mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
65 lines
1.7 KiB
Python
Executable file
65 lines
1.7 KiB
Python
Executable file
#!/usr/bin/env python3
|
|
|
|
import re
|
|
import shlex
|
|
import sys
|
|
|
|
import aurweb.config
|
|
import aurweb.db
|
|
|
|
|
|
def format_command(env_vars, command, ssh_opts, ssh_key):
|
|
environment = ""
|
|
for key, var in env_vars.items():
|
|
environment += "{}={} ".format(key, shlex.quote(var))
|
|
|
|
command = shlex.quote(command)
|
|
command = "{}{}".format(environment, command)
|
|
|
|
# The command is being substituted into an authorized_keys line below,
|
|
# so we need to escape the double quotes.
|
|
command = command.replace('"', '\\"')
|
|
msg = 'command="{}",{} {}'.format(command, ssh_opts, ssh_key)
|
|
return msg
|
|
|
|
|
|
def main():
|
|
valid_keytypes = aurweb.config.get("auth", "valid-keytypes").split()
|
|
username_regex = aurweb.config.get("auth", "username-regex")
|
|
git_serve_cmd = aurweb.config.get("auth", "git-serve-cmd")
|
|
ssh_opts = aurweb.config.get("auth", "ssh-options")
|
|
|
|
keytype = sys.argv[1]
|
|
keytext = sys.argv[2]
|
|
if keytype not in valid_keytypes:
|
|
exit(1)
|
|
|
|
conn = aurweb.db.Connection()
|
|
|
|
cur = conn.execute(
|
|
"SELECT Users.Username, Users.AccountTypeID FROM Users "
|
|
"INNER JOIN SSHPubKeys ON SSHPubKeys.UserID = Users.ID "
|
|
"WHERE SSHPubKeys.PubKey = ? AND Users.Suspended = 0 "
|
|
"AND NOT Users.Passwd = ''",
|
|
(keytype + " " + keytext,),
|
|
)
|
|
|
|
row = cur.fetchone()
|
|
if not row or cur.fetchone():
|
|
exit(1)
|
|
|
|
user, account_type = row
|
|
if not re.match(username_regex, user):
|
|
exit(1)
|
|
|
|
env_vars = {
|
|
"AUR_USER": user,
|
|
"AUR_PRIVILEGED": "1" if account_type > 1 else "0",
|
|
}
|
|
key = keytype + " " + keytext
|
|
|
|
print(format_command(env_vars, git_serve_cmd, ssh_opts, key))
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|