Mercurial Mercurial > hg > mercurial-server / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/hg-ssh
branchdebian
changeset 313 f597eb3b5aaf
parent 306 f832a8aeef44
child 374 7a1d6b228af6 
--- a/src/hg-ssh	Sun Dec 19 09:49:18 2010 +0000
+++ b/src/hg-ssh	Tue Sep 06 11:16:58 2011 +0100
@@ -19,6 +19,11 @@
 
 from mercurial import dispatch
 
+try:
+    request = dispatch.request
+except AttributeError:
+    request = list
+
 import sys, os, os.path
 import base64
 from mercurialserver import config, ruleset
@@ -27,12 +32,41 @@
     sys.stderr.write("mercurial-server: %s\n" % message)
     sys.exit(-1)
 
-def checkDots(path):
+config.initExe()
+
+for k,v in config.getEnv():
+    os.environ[k.upper()] = v
+
+if len(sys.argv) == 3 and sys.argv[1] == "--base64":
+    ruleset.rules.set(user = base64.b64decode(sys.argv[2]))
+elif len(sys.argv) == 2:
+    ruleset.rules.set(user = sys.argv[1])
+else:
+    fail("hg-ssh wrongly called, is authorized_keys corrupt? (%s)"
+        % sys.argv)
+
+os.chdir(config.getReposPath())
+
+for f in config.getAccessPaths():
+    if os.path.isfile(f):
+        ruleset.rules.readfile(f)
+
+alloweddots = config.getAllowedDots()
+
+def dotException(pathtail):
+    for ex in alloweddots:
+        splex = ex.split("/")
+        if len(pathtail) >= len(splex) and pathtail[:len(splex)] == splex:
+            return True
+    return False
+
+def checkDots(path, pathtail = []):
     head, tail = os.path.split(path)
-    if tail.startswith("."):
-        fail("paths cannot contain dot file components")
+    pathtail = [tail] + pathtail
+    if tail.startswith(".") and not dotException(pathtail):
+            fail("paths cannot contain dot file components")
     if head:
-        checkDots(head)
+        checkDots(head, pathtail)
 
 def getrepo(op, repo):
     # First canonicalise, then check the string, then the rules
@@ -47,25 +81,6 @@
         fail("access denied")
     return repo
 
-config.initExe()
-
-for k,v in config.getEnv():
-    os.environ[k.upper()] = v
-
-if len(sys.argv) == 3 and sys.argv[1] == "--base64":
-    ruleset.rules.set(user = base64.b64decode(sys.argv[2]))
-elif len(sys.argv) == 2:
-    ruleset.rules.set(user = sys.argv[1])
-else:
-    fail("hg-ssh wrongly called, is authorized_keys corrupt? (%s)" 
-        % sys.argv)
-
-os.chdir(config.getReposPath())
-
-for f in config.getAccessPaths():
-    if os.path.isfile(f):
-        ruleset.rules.readfile(f)
-
 cmd = os.environ.get('SSH_ORIGINAL_COMMAND', None)
 if cmd is None:
     fail("direct logins on the hg account prohibited")
@@ -73,7 +88,7 @@
     repo = getrepo("read", cmd[6:-14])
     if not os.path.isdir(repo + "/.hg"):
         fail("no such repository %s" % repo)
-    dispatch.dispatch(['-R', repo, 'serve', '--stdio'])
+    dispatch.dispatch(request(['-R', repo, 'serve', '--stdio']))
 elif cmd.startswith('hg init '):
     repo = getrepo("init", cmd[8:])
     if os.path.exists(repo):
@@ -81,7 +96,6 @@
     d = os.path.dirname(repo)
     if d != "" and not os.path.isdir(d):
         os.makedirs(d)
-    dispatch.dispatch(['init', repo])
+    dispatch.dispatch(request(['init', repo]))
 else:
     fail("illegal command %r" % cmd)
-
mercurial-server