1 files changed, 62 insertions, 0 deletions

diff --git a/aurweb/git/auth.py b/aurweb/git/auth.py
new file mode 100755
index 0000000..022b0ff
--- /dev/null
+++ b/aurweb/git/auth.py
@@ -0,0 +1,62 @@
+#!/usr/bin/python3
+
+import shlex
+import re
+import sys
+
+import aurweb.config
+import aurweb.db
+
+
+def format_command(env_vars, command, ssh_opts, ssh_key):
+    environment = ''
+    for key, var in env_vars.items():
+        environment += '{}={} '.format(key, shlex.quote(var))
+
+    command = shlex.quote(command)
+    command = '{}{}'.format(environment, command)
+
+    # The command is being substituted into an authorized_keys line below,
+    # so we need to escape the double quotes.
+    command = command.replace('"', '\\"')
+    msg = 'command="{}",{} {}'.format(command, ssh_opts, ssh_key)
+    return msg
+
+
+def main():
+    valid_keytypes = aurweb.config.get('auth', 'valid-keytypes').split()
+    username_regex = aurweb.config.get('auth', 'username-regex')
+    git_serve_cmd = aurweb.config.get('auth', 'git-serve-cmd')
+    ssh_opts = aurweb.config.get('auth', 'ssh-options')
+
+    keytype = sys.argv[1]
+    keytext = sys.argv[2]
+    if keytype not in valid_keytypes:
+        exit(1)
+
+    conn = aurweb.db.Connection()
+
+    cur = conn.execute("SELECT Users.Username, Users.AccountTypeID FROM Users "
+                       "INNER JOIN SSHPubKeys ON SSHPubKeys.UserID = Users.ID "
+                       "WHERE SSHPubKeys.PubKey = ? AND Users.Suspended = 0",
+                       (keytype + " " + keytext,))
+
+    row = cur.fetchone()
+    if not row or cur.fetchone():
+        exit(1)
+
+    user, account_type = row
+    if not re.match(username_regex, user):
+        exit(1)
+
+    env_vars = {
+        'AUR_USER': user,
+        'AUR_PRIVILEGED': '1' if account_type > 1 else '0',
+    }
+    key = keytype + ' ' + keytext
+
+    print(format_command(env_vars, git_serve_cmd, ssh_opts, key))
+
+
+if __name__ == '__main__':
+    main()