author | Paul Crowley <paul@lshift.net> |
Mon, 12 Oct 2009 16:52:06 +0100 | |
changeset 108 | 00b48d7bdfa0 |
parent 107 | 84e9e33d866b |
child 109 | 72100d3ed1bd |
permissions | -rwxr-xr-x |
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
1 |
#!/usr/bin/env python |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
2 |
# |
50
77d97aa18f29
update dates and copyright notices
Paul Crowley <paul@lshift.net>
parents:
46
diff
changeset
|
3 |
# Copyright 2008-2009 LShift Ltd |
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
4 |
# Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de> |
18
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
15
diff
changeset
|
5 |
# Authors: |
4
dcd195f3e52c
move config out of Python files; don't make hg-ssh-wrapper a dotfile;
Paul Crowley <paul@lshift.net>
parents:
0
diff
changeset
|
6 |
# Paul Crowley <paul@lshift.net> |
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
7 |
# Thomas Arendsen Hein <thomas@intevation.de> |
4
dcd195f3e52c
move config out of Python files; don't make hg-ssh-wrapper a dotfile;
Paul Crowley <paul@lshift.net>
parents:
0
diff
changeset
|
8 |
# with ideas from Mathieu PASQUET <kiorky@cryptelium.net> |
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
9 |
# |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
10 |
# This software may be used and distributed according to the terms |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
11 |
# of the GNU General Public License, incorporated herein by reference. |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
12 |
|
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
13 |
""" |
10 | 14 |
hg-ssh - limit access to hg repositories reached via ssh. Part of |
36
b3237aabd0fe
Change the name to mercurial-server
Paul Crowley <paul@lshift.net>
parents:
33
diff
changeset
|
15 |
mercurial-server. |
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
16 |
|
18
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
15
diff
changeset
|
17 |
This script is called by hg-ssh-wrapper with no arguments - everything |
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
15
diff
changeset
|
18 |
should be in enviroment variables: |
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
19 |
|
39
f5055ce263c7
New system. No breaking in, just putting files in /etc/mercurial-server
Paul Crowley <paul@lshift.net>
parents:
36
diff
changeset
|
20 |
HG_ACCESS_RULES_PATH identifies the paths to the rule files |
18
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
15
diff
changeset
|
21 |
REMOTE_USER the remote user (which is the key used by ssh) |
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
15
diff
changeset
|
22 |
SSH_ORIGINAL_COMMAND the command the user was trying to run |
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
15
diff
changeset
|
23 |
|
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
15
diff
changeset
|
24 |
It uses SSH_ORIGINAL_COMMAND to determine what the user was trying to |
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
15
diff
changeset
|
25 |
do and to what repository, and then checks each rule in the rule file |
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
15
diff
changeset
|
26 |
in turn for a matching rule which decides what to do, defaulting to |
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
15
diff
changeset
|
27 |
disallowing the action. |
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
15
diff
changeset
|
28 |
|
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
29 |
""" |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
30 |
|
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
31 |
# enable importing on demand to reduce startup time |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
32 |
from mercurial import demandimport; demandimport.enable() |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
33 |
|
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
34 |
from mercurial import dispatch |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
35 |
|
106
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
36 |
import sys, os, os.path |
107
84e9e33d866b
Fixes, plus base64 what you don't trust
Paul Crowley <paul@lshift.net>
parents:
106
diff
changeset
|
37 |
import base64 |
70 | 38 |
from mercurialserver import ruleset, paths |
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
39 |
|
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
40 |
def fail(message): |
106
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
41 |
sys.stderr.write("mercurial-server: %s\n" % message) |
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
42 |
sys.exit(-1) |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
43 |
|
107
84e9e33d866b
Fixes, plus base64 what you don't trust
Paul Crowley <paul@lshift.net>
parents:
106
diff
changeset
|
44 |
def checkpath(path): |
106
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
45 |
path = os.path.dirname(path) |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
46 |
if path == "": |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
47 |
return |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
48 |
if os.path.exists(path + "/.hg"): |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
49 |
raise ruleset.AccessException() |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
50 |
checkpath(path) |
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
51 |
|
106
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
52 |
def getrepo(op, repo): |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
53 |
repo = os.path.normcase(os.path.normpath(repo.rstrip("/"))) |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
54 |
if len(repo) == 0: |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
55 |
fail("path to repository seems to be empty") |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
56 |
if repo.startswith("/"): |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
