[aur-dev] [PATCH v3 2/5] git: Use AUR_USER env var instead of ForceCommand argument
Lukas Fleischer
lfleischer at archlinux.org
Tue Jun 23 11:42:09 UTC 2015
On Tue, 23 Jun 2015 at 12:26:35, Johannes Löthberg wrote:
> Also add an utility function for formatting the ForceCommand, using
> shlex.quote to quote the value.
>
> Manually replacing '\"' with '\\"' is required under OpenSSH due to it
> replacing `\"` with `"`, which breaks any command part that contains a
> double quote character.
>
> Signed-off-by: Johannes Löthberg <johannes at kyriasis.com>
> ---
> git-interface/git-auth.py | 24 ++++++++++++++++++++++--
> git-interface/git-serve.py | 2 +-
> 2 files changed, 23 insertions(+), 3 deletions(-)
>
> diff --git a/git-interface/git-auth.py b/git-interface/git-auth.py
> index c9e1f01..f355332 100755
> --- a/git-interface/git-auth.py
> +++ b/git-interface/git-auth.py
> @@ -2,10 +2,26 @@
>
> import configparser
> import mysql.connector
> +import shlex
> import os
> import re
> import sys
>
> +
> +def format_command(env_vars, command, ssh_opts, key):
> + environment = ''
> + for key, var in env_vars.items():
You overwrite the key parameter passed to format_command() here. Maybe
rename the function parameter to ssh_key?
> + environment += '{}={} && '.format(key, shlex.quote(var))
As mentioned before and discussed on IRC, we should not (and cannot) use
a &&-chain here.
> +
> + command = shlex.quote(command)
> + command = '{}{}'.format(environment, command)
> +
> + # OpenSSH replaces '\"' with '"', so manually escape slash
"manually escape slash" isn't true and I think the comment doesn't
justify why this is needed... Maybe something along the lines of
The command is being substituted into an authorized_keys line below,
so we need to escape double quotes.
Opinions?
The patch looks fine otherwise!
> + command = command.replace('"', '\\"')
> + msg = 'command="{}",{} {}'.format(command, ssh_opts, key)
> + return msg
> +
> +
> [...]
More information about the aur-dev
mailing list