external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

git-serve: Refactor environment variable access

Browse source 
Read all environment variables at the beginning of the script and
immediately pre-process their values.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This commit is contained in:
Lukas Fleischer 2016-08-01 19:48:02 +02:00
parent b089747774
commit 573715afd9
1 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
git-interface/git-serve.py
View file

@ -108,15 +108,12 @@ def pkgbase_set_keywords(pkgbase, keywords):
db.close() db.close()
def check_permissions(pkgbase, user): def pkgbase_has_write_access(pkgbase, user):
db = mysql.connector.connect(host=aur_db_host, user=aur_db_user, db = mysql.connector.connect(host=aur_db_host, user=aur_db_user,
passwd=aur_db_pass, db=aur_db_name, passwd=aur_db_pass, db=aur_db_name,
unix_socket=aur_db_socket, buffered=True) unix_socket=aur_db_socket, buffered=True)
cur = db.cursor() cur = db.cursor()
if os.environ.get('AUR_PRIVILEGED', '0') == '1':
return True
cur.execute("SELECT COUNT(*) FROM PackageBases " + cur.execute("SELECT COUNT(*) FROM PackageBases " +
"LEFT JOIN PackageComaintainers " + "LEFT JOIN PackageComaintainers " +
"ON PackageComaintainers.PackageBaseID = PackageBases.ID " + "ON PackageComaintainers.PackageBaseID = PackageBases.ID " +
@ -136,15 +133,18 @@ def die_with_help(msg):
die(msg + "\nTry `{:s} help` for a list of commands.".format(ssh_cmdline)) die(msg + "\nTry `{:s} help` for a list of commands.".format(ssh_cmdline))
user = os.environ.get("AUR_USER") user = os.environ.get('AUR_USER')
cmd = os.environ.get("SSH_ORIGINAL_COMMAND") privileged = (os.environ.get('AUR_PRIVILEGED', '0') == '1')
if not cmd: ssh_cmd = os.environ.get('SSH_ORIGINAL_COMMAND')
ssh_client = os.environ.get('SSH_CLIENT')
if not ssh_cmd:
die_with_help("Interactive shell is disabled.") die_with_help("Interactive shell is disabled.")
cmdargv = shlex.split(cmd) cmdargv = shlex.split(ssh_cmd)
action = cmdargv[0] action = cmdargv[0]
remote_addr = ssh_client.split(' ')[0] if ssh_client else None
if enable_maintenance: if enable_maintenance:
remote_addr = os.environ["SSH_CLIENT"].split(" ")[0]
if remote_addr not in maintenance_exc: if remote_addr not in maintenance_exc:
die("The AUR is down due to maintenance. We will be back soon.") die("The AUR is down due to maintenance. We will be back soon.")
@ -165,7 +165,7 @@ if action == 'git-upload-pack' or action == 'git-receive-pack':
create_pkgbase(pkgbase, user) create_pkgbase(pkgbase, user)
if action == 'git-receive-pack': if action == 'git-receive-pack':
if not check_permissions(pkgbase, user): if not privileged and not pkgbase_has_write_access(pkgbase, user):
die('{:s}: permission denied: {:s}'.format(action, user)) die('{:s}: permission denied: {:s}'.format(action, user))
os.environ["AUR_USER"] = user os.environ["AUR_USER"] = user