Show More
@@ -1,124 +1,124 b'' | |||||
1 | # acl.py - changeset access control for mercurial |
|
1 | # acl.py - changeset access control for mercurial | |
2 | # |
|
2 | # | |
3 | # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> |
|
3 | # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> | |
4 | # |
|
4 | # | |
5 | # This software may be used and distributed according to the terms |
|
5 | # This software may be used and distributed according to the terms | |
6 | # of the GNU General Public License, incorporated herein by reference. |
|
6 | # of the GNU General Public License, incorporated herein by reference. | |
7 | # |
|
7 | # | |
8 | # this hook allows to allow or deny access to parts of a repo when |
|
8 | # this hook allows to allow or deny access to parts of a repo when | |
9 | # taking incoming changesets. |
|
9 | # taking incoming changesets. | |
10 | # |
|
10 | # | |
11 | # authorization is against local user name on system where hook is |
|
11 | # authorization is against local user name on system where hook is | |
12 | # run, not committer of original changeset (since that is easy to |
|
12 | # run, not committer of original changeset (since that is easy to | |
13 | # spoof). |
|
13 | # spoof). | |
14 | # |
|
14 | # | |
15 | # acl hook is best to use if you use hgsh to set up restricted shells |
|
15 | # acl hook is best to use if you use hgsh to set up restricted shells | |
16 | # for authenticated users to only push to / pull from. not safe if |
|
16 | # for authenticated users to only push to / pull from. not safe if | |
17 | # user has interactive shell access, because they can disable hook. |
|
17 | # user has interactive shell access, because they can disable hook. | |
18 | # also not safe if remote users share one local account, because then |
|
18 | # also not safe if remote users share one local account, because then | |
19 | # no way to tell remote users apart. |
|
19 | # no way to tell remote users apart. | |
20 | # |
|
20 | # | |
21 | # to use, configure acl extension in hgrc like this: |
|
21 | # to use, configure acl extension in hgrc like this: | |
22 | # |
|
22 | # | |
23 | # [extensions] |
|
23 | # [extensions] | |
24 | # hgext.acl = |
|
24 | # hgext.acl = | |
25 | # |
|
25 | # | |
26 | # [hooks] |
|
26 | # [hooks] | |
27 | # pretxnchangegroup.acl = python:hgext.acl.hook |
|
27 | # pretxnchangegroup.acl = python:hgext.acl.hook | |
28 | # |
|
28 | # | |
29 | # [acl] |
|
29 | # [acl] | |
30 | # sources = serve # check if source of incoming changes in this list |
|
30 | # sources = serve # check if source of incoming changes in this list | |
31 | # # ("serve" == ssh or http, "push", "pull", "bundle") |
|
31 | # # ("serve" == ssh or http, "push", "pull", "bundle") | |
32 | # |
|
32 | # | |
33 | # allow and deny lists have subtree pattern (default syntax is glob) |
|
33 | # allow and deny lists have subtree pattern (default syntax is glob) | |
34 | # on left, user names on right. deny list checked before allow list. |
|
34 | # on left, user names on right. deny list checked before allow list. | |
35 | # |
|
35 | # | |
36 | # [acl.allow] |
|
36 | # [acl.allow] | |
37 | # # if acl.allow not present, all users allowed by default |
|
37 | # # if acl.allow not present, all users allowed by default | |
38 | # # empty acl.allow = no users allowed |
|
38 | # # empty acl.allow = no users allowed | |
39 | # docs/** = doc_writer |
|
39 | # docs/** = doc_writer | |
40 | # .hgtags = release_engineer |
|
40 | # .hgtags = release_engineer | |
41 | # |
|
41 | # | |
42 | # [acl.deny] |
|
42 | # [acl.deny] | |
43 | # # if acl.deny not present, no users denied by default |
|
43 | # # if acl.deny not present, no users denied by default | |
44 | # # empty acl.deny = all users allowed |
|
44 | # # empty acl.deny = all users allowed | |
45 | # glob pattern = user4, user5 |
|
45 | # glob pattern = user4, user5 | |
46 | # ** = user6 |
|
46 | # ** = user6 | |
47 |
|
47 | |||
48 | from mercurial.i18n import _ |
|
48 | from mercurial.i18n import _ | |
49 | from mercurial.node import * |
|
49 | from mercurial.node import * | |
50 | from mercurial import util |
|
50 | from mercurial import util | |
51 | import getpass |
|
51 | import getpass | |
52 |
|
52 | |||
53 | class checker(object): |
|
53 | class checker(object): | |
54 | '''acl checker.''' |
|
54 | '''acl checker.''' | |
55 |
|
55 | |||
56 | def buildmatch(self, key): |
|
56 | def buildmatch(self, key): | |
57 | '''return tuple of (match function, list enabled).''' |
|
57 | '''return tuple of (match function, list enabled).''' | |
58 | if not self.ui.has_config(key): |
|
58 | if not self.ui.has_config(key): | |
59 | self.ui.debug(_('acl: %s not enabled\n') % key) |
|
59 | self.ui.debug(_('acl: %s not enabled\n') % key) | |
60 | return None, False |
|
60 | return None, False | |
61 |
|
61 | |||
62 | thisuser = self.getuser() |
|
62 | thisuser = self.getuser() | |
63 | pats = [pat for pat, users in self.ui.configitems(key) |
