Rough cut of some glue code.

.gitignore

@@ -0,0 +1,11 @@
+.DS_Store
+
+/tmp/sshd_config
+/tmp/sshd-vcs.pid
+/src/.phutil_module_cache
+
+/key/host_dsa_key
+/key/host_dsa_key.pub
+/key/host_rsa_key
+/key/host_rsa_key.pub
+

LICENSE

@@ -0,0 +1,14 @@
+Copyright 2011 Evan Priestley
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+

README

@@ -0,0 +1,4 @@
+These are two scripts which you can use to glue sshd-vcs together with
+Phabricator and thus host repositories.
+
+This is a preliminary, nonfunctional, hacky mess right now.

bin/sshd-vcs-auth

@@ -0,0 +1 @@
+../scripts/sshd-vcs-auth.php

bin/sshd-vcs-serve

@@ -0,0 +1 @@
+../scripts/sshd-vcs-serve.php

conf/sshd_config

@@ -0,0 +1,15 @@
+Protocol 2
+Port 2222
+PermitRootLogin no
+AllowAgentForwarding no
+AllowTcpForwarding no
+PrintMotd no
+PrintLastLog no
+PasswordAuthentication no
+
+AuthorizedKeysFile	    none
+AuthorizedKeysFile2	    none
+
+PidFile                 {ROOT}/tmp/sshd-vcs.pid
+AuthorizedKeysScript    {ROOT}/bin/sshd-vcs-auth
+ForceUser               dweller

launch.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -x
+set -e
+
+ROOT=$PWD
+
+if [ -f $ROOT/tmp/sshd-vcs.pid ]
+then
+  echo "Killing running daemon.."
+  kill `cat $ROOT/tmp/sshd-vcs.pid`
+fi
+
+sed s@{ROOT}@$ROOT@g conf/sshd_config > $ROOT/tmp/sshd_config
+
+sshd-vcs -f $ROOT/tmp/sshd_config \
+  -h $ROOT/key/host_dsa_key \
+  -h $ROOT/key/host_rsa_key
+
+tail -f /var/log/secure.log

scripts/sshd-vcs-auth.php

@@ -0,0 +1,51 @@
+#!/usr/bin/env php
+<?php
+
+$_SERVER['PHABRICATOR_ENV'] = 'custom/vault.phabricator.com';
+
+require_once dirname(__FILE__).'/__init_script__.php';
+
+phutil_require_module('phabricator', 'storage/queryfx');
+
+$root = dirname(dirname(__FILE__));
+$cmd = $root.'/bin/sshd-vcs-serve';
+
+$cert = file_get_contents('php://stdin');
+
+$user = null;
+if ($cert) {
+  $user_dao = new PhabricatorUser();
+  $ssh_dao = new PhabricatorUserSSHKey();
+  $conn = $user_dao->establishConnection('r');
+
+  list($type, $body) = array_merge(
+    explode(' ', $cert),
+    array('', ''));
+
+  $user = queryfx_one(
+    $conn,
+    'SELECT userName FROM %T u JOIN %T ssh ON u.phid = ssh.userPHID
+      WHERE ssh.keyBody = %s AND ssh.keyType = %s',
+    $user_dao->getTableName(),
+    $ssh_dao->getTableName(),
+    $body,
+    $type);
+  if ($user) {
+    $user = idx($user, 'userName');
+  }
+}
+
+if (!$user) {
+  exit(1);
+}
+
+$options = array(
+  'command="'.$cmd.' '.$user.'"',
+  'no-port-forwarding',
+  'no-X11-forwarding',
+  'no-agent-forwarding',
+  'no-pty',
+);
+
+echo implode(',', $options);
+exit(0);

