3 # WARNING |
3 # WARNING |
4 # This hook completely destroys your ~/.ssh/authorized_keys |
4 # This hook completely destroys your ~/.ssh/authorized_keys |
5 # file every time it is run |
5 # file every time it is run |
6 # WARNING |
6 # WARNING |
7 |
7 |
8 import sys |
8 import re |
|
9 import base64 |
9 import os |
10 import os |
10 import os.path |
11 import os.path |
11 import pwd |
12 import pwd |
12 import subprocess |
13 import subprocess |
13 from mercurialserver import ruleset, paths |
14 from mercurialserver import paths |
|
15 |
|
16 goodkey = re.compile("[/A-Za-z0-9._-]+$") |
14 |
17 |
15 def refreshAuth(pw_dir): |
18 def refreshAuth(pw_dir): |
16 akeyfile = pw_dir + "/.ssh/authorized_keys" |
19 akeyfile = pw_dir + "/.ssh/authorized_keys" |
17 wrappercommand = paths.getExePath() + "/hg-ssh" |
20 wrappercommand = paths.getExePath() + "/hg-ssh" |
18 keydirs = [paths.getEtcPath() + "/keys", pw_dir + "/repos/hgadmin/keys"] |
21 keydirs = [paths.getEtcPath() + "/keys", pw_dir + "/repos/hgadmin/keys"] |
36 ffn = os.path.join(root, fn) |
39 ffn = os.path.join(root, fn) |
37 if not ffn.startswith(kr): |
40 if not ffn.startswith(kr): |
38 raise Exception("Inconsistent behaviour in os.walk, bailing") |
41 raise Exception("Inconsistent behaviour in os.walk, bailing") |
39 #print "Processing file", ffn |
42 #print "Processing file", ffn |
40 keyname = ffn[len(kr):] |
43 keyname = ffn[len(kr):] |
41 if not ruleset.goodpath(keyname): |
44 if not goodkey.match(keyname): |
42 # ignore any path that contains dodgy characters |
45 # Encode it for safe quoting |
43 #print "Ignoring file", ffn |
46 keyname = "--base64 " + base64.b64encode(keyname) |
44 continue |
|
45 p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), |
47 p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), |
46 stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
48 stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
47 newkey = p.communicate()[0] |
49 newkey = p.communicate()[0] |
48 if p.wait() == 0: |
50 if p.wait() == 0: |
49 klines = [l.strip() for l in newkey.split("\n")] |
51 klines = [l.strip() for l in newkey.split("\n")] |