summaryrefslogtreecommitdiffstats
path: root/gitsrht-dispatch
blob: 39e8609fc9285657a5a0ba0a8a4911b40aa90010 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

#!/usr/bin/env python3
# AuthorizedKeysCommand=/usr/bin/git-srht-dispatch "%u" "%h" "%t" "%k"
# AuthorizedKeysUser=root
import sys
import os
try:
    f = open("/var/log/git-srht-dispatch", "a")
    os.close(sys.stderr.fileno())
    os.dup2(f.fileno(), sys.stderr.fileno())
except Exception as ex:
    sys.stderr.write("Unable to open log for writing\n")
    sys.stderr.write(str(ex) + "\n")
from collections import namedtuple
from datetime import datetime
from pwd import getpwnam
from grp import getgrnam
from srht.config import cfg, cfgkeys

def log(s, *args):
    sys.stderr.write("{} {}\n".format(datetime.now().isoformat(),
        s.format(*args) if isinstance(s, str) else str(s)))
    sys.stderr.flush()
log("Running git-srht-dispatch")

def auth_keys_error():
    log("This command should be run by sshd's AuthorizedKeysCommand")
    log('AuthorizedKeysCommand={} "%u" "%h" "%t" "%k"\nAuthorizedKeysUser=root',
        os.path.abspath(sys.argv[0]))
    sys.exit(1)

Dispatcher = namedtuple("Dispatcher", ["cmd", "uid", "gid"])
dispatchers = list()

for cmd in cfgkeys("git.sr.ht::dispatch"):
    user = cfg("git.sr.ht::dispatch", cmd).split(":")
    uid, gid = getpwnam(user[0]).pw_uid, getgrnam(user[-1]).gr_gid
    dispatchers.append(Dispatcher(cmd=cmd, uid=uid, gid=gid))
    log("registered dispatcher for {}:{}: {}", uid, gid, cmd)

if len(sys.argv) != 5:
    auth_keys_error()

user = sys.argv[1]
uid = getpwnam(user).pw_uid
homedir = sys.argv[2]
key_type = sys.argv[3]
b64key = sys.argv[4]
authorized_keys_file = "{}/.ssh/authorized_keys".format(homedir)

log("authorizing user={} ({}) home={} b64key={} key_type={}",
        user, uid, homedir, b64key, key_type)

for dispatch in dispatchers:
    if dispatch.uid == uid:
        log("dispatching to {} with uid={}, gid={}",
                dispatch.cmd, dispatch.uid, dispatch.gid)
        os.setgid(dispatch.gid)
        os.setuid(dispatch.uid)
        os.execl(dispatch.cmd, *([dispatch.cmd] + sys.argv[1:]))

log("Falling back to existing authorized keys file")
if not os.path.exists(authorized_keys_file):
    sys.exit(0)
with open(authorized_keys_file, "r") as f:
    authorized_keys = f.read()
print(authorized_keys)
sys.exit(0)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 15:29:34 +0000