44 def checkpath(path): |
44 def checkpath(path): |
45 path = os.path.dirname(path) |
45 path = os.path.dirname(path) |
46 if path == "": |
46 if path == "": |
47 return |
47 return |
48 if os.path.exists(path + "/.hg"): |
48 if os.path.exists(path + "/.hg"): |
49 raise ruleset.AccessException() |
49 fail("Cannot create repo under existing repo") |
50 checkpath(path) |
50 checkpath(path) |
51 |
51 |
52 def getrepo(op, repo): |
52 def getrepo(op, repo): |
53 repo = os.path.normcase(os.path.normpath(repo.rstrip("/"))) |
53 repo = os.path.normcase(os.path.normpath(repo.rstrip("/"))) |
54 if len(repo) == 0: |
54 if len(repo) == 0: |
57 fail("absolute paths are not supported") |
57 fail("absolute paths are not supported") |
58 for component in repo.split("/"): |
58 for component in repo.split("/"): |
59 if component.startswith("."): |
59 if component.startswith("."): |
60 fail("paths cannot contain dot file components") |
60 fail("paths cannot contain dot file components") |
61 ruleset.rules.set(repo=repo) |
61 ruleset.rules.set(repo=repo) |
62 ruleset.rules.check(op, branch=None, file=None) |
62 if not ruleset.rules.allow(op, branch=None, file=None): |
|
63 fail("access denied") |
63 checkpath(repo) |
64 checkpath(repo) |
64 return repo |
65 return repo |
65 |
66 |
66 #logfile = open("/tmp/hg-ssh.%d.txt" % os.getpid(), "w") |
67 #logfile = open("/tmp/hg-ssh.%d.txt" % os.getpid(), "w") |
67 #logfile.write("Started: %s\n" % sys.argv) |
68 #logfile.write("Started: %s\n" % sys.argv) |
88 os.getcwd() + "/hgadmin/access.conf"]: |
89 os.getcwd() + "/hgadmin/access.conf"]: |
89 if os.path.isfile(f): |
90 if os.path.isfile(f): |
90 ruleset.rules.readfile(f) |
91 ruleset.rules.readfile(f) |
91 |
92 |
92 cmd = os.environ.get('SSH_ORIGINAL_COMMAND', None) |
93 cmd = os.environ.get('SSH_ORIGINAL_COMMAND', None) |
93 try: |
94 if cmd is None: |
94 if cmd is None: |
95 fail("direct logins on the hg account prohibited") |
95 fail("direct logins on the hg account prohibited") |
96 elif cmd.startswith('hg -R ') and cmd.endswith(' serve --stdio'): |
96 elif cmd.startswith('hg -R ') and cmd.endswith(' serve --stdio'): |
97 repo = getrepo("read", cmd[6:-14]) |
97 repo = getrepo("read", cmd[6:-14]) |
98 if not os.path.isdir(repo + "/.hg"): |
98 if not os.path.isdir(repo + "/.hg"): |
99 fail("no such repository %s" % repo) |
99 fail("no such repository %s" % repo) |
100 dispatch.dispatch(['-R', repo, 'serve', '--stdio']) |
100 dispatch.dispatch(['-R', repo, 'serve', '--stdio']) |
101 elif cmd.startswith('hg init '): |
101 elif cmd.startswith('hg init '): |
102 repo = getrepo("init", cmd[8:]) |
102 repo = getrepo("init", cmd[8:]) |
103 if os.path.exists(repo): |
103 if os.path.exists(repo): |
104 fail("%s exists" % repo) |
104 fail("%s exists" % repo) |
105 d = os.path.dirname(repo) |
105 d = os.path.dirname(repo) |
106 if d != "" and not os.path.isdir(d): |
106 if d != "" and not os.path.isdir(d): |
107 os.makedirs(d) |
107 os.makedirs(d) |
108 dispatch.dispatch(['init', repo]) |
108 dispatch.dispatch(['init', repo]) |
109 else: |
109 else: |
110 fail("illegal command %r" % cmd) |
110 fail("illegal command %r" % cmd) |
|
111 except ruleset.AccessException: |
|
112 fail("access denied") |
|
113 |
111 |