acl.py
99 lines
| 3.5 KiB
| text/x-python
|
PythonLexer
/ hgext / acl.py
Vadim Gelfer
|
r2344 | # acl.py - changeset access control for mercurial | ||
# | ||||
# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> | ||||
# | ||||
Martin Geisler
|
r8225 | # This software may be used and distributed according to the terms of the | ||
# GNU General Public License version 2, incorporated herein by reference. | ||||
Vadim Gelfer
|
r2344 | # | ||
Dirkjan Ochtman
|
r8873 | |||
'''provide simple hooks for access control | ||||
Authorization is against local user name on system where hook is run, not | ||||
committer of original changeset (since that is easy to spoof). | ||||
The acl hook is best to use if you use hgsh to set up restricted shells for | ||||
authenticated users to only push to / pull from. It's not safe if user has | ||||
interactive shell access, because they can disable the hook. It's also not | ||||
safe if remote users share one local account, because then there's no way to | ||||
tell remote users apart. | ||||
To use, configure the acl extension in hgrc like this: | ||||
[extensions] | ||||
hgext.acl = | ||||
[hooks] | ||||
pretxnchangegroup.acl = python:hgext.acl.hook | ||||
[acl] | ||||
sources = serve # check if source of incoming changes in this list | ||||
# ("serve" == ssh or http, "push", "pull", "bundle") | ||||
Allow and deny lists have a subtree pattern (default syntax is glob) on the | ||||
left and user names on right. The deny list is checked before the allow list. | ||||
[acl.allow] | ||||
# if acl.allow not present, all users allowed by default | ||||
# empty acl.allow = no users allowed | ||||
docs/** = doc_writer | ||||
.hgtags = release_engineer | ||||
[acl.deny] | ||||
# if acl.deny not present, no users denied by default | ||||
# empty acl.deny = all users allowed | ||||
glob pattern = user4, user5 | ||||
** = user6 | ||||
''' | ||||
Vadim Gelfer
|
r2344 | |||
Matt Mackall
|
r3891 | from mercurial.i18n import _ | ||
Matt Mackall
|
r8566 | from mercurial import util, match | ||
Henrik Stuart
|
r8846 | import getpass, urllib | ||
Vadim Gelfer
|
r2344 | |||
Matt Mackall
|
r6766 | def buildmatch(ui, repo, user, key): | ||
'''return tuple of (match function, list enabled).''' | ||||
if not ui.has_section(key): | ||||
ui.debug(_('acl: %s not enabled\n') % key) | ||||
return None | ||||
Vadim Gelfer
|
r2344 | |||
Matt Mackall
|
r6766 | pats = [pat for pat, users in ui.configitems(key) | ||
if user in users.replace(',', ' ').split()] | ||||
ui.debug(_('acl: %s enabled, %d entries for user %s\n') % | ||||
(key, len(pats), user)) | ||||
if pats: | ||||
Matt Mackall
|
r8567 | return match.match(repo.root, '', pats) | ||
Matt Mackall
|
r8682 | return match.exact(repo.root, '', []) | ||
Matt Mackall
|
r8566 | |||
Vadim Gelfer
|
r2344 | |||
def hook(ui, repo, hooktype, node=None, source=None, **kwargs): | ||||
if hooktype != 'pretxnchangegroup': | ||||
raise util.Abort(_('config error - hook type "%s" cannot stop ' | ||||
'incoming changesets') % hooktype) | ||||
Matt Mackall
|
r6766 | if source not in ui.config('acl', 'sources', 'serve').split(): | ||
Vadim Gelfer
|
r2344 | ui.debug(_('acl: changes have source "%s" - skipping\n') % source) | ||
return | ||||
Henrik Stuart
|
r8846 | user = None | ||
if source == 'serve' and 'url' in kwargs: | ||||
url = kwargs['url'].split(':') | ||||
if url[0] == 'remote' and url[1].startswith('http'): | ||||
user = urllib.unquote(url[2]) | ||||
if user is None: | ||||
user = getpass.getuser() | ||||
Matt Mackall
|
r6766 | cfg = ui.config('acl', 'config') | ||
if cfg: | ||||
Matt Mackall
|
r8142 | ui.readconfig(cfg, sections = ['acl.allow', 'acl.deny']) | ||
Matt Mackall
|
r6766 | allow = buildmatch(ui, repo, user, 'acl.allow') | ||
deny = buildmatch(ui, repo, user, 'acl.deny') | ||||
for rev in xrange(repo[node], len(repo)): | ||||
ctx = repo[rev] | ||||
for f in ctx.files(): | ||||
if deny and deny(f): | ||||
ui.debug(_('acl: user %s denied on %s\n') % (user, f)) | ||||
raise util.Abort(_('acl: access denied for changeset %s') % ctx) | ||||
if allow and not allow(f): | ||||
ui.debug(_('acl: user %s not allowed on %s\n') % (user, f)) | ||||
raise util.Abort(_('acl: access denied for changeset %s') % ctx) | ||||
ui.debug(_('acl: allowing changeset %s\n') % ctx) | ||||