Mercurial Mercurial > hg > mercurial-server / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/mercurialserver/refreshauth.py
changeset 106 0519745e7a57
parent 86 78777f509303
child 107 84e9e33d866b
equal deleted inserted replaced
105:cd3da73cdf63 106:0519745e7a57 
     3 # WARNING
 
     3 # WARNING
 
     4 # This hook completely destroys your ~/.ssh/authorized_keys
 
     4 # This hook completely destroys your ~/.ssh/authorized_keys
 
     5 # file every time it is run
 
     5 # file every time it is run
 
     6 # WARNING
 
     6 # WARNING
 
     7 
     7 
     8 import sys
 
     8 import re
 
     9 import os
 
     9 import os
 
    10 import os.path
 
    10 import os.path
 
    11 import pwd
 
    11 import pwd
 
    12 import subprocess
 
    12 import subprocess
 
    13 from mercurialserver import ruleset, paths
 
    13 from mercurialserver import paths
 
       
    14 
       
    15 goodkey = re.compile("[A-Za-z0-9._-]+$")
 
    14 
    16 
    15 def refreshAuth(pw_dir):
 
    17 def refreshAuth(pw_dir):
 
    16     akeyfile = pw_dir + "/.ssh/authorized_keys"
 
    18     akeyfile = pw_dir + "/.ssh/authorized_keys"
 
    17     wrappercommand = paths.getExePath() + "/hg-ssh"
 
    19     wrappercommand = paths.getExePath() + "/hg-ssh"
 
    18     keydirs = [paths.getEtcPath() + "/keys", pw_dir + "/repos/hgadmin/keys"]
 
    20     keydirs = [paths.getEtcPath() + "/keys", pw_dir + "/repos/hgadmin/keys"]
 
    36                 ffn = os.path.join(root, fn)
 
    38                 ffn = os.path.join(root, fn)
 
    37                 if not ffn.startswith(kr):
 
    39                 if not ffn.startswith(kr):
 
    38                     raise Exception("Inconsistent behaviour in os.walk, bailing")
 
    40                     raise Exception("Inconsistent behaviour in os.walk, bailing")
 
    39                 #print "Processing file", ffn
 
    41                 #print "Processing file", ffn
 
    40                 keyname = ffn[len(kr):]
 
    42                 keyname = ffn[len(kr):]
 
    41                 if not ruleset.goodpath(keyname):
 
    43                 # FIXME: still too strict
 
       
    44                 if not goodkey.match(keyname)
 
    42                     # ignore any path that contains dodgy characters
 
    45                     # ignore any path that contains dodgy characters
 
    43                     #print "Ignoring file", ffn
 
    46                     print "Ignoring key that contains banned character:", ffn
 
    44                     continue
 
    47                     continue
 
    45                 p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), 
    48                 p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), 
    46                     stdout=subprocess.PIPE, stderr=subprocess.PIPE)
 
    49                     stdout=subprocess.PIPE, stderr=subprocess.PIPE)
 
    47                 newkey = p.communicate()[0]
 
    50                 newkey = p.communicate()[0]
 
    48                 if p.wait() == 0:
 
    51                 if p.wait() == 0:
mercurial-server