I'm trying to write an open-source, PHP version, GitLab like code repo management project.
first of all
I add a new line in ~/.ssh/authorized_keys
command="/usr/bin/php /tmp/a.php howard",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDf5gt5+CHrQirFT24snhkoCGsWjiU6qeIv0rPUXTte78udT4+9BAXX3XHhCd4ccpVSf7i56MFssDnD2d6xWONVwughoymrB/8ZwEIydDikExWbO5KkXuVEhM2gJGlZnh/A8YQUBMa5UgUS0vhJhEaDDxJ392u8Xi+cNKXHhNabytnP8STAPPQDzpq/OwkBJ1ZyBzxyQyL/U1ZoqoZiCPewHmoLXWYBhBCfg9vPpoz7MZ4mjV9ON9IZ1z803PsKyHzPD8NUx84rzW2vNCrlEzT5X3gvw8DijESXF8srQsDfjwEh6dnP1LbG6gdx/7QcolDEEAkZD3pRXdos4MhNQWRv
the php code file /tmp/a.php as below:
<?php
if(empty($_SERVER['SSH_CLIENT'])){
echo "SSH connection only!
";
exit(1);
}
if(empty($_SERVER['SSH_ORIGINAL_COMMAND'])){
echo "Hello, {$argv[1]}, welcome to PHPGitLab
";
exit(0);
}
file_put_contents('/tmp/cmd.log', $_SERVER['SSH_ORIGINAL_COMMAND']);
$user = $argv[1];
$soc = $_SERVER['SSH_ORIGINAL_COMMAND'];
$pattern = "/^(git-upload-pack|git-receive-pack|git-upload-archive) '?\/?(.*?)(?:\.git(\d)?)?'?$/";
preg_match($pattern, $soc, $match);
if(empty($match[1])){
lg("cannot parse original command: {$soc}");
exit(1);
}
$verb = $match[1];
if(empty($match[2])){
lg("cannot parse repo name: {$soc}");
exit(1);
}
$repo = $match[2];
if(!empty($match[3])){
define('D', $match[3]);
}
//$aa = stripos($repo, 'upload') ? 'R' : 'W';
//$cmd = "git-shell -c \"{$verb} '/root/{$repo}.git'\"";
$cmd = "git-shell -c \"{$_SERVER['SSH_ORIGINAL_COMMAND']}\"";
lg($cmd);
system($cmd);
function lg($message){
file_put_contents('/tmp/gitlab.log', $message . "
", FILE_APPEND);
}
Above code is partly translated from gitolite and ignore the PRE_GIT and POST_GIT HOOKS.
When I try to clone repo from this server, I've got nothing and the cli waiting for input until I enter ctrl+C.
In the server, I see the $cmd in log file is
git-shell -c "git-upload-pack 'test.git'"
I try to run this command in linux-shell and get result below:
00ad85271fb369b7bf9c727aa6541d0c3c4efe5cfb38 HEADmulti_ack thin-pack side-band side-band-64k ofs-delta shallow no-progress include-tag multi_ack_detailed agent=git/1.8.3.1
003f85271fb369b7bf9c727aa6541d0c3c4efe5cfb38 refs/heads/master
0000
Also, the linux-shell wait for my input. If I type some chars in command line, I got
fatal: protocol error: bad line length character: xxxx
If I type command
git-shell -c git-upload-pack 'test.git'
(which I think it's a wrong command) in linux-shell, it returns
fatal: Run with no arguments or with -c cmd
instead.
I search in google and find some clue. Someone says that I've open a GIT SSH protocol and these three lines above are the protocol head. But I don't think my php script should reach to protocol level. Also, I didn't find any information or code about protocol in gitolite.
Does somebody knows how to fix this problem? I'll be very appreciated.
By the way, If I delete the command part in authorize_keys file, the clone action can run functionally.