mercurial-server: comparison src/hg-ssh

equal deleted inserted replaced

-:e99262dfa950
+:731a72b742db
 # enable importing on demand to reduce startup time
 from mercurial import demandimport; demandimport.enable()
 from mercurial import dispatch
-import sys, os
+import sys, os, os.path
+import base64
 from mercurialserver import ruleset, paths
 def fail(message):
-#logfile.write("Fail: %s\n" % message)
+sys.stderr.write("mercurial-server: %s\n" % message)
-sys.stderr.write(message + "\n")
 sys.exit(-1)
-def getpath(path):
+def checkDots(path):
-if path.endswith("/"):
+head, tail = os.path.split(path)
-path = path[:-1]
+if tail.startswith("."):
-if not ruleset.goodpath(path):
+fail("paths cannot contain dot file components")
-fail("Disallowing path: %s" % path)
+if head:
-return path
+checkDots(head)
-def try_cmd(cmd):
+def checkParents(path):
-if cmd.startswith('hg -R ') and cmd.endswith(' serve --stdio'):
+path = os.path.dirname(path)
-repo = getpath(cmd[6:-14])
+if path == "":
-ruleset.rules.set(repo=repo)
+return
-if ruleset.rules.allow("read", branch=None, file=None):
+if os.path.exists(path + "/.hg"):
-dispatch.dispatch(['-R', repo, 'serve', '--stdio'])
+fail("Cannot create repo under existing repo")
-return
+checkParents(path)
-elif cmd.startswith('hg init '):
-repo = getpath(cmd[8:])
-ruleset.rules.set(repo=repo)
-if ruleset.rules.allow("init", branch=None, file=None):
-dispatch.dispatch(['init', repo])
-return
-fail("Illegal command %r" % cmd)
-#logfile = open("/tmp/hg-ssh.%d.txt" % os.getpid(), "w")
+def getrepo(op, repo):
-#logfile.write("Started: %s\n" % sys.argv)
+# First canonicalise, then check the string, then the rules
+# and finally the filesystem.
-if len(sys.argv) != 2:
+repo = repo.rstrip("/")
-fail("hg-ssh must have exactly one argument (%s)"
+if len(repo) == 0:
-% sys.argv)
+fail("path to repository seems to be empty")
+if repo.startswith("/"):
+fail("absolute paths are not supported")
+checkDots(path)
+ruleset.rules.set(repo=repo)
+if not ruleset.rules.allow(op, branch=None, file=None):
+fail("access denied")
+checkParents(repo)
+return repo
 paths.setExePath()
-ruleset.rules.set(user = sys.argv[1])
+if len(sys.argv) == 3 and sys.argv[1] == "--base64":
+ruleset.rules.set(user = base64.b64decode(sys.argv[2]))
+elif len(sys.argv) == 2:
+ruleset.rules.set(user = sys.argv[1])
+else:
+fail("hg-ssh wrongly called, is authorized_keys corrupt? (%s)"
+% sys.argv)
 # Use a different hgrc for remote pulls - this way you can set
 # up access.py for everything at once without affecting local operations
 os.environ['HGRCPATH'] = paths.getEtcPath() + "/remote-hgrc"
 paths.getEtcPath() + "/access.conf",
 os.getcwd() + "/hgadmin/access.conf"]:
 if os.path.isfile(f):
 ruleset.rules.readfile(f)
-try_cmd(os.environ.get('SSH_ORIGINAL_COMMAND', '?'))
+cmd = os.environ.get('SSH_ORIGINAL_COMMAND', None)
+if cmd is None:
+fail("direct logins on the hg account prohibited")
+elif cmd.startswith('hg -R ') and cmd.endswith(' serve --stdio'):
+repo = getrepo("read", cmd[6:-14])
+if not os.path.isdir(repo + "/.hg"):
+fail("no such repository %s" % repo)
+dispatch.dispatch(['-R', repo, 'serve', '--stdio'])
+elif cmd.startswith('hg init '):
+repo = getrepo("init", cmd[8:])
+if os.path.exists(repo):
+fail("%s exists" % repo)
+d = os.path.dirname(repo)
+if d != "" and not os.path.isdir(d):
+os.makedirs(d)
+dispatch.dispatch(['init', repo])
+else:
+fail("illegal command %r" % cmd)

branch	debian
changeset 115	731a72b742db
parent 110	69596fffcf7d
child 117	b6b8a5daf0f4