git-auth.py 1.82 KB
Newer Older
1
2
3
4
#!/usr/bin/python3

import configparser
import mysql.connector
5
import shlex
6
7
import os
import re
Lukas Fleischer's avatar
Lukas Fleischer committed
8
import sys
9

10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

def format_command(env_vars, command, ssh_opts, ssh_key):
    environment = ''
    for key, var in env_vars.items():
        environment += '{}={} '.format(key, shlex.quote(var))

    command = shlex.quote(command)
    command = '{}{}'.format(environment, command)

    # The command is being substituted into an authorized_keys line below,
    # so we need to escape the double quotes.
    command = command.replace('"', '\\"')
    msg = 'command="{}",{} {}'.format(command, ssh_opts, ssh_key)
    return msg


26
config = configparser.RawConfigParser()
Lukas Fleischer's avatar
Lukas Fleischer committed
27
config.read(os.path.dirname(os.path.realpath(__file__)) + "/../conf/config")
28
29
30
31
32

aur_db_host = config.get('database', 'host')
aur_db_name = config.get('database', 'name')
aur_db_user = config.get('database', 'user')
aur_db_pass = config.get('database', 'password')
33
aur_db_socket = config.get('database', 'socket')
34

Lukas Fleischer's avatar
Lukas Fleischer committed
35
valid_keytypes = config.get('auth', 'valid-keytypes').split()
36
37
38
39
username_regex = config.get('auth', 'username-regex')
git_serve_cmd = config.get('auth', 'git-serve-cmd')
ssh_opts = config.get('auth', 'ssh-options')

Lukas Fleischer's avatar
Lukas Fleischer committed
40
41
42
keytype = sys.argv[1]
keytext = sys.argv[2]
if not keytype in valid_keytypes:
43
44
45
46
    exit(1)

db = mysql.connector.connect(host=aur_db_host, user=aur_db_user,
                             passwd=aur_db_pass, db=aur_db_name,
47
                             unix_socket=aur_db_socket, buffered=True)
48
49
50

cur = db.cursor()
cur.execute("SELECT Username FROM Users WHERE SSHPubKey = %s " +
Lukas Fleischer's avatar
Lukas Fleischer committed
51
            "AND Suspended = 0", (keytype + " " + keytext,))
52
53
54
55
56
57
58
59

if cur.rowcount != 1:
    exit(1)

user = cur.fetchone()[0]
if not re.match(username_regex, user):
    exit(1)

60
61
62
63
64
65
env_vars = {
    'AUR_USER': user,
}
key = keytype + ' ' + keytext

print(format_command(env_vars, git_serve_cmd, ssh_opts, key))