|
63 | pats = [pat for pat, users in self.ui.configitems(key) | |
64 | if thisuser in users.replace(',', ' ').split()] |
|
64 | if thisuser in users.replace(',', ' ').split()] | |
65 | self.ui.debug(_('acl: %s enabled, %d entries for user %s\n') % |
|
65 | self.ui.debug(_('acl: %s enabled, %d entries for user %s\n') % | |
66 | (key, len(pats), thisuser)) |
|
66 | (key, len(pats), thisuser)) | |
67 | if pats: |
|
67 | if pats: | |
68 | match = util.matcher(self.repo.root, names=pats)[1] |
|
68 | match = util.matcher(self.repo.root, names=pats)[1] | |
69 | else: |
|
69 | else: | |
70 | match = util.never |
|
70 | match = util.never | |
71 | return match, True |
|
71 | return match, True | |
72 |
|
72 | |||
73 | def getuser(self): |
|
73 | def getuser(self): | |
74 | '''return name of authenticated user.''' |
|
74 | '''return name of authenticated user.''' | |
75 | return self.user |
|
75 | return self.user | |
76 |
|
76 | |||
77 | def __init__(self, ui, repo): |
|
77 | def __init__(self, ui, repo): | |
78 | self.ui = ui |
|
78 | self.ui = ui | |
79 | self.repo = repo |
|
79 | self.repo = repo | |
80 | self.user = getpass.getuser() |
|
80 | self.user = getpass.getuser() | |
81 | cfg = self.ui.config('acl', 'config') |
|
81 | cfg = self.ui.config('acl', 'config') | |
82 | if cfg: |
|
82 | if cfg: | |
83 | self.ui.readsections(cfg, 'acl.allow', 'acl.deny') |
|
83 | self.ui.readsections(cfg, 'acl.allow', 'acl.deny') | |
84 | self.allow, self.allowable = self.buildmatch('acl.allow') |
|
84 | self.allow, self.allowable = self.buildmatch('acl.allow') | |
85 | self.deny, self.deniable = self.buildmatch('acl.deny') |
|
85 | self.deny, self.deniable = self.buildmatch('acl.deny') | |
86 |
|
86 | |||
87 | def skipsource(self, source): |
|
87 | def skipsource(self, source): | |
88 | '''true if incoming changes from this source should be skipped.''' |
|
88 | '''true if incoming changes from this source should be skipped.''' | |
89 | ok_sources = self.ui.config('acl', 'sources', 'serve').split() |
|
89 | ok_sources = self.ui.config('acl', 'sources', 'serve').split() | |
90 | return source not in ok_sources |
|
90 | return source not in ok_sources | |
91 |
|
91 | |||
92 | def check(self, node): |
|
92 | def check(self, node): | |
93 | '''return if access allowed, raise exception if not.''' |
|
93 | '''return if access allowed, raise exception if not.''' | |
94 |
files = self.repo.change |
|
94 | files = self.repo.changectx(node).files() | |
95 | if self.deniable: |
|
95 | if self.deniable: | |
96 | for f in files: |
|
96 | for f in files: | |
97 | if self.deny(f): |
|
97 | if self.deny(f): | |
98 | self.ui.debug(_('acl: user %s denied on %s\n') % |
|
98 | self.ui.debug(_('acl: user %s denied on %s\n') % | |
99 | (self.getuser(), f)) |
|
99 | (self.getuser(), f)) | |
100 | raise util.Abort(_('acl: access denied for changeset %s') % |
|
100 | raise util.Abort(_('acl: access denied for changeset %s') % | |
101 | short(node)) |
|
101 | short(node)) | |
102 | if self.allowable: |
|
102 | if self.allowable: | |
103 | for f in files: |
|
103 | for f in files: | |
104 | if not self.allow(f): |
|
104 | if not self.allow(f): | |
105 | self.ui.debug(_('acl: user %s not allowed on %s\n') % |
|
105 | self.ui.debug(_('acl: user %s not allowed on %s\n') % | |
106 | (self.getuser(), f)) |
|
106 | (self.getuser(), f)) | |
107 | raise util.Abort(_('acl: access denied for changeset %s') % |
|
107 | raise util.Abort(_('acl: access denied for changeset %s') % | |
108 | short(node)) |
|
108 | short(node)) | |
109 | self.ui.debug(_('acl: allowing changeset %s\n') % short(node)) |
|
109 | self.ui.debug(_('acl: allowing changeset %s\n') % short(node)) | |
110 |
|
110 | |||
111 | def hook(ui, repo, hooktype, node=None, source=None, **kwargs): |
|
111 | def hook(ui, repo, hooktype, node=None, source=None, **kwargs): | |
112 | if hooktype != 'pretxnchangegroup': |
|
112 | if hooktype != 'pretxnchangegroup': | |
113 | raise util.Abort(_('config error - hook type "%s" cannot stop ' |
|
113 | raise util.Abort(_('config error - hook type "%s" cannot stop ' | |
114 | 'incoming changesets') % hooktype) |
|
114 | 'incoming changesets') % hooktype) | |
115 |
|
115 | |||
116 | c = checker(ui, repo) |
|
116 | c = checker(ui, repo) | |
117 | if c.skipsource(source): |
|
117 | if c.skipsource(source): | |
118 | ui.debug(_('acl: changes have source "%s" - skipping\n') % source) |
|
118 | ui.debug(_('acl: changes have source "%s" - skipping\n') % source) | |
119 | return |
|
119 | return | |
120 |
|
120 | |||
121 | start = repo.changelog.rev(bin(node)) |
|
121 | start = repo.changelog.rev(bin(node)) | |
122 | end = repo.changelog.count() |
|
122 | end = repo.changelog.count() | |
123 | for rev in xrange(start, end): |
|
123 | for rev in xrange(start, end): | |
124 | c.check(repo.changelog.node(rev)) |
|
124 | c.check(repo.changelog.node(rev)) |
General Comments 0
You need to be logged in to leave comments.
Login now