acl.py
106 lines
| 3.7 KiB
| text/x-python
|
PythonLexer
/ hgext / acl.py
Vadim Gelfer
|
r2344 | # acl.py - changeset access control for mercurial | ||
# | ||||
# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> | ||||
# | ||||
Martin Geisler
|
r8225 | # This software may be used and distributed according to the terms of the | ||
Matt Mackall
|
r10263 | # GNU General Public License version 2 or any later version. | ||
Dirkjan Ochtman
|
r8873 | |||
Dirkjan Ochtman
|
r8935 | '''hooks for controlling repository access | ||
Dirkjan Ochtman
|
r8873 | |||
Martin Geisler
|
r9250 | This hook makes it possible to allow or deny write access to portions | ||
of a repository when receiving incoming changesets. | ||||
The authorization is matched based on the local user name on the | ||||
system where the hook runs, and not the committer of the original | ||||
changeset (since the latter is merely informative). | ||||
Dirkjan Ochtman
|
r8873 | |||
Martin Geisler
|
r9250 | The acl hook is best used along with a restricted shell like hgsh, | ||
preventing authenticating users from doing anything other than | ||||
pushing or pulling. The hook is not safe to use if users have | ||||
interactive shell access, as they can then disable the hook. | ||||
Nor is it safe if remote users share an account, because then there | ||||
is no way to distinguish them. | ||||
Dirkjan Ochtman
|
r8873 | |||
Martin Geisler
|
r9201 | To use this hook, configure the acl extension in your hgrc like this:: | ||
Dirkjan Ochtman
|
r8873 | |||
[extensions] | ||||
Martin Geisler
|
r10112 | acl = | ||
Dirkjan Ochtman
|
r8873 | |||
[hooks] | ||||
pretxnchangegroup.acl = python:hgext.acl.hook | ||||
[acl] | ||||
Cédric Duval
|
r8893 | # Check whether the source of incoming changes is in this list | ||
# ("serve" == ssh or http, "push", "pull", "bundle") | ||||
sources = serve | ||||
Dirkjan Ochtman
|
r8873 | |||
Martin Geisler
|
r9250 | The allow and deny sections take a subtree pattern as key (with a glob | ||
syntax by default), and a comma separated list of users as the | ||||
corresponding value. The deny list is checked before the allow list | ||||
is. :: | ||||
Dirkjan Ochtman
|
r8873 | |||
[acl.allow] | ||||
Cédric Duval
|
r8893 | # If acl.allow is not present, all users are allowed by default. | ||
# An empty acl.allow section means no users allowed. | ||||
Dirkjan Ochtman
|
r8873 | docs/** = doc_writer | ||
.hgtags = release_engineer | ||||
[acl.deny] | ||||
Cédric Duval
|
r8893 | # If acl.deny is not present, no users are refused by default. | ||
# An empty acl.deny section means all users allowed. | ||||
Dirkjan Ochtman
|
r8873 | glob pattern = user4, user5 | ||
** = user6 | ||||
''' | ||||
Vadim Gelfer
|
r2344 | |||
Matt Mackall
|
r3891 | from mercurial.i18n import _ | ||
Matt Mackall
|
r8566 | from mercurial import util, match | ||
Henrik Stuart
|
r8846 | import getpass, urllib | ||
Vadim Gelfer
|
r2344 | |||
Matt Mackall
|
r6766 | def buildmatch(ui, repo, user, key): | ||
'''return tuple of (match function, list enabled).''' | ||||
if not ui.has_section(key): | ||||
Martin Geisler
|
r9467 | ui.debug('acl: %s not enabled\n' % key) | ||
Matt Mackall
|
r6766 | return None | ||
Vadim Gelfer
|
r2344 | |||
Matt Mackall
|
r6766 | pats = [pat for pat, users in ui.configitems(key) | ||
if user in users.replace(',', ' ').split()] | ||||
Martin Geisler
|
r9467 | ui.debug('acl: %s enabled, %d entries for user %s\n' % | ||
Matt Mackall
|
r6766 | (key, len(pats), user)) | ||
if pats: | ||||
Matt Mackall
|
r8567 | return match.match(repo.root, '', pats) | ||
Matt Mackall
|
r8682 | return match.exact(repo.root, '', []) | ||
Matt Mackall
|
r8566 | |||
Vadim Gelfer
|
r2344 | |||
def hook(ui, repo, hooktype, node=None, source=None, **kwargs): | ||||
if hooktype != 'pretxnchangegroup': | ||||
raise util.Abort(_('config error - hook type "%s" cannot stop ' | ||||
'incoming changesets') % hooktype) | ||||
Matt Mackall
|
r6766 | if source not in ui.config('acl', 'sources', 'serve').split(): | ||
Martin Geisler
|
r9467 | ui.debug('acl: changes have source "%s" - skipping\n' % source) | ||
Vadim Gelfer
|
r2344 | return | ||
Henrik Stuart
|
r8846 | user = None | ||
if source == 'serve' and 'url' in kwargs: | ||||
url = kwargs['url'].split(':') | ||||
if url[0] == 'remote' and url[1].startswith('http'): | ||||
Henrik Stuart
|
r9018 | user = urllib.unquote(url[3]) | ||
Henrik Stuart
|
r8846 | |||
if user is None: | ||||
user = getpass.getuser() | ||||
Matt Mackall
|
r6766 | cfg = ui.config('acl', 'config') | ||
if cfg: | ||||
Matt Mackall
|
r8142 | ui.readconfig(cfg, sections = ['acl.allow', 'acl.deny']) | ||
Matt Mackall
|
r6766 | allow = buildmatch(ui, repo, user, 'acl.allow') | ||
deny = buildmatch(ui, repo, user, 'acl.deny') | ||||
for rev in xrange(repo[node], len(repo)): | ||||
ctx = repo[rev] | ||||
for f in ctx.files(): | ||||
if deny and deny(f): | ||||
Martin Geisler
|
r9467 | ui.debug('acl: user %s denied on %s\n' % (user, f)) | ||
Matt Mackall
|
r6766 | raise util.Abort(_('acl: access denied for changeset %s') % ctx) | ||
if allow and not allow(f): | ||||
Martin Geisler
|
r9467 | ui.debug('acl: user %s not allowed on %s\n' % (user, f)) | ||
Matt Mackall
|
r6766 | raise util.Abort(_('acl: access denied for changeset %s') % ctx) | ||
Martin Geisler
|
r9467 | ui.debug('acl: allowing changeset %s\n' % ctx) | ||