scripts/sshd-vcs-serve.php

@@ -0,0 +1,147 @@
+#!/usr/bin/env php
+<?php
+
+$user     = $argv[1];
+$command  = getenv('SSH_ORIGINAL_COMMAND');
+
+require_once '../libphutil/src/__phutil_library_init__.php';
+
+if (empty($command)) {
+  echo "Authenticated as {$user}. No interactive logins.\r\n";
+  exit(1);
+}
+
+$svn_regexp = '/^svnserve/';
+if (preg_match($svn_regexp, $command)) {
+  $err = exec_svn_tunnel($user);
+  exit($err);
+}
+
+$matches = null;
+$git_regexp = '/^git(?:-| )(receive|upload)-pack (.*)$/';
+if (preg_match($git_regexp, $command, $matches)) {
+
+  $path = $matches[2];
+  $path = trim($path, "'");
+  if (!preg_match('#^[/a-zA-Z0-9@._-]+$#', $path)) {
+    echo "Bad git path.\r\n";
+    exit(1);
+  }
+
+  $err = exec_git_tunnel($user, $matches[1], $path);
+  exit($err);
+}
+
+echo "'{$command}'? How about a dinosaur instead?\r\n\r\n";
+echo dino();
+exit(1);
+
+function dino() {
+  $dino = <<<EODINO
+                            .       .
+                           / `.   .' \
+                   .---.  <    > <    >  .---.
+                   |    \  \ - ~ ~ - /  /    |
+                    ~-..-~             ~-..-~
+                \~~~\.'                    `./~~~/
+                 \__/                        \__/
+                  /                  .-    .  \
+           _._ _.-    .-~ ~-.       /       }   \/~~~/
+       _.-'q  }~     /       }     {        ;    \__/
+      {'__,  /      (       /      {       /      `. ,~~|   .     .
+       `''''='~~-.__(      /_      |      /- _      `..-'   \\\\   //
+                   / \   =/  ~~--~~{    ./|    ~-.     `-..__\\\\_//_.-'
+                  {   \  +\         \  =\ (        ~ - . _ _ _..---~
+                  |  | {   }         \   \_\
+                 '---.o___,'       .o___,'
+
+
+EODINO;
+  return str_replace("\n", "\r\n", $dino);
+}
+
+function exec_git_tunnel($user, $op, $path) {
+  $command = 'git-'.$op.'-pack';
+
+  $future = new ExecFuture('cat');
+
+  $stdin = fopen('php://stdin', 'r');
+  $stdout = fopen('php://stdout', 'w');
+  stream_set_blocking($stdin, false);
+  stream_set_blocking($stdout, false);
+
+  $in_bytes = 0;
+  $out_bytes = 0;
+  $duration = mt_rand();
+
+  $out_buf = '';
+
+  $future->write('', $keep_open = true);
+  $future->isReady();
+
+  do {
+
+
+    $read = array();
+    $write = array();
+
+    if ($future) {
+      $read = array_merge($read, $future->getReadSockets());
+      $write = array_merge($write, $future->getWriteSockets());
+    }
+
+    if ($stdin) {
+      $read[] = $stdin;
+    }
+
+    if (strlen($out_buf)) {
+      $write[] = $stdout;
+    }
+
+    $s = microtime(true);
+    Future::waitForSockets($read, $write);
+    $e = microtime(true);
+
+    if ($stdin) {
+      do {
+        $in = fread($stdin, 8192);
+        $eof = feof($stdin);
+        if ($future) {
+          $future->write($in, $keep_open = !$eof);
+        }
+        if ($eof) {
+          fclose($stdin);
+          $stdin = null;
+        }
+        $in_bytes += strlen($in);
+      } while (strlen($in));
+    }
+
+    if ($future) {
+      $done = $future->isReady();
+      list($cmd_stdout, $cmd_stderr) = $future->read();
+      $future->discardBuffers();
+      if (strlen($cmd_stdout)) {
+        $out_buf .= $cmd_stdout;
+      }
+      if ($done) {
+        $future = null;
+      }
+    }
+
+    if (strlen($out_buf)) {
+      $out = fwrite($stdout, $out_buf);
+      $out_bytes += $out;
+      if ($out) {
+        $out_buf = substr($out_buf, $out);
+      }
+    }
+
+    if (!$stdin && !$future && !$out_buf) {
+      fclose($stdout);
+      break;
+    }
+  } while (true);
+
+  file_put_contents('php://stderr', "{$in_bytes}/{$out_bytes}/{$duration}\n");
+}

src/__phutil_library_init__.php

@@ -0,0 +1,3 @@
+<?php
+
+phutil_register_library('sshdvcs', __FILE__);

src/__phutil_library_map__.php

@@ -0,0 +1,21 @@
+<?php
+
+/**
+ * This file is automatically generated. Use 'phutil_mapper.php' to rebuild it.
+ * @generated
+ */
+
+phutil_register_library_map(array(
+  'class' =>
+  array(
+  ),
+  'function' =>
+  array(
+  ),
+  'requires_class' =>
+  array(
+  ),
+  'requires_interface' =>
+  array(
+  ),
+));