summaryrefslogtreecommitdiffstats
path: root/scripts/git-integration/git-auth.py
diff options
context:
space:
mode:
authorLukas Fleischer <lfleischer@archlinux.org>2015-04-11 13:25:59 +0200
committerLukas Fleischer <lfleischer@archlinux.org>2015-04-11 14:08:30 +0200
commitef1f3798a0d06fa5e3ba9ae9cda0d1000e4cc57b (patch)
tree7d0b8fe5ee9534c82e2a0a80067ae61115acc2c3 /scripts/git-integration/git-auth.py
parent4f4cfff620ecaa27e4b50f542f6f1e9af9d08e30 (diff)
downloadaur-ef1f3798a0d06fa5e3ba9ae9cda0d1000e4cc57b.tar.gz
aur-ef1f3798a0d06fa5e3ba9ae9cda0d1000e4cc57b.tar.xz
Update the OpenSSH patch
Use the latest version of Damien Miller's patch to extend the parameters to the AuthorizedKeysCommand. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Diffstat (limited to 'scripts/git-integration/git-auth.py')
-rwxr-xr-xscripts/git-integration/git-auth.py14
1 files changed, 8 insertions, 6 deletions
diff --git a/scripts/git-integration/git-auth.py b/scripts/git-integration/git-auth.py
index 801a1d36..09dadecf 100755
--- a/scripts/git-integration/git-auth.py
+++ b/scripts/git-integration/git-auth.py
@@ -4,6 +4,7 @@ import configparser
import mysql.connector
import os
import re
+import sys
config = configparser.RawConfigParser()
config.read(os.path.dirname(os.path.realpath(__file__)) + "/../../conf/config")
@@ -14,14 +15,14 @@ aur_db_user = config.get('database', 'user')
aur_db_pass = config.get('database', 'password')
aur_db_socket = config.get('database', 'socket')
-key_prefixes = config.get('auth', 'key-prefixes').split()
+valid_keytypes = config.get('auth', 'valid-keytypes').split()
username_regex = config.get('auth', 'username-regex')
git_serve_cmd = config.get('auth', 'git-serve-cmd')
ssh_opts = config.get('auth', 'ssh-options')
-pubkey = os.environ.get("SSH_KEY")
-valid_prefixes = tuple(p + " " for p in key_prefixes)
-if pubkey is None or not pubkey.startswith(valid_prefixes):
+keytype = sys.argv[1]
+keytext = sys.argv[2]
+if not keytype in valid_keytypes:
exit(1)
db = mysql.connector.connect(host=aur_db_host, user=aur_db_user,
@@ -30,7 +31,7 @@ db = mysql.connector.connect(host=aur_db_host, user=aur_db_user,
cur = db.cursor()
cur.execute("SELECT Username FROM Users WHERE SSHPubKey = %s " +
- "AND Suspended = 0", (pubkey,))
+ "AND Suspended = 0", (keytype + " " + keytext,))
if cur.rowcount != 1:
exit(1)
@@ -39,4 +40,5 @@ user = cur.fetchone()[0]
if not re.match(username_regex, user):
exit(1)
-print('command="%s %s",%s %s' % (git_serve_cmd, user, ssh_opts, pubkey))
+print('command="%s %s",%s %s' % (git_serve_cmd, user, ssh_opts,
+ keytype + " " + keytext))