##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

py3: use pycompat.fsencode to convert path to bytes...
Pulkit Goyal -
r38121:666d90ac default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,96 +1,97 b''
1 1 #!/usr/bin/env python
2 2 #
3 3 # Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de>
4 4 #
5 5 # Author(s):
6 6 # Thomas Arendsen Hein <thomas@intevation.de>
7 7 #
8 8 # This software may be used and distributed according to the terms of the
9 9 # GNU General Public License version 2 or any later version.
10 10
11 11 """
12 12 hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
13 13
14 14 To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8):
15 15 command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ...
16 16 (probably together with these other useful options:
17 17 no-port-forwarding,no-X11-forwarding,no-agent-forwarding)
18 18
19 19 This allows pull/push over ssh from/to the repositories given as arguments.
20 20
21 21 If all your repositories are subdirectories of a common directory, you can
22 22 allow shorter paths with:
23 23 command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2"
24 24
25 25 You can use pattern matching of your normal shell, e.g.:
26 26 command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}"
27 27
28 28 You can also add a --read-only flag to allow read-only access to a key, e.g.:
29 29 command="hg-ssh --read-only repos/*"
30 30 """
31 31 from __future__ import absolute_import
32 32
33 33 import os
34 34 import shlex
35 35 import sys
36 36
37 37 # enable importing on demand to reduce startup time
38 38 import hgdemandimport ; hgdemandimport.enable()
39 39
40 40 from mercurial import (
41 41 dispatch,
42 pycompat,
42 43 ui as uimod,
43 44 )
44 45
45 46 def main():
46 47 # Prevent insertion/deletion of CRs
47 48 dispatch.initstdio()
48 49
49 50 cwd = os.getcwd()
50 51 readonly = False
51 52 args = sys.argv[1:]
52 53 while len(args):
53 54 if args[0] == '--read-only':
54 55 readonly = True
55 56 args.pop(0)
56 57 else:
57 58 break
58 59 allowed_paths = [os.path.normpath(os.path.join(cwd,
59 60 os.path.expanduser(path)))
60 61 for path in args]
61 62 orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?')
62 63 try:
63 64 cmdargv = shlex.split(orig_cmd)
64 65 except ValueError as e:
65 66 sys.stderr.write('Illegal command "%s": %s\n' % (orig_cmd, e))
66 67 sys.exit(255)
67 68
68 69 if cmdargv[:2] == ['hg', '-R'] and cmdargv[3:] == ['serve', '--stdio']:
69 70 path = cmdargv[2]
70 71 repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
71 72 if repo in allowed_paths:
72 cmd = [b'-R', repo, b'serve', b'--stdio']
73 cmd = [b'-R', pycompat.fsencode(repo), b'serve', b'--stdio']
73 74 req = dispatch.request(cmd)
74 75 if readonly:
75 76 if not req.ui:
76 77 req.ui = uimod.ui.load()
77 78 req.ui.setconfig(b'hooks', b'pretxnopen.hg-ssh',
78 79 b'python:__main__.rejectpush', b'hg-ssh')
79 80 req.ui.setconfig(b'hooks', b'prepushkey.hg-ssh',
80 81 b'python:__main__.rejectpush', b'hg-ssh')
81 82 dispatch.dispatch(req)
82 83 else:
83 84 sys.stderr.write('Illegal repository "%s"\n' % repo)
84 85 sys.exit(255)
85 86 else:
86 87 sys.stderr.write('Illegal command "%s"\n' % orig_cmd)
87 88 sys.exit(255)
88 89
89 90 def rejectpush(ui, **kwargs):
90 91 ui.warn((b"Permission denied\n"))
91 92 # mercurial hooks use unix process conventions for hook return values
92 93 # so a truthy return means failure
93 94 return True
94 95
95 96 if __name__ == '__main__':
96 97 main()
General Comments 0
You need to be logged in to leave comments. Login now