diff options
Diffstat (limited to 'aurweb/git/auth.py')
| -rwxr-xr-x | aurweb/git/auth.py | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/aurweb/git/auth.py b/aurweb/git/auth.py new file mode 100755 index 00000000..022b0fff --- /dev/null +++ b/aurweb/git/auth.py @@ -0,0 +1,62 @@ +#!/usr/bin/python3 + +import shlex +import re +import sys + +import aurweb.config +import aurweb.db + + +def format_command(env_vars, command, ssh_opts, ssh_key): + environment = '' + for key, var in env_vars.items(): + environment += '{}={} '.format(key, shlex.quote(var)) + + command = shlex.quote(command) + command = '{}{}'.format(environment, command) + + # The command is being substituted into an authorized_keys line below, + # so we need to escape the double quotes. + command = command.replace('"', '\\"') + msg = 'command="{}",{} {}'.format(command, ssh_opts, ssh_key) + return msg + + +def main(): + valid_keytypes = aurweb.config.get('auth', 'valid-keytypes').split() + username_regex = aurweb.config.get('auth', 'username-regex') + git_serve_cmd = aurweb.config.get('auth', 'git-serve-cmd') + ssh_opts = aurweb.config.get('auth', 'ssh-options') + + keytype = sys.argv[1] + keytext = sys.argv[2] + if keytype not in valid_keytypes: + exit(1) + + conn = aurweb.db.Connection() + + cur = conn.execute("SELECT Users.Username, Users.AccountTypeID FROM Users " + "INNER JOIN SSHPubKeys ON SSHPubKeys.UserID = Users.ID " + "WHERE SSHPubKeys.PubKey = ? AND Users.Suspended = 0", + (keytype + " " + keytext,)) + + row = cur.fetchone() + if not row or cur.fetchone(): + exit(1) + + user, account_type = row + if not re.match(username_regex, user): + exit(1) + + env_vars = { + 'AUR_USER': user, + 'AUR_PRIVILEGED': '1' if account_type > 1 else '0', + } + key = keytype + ' ' + keytext + + print(format_command(env_vars, git_serve_cmd, ssh_opts, key)) + + +if __name__ == '__main__': + main() |