Commit 573715af authored by Lukas Fleischer's avatar Lukas Fleischer
Browse files

git-serve: Refactor environment variable access



Read all environment variables at the beginning of the script and
immediately pre-process their values.

Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <lfleischer@archlinux.org>
parent b0897477
...@@ -108,15 +108,12 @@ def pkgbase_set_keywords(pkgbase, keywords): ...@@ -108,15 +108,12 @@ def pkgbase_set_keywords(pkgbase, keywords):
db.close() db.close()
def check_permissions(pkgbase, user): def pkgbase_has_write_access(pkgbase, user):
db = mysql.connector.connect(host=aur_db_host, user=aur_db_user, db = mysql.connector.connect(host=aur_db_host, user=aur_db_user,
passwd=aur_db_pass, db=aur_db_name, passwd=aur_db_pass, db=aur_db_name,
unix_socket=aur_db_socket, buffered=True) unix_socket=aur_db_socket, buffered=True)
cur = db.cursor() cur = db.cursor()
if os.environ.get('AUR_PRIVILEGED', '0') == '1':
return True
cur.execute("SELECT COUNT(*) FROM PackageBases " + cur.execute("SELECT COUNT(*) FROM PackageBases " +
"LEFT JOIN PackageComaintainers " + "LEFT JOIN PackageComaintainers " +
"ON PackageComaintainers.PackageBaseID = PackageBases.ID " + "ON PackageComaintainers.PackageBaseID = PackageBases.ID " +
...@@ -136,15 +133,18 @@ def die_with_help(msg): ...@@ -136,15 +133,18 @@ def die_with_help(msg):
die(msg + "\nTry `{:s} help` for a list of commands.".format(ssh_cmdline)) die(msg + "\nTry `{:s} help` for a list of commands.".format(ssh_cmdline))
user = os.environ.get("AUR_USER") user = os.environ.get('AUR_USER')
cmd = os.environ.get("SSH_ORIGINAL_COMMAND") privileged = (os.environ.get('AUR_PRIVILEGED', '0') == '1')
if not cmd: ssh_cmd = os.environ.get('SSH_ORIGINAL_COMMAND')
ssh_client = os.environ.get('SSH_CLIENT')
if not ssh_cmd:
die_with_help("Interactive shell is disabled.") die_with_help("Interactive shell is disabled.")
cmdargv = shlex.split(cmd) cmdargv = shlex.split(ssh_cmd)
action = cmdargv[0] action = cmdargv[0]
remote_addr = ssh_client.split(' ')[0] if ssh_client else None
if enable_maintenance: if enable_maintenance:
remote_addr = os.environ["SSH_CLIENT"].split(" ")[0]
if remote_addr not in maintenance_exc: if remote_addr not in maintenance_exc:
die("The AUR is down due to maintenance. We will be back soon.") die("The AUR is down due to maintenance. We will be back soon.")
...@@ -165,7 +165,7 @@ if action == 'git-upload-pack' or action == 'git-receive-pack': ...@@ -165,7 +165,7 @@ if action == 'git-upload-pack' or action == 'git-receive-pack':
create_pkgbase(pkgbase, user) create_pkgbase(pkgbase, user)
if action == 'git-receive-pack': if action == 'git-receive-pack':
if not check_permissions(pkgbase, user): if not privileged and not pkgbase_has_write_access(pkgbase, user):
die('{:s}: permission denied: {:s}'.format(action, user)) die('{:s}: permission denied: {:s}'.format(action, user))
os.environ["AUR_USER"] = user os.environ["AUR_USER"] = user
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment