diff options
author | Lukas Fleischer <lfleischer@archlinux.org> | 2017-01-25 08:47:16 +0100 |
---|---|---|
committer | Lukas Fleischer <lfleischer@archlinux.org> | 2017-01-25 18:42:34 +0100 |
commit | 0e34dd6542afecc0890f77fbcb497fb5d8690d5b (patch) | |
tree | 4176567b17dda509e6c8794848b3d662e56877a4 | |
parent | 70db022aa8287c57a2ee03328ae893ba8b83b192 (diff) | |
download | aur-0e34dd6542afecc0890f77fbcb497fb5d8690d5b.tar.gz aur-0e34dd6542afecc0890f77fbcb497fb5d8690d5b.tar.xz |
git-serve: Implement IP address bans
Currently, IP address bans affect the web interface only. Make sure they
are honored in the SSH interface as well.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-rw-r--r-- | aurweb/exceptions.py | 4 | ||||
-rwxr-xr-x | aurweb/git/serve.py | 12 |
2 files changed, 16 insertions, 0 deletions
diff --git a/aurweb/exceptions.py b/aurweb/exceptions.py index 639f9e09..664db68c 100644 --- a/aurweb/exceptions.py +++ b/aurweb/exceptions.py @@ -6,6 +6,10 @@ class MaintenanceException(AurwebException): pass +class BannedException(AurwebException): + pass + + class PermissionDeniedException(AurwebException): def __init__(self, user): msg = 'permission denied: {:s}'.format(user) diff --git a/aurweb/git/serve.py b/aurweb/git/serve.py index cfd4910d..44cce75d 100755 --- a/aurweb/git/serve.py +++ b/aurweb/git/serve.py @@ -422,6 +422,14 @@ def log_ssh_login(user, remote_addr): conn.close() +def bans_match(remote_addr): + conn = aurweb.db.Connection() + + cur = conn.execute("SELECT COUNT(*) FROM Bans WHERE IPAddress = ?", + [remote_addr]) + return cur.fetchone()[0] > 0 + + def die(msg): sys.stderr.write("{:s}\n".format(msg)) exit(1) @@ -463,6 +471,8 @@ def serve(action, cmdargv, user, privileged, remote_addr): if enable_maintenance: if remote_addr not in maintenance_exc: raise aurweb.exceptions.MaintenanceException + if bans_match(remote_addr): + raise aurweb.exceptions.BannedException log_ssh_login(user, remote_addr) if action == 'git' and cmdargv[1] in ('upload-pack', 'receive-pack'): @@ -586,6 +596,8 @@ def main(): serve(action, cmdargv, user, privileged, remote_addr) except aurweb.exceptions.MaintenanceException: die("The AUR is down due to maintenance. We will be back soon.") + except aurweb.exceptions.BannedException: + die("The SSH interface is disabled for your IP address.") except aurweb.exceptions.InvalidArgumentsException as e: die_with_help('{:s}: {}'.format(action, e)) except aurweb.exceptions.AurwebException as e: |