# HG changeset patch
# User Paul Crowley <paul@lshift.net>
# Date 1212681237 -3600
# Node ID 4059dbe9f26a651a18ffefc65a0158b949e48a3c
# Parent  d54720d47ca2a647a6179799f7979293cfcbcdff
new break-in system

diff -r d54720d47ca2 -r 4059dbe9f26a as-if-by-ssh
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/as-if-by-ssh	Thu Jun 05 16:53:57 2008 +0100
@@ -0,0 +1,10 @@
+#!/bin/sh
+# Used only for break-ins
+
+set -e
+SSH_ORIGINAL_COMMAND=$1
+echo "SSH_ORIGINAL_COMMAND=$SSH_ORIGINAL_COMMAND" >&2
+export SSH_ORIGINAL_COMMAND
+cd
+exec /etc/hg-admin-tools/hg-ssh-wrapper root
+
diff -r d54720d47ca2 -r 4059dbe9f26a break-in
--- a/break-in	Wed May 28 18:14:15 2008 +0100
+++ b/break-in	Thu Jun 05 16:53:57 2008 +0100
@@ -2,11 +2,13 @@
 
 set -e
 
-REPO=~hg/repos/hgadmin
-sudo -u hg -H hg -q -R "$REPO" update null
-sudo -u hg mkdir $REPO/keys
-cp $1 $REPO/keys/root
-cd $REPO
-echo "init user=root" > hg-ssh-access.conf
-sudo -u hg -H /usr/local/lib/hg-admin-tools/refresh-auth ~/.ssh/authorized_keys /etc/hg-admin-tools/hg-ssh-wrapper
+user=$(whoami)
 
+/usr/local/lib/hg-admin-tools/create-breakin-repository
+cd hgadmin
+mkdir -p keys
+ssh-add -L > keys/$user
+echo "init user=$user" > hg-ssh-access.conf
+hg add keys/$user hg-ssh-access.conf
+hg commit -m "Give all access only to user $user"
+hg push
diff -r d54720d47ca2 -r 4059dbe9f26a create-breakin-repository
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/create-breakin-repository	Thu Jun 05 16:53:57 2008 +0100
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e
+
+hg clone -e /usr/local/lib/hg-admin-tools/ssh-replacement ssh://localhost/hgadmin
+cd hgadmin
+cat >> .hg/hgrc << __END__
+[ui]
+ssh = /usr/local/lib/hg-admin-tools/ssh-replacement
+__END__
+echo "cd to hgadmin, make changes and commit"
+
diff -r d54720d47ca2 -r 4059dbe9f26a hginit
--- a/hginit	Wed May 28 18:14:15 2008 +0100
+++ b/hginit	Thu Jun 05 16:53:57 2008 +0100
@@ -2,7 +2,7 @@
 
 set -e
 
-cd
+cd ~hg
 mkdir -p repos/hgadmin .ssh
 cd repos/hgadmin
 hg init .
diff -r d54720d47ca2 -r 4059dbe9f26a install
--- a/install	Wed May 28 18:14:15 2008 +0100
+++ b/install	Thu Jun 05 16:53:57 2008 +0100
@@ -4,11 +4,7 @@
 
 install -o root -g root -d /usr/local/lib/hg-admin-tools
 install -o root -g root -t /usr/local/lib/hg-admin-tools \
-    access.py hg-ssh refresh-auth ruleset.py hgadmin-hgrc break-in
+    access.py hg-ssh refresh-auth ruleset.py hgadmin-hgrc create-breakin-repository ssh-replacement as-if-by-ssh break-in
 install -o root -g root -d /etc/hg-admin-tools
 install -o root -g root -t /etc/hg-admin-tools hg-ssh-wrapper remote-hgrc
 
-sudo adduser --system --shell /bin/sh --group --disabled-password \
-   --gecos "Mercurial repositories" hg
-sudo -u hg -H ./hginit
-
diff -r d54720d47ca2 -r 4059dbe9f26a refresh-auth
--- a/refresh-auth	Wed May 28 18:14:15 2008 +0100
+++ b/refresh-auth	Thu Jun 05 16:53:57 2008 +0100
@@ -36,6 +36,9 @@
             # ignore any path that contains dodgy characters
             continue
         keyname = ffn[5:]
+        if keyname == "root":
+            # No key can claim root privileges
+            continue
         p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), 
             stdout=subprocess.PIPE, stderr=subprocess.PIPE)
         newkey = p.communicate()[0]
diff -r d54720d47ca2 -r 4059dbe9f26a ruleset.py
--- a/ruleset.py	Wed May 28 18:14:15 2008 +0100
+++ b/ruleset.py	Thu Jun 05 16:53:57 2008 +0100
@@ -5,6 +5,7 @@
 # This software may be used and distributed according to the terms
 # of the GNU General Public License, incorporated herein by reference.
 
+import sys
 import re
 
 allowedchars = "A-Za-z0-9_-"
@@ -49,7 +50,9 @@
     levels = ["init", "write", "read", "deny"]
 
     def __init__(self):
-        self.rules = []
+        # The user called "root" automatically has the highest
+        # privilege
+        self.rules = [(self.levels[0], rule([('user', 'root')]))]
         self.preset = {}
 
     def add(self, action, conditions):
@@ -74,14 +77,19 @@
     @classmethod
     def readfile(cls, fn):
         res = cls()
-        f = open(fn)
         try:
-            for l in f:
-                l = l.strip()
-                if len(l) == 0 or l.startswith("#"):
-                    continue
-                l = l.split()
-                res.add(l[0], rule([c.split("=", 1) for c in l[1:]]))
-        finally:
-            f.close()
+            f = open(fn)
+            try:
+                for l in f:
+                    l = l.strip()
+                    if len(l) == 0 or l.startswith("#"):
+                        continue
+                    l = l.split()
+                    res.add(l[0], rule([c.split("=", 1) for c in l[1:]]))
+            finally:
+                f.close()
+        except Exception, e:
+            print >> sys.stderr, "Failure reading rules file:", e
+            return cls()
         return res
+
diff -r d54720d47ca2 -r 4059dbe9f26a setup
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/setup	Thu Jun 05 16:53:57 2008 +0100
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -e
+
+./install
+
+adduser --system --shell /bin/sh --group --disabled-password \
+   --gecos "Mercurial repositories" hg
+su -c ./hginit hg
diff -r d54720d47ca2 -r 4059dbe9f26a ssh-replacement
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ssh-replacement	Thu Jun 05 16:53:57 2008 +0100
@@ -0,0 +1,7 @@
+#!/bin/sh
+# Used only for break-ins
+
+echo "arg: $2" >&2
+
+exec sudo -H -u hg /usr/local/lib/hg-admin-tools/as-if-by-ssh "$2"
+