Commit ad17b9e2 authored by Lukas Fleischer's avatar Lukas Fleischer
Browse files

Add basic Git authentication/authorization scripts



This adds two scripts to be used together with Git over SSH:

* git-auth.py is supposed to be used as AuthorizedKeysCommand. It checks
  whether the public key belongs to any AUR user and invokes
  git-serve.py, passing the name of the corresponding user as a command
  line argument, if any.

* git-serve.py is a wrapper around git-shell(1) that checks whether the
  user passed as command line argument has access to the Git repository
  that a push operation writes to.

Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
parent 253e76d8
......@@ -26,3 +26,14 @@ max_rpc_results = 5000
aur_request_ml = aur-requests@archlinux.org
request_idle_time = 1209600
auto_orphan_age = 15552000
[auth]
key-prefixes = ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519
username-regex = [a-zA-Z0-9]+[.\-_]?[a-zA-Z0-9]+$
git-serve-cmd = /srv/http/aur/scripts/git-integration/git-serve.py
ssh-options = no-port-forwarding,no-X11-forwarding,no-pty
[serve]
repo-base = /pub/git/
repo-regex = [a-z0-9][a-z0-9.+_-]*$
git-shell-cmd = /usr/bin/git-shell
#!/usr/bin/python3
import configparser
import mysql.connector
import os
import re
config = configparser.RawConfigParser()
config.read(os.path.dirname(os.path.realpath(__file__)) + "/../../conf/config")
aur_db_host = config.get('database', 'host')
aur_db_name = config.get('database', 'name')
aur_db_user = config.get('database', 'user')
aur_db_pass = config.get('database', 'password')
key_prefixes = config.get('auth', 'key-prefixes').split()
username_regex = config.get('auth', 'username-regex')
git_serve_cmd = config.get('auth', 'git-serve-cmd')
ssh_opts = config.get('auth', 'ssh-options')
pubkey = os.environ.get("SSH_KEY")
valid_prefixes = tuple(p + " " for p in key_prefixes)
if pubkey is None or not pubkey.startswith(valid_prefixes):
exit(1)
db = mysql.connector.connect(host=aur_db_host, user=aur_db_user,
passwd=aur_db_pass, db=aur_db_name,
buffered=True)
cur = db.cursor()
cur.execute("SELECT Username FROM Users WHERE SSHPubKey = %s " +
"AND Suspended = 0", (pubkey,))
if cur.rowcount != 1:
exit(1)
user = cur.fetchone()[0]
if not re.match(username_regex, user):
exit(1)
print('command="%s %s",%s %s' % (git_serve_cmd, user, ssh_opts, pubkey))
#!/usr/bin/python3
import configparser
import mysql.connector
import os
import pygit2
import re
import shlex
import sys
config = configparser.RawConfigParser()
config.read(os.path.dirname(os.path.realpath(__file__)) + "/../../conf/config")
aur_db_host = config.get('database', 'host')
aur_db_name = config.get('database', 'name')
aur_db_user = config.get('database', 'user')
aur_db_pass = config.get('database', 'password')
repo_base_path = config.get('serve', 'repo-base')
repo_regex = config.get('serve', 'repo-regex')
git_shell_cmd = config.get('serve', 'git-shell-cmd')
def repo_path_validate(path):
if not path.startswith(repo_base_path):
return False
if not path.endswith('.git/'):
return False
repo = path[len(repo_base_path):-5]
return re.match(repo_regex, repo)
def repo_path_get_pkgbase(path):
pkgbase = path.rstrip('/').rpartition('/')[2]
if pkgbase.endswith('.git'):
pkgbase = pkgbase[:-4]
return pkgbase
def setup_repo(repo, user):
if not re.match(repo_regex, repo):
die('invalid repository name: %s' % (repo))
db = mysql.connector.connect(host=aur_db_host, user=aur_db_user,
passwd=aur_db_pass, db=aur_db_name)
cur = db.cursor()
cur.execute("SELECT COUNT(*) FROM PackageBases WHERE Name = %s ", [repo])
if cur.fetchone()[0] > 0:
die('package base already exists: %s' % (repo))
cur.execute("SELECT ID FROM Users WHERE Username = %s ", [user])
userid = cur.fetchone()[0]
if userid == 0:
die('unknown user: %s' % (user))
cur.execute("INSERT INTO PackageBases (Name, SubmittedTS, ModifiedTS, " +
"SubmitterUID) VALUES (%s, UNIX_TIMESTAMP(), " +
"UNIX_TIMESTAMP(), %s)", [repo, userid])
db.commit()
db.close()
repo_path = repo_base_path + '/' + repo + '.git/'
pygit2.init_repository(repo_path, True)
def check_permissions(pkgbase, user):
db = mysql.connector.connect(host=aur_db_host, user=aur_db_user,
passwd=aur_db_pass, db=aur_db_name,
buffered=True)
cur = db.cursor()
cur.execute("SELECT COUNT(*) FROM PackageBases INNER JOIN Users " +
"ON Users.ID = PackageBases.MaintainerUID OR " +
"PackageBases.MaintainerUID IS NULL WHERE " +
"Name = %s AND Username = %s", [pkgbase, user])
return cur.fetchone()[0] > 0
def die(msg):
sys.stderr.write("%s\n" % (msg))
exit(1)
user = sys.argv[1]
cmd = os.environ.get("SSH_ORIGINAL_COMMAND")
if not cmd:
die('no command specified')
cmdargv = shlex.split(cmd)
action = cmdargv[0]
if action == 'git-upload-pack' or action == 'git-receive-pack':
path = cmdargv[1]
if not repo_path_validate(path):
die('invalid path: %s' % (path))
pkgbase = repo_path_get_pkgbase(path)
if action == 'git-receive-pack':
if not check_permissions(pkgbase, user):
die('permission denied: %s' % (user))
os.environ["AUR_USER"] = user
os.environ["AUR_GIT_DIR"] = path
os.environ["AUR_PKGBASE"] = pkgbase
os.execl(git_shell_cmd, git_shell_cmd, '-c', cmd)
elif action == 'setup-repo':
if len(cmdargv) < 2:
die('missing repository name')
setup_repo(cmdargv[1], user)
else:
die('invalid command: %s' % (action))
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment