Mercurial Mercurial > hg > mercurial-server / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
separate out executables and data
authorPaul Crowley <paul@lshift.net>
Tue, 15 Apr 2008 16:14:22 +0100
changeset 0 41ecb5a3172c
child 1 5bc7446cd2d1
separate out executables and data
hg-ssh file | annotate | diff | comparison | revisions
hg-ssh-wrapper file | annotate | diff | comparison | revisions
refresh-auth file | annotate | diff | comparison | revisions 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/hg-ssh	Tue Apr 15 16:14:22 2008 +0100
@@ -0,0 +1,103 @@
+#!/usr/bin/env python
+#
+# Copyright 2008 LShift Ltd
+# Modified by Paul Crowley <paul@lshift.net>
+# with ideas from  Mathieu PASQUET <kiorky@cryptelium.net>
+# Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de>
+# Author(s):
+# Thomas Arendsen Hein <thomas@intevation.de>
+#
+# This software may be used and distributed according to the terms
+# of the GNU General Public License, incorporated herein by reference.
+
+"""
+hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
+
+DO NOT USE WITHOUT READING THE SOURCE!  In particular note that we HARDWIRE
+the path to hgadmin/hg-ssh-access.conf.
+
+To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8):
+command="hg-ssh keyid" ssh-dss ...
+(probably together with these other useful options:
+ no-port-forwarding,no-X11-forwarding,no-agent-forwarding)
+
+This allows pull/push over ssh to to the repositories given as arguments.
+
+If all your repositories are subdirectories of a common directory, you can
+allow shorter paths with:
+command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2"
+
+You can use pattern matching of your normal shell, e.g.:
+command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}"
+"""
+
+# enable importing on demand to reduce startup time
+from mercurial import demandimport; demandimport.enable()
+
+from mercurial import dispatch
+
+import sys, os, re
+
+def fail(message):
+    #logfile.write("Fail: %s\n" % message)
+    sys.stderr.write(message + "\n")
+    sys.exit(-1)
+
+allowedchars = "A-Za-z0-9_.-"
+goodpathre = re.compile("([%s]+/)*[%s]+$" % (allowedchars, allowedchars))
+def goodpath(path):
+    if goodpathre.match(path) is None:
+        fail("Disallowing path: %s" % path)
+
+
+# Don't put anything except *A-Za-z0-9_- in rule globs or
+# you'll probably break security.  No regexp metachars, not even .
+# We may fix this later.
+goodglobre = re.compile("[*/%s]+$" % allowedchars)
+def globmatch(pattern, match):
+    if goodglobre.match(pattern) is None:
+        fail("Bad glob pattern in auth config: %s" % pattern)
+    pattern = pattern.replace(".", r'\.')
+    pattern = pattern.replace("*", "[%s]*" % allowedchars)
+    return re.compile(pattern + "$").match(match) is not None
+
+def testrule(keyname, path, applicable):
+    goodpath(keyname)
+    goodpath(path)
+    f = open("hgadmin/hg-ssh-access.conf")
+    try:
+        for l in f:
+            l = l.strip()
+            if l == "" or l.startswith("#"):
+                continue
+            rule, rk, rp = l.split()
+            if globmatch(rk, keyname) and globmatch(rp, path):
+                #logfile.write("Used rule: %s\n" % l)
+                return rule in applicable
+        return False
+    finally:
+        f.close()
+
+def get_cmd(keyname, cmd):
+    if cmd.startswith('hg -R ') and cmd.endswith(' serve --stdio'):
+        path = cmd[6:-14]
+        if testrule(keyname, path, set(["allow", "init"])):
+            return ['-R', path, 'serve', '--stdio']
+    elif cmd.startswith('hg init '):
+        path = cmd[8:]
+        if testrule(keyname, path, set(["init"])):
+            return ['init', path]
+    fail("Illegal command %r" % cmd)
+
+#logfile = open("/tmp/hg-ssh.%d.txt" % os.getpid(), "w")
+#logfile.write("Started: %s\n" % sys.argv)
+
+if len(sys.argv) != 2:
+    fail("Error in hg-ssh configuration in .ssh/authorized_keys: too many arguments (%s)" 
+        % sys.argv)
+
+keyname = sys.argv[1]
+todispatch = get_cmd(keyname, os.environ.get('SSH_ORIGINAL_COMMAND', '?'))
+os.environ["HG_ACL_USER"] = keyname
+dispatch.dispatch(todispatch)
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/hg-ssh-wrapper	Tue Apr 15 16:14:22 2008 +0100
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -e
+cd repos
+../admin/hg-admin-tools/hg-ssh "$@"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/refresh-auth	Tue Apr 15 16:14:22 2008 +0100
@@ -0,0 +1,30 @@
+#!/usr/bin/python
+
+import os
+import os.path
+
+# THIS SCRIPT COMPLETELY DESTROYS YOUR .ssh/authorized_keys FILE EVERY TIME IT IS RUN
+
+#command='cd %s && ../path/bin/hg-ssh %s' % (repos, " ".join(projects))
+
+akeyfile = os.path.expanduser("~/.ssh/authorized_keys")
+
+akeys = open(akeyfile + "_new", "w")
+for root, dirs, files in os.walk("keys"):
+    for fn in files:
+        ffn = os.path.join(root, fn)
+        # FIXME: should ignore any path that contains dodgy characters
+        keyname = ffn[5:]
+        kf = open(ffn)
+        try:
+            for l in kf:
+                command='cd repos && hgadmin/hg-ssh %s' % keyname
+                prefix=('command="%s",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding'
+                    % command)
+                #prefix='no-port-forwarding,no-X11-forwarding,no-agent-forwarding'
+                akeys.write("%s %s\n" % (prefix, l.strip()))
+        finally:
+            kf.close()
+
+os.rename(akeyfile + "_new", akeyfile)
+
mercurial-server