func switchnsGit() {
var u *user.User
var err error
var repoId git.RepoIdentifier
uid := os.Getuid()
originalCommand := os.Getenv("SSH_ORIGINAL_COMMAND")
if u, err = user.LookupId(strconv.Itoa(uid)); err != nil {
fmt.Printf("Couldn't find user with uid %n\n", uid)
os.Exit(2)
}
if uid != 0 {
if !isValidGitCommand(originalCommand, !gitRw) {
fmt.Printf("Invalid git command: %s\n", originalCommand)
os.Exit(2)
}
if repoId, err = git.NewIdentifierFromUser(u); err != nil {
fmt.Printf("Couldn't create identifier for user %v\n", u)
os.Exit(2)
}
env := []string{fmt.Sprintf("HOME=%s", repoId.RepositoryPathFor())}
client, err := docker.GetConnection("unix:///var/run/docker.sock")
if err != nil {
fmt.Printf("Unable to connect to server\n")
os.Exit(3)
}
runCommandInContainer(client, "geard-githost", []string{"/usr/bin/git-shell", "-c", originalCommand}, env)
} else {
fmt.Println("Cannot switch into any git repo as root user")
os.Exit(2)
}
}
func switchnsGit(cmd *cobra.Command, args []string) {
var u *user.User
var err error
var repoId git.RepoIdentifier
uid := os.Getuid()
originalCommand := os.Getenv("SSH_ORIGINAL_COMMAND")
if u, err = user.LookupId(strconv.Itoa(uid)); err != nil {
os.Exit(2)
}
if uid != 0 {
if !isValidGitCommand(originalCommand, !git_rw) {
os.Exit(2)
}
if repoId, err = git.NewIdentifierFromUser(u); err != nil {
os.Exit(2)
}
env := []string{fmt.Sprintf("HOME=%s", repoId.RepositoryPathFor())}
runCommand("geard-githost", []string{"/usr/bin/git-shell", "-c", originalCommand}, env)
} else {
fmt.Println("Cannot switch into any git repo as root user")
os.Exit(2)
}
}
func createUser(repositoryId git.RepoIdentifier) error {
cmd := exec.Command("/usr/sbin/useradd", repositoryId.LoginFor(), "-m", "-d", repositoryId.HomePath(), "-c", "Repository user")
if out, err := cmd.CombinedOutput(); err != nil {
fmt.Println(out)
return err
}
selinux.RestoreCon(repositoryId.HomePath(), true)
return nil
}
func InitializeRepository(repositoryId git.RepoIdentifier, repositoryURL string) error {
var err error
if _, err = user.Lookup(repositoryId.LoginFor()); err != nil {
if _, ok := err.(user.UnknownUserError); !ok {
return err
}
if err = createUser(repositoryId); err != nil {
return err
}
}
if err := os.MkdirAll(repositoryId.HomePath(), 0700); err != nil {
return err
}
if err := os.MkdirAll(repositoryId.RepositoryPathFor(), 0700); err != nil {
return err
}
var u *user.User
if u, err = user.Lookup(repositoryId.LoginFor()); err != nil {
return err
}
uid, _ := strconv.Atoi(u.Uid)
gid, _ := strconv.Atoi(u.Gid)
if err = os.Chown(repositoryId.HomePath(), uid, gid); err != nil {
return err
}
if err = os.Chown(repositoryId.RepositoryPathFor(), uid, gid); err != nil {
return err
}
switchns := filepath.Join("/", "usr", "bin", "switchns")
cmd := exec.Command(switchns, "--container=geard-githost", "--", "/git/init-repo", repositoryId.RepositoryPathFor(), u.Uid, u.Gid, repositoryURL)
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
err = cmd.Run()
if err != nil {
return err
}
if err := selinux.RestoreCon(repositoryId.RepositoryPathFor(), true); err != nil {
return err
}
return nil
}
