Mercurial Mercurial > hg > mercurial-server / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/mercurialserver/refreshauth.py
changeset 107 84e9e33d866b
parent 106 0519745e7a57
child 165 3606d60b07e5
equal deleted inserted replaced
106:0519745e7a57 107:84e9e33d866b 
     4 # This hook completely destroys your ~/.ssh/authorized_keys
 
     4 # This hook completely destroys your ~/.ssh/authorized_keys
 
     5 # file every time it is run
 
     5 # file every time it is run
 
     6 # WARNING
 
     6 # WARNING
 
     7 
     7 
     8 import re
 
     8 import re
 
       
     9 import base64
 
     9 import os
 
    10 import os
 
    10 import os.path
 
    11 import os.path
 
    11 import pwd
 
    12 import pwd
 
    12 import subprocess
 
    13 import subprocess
 
    13 from mercurialserver import paths
 
    14 from mercurialserver import paths
 
    14 
    15 
    15 goodkey = re.compile("[A-Za-z0-9._-]+$")
 
    16 goodkey = re.compile("[/A-Za-z0-9._-]+$")
 
    16 
    17 
    17 def refreshAuth(pw_dir):
 
    18 def refreshAuth(pw_dir):
 
    18     akeyfile = pw_dir + "/.ssh/authorized_keys"
 
    19     akeyfile = pw_dir + "/.ssh/authorized_keys"
 
    19     wrappercommand = paths.getExePath() + "/hg-ssh"
 
    20     wrappercommand = paths.getExePath() + "/hg-ssh"
 
    20     keydirs = [paths.getEtcPath() + "/keys", pw_dir + "/repos/hgadmin/keys"]
 
    21     keydirs = [paths.getEtcPath() + "/keys", pw_dir + "/repos/hgadmin/keys"]
 
    38                 ffn = os.path.join(root, fn)
 
    39                 ffn = os.path.join(root, fn)
 
    39                 if not ffn.startswith(kr):
 
    40                 if not ffn.startswith(kr):
 
    40                     raise Exception("Inconsistent behaviour in os.walk, bailing")
 
    41                     raise Exception("Inconsistent behaviour in os.walk, bailing")
 
    41                 #print "Processing file", ffn
 
    42                 #print "Processing file", ffn
 
    42                 keyname = ffn[len(kr):]
 
    43                 keyname = ffn[len(kr):]
 
    43                 # FIXME: still too strict
 
    44                 if not goodkey.match(keyname):
 
    44                 if not goodkey.match(keyname)
 
    45                     # Encode it for safe quoting
 
    45                     # ignore any path that contains dodgy characters
 
    46                     keyname = "--base64 " + base64.b64encode(keyname)
 
    46                     print "Ignoring key that contains banned character:", ffn
 
       
    47                     continue
 
       
    48                 p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), 
    47                 p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), 
    49                     stdout=subprocess.PIPE, stderr=subprocess.PIPE)
 
    48                     stdout=subprocess.PIPE, stderr=subprocess.PIPE)
 
    50                 newkey = p.communicate()[0]
 
    49                 newkey = p.communicate()[0]
 
    51                 if p.wait() == 0:
 
    50                 if p.wait() == 0:
 
    52                     klines = [l.strip() for l in newkey.split("\n")]
 
    51                     klines = [l.strip() for l in newkey.split("\n")]
mercurial-server