Marrow - Git Server Authentication and Shell System

Marrow is a pair of C programs that provide simple authentication and
access control for Git repositories served over SSH. It allows anonymous
read-only access to repositories while restricting write access to
authenticated users within their own directories.

Marrow reads from it's configuration directory, which should contain the 
following files:

    marrow/
        $USER   # keys for a given user

Components:
- marrow-auth: AuthorizedKeysCommand that outputs SSH keys with forced
  marrow-shell commands
- marrow-shell: Restricted shell that enforces Git access permissions
  based on GIT_USER or -a flag for anonymous

How it works:
SSH authenticates users via marrow-auth which reads /etc/marrow/authorized_keys
and outputs keys with forced commands. Anonymous keys use marrow-shell -a,
authenticated users get marrow-shell with GIT_USER set. Users can read from
any repo under /srv/git/ but can only write to /srv/git/$GIT_USER/.

Example setup:
1. Configure sshd_config with AuthorizedKeysCommand /usr/local/bin/marrow-auth
2. Create /etc/marrow/authorized_keys with format:
   username:ssh-rsa AAAAB3... comment
   anonymous:ssh-rsa AAAAB3... public-key
3. Users SSH in and git commands are filtered through marrow-shell

Example usage:
  Anonymous clone: git clone git@server:project.git
  Authenticated push: git push git@server:myuser/project.git

Building:
  make          - Build both programs
  make test     - Run tests
  make install  - Install to /usr/local/bin
  make clean    - Remove build artifacts

Requirements: C compiler, crypt(3)
Note: Built and tested on FreeBSD systems

License: MIT

TODO:
- Build out initial prototype
- Additional tooling
    - User management
    - Public vs Private repos