(password access) backward compat breakage for gl-shell-setup; read b…

…elow

gl-shell-setup has a "run as hosting user" piece that basically
automates the adding of the user's (new) key to the admin repo.

This is now gone.  (It's not that hard to automate yourself if you want
to do it anyway, using gl-admin-push).

I did this because I needed to allow someone in through a gateway, and
realised that that has the exact same needs.  So the whole scheme has
been changed to treat the proxy and the gitolite host as being two
different servers.

At that point it became cumbersome to do the second bit, and I left it
out.

Other changes:
  - you can define exceptions for the default shell in gl-shell
  - the doc has been simplified.

contrib/real-users/gl-shell

@@ -5,44 +5,66 @@ use warnings;
 
 # ------------------------------------------------------------------------------
 
-# site-local changes
-
-# the original login shell your users had (or) the shell to forward
-# non-gitolite commands to
-my $shell = "/bin/bash";
-# suggested values if you really don't want them actually logging in:
-#   /sbin/nologin       - obvious
-#   /usr/bin/passwd     - same, but allows them to change their passwords
-
-# the gitolite hosting user you want to forward git commands to.  Typically
-# this will be 'git' or perhaps 'gitolite', but actually could be anything
-my $hosting_user = "gitolite-test";
-
-# ADCs...
-# either list all the ADCs you wish to allow forwarding to (SPACE-separated):
-my $ADC_list = "";
-# -- OR --
-# if you upgraded to the new 'help' adc with the '-list' option, set this to 1:
-my $detect_ADCs = 0;
-# if you do neither, ADCs are not forwarded
+# BEGIN site-local changes
+
+    # the original login shell your users had (or) the shell to forward
+    # non-gitolite commands to
+    my $shell = "/usr/bin/passwd";
+
+    # exceptions...
+    my %shells = (
+        'some.one'      =>  '/bin/bash',
+    );
+
+    # the gitolite host you want to forward git commands to.  Typically this will
+    # be 'git' or perhaps 'gitolite', but actually could be anything.  Don't
+    # forget to change the host part if needed and mind the quotes!
+    my $gl_host = 'git@server2';
+
+    # ADCs...
+    # either list all the ADCs you wish to allow forwarding to (SPACE-separated):
+    my $ADC_list = "";
+    # -- OR --
+    # if you upgraded to the new 'help' adc with the '-list' option, set this to 1:
+    my $detect_ADCs = 0;
+    # if you do neither, ADCs are not forwarded
+
+# END site-local changes
 
 # ------------------------------------------------------------------------------
 
+# change the user's default shell if he is an 'exception'
+$shell= $shells{$ENV{USER}} if $shells{$ENV{USER}};
+
 # no arguments?  nothing to forward
-exec($shell) unless @ARGV;
+exec($shell) if (not @ARGV and not $ENV{SSH_ORIGINAL_COMMAND});
+
+# note: we attempt to work the same whether invoked via 'command=' of authkeys
+# (in which case SSH_ORIGINAL_COMMAND is set) or via us being the login shell
+# (chsh).  Only the latter has been *tested* though.
+
+# massage SSHOC into @ARGV shape for ease of parsing
+@ARGV = ("-c", $ENV{SSH_ORIGINAL_COMMAND}) if $ENV{SSH_ORIGINAL_COMMAND};
+# we ignore SSHOC from now on...
+
+# ------------------------------------------------------------------------------
 
 # forward normal git ops
 forward(@ARGV) if
     $ARGV[0] eq '-c' and
     $ARGV[1] =~ /^(git-receive-pack|git-upload-pack|git-upload-archive) '(\S+)'$/ and
     ( not -d "$2" );
 
+# ------------------------------------------------------------------------------
+
 # forward gitolite special commands
 forward(@ARGV) if $ARGV[0] eq '-c' and $ARGV[1] =~ /^(info|expand|((set|get)(perms|desc)))( |$)/;
 
+# ------------------------------------------------------------------------------
+
 # forward ADCs
 if ($ADC_list or $detect_ADCs) {
-    $ADC_list ||= `ssh $hosting_user\@localhost help -list`;
+    $ADC_list ||= `ssh $gl_host help -list`;
     $ADC_list =~ s/\s+/ /g;
 
     # find the command he's running
@@ -51,20 +73,23 @@ if ($ADC_list or $detect_ADCs) {
     forward(@ARGV) if $ARGV[0] eq '-c' and $cmd and $ADC_list =~ /(^| )$cmd( |$)/;
 }
 
+# ------------------------------------------------------------------------------
+
 # at this point it's back to local processing
 exec($shell, @ARGV);
 
+# ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 
-# forward to the hosting user
+# forward to the gitolite host
 sub forward {
     # this message is important in debugging and trouble shooting; see
     # documentation
-    print STDERR "[forwarding to $hosting_user\@localhost]\n";
+    print STDERR "[forwarding to $gl_host]\n";
 
     # but first we check for rsa key
     -f ".ssh/id_rsa" or die "ask your admin to add you to gitolite";
 
     shift if $_[0] eq '-c';
-    exec("ssh", "$hosting_user\@localhost", @_);
+    exec("ssh", "$gl_host", @_);
 }

contrib/real-users/gl-shell-setup

@@ -3,36 +3,26 @@
 # WARNING 1: probably contains bashisms galore.  If you don't have bash,
 # please install it.
 
