Allow mq clones
authorPaul Crowley <paul@lshift.net>
Mon, 18 Apr 2011 13:26:05 +0100
changeset 303 3f9f247b72bd
parent 302 020082c44cdf
child 304 6e575b602d2b
Allow mq clones
src/hg-ssh
src/init/dot-mercurial-server
src/mercurialserver/config.py
--- a/src/hg-ssh	Mon Apr 18 12:49:02 2011 +0100
+++ b/src/hg-ssh	Mon Apr 18 13:26:05 2011 +0100
@@ -27,12 +27,41 @@
     sys.stderr.write("mercurial-server: %s\n" % message)
     sys.exit(-1)
 
-def checkDots(path):
+config.initExe()
+
+for k,v in config.getEnv():
+    os.environ[k.upper()] = v
+
+if len(sys.argv) == 3 and sys.argv[1] == "--base64":
+    ruleset.rules.set(user = base64.b64decode(sys.argv[2]))
+elif len(sys.argv) == 2:
+    ruleset.rules.set(user = sys.argv[1])
+else:
+    fail("hg-ssh wrongly called, is authorized_keys corrupt? (%s)"
+        % sys.argv)
+
+os.chdir(config.getReposPath())
+
+for f in config.getAccessPaths():
+    if os.path.isfile(f):
+        ruleset.rules.readfile(f)
+
+alloweddots = config.getAllowedDots()
+
+def dotException(pathtail):
+    for ex in alloweddots:
+        splex = ex.split("/")
+        if len(pathtail) >= len(splex) and pathtail[:len(splex)] == splex:
+            return True
+    return False
+
+def checkDots(path, pathtail = []):
     head, tail = os.path.split(path)
-    if tail.startswith("."):
-        fail("paths cannot contain dot file components")
+    pathtail = [tail] + pathtail
+    if tail.startswith(".") and not dotException(pathtail):
+            fail("paths cannot contain dot file components")
     if head:
-        checkDots(head)
+        checkDots(head, pathtail)
 
 def getrepo(op, repo):
     # First canonicalise, then check the string, then the rules
@@ -47,25 +76,6 @@
         fail("access denied")
     return repo
 
-config.initExe()
-
-for k,v in config.getEnv():
-    os.environ[k.upper()] = v
-
-if len(sys.argv) == 3 and sys.argv[1] == "--base64":
-    ruleset.rules.set(user = base64.b64decode(sys.argv[2]))
-elif len(sys.argv) == 2:
-    ruleset.rules.set(user = sys.argv[1])
-else:
-    fail("hg-ssh wrongly called, is authorized_keys corrupt? (%s)" 
-        % sys.argv)
-
-os.chdir(config.getReposPath())
-
-for f in config.getAccessPaths():
-    if os.path.isfile(f):
-        ruleset.rules.readfile(f)
-
 cmd = os.environ.get('SSH_ORIGINAL_COMMAND', None)
 if cmd is None:
     fail("direct logins on the hg account prohibited")
@@ -84,4 +94,3 @@
     dispatch.dispatch(['init', repo])
 else:
     fail("illegal command %r" % cmd)
-
--- a/src/init/dot-mercurial-server	Mon Apr 18 12:49:02 2011 +0100
+++ b/src/init/dot-mercurial-server	Mon Apr 18 13:26:05 2011 +0100
@@ -7,9 +7,12 @@
 keys = /etc/mercurial-server/keys:~/repos/hgadmin/keys
 access = /etc/mercurial-server/access.conf:~/repos/hgadmin/access.conf
 
+[exceptions]
+# Allow the creation of mq repositories by default
+allowdots = .hg/patches
+
 [env]
 # Use a different hgrc for remote pulls - this way you can set
 # up access.py for everything at once without affecting local operations
 
 HGRCPATH = /etc/mercurial-server/remote-hgrc.d
-
--- a/src/mercurialserver/config.py	Mon Apr 18 12:49:02 2011 +0100
+++ b/src/mercurialserver/config.py	Mon Apr 18 13:26:05 2011 +0100
@@ -20,7 +20,7 @@
 def _getPath(name):
     return os.path.expanduser(_getConf().get("paths", name))
 
-def _getPaths(name): 
+def _getPaths(name):
     return [os.path.expanduser(p)
         for p in _getConf().get("paths", name).split(":")]
 
@@ -40,6 +40,17 @@
 
 def getEnv(): return _getConf().items("env")
 
+def _getdefault(section, option, default, f = lambda x: x):
+    conf = _getConf()
+    if conf.has_option(section, option):
+        return f(conf.get(section, option))
+    else:
+        return default
+
+def getAllowedDots():
+    return _getdefault("exceptions", "allowdots", [],
+        lambda s: s.split(":"))
+
 # Work out where we are, don't use config.
 def initExe():
     global _exePath
@@ -49,4 +60,3 @@
 
 def getExePath():
     return _exePath
-