diff -r 020082c44cdf -r 3f9f247b72bd src/hg-ssh --- a/src/hg-ssh Mon Apr 18 12:49:02 2011 +0100 +++ b/src/hg-ssh Mon Apr 18 13:26:05 2011 +0100 @@ -27,12 +27,41 @@ sys.stderr.write("mercurial-server: %s\n" % message) sys.exit(-1) -def checkDots(path): +config.initExe() + +for k,v in config.getEnv(): + os.environ[k.upper()] = v + +if len(sys.argv) == 3 and sys.argv[1] == "--base64": + ruleset.rules.set(user = base64.b64decode(sys.argv[2])) +elif len(sys.argv) == 2: + ruleset.rules.set(user = sys.argv[1]) +else: + fail("hg-ssh wrongly called, is authorized_keys corrupt? (%s)" + % sys.argv) + +os.chdir(config.getReposPath()) + +for f in config.getAccessPaths(): + if os.path.isfile(f): + ruleset.rules.readfile(f) + +alloweddots = config.getAllowedDots() + +def dotException(pathtail): + for ex in alloweddots: + splex = ex.split("/") + if len(pathtail) >= len(splex) and pathtail[:len(splex)] == splex: + return True + return False + +def checkDots(path, pathtail = []): head, tail = os.path.split(path) - if tail.startswith("."): - fail("paths cannot contain dot file components") + pathtail = [tail] + pathtail + if tail.startswith(".") and not dotException(pathtail): + fail("paths cannot contain dot file components") if head: - checkDots(head) + checkDots(head, pathtail) def getrepo(op, repo): # First canonicalise, then check the string, then the rules @@ -47,25 +76,6 @@ fail("access denied") return repo -config.initExe() - -for k,v in config.getEnv(): - os.environ[k.upper()] = v - -if len(sys.argv) == 3 and sys.argv[1] == "--base64": - ruleset.rules.set(user = base64.b64decode(sys.argv[2])) -elif len(sys.argv) == 2: - ruleset.rules.set(user = sys.argv[1]) -else: - fail("hg-ssh wrongly called, is authorized_keys corrupt? (%s)" - % sys.argv) - -os.chdir(config.getReposPath()) - -for f in config.getAccessPaths(): - if os.path.isfile(f): - ruleset.rules.readfile(f) - cmd = os.environ.get('SSH_ORIGINAL_COMMAND', None) if cmd is None: fail("direct logins on the hg account prohibited") @@ -84,4 +94,3 @@ dispatch.dispatch(['init', repo]) else: fail("illegal command %r" % cmd) -