _ _ _..---~
+ | | { } \ \_\
+ '---.o___,' .o___,'
+
+
+EODINO;
+ return str_replace("\n", "\r\n", $dino);
+}
+
+function exec_git_tunnel($user, $op, $path) {
+ $command = 'git-'.$op.'-pack';
+
+ $future = new ExecFuture('cat');
+
+ $stdin = fopen('php://stdin', 'r');
+ $stdout = fopen('php://stdout', 'w');
+ stream_set_blocking($stdin, false);
+ stream_set_blocking($stdout, false);
+
+ $in_bytes = 0;
+ $out_bytes = 0;
+ $duration = mt_rand();
+
+ $out_buf = '';
+
+ $future->write('', $keep_open = true);
+ $future->isReady();
+
+ do {
+
+
+ $read = array();
+ $write = array();
+
+ if ($future) {
+ $read = array_merge($read, $future->getReadSockets());
+ $write = array_merge($write, $future->getWriteSockets());
+ }
+
+ if ($stdin) {
+ $read[] = $stdin;
+ }
+
+ if (strlen($out_buf)) {
+ $write[] = $stdout;
+ }
+
+ $s = microtime(true);
+ Future::waitForSockets($read, $write);
+ $e = microtime(true);
+
+ if ($stdin) {
+ do {
+ $in = fread($stdin, 8192);
+ $eof = feof($stdin);
+ if ($future) {
+ $future->write($in, $keep_open = !$eof);
+ }
+ if ($eof) {
+ fclose($stdin);
+ $stdin = null;
+ }
+ $in_bytes += strlen($in);
+ } while (strlen($in));
+ }
+
+ if ($future) {
+ $done = $future->isReady();
+ list($cmd_stdout, $cmd_stderr) = $future->read();
+ $future->discardBuffers();
+ if (strlen($cmd_stdout)) {
+ $out_buf .= $cmd_stdout;
+ }
+ if ($done) {
+ $future = null;
+ }
+ }
+
+ if (strlen($out_buf)) {
+ $out = fwrite($stdout, $out_buf);
+ $out_bytes += $out;
+ if ($out) {
+ $out_buf = substr($out_buf, $out);
+ }
+ }
+
+ if (!$stdin && !$future && !$out_buf) {
+ fclose($stdout);
+ break;
+ }
+ } while (true);
+
+ file_put_contents('php://stderr', "{$in_bytes}/{$out_bytes}/{$duration}\n");
+}
3 src/__phutil_library_init__.php
@@ -0,0 +1,3 @@
+<?php
+
+phutil_register_library('sshdvcs', __FILE__);
21 src/__phutil_library_map__.php
@@ -0,0 +1,21 @@
+<?php
+
+/**
+ * This file is automatically generated. Use 'phutil_mapper.php' to rebuild it.
+ * @generated
+ */
+
+phutil_register_library_map(array(
+ 'class' =>
+ array(
+ ),
+ 'function' =>
+ array(
+ ),
+ 'requires_class' =>
+ array(
+ ),
+ 'requires_interface' =>
+ array(
+ ),
+));
0 tmp/.keep
No changes.

0 comments on commit dc26598

Please sign in to comment.