compile: gitolite key as good as shell key for users in @shell group

done by inserting a "-s" into the authkey forced command. (They also lose the "no-pty" restriction, for good measure!)
rsrchboy · Dec 19, 2009 · 2cc1909 · 2cc1909
1 parent 75de6c0
commit 2cc1909
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/src/gl-compile-conf b/src/gl-compile-conf
@@ -74,7 +74,8 @@ $ENV{PATH} .= ":$GIT_PATH" if $GIT_PATH;
 
 # command and options for authorized_keys
 $AUTH_COMMAND="$bindir/gl-auth-command";
-$AUTH_OPTIONS="no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty";
+$AUTH_OPTIONS="no-port-forwarding,no-X11-forwarding,no-agent-forwarding";
+    # note, for most users there's also a "no-pty" added to this, see later
 
 # groups can now represent user groups or repo groups.
 
@@ -441,7 +442,11 @@ for my $pubkey (glob("*"))
     print STDERR "WARNING: pubkey $pubkey exists but user $user not in config\n"
         unless $user_list{$user};
     $user_list{$user} = 'has pubkey';
-    print $newkeys_fh "command=\"$AUTH_COMMAND $user\",$AUTH_OPTIONS ";
+    if ($groups{'@SHELL'}{$user}) {
+        print $newkeys_fh "command=\"$AUTH_COMMAND -s $user\",$AUTH_OPTIONS ";
+    } else {
+        print $newkeys_fh "command=\"$AUTH_COMMAND $user\",$AUTH_OPTIONS,no-pty ";
+    }
     # apparently some pubkeys don't end in a newline...
     my $pubkey_content = `cat $pubkey`;
     $pubkey_content =~ s/\s*$/\n/;

diff --git a/src/gl-easy-install b/src/gl-easy-install
@@ -361,13 +361,16 @@ run_install() {
 # MANUAL: setup the initial config file.  Edit $GL_ADMINDIR/conf/gitolite.conf
 # and add at least the following lines to it:
 
+#   @SHELL = sitaram
 #   repo gitolite-admin
 #       RW+                 = sitaram
 
 initial_conf_key() {
     echo "#gitolite conf
 # please see conf/example.conf for details on syntax and features
 
+@SHELL                  = $admin_name
+
 repo gitolite-admin
     RW+                 = $admin_name