summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Fleischer <lfleischer@archlinux.org>2017-01-25 08:47:16 +0100
committerLukas Fleischer <lfleischer@archlinux.org>2017-01-25 18:42:34 +0100
commit0e34dd6542afecc0890f77fbcb497fb5d8690d5b (patch)
tree4176567b17dda509e6c8794848b3d662e56877a4
parent70db022aa8287c57a2ee03328ae893ba8b83b192 (diff)
downloadaur-0e34dd6542afecc0890f77fbcb497fb5d8690d5b.tar.gz
aur-0e34dd6542afecc0890f77fbcb497fb5d8690d5b.tar.xz
git-serve: Implement IP address bans
Currently, IP address bans affect the web interface only. Make sure they are honored in the SSH interface as well. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-rw-r--r--aurweb/exceptions.py4
-rwxr-xr-xaurweb/git/serve.py12
2 files changed, 16 insertions, 0 deletions
diff --git a/aurweb/exceptions.py b/aurweb/exceptions.py
index 639f9e09..664db68c 100644
--- a/aurweb/exceptions.py
+++ b/aurweb/exceptions.py
@@ -6,6 +6,10 @@ class MaintenanceException(AurwebException):
pass
+class BannedException(AurwebException):
+ pass
+
+
class PermissionDeniedException(AurwebException):
def __init__(self, user):
msg = 'permission denied: {:s}'.format(user)
diff --git a/aurweb/git/serve.py b/aurweb/git/serve.py
index cfd4910d..44cce75d 100755
--- a/aurweb/git/serve.py
+++ b/aurweb/git/serve.py
@@ -422,6 +422,14 @@ def log_ssh_login(user, remote_addr):
conn.close()
+def bans_match(remote_addr):
+ conn = aurweb.db.Connection()
+
+ cur = conn.execute("SELECT COUNT(*) FROM Bans WHERE IPAddress = ?",
+ [remote_addr])
+ return cur.fetchone()[0] > 0
+
+
def die(msg):
sys.stderr.write("{:s}\n".format(msg))
exit(1)
@@ -463,6 +471,8 @@ def serve(action, cmdargv, user, privileged, remote_addr):
if enable_maintenance:
if remote_addr not in maintenance_exc:
raise aurweb.exceptions.MaintenanceException
+ if bans_match(remote_addr):
+ raise aurweb.exceptions.BannedException
log_ssh_login(user, remote_addr)
if action == 'git' and cmdargv[1] in ('upload-pack', 'receive-pack'):
@@ -586,6 +596,8 @@ def main():
serve(action, cmdargv, user, privileged, remote_addr)
except aurweb.exceptions.MaintenanceException:
die("The AUR is down due to maintenance. We will be back soon.")
+ except aurweb.exceptions.BannedException:
+ die("The SSH interface is disabled for your IP address.")
except aurweb.exceptions.InvalidArgumentsException as e:
die_with_help('{:s}: {}'.format(action, e))
except aurweb.exceptions.AurwebException as e: