users in static principal-files

2019-08-02 03:43:25 +02:00 · 2019-08-02 03:43:25 +02:00 · de80f5c9e9
parent 2a528be734
commit de80f5c9e9
2 changed files with 14 additions and 11 deletions
--- a/gitosis/run_hook.py
+++ b/gitosis/run_hook.py
@ -50,8 +50,9 @@ def post_update(cfg, git_dir):
        )
    principals = util.getSSHPrincipalsPath(config=cfg)
    ssh_principals.writePrincipals(
+        cfg=cfg,
        path=principals,
-        principals=os.path.join(export, 'keydir/principals'),
+        users=os.path.join(export, 'keydir/users'),
        )

 class Main(app.App):
--- a/gitosis/ssh_principals.py
+++ b/gitosis/ssh_principals.py
@ -9,11 +9,11 @@ def isSafeUsername(user):
    match = _ACCEPTABLE_USER_RE.match(user)
    return (match is not None)

-def readPrincipals(principals):
+def readUsernames(userfile):
    """
-    Read SSH principals from ``principals``
+    Read SSH users from ``userfile``
    """
-    f = file(principals)
+    f = file(userfile)
    for line in f:
        if not isSafeUsername(line):
            log.warn('Unsafe SSH username in principalfile: %r', line)
@ -24,14 +24,16 @@ def readPrincipals(principals):

 COMMENT = '### autogenerated by gitosis, DO NOT EDIT'

-def generatePrincipals(keys):
+def generatePrincipals(cfg, keys):
    TEMPLATE=('command="gitosis-serve %(user)s",no-port-forwarding,'
-              +'no-X11-forwarding,no-agent-forwarding,no-pty %(user)s')
+              +'no-X11-forwarding,no-agent-forwarding,no-pty %(principals)s')
+
+    principals=util.getAllowedSSHPrincipals(config=cfg)

    yield COMMENT
    for (user) in keys:
-        log.debug(TEMPLATE % dict(user=user))
-        yield TEMPLATE % dict(user=user)
+        log.debug(TEMPLATE % dict(user=user, principals=principals))
+        yield TEMPLATE % dict(user=user, principals=principals)

 _COMMAND_RE = re.compile('^command="(/[^ "]+/)?gitosis-serve [^"]+",no-port-forw'
                         +'arding,no-X11-forwarding,no-agent-forwardi'
@ -52,7 +54,7 @@ def filterPrincipals(fp):
            continue
        yield line

-def writePrincipals(path, principals):
+def writePrincipals(cfg, path, users):
    tmp = '%s.%d.tmp' % (path, os.getpid())
    try:
        in_ = file(path)
@ -69,8 +71,8 @@ def writePrincipals(path, principals):
                for line in filterPrincipals(in_):
                    print >>out, line

-            keygen = readPrincipals(principals)
-            for line in generatePrincipals(keygen):
+            user = readUsernames(users)
+            for line in generatePrincipals(cfg, user):
                print >>out, line

            os.fsync(out)