39 |
39 |
40 def fail(message): |
40 def fail(message): |
41 sys.stderr.write("mercurial-server: %s\n" % message) |
41 sys.stderr.write("mercurial-server: %s\n" % message) |
42 sys.exit(-1) |
42 sys.exit(-1) |
43 |
43 |
44 def checkpath(path): |
44 def checkDots(path): |
|
45 head, tail = os.path.split(path) |
|
46 if tail.startswith("."): |
|
47 fail("paths cannot contain dot file components") |
|
48 if head: |
|
49 checkDots(head) |
|
50 |
|
51 def checkParents(path): |
45 path = os.path.dirname(path) |
52 path = os.path.dirname(path) |
46 if path == "": |
53 if path == "": |
47 return |
54 return |
48 if os.path.exists(path + "/.hg"): |
55 if os.path.exists(path + "/.hg"): |
49 fail("Cannot create repo under existing repo") |
56 fail("Cannot create repo under existing repo") |
50 checkpath(path) |
57 checkParents(path) |
51 |
58 |
52 def getrepo(op, repo): |
59 def getrepo(op, repo): |
53 repo = os.path.normcase(os.path.normpath(repo.rstrip("/"))) |
60 # First canonicalise, then check the string, then the rules |
|
61 # and finally the filesystem. |
|
62 repo = repo.rstrip("/") |
54 if len(repo) == 0: |
63 if len(repo) == 0: |
55 fail("path to repository seems to be empty") |
64 fail("path to repository seems to be empty") |
56 if repo.startswith("/"): |
65 if repo.startswith("/"): |
57 fail("absolute paths are not supported") |
66 fail("absolute paths are not supported") |
58 for component in repo.split("/"): |
67 checkDots(path) |
59 if component.startswith("."): |
|
60 fail("paths cannot contain dot file components") |
|
61 ruleset.rules.set(repo=repo) |
68 ruleset.rules.set(repo=repo) |
62 if not ruleset.rules.allow(op, branch=None, file=None): |
69 if not ruleset.rules.allow(op, branch=None, file=None): |
63 fail("access denied") |
70 fail("access denied") |
64 checkpath(repo) |
71 checkParents(repo) |
65 return repo |
72 return repo |
66 |
|
67 #logfile = open("/tmp/hg-ssh.%d.txt" % os.getpid(), "w") |
|
68 #logfile.write("Started: %s\n" % sys.argv) |
|
69 |
73 |
70 paths.setExePath() |
74 paths.setExePath() |
71 |
75 |
72 if len(sys.argv) == 3 and sys.argv[1] == "--base64": |
76 if len(sys.argv) == 3 and sys.argv[1] == "--base64": |
73 ruleset.rules.set(user = base64.b64decode(sys.argv[2])) |
77 ruleset.rules.set(user = base64.b64decode(sys.argv[2])) |