acl.py
162 lines
| 5.5 KiB
| text/x-python
|
PythonLexer
/ hgext / acl.py
Vadim Gelfer
|
r2344 | # acl.py - changeset access control for mercurial | ||
| # | ||||
| # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> | ||||
| # | ||||
Martin Geisler
|
r8225 | # This software may be used and distributed according to the terms of the | ||
Matt Mackall
|
r10263 | # GNU General Public License version 2 or any later version. | ||
Dirkjan Ochtman
|
r8873 | |||
|
Dirkjan Ochtman
|
r8935 | '''hooks for controlling repository access | ||
|
Dirkjan Ochtman
|
r8873 | |||
|
Martin Geisler
|
r9250 | This hook makes it possible to allow or deny write access to portions | ||
Elifarley Callado Coelho Cruz
|
r11042 | of a repository when receiving incoming changesets via pretxnchangegroup and | ||
| pretxncommit. | ||||
|
Martin Geisler
|
r9250 | |||
| The authorization is matched based on the local user name on the | ||||
| system where the hook runs, and not the committer of the original | ||||
| changeset (since the latter is merely informative). | ||||
|
Dirkjan Ochtman
|
r8873 | |||
|
Martin Geisler
|
r9250 | The acl hook is best used along with a restricted shell like hgsh, | ||
| preventing authenticating users from doing anything other than | ||||
| pushing or pulling. The hook is not safe to use if users have | ||||
| interactive shell access, as they can then disable the hook. | ||||
| Nor is it safe if remote users share an account, because then there | ||||
| is no way to distinguish them. | ||||
|
Dirkjan Ochtman
|
r8873 | |||
|
Elifarley Callado Coelho Cruz
|
r11042 | The deny list is checked before the allow list is. | ||
| The allow and deny sections take key-value pairs, having a subtree pattern | ||||
| as key (with a glob syntax by default). The corresponding value can be either: | ||||
| 1) an asterisk, to match everyone; | ||||
| 2) a comma-separated list containing users and groups. | ||||
| Group names must be prefixed with an @ symbol. | ||||
| Specifying a group name has the same effect as specifying all the users in | ||||
| that group. | ||||
| The set of users for a group is taken from "grp.getgrnam" | ||||
| (see http://docs.python.org/library/grp.html#grp.getgrnam). | ||||
| To use this hook, configure the acl extension in your hgrc like this: | ||||
|
Dirkjan Ochtman
|
r8873 | |||
| [extensions] | ||||
|
Martin Geisler
|
r10112 | acl = | ||
|
Dirkjan Ochtman
|
r8873 | |||
| [hooks] | ||||
|
Elifarley Callado Coelho Cruz
|
r11042 | |||
| # Use this if you want to check access restrictions at commit time | ||||
| pretxncommit.acl = python:hgext.acl.hook | ||||
| # Use this if you want to check access restrictions for pull, push, bundle | ||||
| # and serve. | ||||
|
Dirkjan Ochtman
|
r8873 | pretxnchangegroup.acl = python:hgext.acl.hook | ||
| [acl] | ||||
Cédric Duval
|
r8893 | # Check whether the source of incoming changes is in this list | ||
| # ("serve" == ssh or http, "push", "pull", "bundle") | ||||
| sources = serve | ||||
|
Dirkjan Ochtman
|
r8873 | |||
|
Elifarley Callado Coelho Cruz
|
r11042 | [acl.deny] | ||
| # This list is checked first. If a match is found, 'acl.allow' will not be | ||||
| # checked. | ||||
| # if acl.deny is not present, no users denied by default | ||||
| # empty acl.deny = all users allowed | ||||
| # Format for both lists: glob pattern = user4, user5, @group1 | ||||
| # To match everyone, use an asterisk for the user: | ||||
| # my/glob/pattern = * | ||||
| # user6 will not have write access to any file: | ||||
| ** = user6 | ||||
| # Group "hg-denied" will not have write access to any file: | ||||
| ** = @hg-denied | ||||
| # Nobody will be able to change "DONT-TOUCH-THIS.txt", despite everyone being | ||||
| # able to change all other files. See below. | ||||
| src/main/resources/DONT-TOUCH-THIS.txt = * | ||||
|
Dirkjan Ochtman
|
r8873 | |||
| [acl.allow] | ||||
|
Elifarley Callado Coelho Cruz
|
r11042 | # if acl.allow not present, all users allowed by default | ||