57 |
fail("absolute paths are not supported") |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
58 |
for component in repo.split("/"): |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
59 |
if component.startswith("."): |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
60 |
fail("paths cannot contain dot file components") |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
61 |
ruleset.rules.set(repo=repo) |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
62 |
ruleset.rules.check(op, branch=None, file=None) |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
63 |
checkpath(repo) |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
64 |
return repo |
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
65 |
|
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
66 |
#logfile = open("/tmp/hg-ssh.%d.txt" % os.getpid(), "w") |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
67 |
#logfile.write("Started: %s\n" % sys.argv) |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
68 |
|
107
84e9e33d866b
Fixes, plus base64 what you don't trust
Paul Crowley <paul@lshift.net>
parents:
106
diff
changeset
|
69 |
paths.setExePath() |
84e9e33d866b
Fixes, plus base64 what you don't trust
Paul Crowley <paul@lshift.net>
parents:
106
diff
changeset
|
70 |
|
84e9e33d866b
Fixes, plus base64 what you don't trust
Paul Crowley <paul@lshift.net>
parents:
106
diff
changeset
|
71 |
if len(sys.argv) == 3 and sys.argv[1] == "--base64": |
84e9e33d866b
Fixes, plus base64 what you don't trust
Paul Crowley <paul@lshift.net>
parents:
106
diff
changeset
|
72 |
ruleset.rules.set(user = base64.b64decode(sys.argv[2])) |
84e9e33d866b
Fixes, plus base64 what you don't trust
Paul Crowley <paul@lshift.net>
parents:
106
diff
changeset
|
73 |
elif len(sys.argv) == 2: |
84e9e33d866b
Fixes, plus base64 what you don't trust
Paul Crowley <paul@lshift.net>
parents:
106
diff
changeset
|
74 |
ruleset.rules.set(user = sys.argv[1]) |
84e9e33d866b
Fixes, plus base64 what you don't trust
Paul Crowley <paul@lshift.net>
parents:
106
diff
changeset
|
75 |
else: |
106
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
76 |
fail("hg-ssh wrongly called, is authorized_keys corrupt? (%s)" |
0
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
77 |
% sys.argv) |
41ecb5a3172c
separate out executables and data
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
78 |
|
71 | 79 |
# Use a different hgrc for remote pulls - this way you can set |
80 |
# up access.py for everything at once without affecting local operations |
|
81 |
||
82 |
os.environ['HGRCPATH'] = paths.getEtcPath() + "/remote-hgrc" |
|
83 |
||
72 | 84 |
os.chdir('repos') |
71 | 85 |
|
77
8d14aac93b5d
Most of the way through abolishing env vars
Paul Crowley <paul@lshift.net>
parents:
72
diff
changeset
|
86 |
for f in [ |
8d14aac93b5d
Most of the way through abolishing env vars
Paul Crowley <paul@lshift.net>
parents:
72
diff
changeset
|
87 |
paths.getEtcPath() + "/access.conf", |
8d14aac93b5d
Most of the way through abolishing env vars
Paul Crowley <paul@lshift.net>
parents:
72
diff
changeset
|
88 |
os.getcwd() + "/hgadmin/access.conf"]: |
8d14aac93b5d
Most of the way through abolishing env vars
Paul Crowley <paul@lshift.net>
parents:
72
diff
changeset
|
89 |
if os.path.isfile(f): |
8d14aac93b5d
Most of the way through abolishing env vars
Paul Crowley <paul@lshift.net>
parents:
72
diff
changeset
|
90 |
ruleset.rules.readfile(f) |
70 | 91 |
|
108
00b48d7bdfa0
Improve check on whether user supplied a command
Paul Crowley <paul@lshift.net>
parents:
107
diff
changeset
|
92 |
cmd = os.environ.get('SSH_ORIGINAL_COMMAND', None) |
106
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
93 |
try: |
108
00b48d7bdfa0
Improve check on whether user supplied a command
Paul Crowley <paul@lshift.net>
parents:
107
diff
changeset
|
94 |
if cmd is None: |
00b48d7bdfa0
Improve check on whether user supplied a command
Paul Crowley <paul@lshift.net>
parents:
107
diff
changeset
|
95 |
fail("direct logins on the hg account prohibited") |
00b48d7bdfa0
Improve check on whether user supplied a command
Paul Crowley <paul@lshift.net>
parents:
107
diff
changeset
|
96 |
elif cmd.startswith('hg -R ') and cmd.endswith(' serve --stdio'): |
106
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
97 |
repo = getrepo("read", cmd[6:-14]) |
107
84e9e33d866b
Fixes, plus base64 what you don't trust
Paul Crowley <paul@lshift.net>
parents:
106
diff
changeset
|
98 |
if not os.path.isdir(repo + "/.hg"): |
106
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
99 |
fail("no such repository %s" % repo) |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
100 |
dispatch.dispatch(['-R', repo, 'serve', '--stdio']) |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
101 |
elif cmd.startswith('hg init '): |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
102 |
repo = getrepo("init", cmd[8:]) |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
103 |
if os.path.exists(repo): |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
104 |
fail("%s exists" % repo) |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
105 |
d = os.path.dirname(repo) |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
106 |
if d != "" and not os.path.isdir(d): |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
107 |
os.makedirs(d) |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
108 |
dispatch.dispatch(['init', repo]) |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
109 |
else: |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
110 |
fail("illegal command %r" % cmd) |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
111 |
except ruleset.AccessException: |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
112 |
fail("access denied") |
0519745e7a57
Much less strict about most things
Paul Crowley <paul@lshift.net>
parents:
103
diff
changeset
|
113 |