Updated upload.cgi group check.

scripts/upload.cgi/upload.cgi

@@ -16,9 +16,6 @@ import tempfile
 import StringIO
 import grp
 
-sys.path.append('/var/fedora-accounts')
-import website
-
 # reading buffer size
 BUFFER_SIZE = 4096
 
@@ -28,7 +25,8 @@ DEBUG = 0
 # We check modules exist from this dircetory
 CVSREPO = "/cvs/pkgs/rpms"
 
-do_userdb_auth = 1
+# Fedora Packager Group
+PACKAGER_GROUP = "packager"
 
 # log a trace of what we're doing
 def log_msg(*msgs):
@@ -61,9 +59,9 @@ def send_ok(text):
 # check and validate that all the fields are present
 def check_form(var):
     if not form.has_key(var):
-	send_error("required field '%s' is not present" % (var,))
+	send_error("Required field '%s' is not present" % (var,))
     ret = form.getvalue(var)
-    if type(ret) == type([]):
+    if type(ret) == list:
         send_error("Multiple values given for '%s'. Aborting" % (var,))
     ret = os.path.basename(ret) # this is a path component
     return ret
@@ -79,45 +77,23 @@ def check_dir(tmpdir, wok = os.W_OK):
         send_error("Path %s is not a directory." % (tmpdir,))
     return 1
 
-#
-# MAIN START
-#
-if do_userdb_auth:
-    dbh = website.get_dbh()
-auth_username = auth_password = None
-need_auth = 1
+authenticated = False
+
 if os.environ.has_key('SSL_CLIENT_S_DN_CN'):
     auth_username = os.environ['SSL_CLIENT_S_DN_CN']
-    need_auth = 0
-elif do_userdb_auth and 0:
-    authtype, authinfo = website.get_http_auth_info()
-
-    need_auth = 1
-    auth_msg = "Authentication is required."
-
-    if authinfo:
-        if authtype.lower() == 'basic':
-            need_auth = not website.do_checkpass(dbh, authinfo[0], authinfo[1])
-	    auth_username, auth_password = authinfo
-            auth_msg = "Username or password incorrect."
-        else:
-            auth_msg = "Unknown authentication type %s" % authtype
+    if auth_username in grp.getgrnam(PACKAGER_GROUP)[3]:
+        authenticated = True
 
 pieces = os.environ['REQUEST_URI'].split('/')
 assert pieces[1] == 'repo'
-if do_userdb_auth:
-    #need_auth = need_auth or not website.have_group(dbh, auth_username, 'cvs' + pieces[2])
-    #need_auth = need_auth or not website.have_group(dbh, auth_username, 'packager')
-    need_auth = need_auth or not auth_username in grp.getgrnam('packager')[3]
-auth_msg = "You do not have the appropriate authorization to upload. %s %s %s" % (dbh, auth_username, 'cvs' + pieces[2])
 
-if need_auth:
-        print """Status: 403 Unauthorized to access the document
-WWW-authenticate: Basic realm="fedora.redhat.com"
+if not authenticated
+   print """Status: 403 Forbidden
 Content-type: text/plain
 
-""" + str(auth_msg)
-        sys.exit(0)
+You must be in the %s group to upload.
+""" % PACKAGER_GROUP
+    sys.exit(0)
 
 form = cgi.FieldStorage()
 NAME = check_form("name")
@@ -128,11 +104,11 @@ MD5SUM = check_form("md5sum")
 # In a submission, we don;t get a FILENAME, just the FILE.
 FILE = None
 FILENAME = None
+
 if form.has_key("filename"):
     # check the presence of the file
     FILENAME = check_form("filename")   
-    log_msg("Checking file status",
-            "NAME=%s FILENAME=%s MD5SUM=%s" % (NAME,FILENAME,MD5SUM))
+    log_msg("Checking file status", "NAME=%s FILENAME=%s MD5SUM=%s" % (NAME,FILENAME,MD5SUM))
 else:
     if form.has_key("file"):
         FILE = form["file"]
@@ -144,14 +120,15 @@ else:
             send_error("Could not extract the filename for upload. Aborting")
     else:
         send_error("required field '%s' is not present" % ("file", ))
-        log_msg("Processing upload request",
-                "NAME=%s FILENAME=%s MD5SUM=%s" % (NAME,FILENAME,MD5SUM))
-# Now that all the fields are valid,, figure out our operating environment
+        log_msg("Processing upload request", "NAME=%s FILENAME=%s MD5SUM=%s" % (NAME,FILENAME,MD5SUM))
+
+# Now that all the fields are valid, figure out our operating environment
 if not os.environ.has_key("SCRIPT_FILENAME"):
     send_error("My running environment is funky. Aborting")
 
 # start processing this request
 my_script = os.environ["SCRIPT_FILENAME"]
+
 # the module's top level directory
 my_topdir = os.path.dirname(my_script)
 my_moddir = "%s/%s" % (my_topdir, NAME)
@@ -174,17 +151,17 @@ if os.access(file_dest, os.F_OK | os.R_OK):
         message = "Available"
     else:
         FILE.file.close()
-        message = "File %s already exists\nFile: %s Size: %d" % (
-            FILENAME, file_dest, s[stat.ST_SIZE])
+        message = "File %s already exists\nFile: %s Size: %d" % (FILENAME, file_dest, s[stat.ST_SIZE])
     send_ok(message)
     sys.exit(0)
+
 # just checking?
 if FILE is None:
     send_ok("Missing")
     sys.exit(-9)
-    
+
 # check that all directories are in place
-for tmpdir in [ my_topdir, my_moddir, my_filedir, my_md5dir]:
+for tmpdir in [my_topdir, my_moddir, my_filedir, my_md5dir]:
     if not check_dir(tmpdir):
         # we agree to create this directory if the corresponding cvs module dir exists
         if tmpdir == my_moddir:
@@ -212,18 +189,21 @@ while 1:
     tmpfd.write(s)
     m.update(s)
     FILELENGTH = FILELENGTH + len(s)
+
 # now we're done reading, check the MD5 sum of what we got
 tmpfd.close()
 my_md5sum = m.hexdigest()
 if MD5SUM != my_md5sum:
     send_error("MD5 check failed. Received %s instead of %s" % (
         my_md5sum, MD5SUM))
+
 # wow, even the MD5SUM matches. make sure full path is valid now
 for tmpdir in [ my_moddir, my_filedir, my_md5dir ]:
     if not check_dir(tmpdir):
         os.mkdir(tmpdir, 02775)
         log_msg("mkdir", tmpdir)
 # and move our file to the final location
+
 os.rename(tmpfile, file_dest)
 log_msg("Stored filesize", FILELENGTH, file_dest)