| # empty acl.allow = no users allowed | ||||
| # User "doc_writer" has write access to any file under the "docs" folder: | ||||
|
Dirkjan Ochtman
|
r8873 | docs/** = doc_writer | ||
|
Elifarley Callado Coelho Cruz
|
r11042 | |||
| # User "jack" and group "designers" have write access to any file under the | ||||
| # "images" folder: | ||||
| images/** = jack, @designers | ||||
| # Everyone (except for "user6" - see "acl.deny" above) will have write access | ||||
| to any file under the "resources" folder (except for 1 file. See "acl.deny"): | ||||
| src/main/resources/** = * | ||||
|
Dirkjan Ochtman
|
r8873 | .hgtags = release_engineer | ||
| ''' | ||||
|
Vadim Gelfer
|
r2344 | |||
|
Matt Mackall
|
r3891 | from mercurial.i18n import _ | ||
|
Matt Mackall
|
r8566 | from mercurial import util, match | ||
|
Elifarley Callado Coelho Cruz
|
r11041 | import getpass, urllib, grp | ||
| def _getusers(group): | ||||
| return grp.getgrnam(group).gr_mem | ||||
| def _usermatch(user, usersorgroups): | ||||
| if usersorgroups == '*': | ||||
| return True | ||||
| for ug in usersorgroups.replace(',', ' ').split(): | ||||
| if user == ug or ug.find('@') == 0 and user in _getusers(ug[1:]): | ||||
| return True | ||||
| return False | ||||
|
Vadim Gelfer
|
r2344 | |||
|
Matt Mackall
|
r6766 | def buildmatch(ui, repo, user, key): | ||
| '''return tuple of (match function, list enabled).''' | ||||
| if not ui.has_section(key): | ||||
|
Martin Geisler
|
r9467 | ui.debug('acl: %s not enabled\n' % key) | ||
|
Matt Mackall
|
r6766 | return None | ||
|
Vadim Gelfer
|
r2344 | |||
|
Matt Mackall
|
r6766 | pats = [pat for pat, users in ui.configitems(key) | ||
|
Elifarley Callado Coelho Cruz
|
r11041 | if _usermatch(user, users)] | ||
|
Martin Geisler
|
r9467 | ui.debug('acl: %s enabled, %d entries for user %s\n' % | ||
|
Matt Mackall
|
r6766 | (key, len(pats), user)) | ||
| if pats: | ||||
|
Matt Mackall
|
r8567 | return match.match(repo.root, '', pats) | ||
|
Matt Mackall
|
r8682 | return match.exact(repo.root, '', []) | ||
|
Matt Mackall
|
r8566 | |||
|
Vadim Gelfer
|
r2344 | |||
| def hook(ui, repo, hooktype, node=None, source=None, **kwargs): | ||||
|
Elifarley Callado Coelho Cruz
|
r10955 | if hooktype not in ['pretxnchangegroup', 'pretxncommit']: | ||
|
Vadim Gelfer
|
r2344 | raise util.Abort(_('config error - hook type "%s" cannot stop ' | ||
|
Elifarley Callado Coelho Cruz
|
r10955 | 'incoming changesets nor commits') % hooktype) | ||
| if (hooktype == 'pretxnchangegroup' and | ||||
| source not in ui.config('acl', 'sources', 'serve').split()): | ||||
|
Martin Geisler
|
r9467 | ui.debug('acl: changes have source "%s" - skipping\n' % source) | ||
|
Vadim Gelfer
|
r2344 | return | ||
Henrik Stuart
|
r8846 | user = None | ||
| if source == 'serve' and 'url' in kwargs: | ||||
| url = kwargs['url'].split(':') | ||||
| if url[0] == 'remote' and url[1].startswith('http'): | ||||
|
Henrik Stuart
|
r9018 | user = urllib.unquote(url[3]) | ||
|
Henrik Stuart
|
r8846 | |||
| if user is None: | ||||
| user = getpass.getuser() | ||||
|
Matt Mackall
|
r6766 | cfg = ui.config('acl', 'config') | ||
| if cfg: | ||||
|
Matt Mackall
|
r8142 | ui.readconfig(cfg, sections = ['acl.allow', 'acl.deny']) | ||
|
Matt Mackall
|
r6766 | allow = buildmatch(ui, repo, user, 'acl.allow') | ||
| deny = buildmatch(ui, repo, user, 'acl.deny') | ||||
| for rev in xrange(repo[node], len(repo)): | ||||
| ctx = repo[rev] | ||||
| for f in ctx.files(): | ||||
| if deny and deny(f): | ||||
|
Martin Geisler
|
r9467 | ui.debug('acl: user %s denied on %s\n' % (user, f)) | ||
|
Matt Mackall
|
r6766 | raise util.Abort(_('acl: access denied for changeset %s') % ctx) | ||
| if allow and not allow(f): | ||||
|
Martin Geisler
|
r9467 | ui.debug('acl: user %s not allowed on %s\n' % (user, f)) | ||
|
Matt Mackall
|
r6766 | raise util.Abort(_('acl: access denied for changeset %s') % ctx) | ||
|
Martin Geisler
|
r9467 | ui.debug('acl: allowing changeset %s\n' % ctx) | ||