diff -r 31d5c6236f71 -r f597eb3b5aaf src/hg-ssh --- a/src/hg-ssh Sun Dec 19 09:49:18 2010 +0000 +++ b/src/hg-ssh Tue Sep 06 11:16:58 2011 +0100 @@ -19,6 +19,11 @@ from mercurial import dispatch +try: + request = dispatch.request +except AttributeError: + request = list + import sys, os, os.path import base64 from mercurialserver import config, ruleset @@ -27,12 +32,41 @@ sys.stderr.write("mercurial-server: %s\n" % message) sys.exit(-1) -def checkDots(path): +config.initExe() + +for k,v in config.getEnv(): + os.environ[k.upper()] = v + +if len(sys.argv) == 3 and sys.argv[1] == "--base64": + ruleset.rules.set(user = base64.b64decode(sys.argv[2])) +elif len(sys.argv) == 2: + ruleset.rules.set(user = sys.argv[1]) +else: + fail("hg-ssh wrongly called, is authorized_keys corrupt? (%s)" + % sys.argv) + +os.chdir(config.getReposPath()) + +for f in config.getAccessPaths(): + if os.path.isfile(f): + ruleset.rules.readfile(f) + +alloweddots = config.getAllowedDots() + +def dotException(pathtail): + for ex in alloweddots: + splex = ex.split("/") + if len(pathtail) >= len(splex) and pathtail[:len(splex)] == splex: + return True + return False + +def checkDots(path, pathtail = []): head, tail = os.path.split(path) - if tail.startswith("."): - fail("paths cannot contain dot file components") + pathtail = [tail] + pathtail + if tail.startswith(".") and not dotException(pathtail): + fail("paths cannot contain dot file components") if head: - checkDots(head) + checkDots(head, pathtail) def getrepo(op, repo): # First canonicalise, then check the string, then the rules @@ -47,25 +81,6 @@ fail("access denied") return repo -config.initExe() - -for k,v in config.getEnv(): - os.environ[k.upper()] = v - -if len(sys.argv) == 3 and sys.argv[1] == "--base64": - ruleset.rules.set(user = base64.b64decode(sys.argv[2])) -elif len(sys.argv) == 2: - ruleset.rules.set(user = sys.argv[1]) -else: - fail("hg-ssh wrongly called, is authorized_keys corrupt? (%s)" - % sys.argv) - -os.chdir(config.getReposPath()) - -for f in config.getAccessPaths(): - if os.path.isfile(f): - ruleset.rules.readfile(f) - cmd = os.environ.get('SSH_ORIGINAL_COMMAND', None) if cmd is None: fail("direct logins on the hg account prohibited") @@ -73,7 +88,7 @@ repo = getrepo("read", cmd[6:-14]) if not os.path.isdir(repo + "/.hg"): fail("no such repository %s" % repo) - dispatch.dispatch(['-R', repo, 'serve', '--stdio']) + dispatch.dispatch(request(['-R', repo, 'serve', '--stdio'])) elif cmd.startswith('hg init '): repo = getrepo("init", cmd[8:]) if os.path.exists(repo): @@ -81,7 +96,6 @@ d = os.path.dirname(repo) if d != "" and not os.path.isdir(d): os.makedirs(d) - dispatch.dispatch(['init', repo]) + dispatch.dispatch(request(['init', repo])) else: fail("illegal command %r" % cmd) -