#!/usr/bin/env python
#
# Copyright 2008-2009 LShift Ltd
# Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de>
# Authors:
# Paul Crowley <paul@lshift.net>
# Thomas Arendsen Hein <thomas@intevation.de>
# with ideas from Mathieu PASQUET <kiorky@cryptelium.net>
#
# This software may be used and distributed according to the terms
# of the GNU General Public License, incorporated herein by reference.
"""
hg-ssh - limit access to hg repositories reached via ssh. Part of
mercurial-server.
This script is called by hg-ssh-wrapper with no arguments - everything
should be in enviroment variables:
HG_ACCESS_RULES_PATH identifies the paths to the rule files
REMOTE_USER the remote user (which is the key used by ssh)
SSH_ORIGINAL_COMMAND the command the user was trying to run
It uses SSH_ORIGINAL_COMMAND to determine what the user was trying to
do and to what repository, and then checks each rule in the rule file
in turn for a matching rule which decides what to do, defaulting to
disallowing the action.
"""
# enable importing on demand to reduce startup time
from mercurial import demandimport; demandimport.enable()
from mercurial import dispatch
import sys, os, os.path
from mercurialserver import ruleset, paths
def fail(message):
sys.stderr.write("mercurial-server: %s\n" % message)
sys.exit(-1)
def checkpath(path)
path = os.path.dirname(path)
if path == "":
return
if os.path.exists(path + "/.hg"):
raise ruleset.AccessException()
checkpath(path)
def getrepo(op, repo):
repo = os.path.normcase(os.path.normpath(repo.rstrip("/")))
if len(repo) == 0:
fail("path to repository seems to be empty")
if repo.startswith("/"):
fail("absolute paths are not supported")
for component in repo.split("/"):
if component.startswith("."):
fail("paths cannot contain dot file components")
ruleset.rules.set(repo=repo)
ruleset.rules.check(op, branch=None, file=None)
checkpath(repo)
return repo
#logfile = open("/tmp/hg-ssh.%d.txt" % os.getpid(), "w")
#logfile.write("Started: %s\n" % sys.argv)
if len(sys.argv) != 2:
fail("hg-ssh wrongly called, is authorized_keys corrupt? (%s)"
% sys.argv)
paths.setExePath()
ruleset.rules.set(user = sys.argv[1])
# Use a different hgrc for remote pulls - this way you can set
# up access.py for everything at once without affecting local operations
os.environ['HGRCPATH'] = paths.getEtcPath() + "/remote-hgrc"
os.chdir('repos')
for f in [
paths.getEtcPath() + "/access.conf",
os.getcwd() + "/hgadmin/access.conf"]:
if os.path.isfile(f):
ruleset.rules.readfile(f)
cmd = os.environ.get('SSH_ORIGINAL_COMMAND', '')
try:
if cmd.startswith('hg -R ') and cmd.endswith(' serve --stdio'):
repo = getrepo("read", cmd[6:-14])
if not os.path.isdir(repo + "/.hg")
fail("no such repository %s" % repo)
dispatch.dispatch(['-R', repo, 'serve', '--stdio'])
elif cmd.startswith('hg init '):
repo = getrepo("init", cmd[8:])
if os.path.exists(repo):
fail("%s exists" % repo)
d = os.path.dirname(repo)
if d != "" and not os.path.isdir(d):
os.makedirs(d)
dispatch.dispatch(['init', repo])
elif cmd == "":
fail("direct logins on the hg account prohibited ")
else:
fail("illegal command %r" % cmd)
except ruleset.AccessException:
fail("access denied")