diff options
| author | Lukas Fleischer <lfleischer@archlinux.org> | 2016-08-01 19:48:02 +0200 |
|---|---|---|
| committer | Lukas Fleischer <lfleischer@archlinux.org> | 2016-08-04 13:04:44 +0200 |
| commit | 573715afd9f7e56e34be07f983055f938351d990 (patch) | |
| tree | 022cd7c6df046bbfa6e66c4278c4168a3146f0fd | |
| parent | b089747774b495126bf4e2b4ec0b63bd0c2af5c4 (diff) | |
| download | aurweb-573715afd9f7e56e34be07f983055f938351d990.tar.xz | |
git-serve: Refactor environment variable access
Read all environment variables at the beginning of the script and
immediately pre-process their values.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
| -rwxr-xr-x | git-interface/git-serve.py | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/git-interface/git-serve.py b/git-interface/git-serve.py index 35c6b3a..aa5f1c9 100755 --- a/git-interface/git-serve.py +++ b/git-interface/git-serve.py @@ -108,15 +108,12 @@ def pkgbase_set_keywords(pkgbase, keywords): db.close() -def check_permissions(pkgbase, user): +def pkgbase_has_write_access(pkgbase, user): db = mysql.connector.connect(host=aur_db_host, user=aur_db_user, passwd=aur_db_pass, db=aur_db_name, unix_socket=aur_db_socket, buffered=True) cur = db.cursor() - if os.environ.get('AUR_PRIVILEGED', '0') == '1': - return True - cur.execute("SELECT COUNT(*) FROM PackageBases " + "LEFT JOIN PackageComaintainers " + "ON PackageComaintainers.PackageBaseID = PackageBases.ID " + @@ -136,15 +133,18 @@ def die_with_help(msg): die(msg + "\nTry `{:s} help` for a list of commands.".format(ssh_cmdline)) -user = os.environ.get("AUR_USER") -cmd = os.environ.get("SSH_ORIGINAL_COMMAND") -if not cmd: +user = os.environ.get('AUR_USER') +privileged = (os.environ.get('AUR_PRIVILEGED', '0') == '1') +ssh_cmd = os.environ.get('SSH_ORIGINAL_COMMAND') +ssh_client = os.environ.get('SSH_CLIENT') + +if not ssh_cmd: die_with_help("Interactive shell is disabled.") -cmdargv = shlex.split(cmd) +cmdargv = shlex.split(ssh_cmd) action = cmdargv[0] +remote_addr = ssh_client.split(' ')[0] if ssh_client else None if enable_maintenance: - remote_addr = os.environ["SSH_CLIENT"].split(" ")[0] if remote_addr not in maintenance_exc: die("The AUR is down due to maintenance. We will be back soon.") @@ -165,7 +165,7 @@ if action == 'git-upload-pack' or action == 'git-receive-pack': create_pkgbase(pkgbase, user) if action == 'git-receive-pack': - if not check_permissions(pkgbase, user): + if not privileged and not pkgbase_has_write_access(pkgbase, user): die('{:s}: permission denied: {:s}'.format(action, user)) os.environ["AUR_USER"] = user |