fixes following actual testing
authorPaul Crowley <paul@lshift.net>
Tue, 22 Apr 2008 12:55:56 +0100
changeset 19 62ee928ac9b3
parent 18 538d6b198f4a
child 23 9fa62cfd2821
fixes following actual testing
access.py
hg-ssh
rules.py
ruleset.py
--- a/access.py	Tue Apr 22 09:46:29 2008 +0100
+++ b/access.py	Tue Apr 22 12:55:56 2008 +0100
@@ -13,7 +13,7 @@
 from mercurial import util
 
 import os
-import rules
+import ruleset
 
 class Checker(object):
     '''acl checker.'''
@@ -23,7 +23,7 @@
         self.repo = repo
         self.repo_path = os.environ['HG_REPO_PATH']
         self.user = os.environ['REMOTE_USER']
-        self.rules = rules.Ruleset.readfile(os.environ['HG_ACCESS_RULES_FILE'])
+        self.rules = ruleset.Ruleset.readfile(os.environ['HG_ACCESS_RULES_FILE'])
 
     def check(self, node):
         '''return if access allowed, raise exception if not.'''
--- a/hg-ssh	Tue Apr 22 09:46:29 2008 +0100
+++ b/hg-ssh	Tue Apr 22 12:55:56 2008 +0100
@@ -34,7 +34,7 @@
 from mercurial import dispatch
 
 import sys, os
-import rules
+import ruleset
 
 def fail(message):
     #logfile.write("Fail: %s\n" % message)
@@ -44,7 +44,7 @@
 def getpath(path):
     if path.endswith("/"):
         path = path[:-1]
-    if not rules.goodpath(path):
+    if not ruleset.goodpath(path):
         fail("Disallowing path: %s" % path)
     return path
 
@@ -68,7 +68,7 @@
     fail("hg-ssh must have no arguments (%s)" 
         % sys.argv)
 
-rules = rules.Ruleset.readfile(os.environ['HG_ACCESS_RULES_FILE'])
+rules = ruleset.Ruleset.readfile(os.environ['HG_ACCESS_RULES_FILE'])
 remoteuser = getpath(os.environ['REMOTE_USER'])
 todispatch = get_cmd(rules, remoteuser, 
     os.environ.get('SSH_ORIGINAL_COMMAND', '?'))
--- a/rules.py	Tue Apr 22 09:46:29 2008 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,81 +0,0 @@
-# Copyright 2008 LShift Ltd
-# Author(s):
-# Paul Crowley <paul@lshift.net>
-#
-# This software may be used and distributed according to the terms
-# of the GNU General Public License, incorporated herein by reference.
-
-import re
-
-allowedchars = "A-Za-z0-9_-"
-
-goodpathre = re.compile("([%s]+/)*[%s]+$" % (allowedchars, allowedchars))
-def goodpath(path):
-    return goodpathre.match(path) is not None:
-
-goodglobre = re.compile("[*/%s]+$" % allowedchars)
-
-def goodglob(pattern):
-    return goodglobre.match(pattern) is not None
-
-# Don't put anything except *A-Za-z0-9_- in rule globs or   
-# it will match nothing.  No regexp metachars, not even .
-# We may fix this later.
-def globmatcher(pattern):
-    if not goodglob(pattern):
-        #fail("Bad glob pattern in auth config: %s" % pattern)
-        # FIXME: report it somehow
-        return lambda x: False
-    # Substitution cunning so ** can be different from *
-    pattern = pattern.replace("*", "[]")
-    pattern = pattern.replace("[][]", "[/%s]*" % allowedchars)
-    pattern = pattern.replace("[]", "[%s]*" % allowedchars)
-    rex = re.compile(pattern + "$")
-    # None matches everything
-    return lambda x: x is None or rex.match(x) is not None
-
-def rule(pairs):
-    matchers = [(k, globmatcher(v)) for k, v in pairs]
-    def c(**kw):
-        for k, m in matchers:
-            if k not in kw or not m(kw[k]):
-                return False
-        return True
-    return c
-
-class Ruleset(object):
-    '''Class representing the rules in a rule file'''
-    
-    levels = ["init", "write", "read", "deny"]
-
-    def __init__(self):
-        self.rules = []
-
-    def add(self, action, conditions):
-        self.rules.append((action, conditions))
-
-    def matchrule(self, **kw):
-        for a, c in self.rules:
-            if c(**kw):
-                return a
-        return None
-
-    def allow(self, level, **kw):
-        a = matchrule(self, **kw)
-        return a in self.levels and self.levels.index(a) <= self.levels.index(level)
-    
-    @classmethod
-    def read_rules(cls, fn):
-        res = cls()
-        f = open(fn)
-        try:
-            for l in f:
-                l = l.strip()
-                if len(l) == 0 or l.startswith["#"]:
-                    continue
-                res.add(l[0], rule([c.split("=", 1) for c in l[1:]]))
-        finally:
-            f.close()
-        return res
-
-
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ruleset.py	Tue Apr 22 12:55:56 2008 +0100
@@ -0,0 +1,82 @@
+# Copyright 2008 LShift Ltd
+# Author(s):
+# Paul Crowley <paul@lshift.net>
+#
+# This software may be used and distributed according to the terms
+# of the GNU General Public License, incorporated herein by reference.
+
+import re
+
+allowedchars = "A-Za-z0-9_-"
+
+goodpathre = re.compile("([%s]+/)*[%s]+$" % (allowedchars, allowedchars))
+def goodpath(path):
+    return goodpathre.match(path) is not None
+
+goodglobre = re.compile("[*/%s]+$" % allowedchars)
+
+def goodglob(pattern):
+    return goodglobre.match(pattern) is not None
+
+# Don't put anything except *A-Za-z0-9_- in rule globs or   
+# it will match nothing.  No regexp metachars, not even .
+# We may fix this later.
+def globmatcher(pattern):
+    if not goodglob(pattern):
+        #fail("Bad glob pattern in auth config: %s" % pattern)
+        # FIXME: report it somehow
+        return lambda x: False
+    # Substitution cunning so ** can be different from *
+    pattern = pattern.replace("*", "[]")
+    pattern = pattern.replace("[][]", "[/%s]*" % allowedchars)
+    pattern = pattern.replace("[]", "[%s]*" % allowedchars)
+    rex = re.compile(pattern + "$")
+    # None matches everything
+    return lambda x: x is None or rex.match(x) is not None
+
+def rule(pairs):
+    matchers = [(k, globmatcher(v)) for k, v in pairs]
+    def c(**kw):
+        for k, m in matchers:
+            if k not in kw or not m(kw[k]):
+                return False
+        return True
+    return c
+
+class Ruleset(object):
+    '''Class representing the rules in a rule file'''
+    
+    levels = ["init", "write", "read", "deny"]
+
+    def __init__(self):
+        self.rules = []
+
+    def add(self, action, conditions):
+        self.rules.append((action, conditions))
+
+    def matchrule(self, **kw):
+        for a, c in self.rules:
+            if c(**kw):
+                return a
+        return None
+
+    def allow(self, level, **kw):
+        a = self.matchrule(**kw)
+        return a in self.levels and self.levels.index(a) <= self.levels.index(level)
+    
+    @classmethod
+    def readfile(cls, fn):
+        res = cls()
+        f = open(fn)
+        try:
+            for l in f:
+                l = l.strip()
+                if len(l) == 0 or l.startswith("#"):
+                    continue
+                l = l.split()
+                res.add(l[0], rule([c.split("=", 1) for c in l[1:]]))
+        finally:
+            f.close()
+        return res
+
+