1 <?php # vim:ts=2:sw=2:et:
2 /* For licensing and copyright terms, see the file named LICENSE */
3 die("make a class of me");
4 if (function_exists('date_default_timezone_set')) {
5 date_default_timezone_set('UTC');
8 include dirname(__FILE__) . '/../inc/common.php';
10 # Our purpose is to generate an appropriately formatted authorized_keys2
11 # file. We should be run as the user that will own the authorized_keys2
14 $codeshell = escapeshellcmd(realpath(dirname(__FILE__) . '/codeshell'));
15 $config = escapeshellarg(realpath(MTrackConfig::getLocation()));
16 $mtrack = escapeshellarg(realpath(dirname(__FILE__) . '/..'));
18 $keyfile = MTrackConfig::get('repos', 'authorized_keys2');
20 echo "You need to set [repos] authorized_keys2\n";
23 $fp = fopen($keyfile . ".new", 'w');
25 $users_with_keys = array();
27 foreach (MTrackDB::q('select userid, sshkeys from userinfo where sshkeys is not null')->fetchAll(PDO::FETCH_OBJ) as $u) {
28 $user = escapeshellarg($u->userid);
29 $lines = preg_split("/\r?\n/", $u->sshkeys);
30 foreach ($lines as $key) {
31 $users_with_keys[$u->userid] = $u->userid;
33 if (!strlen($key)) continue;
34 fwrite($fp, "command=\"$codeshell $config $user $mtrack\",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty $key\n");
39 chmod("$keyfile.new", 0755);
40 rename("$keyfile.new", $keyfile);
42 # Unfortunately, subversion doesn't allow us to hook authorization requests
43 # over svnserve, so we need to pre-compute access to each svn repo for each
44 # user that can access it. With very large numbers of svn repos or large
45 # numbers of users, this will be "expensive".
47 $authzname = MTrackConfig::get('core', 'vardir') . '/svn.authz';
49 foreach (MTrackDB::q("select repoid from repos where scmtype = 'svn'")
50 ->fetchAll(PDO::FETCH_COLUMN, 0) as $repoid) {
51 $R = MTrackRepo::loadById($repoid);
53 $fp = fopen("$authzname.new", 'w');
55 fwrite($fp, "[/]\n* =\n");
57 fwrite($fp, "[" . $R->getBrowseRootName() . ":/]\n");
58 foreach ($users_with_keys as $user) {
59 MTrackAuth::su($user);
61 if (MTrackACL::hasAllRights("repo:$repoid", 'commit')) {
63 } elseif (MTrackACL::hasAllRights("repo:$repoid", 'checkout')) {
68 fwrite($fp, "$user = $level\n");
73 rename("$authzname.new", $authzname);