# HG changeset patch # User Paul Crowley # Date 1208272462 -3600 # Node ID 41ecb5a3172c8dd96353d022ab14f8fec9bb7e15 separate out executables and data diff -r 000000000000 -r 41ecb5a3172c hg-ssh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/hg-ssh Tue Apr 15 16:14:22 2008 +0100 @@ -0,0 +1,103 @@ +#!/usr/bin/env python +# +# Copyright 2008 LShift Ltd +# Modified by Paul Crowley +# with ideas from Mathieu PASQUET +# Copyright 2005-2007 by Intevation GmbH +# Author(s): +# Thomas Arendsen Hein +# +# This software may be used and distributed according to the terms +# of the GNU General Public License, incorporated herein by reference. + +""" +hg-ssh - a wrapper for ssh access to a limited set of mercurial repos + +DO NOT USE WITHOUT READING THE SOURCE! In particular note that we HARDWIRE +the path to hgadmin/hg-ssh-access.conf. + +To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8): +command="hg-ssh keyid" ssh-dss ... +(probably together with these other useful options: + no-port-forwarding,no-X11-forwarding,no-agent-forwarding) + +This allows pull/push over ssh to to the repositories given as arguments. + +If all your repositories are subdirectories of a common directory, you can +allow shorter paths with: +command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2" + +You can use pattern matching of your normal shell, e.g.: +command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}" +""" + +# enable importing on demand to reduce startup time +from mercurial import demandimport; demandimport.enable() + +from mercurial import dispatch + +import sys, os, re + +def fail(message): + #logfile.write("Fail: %s\n" % message) + sys.stderr.write(message + "\n") + sys.exit(-1) + +allowedchars = "A-Za-z0-9_.-" +goodpathre = re.compile("([%s]+/)*[%s]+$" % (allowedchars, allowedchars)) +def goodpath(path): + if goodpathre.match(path) is None: + fail("Disallowing path: %s" % path) + + +# Don't put anything except *A-Za-z0-9_- in rule globs or +# you'll probably break security. No regexp metachars, not even . +# We may fix this later. +goodglobre = re.compile("[*/%s]+$" % allowedchars) +def globmatch(pattern, match): + if goodglobre.match(pattern) is None: + fail("Bad glob pattern in auth config: %s" % pattern) + pattern = pattern.replace(".", r'\.') + pattern = pattern.replace("*", "[%s]*" % allowedchars) + return re.compile(pattern + "$").match(match) is not None + +def testrule(keyname, path, applicable): + goodpath(keyname) + goodpath(path) + f = open("hgadmin/hg-ssh-access.conf") + try: + for l in f: + l = l.strip() + if l == "" or l.startswith("#"): + continue + rule, rk, rp = l.split() + if globmatch(rk, keyname) and globmatch(rp, path): + #logfile.write("Used rule: %s\n" % l) + return rule in applicable + return False + finally: + f.close() + +def get_cmd(keyname, cmd): + if cmd.startswith('hg -R ') and cmd.endswith(' serve --stdio'): + path = cmd[6:-14] + if testrule(keyname, path, set(["allow", "init"])): + return ['-R', path, 'serve', '--stdio'] + elif cmd.startswith('hg init '): + path = cmd[8:] + if testrule(keyname, path, set(["init"])): + return ['init', path] + fail("Illegal command %r" % cmd) + +#logfile = open("/tmp/hg-ssh.%d.txt" % os.getpid(), "w") +#logfile.write("Started: %s\n" % sys.argv) + +if len(sys.argv) != 2: + fail("Error in hg-ssh configuration in .ssh/authorized_keys: too many arguments (%s)" + % sys.argv) + +keyname = sys.argv[1] +todispatch = get_cmd(keyname, os.environ.get('SSH_ORIGINAL_COMMAND', '?')) +os.environ["HG_ACL_USER"] = keyname +dispatch.dispatch(todispatch) + diff -r 000000000000 -r 41ecb5a3172c hg-ssh-wrapper --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/hg-ssh-wrapper Tue Apr 15 16:14:22 2008 +0100 @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e +cd repos +../admin/hg-admin-tools/hg-ssh "$@" diff -r 000000000000 -r 41ecb5a3172c refresh-auth --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/refresh-auth Tue Apr 15 16:14:22 2008 +0100 @@ -0,0 +1,30 @@ +#!/usr/bin/python + +import os +import os.path + +# THIS SCRIPT COMPLETELY DESTROYS YOUR .ssh/authorized_keys FILE EVERY TIME IT IS RUN + +#command='cd %s && ../path/bin/hg-ssh %s' % (repos, " ".join(projects)) + +akeyfile = os.path.expanduser("~/.ssh/authorized_keys") + +akeys = open(akeyfile + "_new", "w") +for root, dirs, files in os.walk("keys"): + for fn in files: + ffn = os.path.join(root, fn) + # FIXME: should ignore any path that contains dodgy characters + keyname = ffn[5:] + kf = open(ffn) + try: + for l in kf: + command='cd repos && hgadmin/hg-ssh %s' % keyname + prefix=('command="%s",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding' + % command) + #prefix='no-port-forwarding,no-X11-forwarding,no-agent-forwarding' + akeys.write("%s %s\n" % (prefix, l.strip())) + finally: + kf.close() + +os.rename(akeyfile + "_new", akeyfile) +