From e5b43760c275130623ff4fda5a96f628cf17156e Mon Sep 17 00:00:00 2001 From: Johannes Löthberg Date: Sun, 21 Jan 2018 17:51:02 +0100 Subject: Move AUR_OVERWRITE privilege check from git/auth to git/update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git/auth is run as an AutherizedKeysCommand which does not get the environment variables passed to it, so AUR_OVERWRITE always got hard-set to '0' by it. Instead we need to perform the actual privilege check in git/update instead. Signed-off-by: Johannes Löthberg Signed-off-by: Lukas Fleischer --- aurweb/git/auth.py | 1 - aurweb/git/update.py | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'aurweb') diff --git a/aurweb/git/auth.py b/aurweb/git/auth.py index b7819a95..828ed4e2 100755 --- a/aurweb/git/auth.py +++ b/aurweb/git/auth.py @@ -53,7 +53,6 @@ def main(): env_vars = { 'AUR_USER': user, 'AUR_PRIVILEGED': '1' if account_type > 1 else '0', - 'AUR_OVERWRITE' : os.environ.get('AUR_OVERWRITE', '0') if account_type > 1 else '0', } key = keytype + ' ' + keytext diff --git a/aurweb/git/update.py b/aurweb/git/update.py index f681ddb9..da48eb31 100755 --- a/aurweb/git/update.py +++ b/aurweb/git/update.py @@ -238,7 +238,7 @@ def main(): user = os.environ.get("AUR_USER") pkgbase = os.environ.get("AUR_PKGBASE") privileged = (os.environ.get("AUR_PRIVILEGED", '0') == '1') - allow_overwrite = (os.environ.get("AUR_OVERWRITE", '0') == '1') + allow_overwrite = (os.environ.get("AUR_OVERWRITE", '0') == '1') and privileged warn_or_die = warn if privileged else die if len(sys.argv) == 2 and sys.argv[1] == "restore": -- cgit v1.2.3-24-g4f1b