# HG changeset patch # User Paul Crowley # Date 1303129565 -3600 # Node ID 3f9f247b72bd00f20928187c560dba7a6d7a9950 # Parent 020082c44cdfaf23e73520bbc13bc5fb62418be5 Allow mq clones diff -r 020082c44cdf -r 3f9f247b72bd src/hg-ssh --- a/src/hg-ssh Mon Apr 18 12:49:02 2011 +0100 +++ b/src/hg-ssh Mon Apr 18 13:26:05 2011 +0100 @@ -27,12 +27,41 @@ sys.stderr.write("mercurial-server: %s\n" % message) sys.exit(-1) -def checkDots(path): +config.initExe() + +for k,v in config.getEnv(): + os.environ[k.upper()] = v + +if len(sys.argv) == 3 and sys.argv[1] == "--base64": + ruleset.rules.set(user = base64.b64decode(sys.argv[2])) +elif len(sys.argv) == 2: + ruleset.rules.set(user = sys.argv[1]) +else: + fail("hg-ssh wrongly called, is authorized_keys corrupt? (%s)" + % sys.argv) + +os.chdir(config.getReposPath()) + +for f in config.getAccessPaths(): + if os.path.isfile(f): + ruleset.rules.readfile(f) + +alloweddots = config.getAllowedDots() + +def dotException(pathtail): + for ex in alloweddots: + splex = ex.split("/") + if len(pathtail) >= len(splex) and pathtail[:len(splex)] == splex: + return True + return False + +def checkDots(path, pathtail = []): head, tail = os.path.split(path) - if tail.startswith("."): - fail("paths cannot contain dot file components") + pathtail = [tail] + pathtail + if tail.startswith(".") and not dotException(pathtail): + fail("paths cannot contain dot file components") if head: - checkDots(head) + checkDots(head, pathtail) def getrepo(op, repo): # First canonicalise, then check the string, then the rules @@ -47,25 +76,6 @@ fail("access denied") return repo -config.initExe() - -for k,v in config.getEnv(): - os.environ[k.upper()] = v - -if len(sys.argv) == 3 and sys.argv[1] == "--base64": - ruleset.rules.set(user = base64.b64decode(sys.argv[2])) -elif len(sys.argv) == 2: - ruleset.rules.set(user = sys.argv[1]) -else: - fail("hg-ssh wrongly called, is authorized_keys corrupt? (%s)" - % sys.argv) - -os.chdir(config.getReposPath()) - -for f in config.getAccessPaths(): - if os.path.isfile(f): - ruleset.rules.readfile(f) - cmd = os.environ.get('SSH_ORIGINAL_COMMAND', None) if cmd is None: fail("direct logins on the hg account prohibited") @@ -84,4 +94,3 @@ dispatch.dispatch(['init', repo]) else: fail("illegal command %r" % cmd) - diff -r 020082c44cdf -r 3f9f247b72bd src/init/dot-mercurial-server --- a/src/init/dot-mercurial-server Mon Apr 18 12:49:02 2011 +0100 +++ b/src/init/dot-mercurial-server Mon Apr 18 13:26:05 2011 +0100 @@ -7,9 +7,12 @@ keys = /etc/mercurial-server/keys:~/repos/hgadmin/keys access = /etc/mercurial-server/access.conf:~/repos/hgadmin/access.conf +[exceptions] +# Allow the creation of mq repositories by default +allowdots = .hg/patches + [env] # Use a different hgrc for remote pulls - this way you can set # up access.py for everything at once without affecting local operations HGRCPATH = /etc/mercurial-server/remote-hgrc.d - diff -r 020082c44cdf -r 3f9f247b72bd src/mercurialserver/config.py --- a/src/mercurialserver/config.py Mon Apr 18 12:49:02 2011 +0100 +++ b/src/mercurialserver/config.py Mon Apr 18 13:26:05 2011 +0100 @@ -20,7 +20,7 @@ def _getPath(name): return os.path.expanduser(_getConf().get("paths", name)) -def _getPaths(name): +def _getPaths(name): return [os.path.expanduser(p) for p in _getConf().get("paths", name).split(":")] @@ -40,6 +40,17 @@ def getEnv(): return _getConf().items("env") +def _getdefault(section, option, default, f = lambda x: x): + conf = _getConf() + if conf.has_option(section, option): + return f(conf.get(section, option)) + else: + return default + +def getAllowedDots(): + return _getdefault("exceptions", "allowdots", [], + lambda s: s.split(":")) + # Work out where we are, don't use config. def initExe(): global _exePath @@ -49,4 +60,3 @@ def getExePath(): return _exePath -