-# NOTE 1: this script is initially run as root, then it calls itself with an
-# "su" so it can run as the hosting user.
-
-# NOTE 2: if you'd rather do this manually, just do the first part as root,
-# and the second part as the hosting user, with only the name of the user
-# (alice) and her pub key (~alice/.ssh/id_rsa.pub) needing to be passed from
-# root to the hosting user id.
+# NOTE 1: this script is run as root.
 
+# ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 
-# site-local changes
-
-# the gitolite hosting user you want to forward git commands to.  Typically
-# this will be 'git' or perhaps 'gitolite', but actually could be anything
-hosting_user="gitolite-test"
+# BEGIN site-local changes
 
-# absolute path of the gitolite-admin repo
-admin_repo="/home/gitolite-test/repositories/gitolite-admin.git"
+    # the full path to the new login shell to replace these users' existing shell
+    new_shell="/usr/local/bin/gl-shell"
 
-# the full path to the new login shell to replace these users' existing shell
-new_shell="/usr/local/bin/gl-shell"
+    my_chsh() {
+        # please replace with appropriate command for your OS/distro.  This one is
+        # suitable at least for Fedora, maybe others also
+        chsh -s $new_shell $1 >&2
+    }
 
-my_chsh() {
-    # please replace with appropriate command for your OS/distro.  This one is
-    # suitable at least for Fedora, maybe others also
-    chsh -s $new_shell $1
-}
+    # remove these 2 lines after you have done your customisation
+    [ -f /tmp/done.gl-shell-setup ] || { echo please customise $0 before using >&2; exit 1; }
 
-# remove these 2 lines after you have done your customisation
-[ -f /tmp/done.gl-shell-setup ] || { echo please customise $0 before using; exit 1; }
+# END site-local changes
 
 # ------------------------------------------------------------------------------
 
@@ -44,62 +34,44 @@ euid=$(perl -e 'print $>')
 if [ "$euid" = "0" ]
 then
 
-    # --------------------------------------------------------------------------
-    # stuff to be done as root
-    # --------------------------------------------------------------------------
-
     [ -n "$1" ] || die "need a valid username"
     user=$1
     id $user >/dev/null || die "need a valid username"
 
     # now fix up the user's login shell
     my_chsh $user
 
+    pubkey="$PWD/$user.pub"
+    [ -f "$pubkey" ] && {
+        echo "$user.pub already exists.  Shell changed, exiting..." >&2
+        exit 0
+    }
+
     # drat... 'cd ~$user` doesn't work...
     cd $(bash -c "echo ~$user") || die "can't cd to $user's home directory"
 
-    # now set up her rsa key, creating it if needed
+    # now set up her rsa key, creating it if needed.  This will get used if
+    # she comes in via password or without agent forwarding.
     [ -d .ssh ] || {
         mkdir .ssh
         chown $user .ssh
         chmod go-w  .ssh
     }
+
     [ -f .ssh/id_rsa.pub ] || {
-        ssh-keygen -q -N "" -f .ssh/id_rsa
+        ssh-keygen -q -N "" -f .ssh/id_rsa >&2
         chown $user .ssh/id_rsa .ssh/id_rsa.pub
         chmod go-rw .ssh/id_rsa
         chmod go-w  .ssh/id_rsa.pub
     }
 
-    # now run yourself as the hosting user, piping in the pubkey to STDIN, and
-    # passing the username whose key it is as argument 1.
-    cat .ssh/id_rsa.pub | su -l -c "$0 $user" $hosting_user
+    # create alice.pub
+    cat .ssh/id_rsa.pub > $pubkey
 
     exit 0
 
 else
 
-    # --------------------------------------------------------------------------
-    # stuff to be done as the hosting user
-    # --------------------------------------------------------------------------
-
-    user=$1
-
-    # make a temp dir and switch to it
-    export tmp=$(mktemp -d)
-    cd $tmp || die "could not cd to temp dir $tmp"
-    trap "rm -rf $tmp" 0
-
-    # clone the admin repo here
-    git clone $admin_repo .
-    # copy alice's pubkey, which was sent in via STDIN.  We don't want to
-    # overwrite any *other* keys she may have, hence the @localhost part.
-    # (See "one user, many keys" in doc/3 for more on this @ part).
-    cat > keydir/$user@localhost.pub
-    # add commit push...
-    git add keydir/$user@localhost.pub
-    git diff --cached --quiet 2>/dev/null || git commit -am "$0: added/updated local key for $user"
-    gl-admin-push
-        # see doc for what/why this is
+    die "needs to run as root"
 
 fi