git-interface/git-auth.py

   1 #!/usr/bin/python3
   2
   3 import configparser
   4 import mysql.connector
   5 import os
   6 import re
   7 import sys
   8
   9 config = configparser.RawConfigParser()
  10 config.read(os.path.dirname(os.path.realpath(__file__)) + "/../conf/config")
  11
  12 aur_db_host = config.get('database', 'host')
  13 aur_db_name = config.get('database', 'name')
  14 aur_db_user = config.get('database', 'user')
  15 aur_db_pass = config.get('database', 'password')
  16 aur_db_socket = config.get('database', 'socket')
  17
  18 valid_keytypes = config.get('auth', 'valid-keytypes').split()
  19 username_regex = config.get('auth', 'username-regex')
  20 git_serve_cmd = config.get('auth', 'git-serve-cmd')
  21 ssh_opts = config.get('auth', 'ssh-options')
  22
  23 keytype = sys.argv[1]
  24 keytext = sys.argv[2]
  25 if not keytype in valid_keytypes:
  26     exit(1)
  27
  28 db = mysql.connector.connect(host=aur_db_host, user=aur_db_user,
  29                              passwd=aur_db_pass, db=aur_db_name,
  30                              unix_socket=aur_db_socket, buffered=True)
  31
  32 cur = db.cursor()
  33 cur.execute("SELECT Username FROM Users WHERE SSHPubKey = %s " +
  34             "AND Suspended = 0", (keytype + " " + keytext,))
  35
  36 if cur.rowcount != 1:
  37     exit(1)
  38
  39 user = cur.fetchone()[0]
  40 if not re.match(username_regex, user):
  41     exit(1)
  42
  43 print('command="%s %s",%s %s' % (git_serve_cmd, user, ssh_opts,
  44     keytype + " " + keytext))