#!/bin/sh

# this is a wrapper like git-shell, but you can restrict the repos for a user
# see http://eagain.net/blog/2007/03/22/howto-host-git.html for more info

access='/usr/local/git/access'
repodir='/usr/local/git/repos'

user=$1

if [ "x" = "x${user}" ]; then
    echo "No user supplied in authorized_keys" 1>&2
    exit 1
fi

if [ "x${SSH_ORIGINAL_COMMAND}" = "x" ]; then
    echo "SSH_ORIGINAL_COMMAND must be given" 1>&2
    exit 1
fi

if [ ! -f ${access} ]; then
    echo "Access control file ${access} does not exist!" 1>&2
    exit 1
fi

command=`echo ${SSH_ORIGINAL_COMMAND} | cut -d' ' -f1`
repo=$(eval echo $(echo ${SSH_ORIGINAL_COMMAND} | cut -d' ' -f2))

if [ "x${command}" != "xgit-receive-pack" ] && [ "x${command}" != "xgit-upload-pack" ]; then
    echo "Unknown command" 1>&2
    exit 1
fi

if ! grep "$user:$repo" ${access} > /dev/null; then
    echo "No access granted for user ${user} to repository ${repo}" 1>&2
    exit 1
fi

if [ ! -d ${repodir}/${repo} ]; then
    echo "No such repository hosted" 1>&2
    exit 1
fi

${command} ${repodir}/${repo}