mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
b036b436aa
Attaching more than one SSH public key to the same account is useful, e.g. if one uses different machines to access the AUR SSH interface. Multiple keys can now be specified by adding multiple lines to the text area on the account edit form. Implements FS#45469. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org> Acked-by: Leonidas Spyropoulos <artafinde@gmail.com>
69 lines
2 KiB
Python
Executable file
69 lines
2 KiB
Python
Executable file
#!/usr/bin/python3
|
|
|
|
import configparser
|
|
import mysql.connector
|
|
import shlex
|
|
import os
|
|
import re
|
|
import sys
|
|
|
|
|
|
def format_command(env_vars, command, ssh_opts, ssh_key):
|
|
environment = ''
|
|
for key, var in env_vars.items():
|
|
environment += '{}={} '.format(key, shlex.quote(var))
|
|
|
|
command = shlex.quote(command)
|
|
command = '{}{}'.format(environment, command)
|
|
|
|
# The command is being substituted into an authorized_keys line below,
|
|
# so we need to escape the double quotes.
|
|
command = command.replace('"', '\\"')
|
|
msg = 'command="{}",{} {}'.format(command, ssh_opts, ssh_key)
|
|
return msg
|
|
|
|
|
|
config = configparser.RawConfigParser()
|
|
config.read(os.path.dirname(os.path.realpath(__file__)) + "/../conf/config")
|
|
|
|
aur_db_host = config.get('database', 'host')
|
|
aur_db_name = config.get('database', 'name')
|
|
aur_db_user = config.get('database', 'user')
|
|
aur_db_pass = config.get('database', 'password')
|
|
aur_db_socket = config.get('database', 'socket')
|
|
|
|
valid_keytypes = config.get('auth', 'valid-keytypes').split()
|
|
username_regex = config.get('auth', 'username-regex')
|
|
git_serve_cmd = config.get('auth', 'git-serve-cmd')
|
|
ssh_opts = config.get('auth', 'ssh-options')
|
|
|
|
keytype = sys.argv[1]
|
|
keytext = sys.argv[2]
|
|
if not keytype in valid_keytypes:
|
|
exit(1)
|
|
|
|
db = mysql.connector.connect(host=aur_db_host, user=aur_db_user,
|
|
passwd=aur_db_pass, db=aur_db_name,
|
|
unix_socket=aur_db_socket, buffered=True)
|
|
|
|
cur = db.cursor()
|
|
cur.execute("SELECT Users.Username, Users.AccountTypeID FROM Users " +
|
|
"INNER JOIN SSHPubKeys ON SSHPubKeys.UserID = Users.ID "
|
|
"WHERE SSHPubKeys.PubKey = %s AND Users.Suspended = 0",
|
|
(keytype + " " + keytext,))
|
|
|
|
if cur.rowcount != 1:
|
|
exit(1)
|
|
|
|
user, account_type = cur.fetchone()
|
|
if not re.match(username_regex, user):
|
|
exit(1)
|
|
|
|
|
|
env_vars = {
|
|
'AUR_USER': user,
|
|
'AUR_PRIVILEGED': '1' if account_type > 1 else '0',
|
|
}
|
|
key = keytype + ' ' + keytext
|
|
|
|
print(format_command(env_vars, git_serve_cmd, ssh_opts, key))
|