git-auth.py 1.6 KB
Newer Older
1
2
3
#!/usr/bin/python3

import configparser
4
import shlex
5
6
import os
import re
Lukas Fleischer's avatar
Lukas Fleischer committed
7
import sys
8

9
10
import db

11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

def format_command(env_vars, command, ssh_opts, ssh_key):
    environment = ''
    for key, var in env_vars.items():
        environment += '{}={} '.format(key, shlex.quote(var))

    command = shlex.quote(command)
    command = '{}{}'.format(environment, command)

    # The command is being substituted into an authorized_keys line below,
    # so we need to escape the double quotes.
    command = command.replace('"', '\\"')
    msg = 'command="{}",{} {}'.format(command, ssh_opts, ssh_key)
    return msg


27
config = configparser.RawConfigParser()
Lukas Fleischer's avatar
Lukas Fleischer committed
28
config.read(os.path.dirname(os.path.realpath(__file__)) + "/../conf/config")
29

Lukas Fleischer's avatar
Lukas Fleischer committed
30
valid_keytypes = config.get('auth', 'valid-keytypes').split()
31
32
33
34
username_regex = config.get('auth', 'username-regex')
git_serve_cmd = config.get('auth', 'git-serve-cmd')
ssh_opts = config.get('auth', 'ssh-options')

Lukas Fleischer's avatar
Lukas Fleischer committed
35
36
keytype = sys.argv[1]
keytext = sys.argv[2]
37
if keytype not in valid_keytypes:
38
39
    exit(1)

40
conn = db.Connection()
41

42
43
44
45
cur = conn.execute("SELECT Users.Username, Users.AccountTypeID FROM Users " +
                   "INNER JOIN SSHPubKeys ON SSHPubKeys.UserID = Users.ID "
                   "WHERE SSHPubKeys.PubKey = ? AND Users.Suspended = 0",
                   (keytype + " " + keytext,))
46
47
48
49

if cur.rowcount != 1:
    exit(1)

50
user, account_type = cur.fetchone()
51
52
53
if not re.match(username_regex, user):
    exit(1)

54

55
56
env_vars = {
    'AUR_USER': user,
57
    'AUR_PRIVILEGED': '1' if account_type > 1 else '0',
58
59
60
61
}
key = keytype + ' ' + keytext

print(format_command(env_vars, git_serve_cmd, ssh_opts, key))