upstream/mercurial-mirror Files · mercurial/sshserver.py

https: warn when server certificate isn't verified...

https: warn when server certificate isn't verified Mercurial will verify HTTPS server certificates if web.cacerts is configured, but it will by default silently not verify any certificates. We now warn the user that when the certificate isn't verified she won't get the security she might expect from https: warning: localhost certificate not verified (check web.cacerts config setting) Self-signed certificates can be accepted silently by configuring web.cacerts to point to a suitable certificate file.

Benoit Boissinot - - Load All Authors

File last commit:

r12703:40bb5853 default


                r13163:2fa2e644

stable

Download file

             sshserver.py
        
                    144 lines
            
             | 3.9 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / mercurial / sshserver.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      # sshserver.py - ssh protocol server support for mercurial

      #

      # Copyright 2005-2007 Matt Mackall <mpm@selenic.com>

      # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>

      #

      # This software may be used and distributed according to the terms of the

      # GNU General Public License version 2 or any later version.

      import util, hook, wireproto, changegroup

      import os, sys

      class sshserver(object):

          def __init__(self, ui, repo):

              self.ui = ui

              self.repo = repo

              self.lock = None

              self.fin = sys.stdin

              self.fout = sys.stdout

              hook.redirect(True)

              sys.stdout = sys.stderr

              # Prevent insertion/deletion of CRs

              util.set_binary(self.fin)

              util.set_binary(self.fout)

          def getargs(self, args):

              data = {}

              keys = args.split()

              count = len(keys)

              for n in xrange(len(keys)):

                  argline = self.fin.readline()[:-1]

                  arg, l = argline.split()

                  val = self.fin.read(int(l))

                  if arg not in keys:

                      raise util.Abort("unexpected parameter %r" % arg)

                  if arg == '*':

                      star = {}

                      for n in xrange(int(l)):

                          arg, l = argline.split()

                          val = self.fin.read(int(l))

                          star[arg] = val

                      data['*'] = star

                  else:

                      data[arg] = val

              return [data[k] for k in keys]

          def getarg(self, name):

              return self.getargs(name)[0]

          def getfile(self, fpout):

              self.sendresponse('')

              count = int(self.fin.readline())

              while count:

                  fpout.write(self.fin.read(count))

                  count = int(self.fin.readline())

          def redirect(self):

              pass

          def groupchunks(self, changegroup):

              while True:

                  d = changegroup.read(4096)

                  if not d:

                      break

                  yield d

          def sendresponse(self, v):

              self.fout.write("%d\n" % len(v))

              self.fout.write(v)

              self.fout.flush()

          def sendstream(self, source):

              for chunk in source.gen:

                  self.fout.write(chunk)

              self.fout.flush()

          def sendpushresponse(self, rsp):

              self.sendresponse('')

              self.sendresponse(str(rsp.res))

          def sendpusherror(self, rsp):

              self.sendresponse(rsp.res)

          def serve_forever(self):

              try:

                  while self.serve_one():

                      pass

              finally:

                  if self.lock is not None:

                      self.lock.release()

              sys.exit(0)

          handlers = {

              str: sendresponse,

              wireproto.streamres: sendstream,

              wireproto.pushres: sendpushresponse,

              wireproto.pusherr: sendpusherror,

          }

          def serve_one(self):

              cmd = self.fin.readline()[:-1]

              if cmd and cmd in wireproto.commands:

                  rsp = wireproto.dispatch(self.repo, self, cmd)

                  self.handlers[rsp.__class__](self, rsp)

              elif cmd:

                  impl = getattr(self, 'do_' + cmd, None)

                  if impl:

                      r = impl()

                      if r is not None:

                          self.sendresponse(r)

                  else: self.sendresponse("")

              return cmd != ''

          def do_lock(self):

              '''DEPRECATED - allowing remote client to lock repo is not safe'''

              self.lock = self.repo.lock()

              return ""

          def do_unlock(self):

              '''DEPRECATED'''

              if self.lock:

                  self.lock.release()

              self.lock = None

              return ""

          def do_addchangegroup(self):

              '''DEPRECATED'''

              if not self.lock:

                  self.sendresponse("not locked")

                  return

              self.sendresponse("")

              cg = changegroup.unbundle10(self.fin, "UN")

              r = self.repo.addchangegroup(cg, 'serve', self._client(),

                                           lock=self.lock)

              return str(r)

          def _client(self):

              client = os.environ.get('SSH_CLIENT', '').split(' ', 1)[0]

              return 'remote:ssh:' + client

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				# sshserver.py - ssh protocol server support for mercurial
				#
				# Copyright 2005-2007 Matt Mackall <mpm@selenic.com>
				# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
				#
				# This software may be used and distributed according to the terms of the
				# GNU General Public License version 2 or any later version.

				import util, hook, wireproto, changegroup
				import os, sys

				class sshserver(object):
				def __init__(self, ui, repo):
				self.ui = ui
				self.repo = repo
				self.lock = None
				self.fin = sys.stdin
				self.fout = sys.stdout

				hook.redirect(True)
				sys.stdout = sys.stderr

				# Prevent insertion/deletion of CRs
				util.set_binary(self.fin)
				util.set_binary(self.fout)

				def getargs(self, args):
				data = {}
				keys = args.split()
				count = len(keys)
				for n in xrange(len(keys)):
				argline = self.fin.readline()[:-1]
				arg, l = argline.split()
				val = self.fin.read(int(l))
				if arg not in keys:
				raise util.Abort("unexpected parameter %r" % arg)
				if arg == '*':
				star = {}
				for n in xrange(int(l)):
				arg, l = argline.split()
				val = self.fin.read(int(l))
				star[arg] = val
				data['*'] = star
				else:
				data[arg] = val
				return [data[k] for k in keys]

				def getarg(self, name):
				return self.getargs(name)[0]

				def getfile(self, fpout):
				self.sendresponse('')
				count = int(self.fin.readline())
				while count:
				fpout.write(self.fin.read(count))
				count = int(self.fin.readline())

				def redirect(self):
				pass

				def groupchunks(self, changegroup):
				while True:
				d = changegroup.read(4096)
				if not d:
				break
				yield d

				def sendresponse(self, v):
				self.fout.write("%d\n" % len(v))
				self.fout.write(v)
				self.fout.flush()

				def sendstream(self, source):
				for chunk in source.gen:
				self.fout.write(chunk)
				self.fout.flush()

				def sendpushresponse(self, rsp):
				self.sendresponse('')
				self.sendresponse(str(rsp.res))

				def sendpusherror(self, rsp):
				self.sendresponse(rsp.res)

				def serve_forever(self):
				try:
				while self.serve_one():
				pass
				finally:
				if self.lock is not None:
				self.lock.release()
				sys.exit(0)

				handlers = {
				str: sendresponse,
				wireproto.streamres: sendstream,
				wireproto.pushres: sendpushresponse,
				wireproto.pusherr: sendpusherror,
				}

				def serve_one(self):
				cmd = self.fin.readline()[:-1]
				if cmd and cmd in wireproto.commands:
				rsp = wireproto.dispatch(self.repo, self, cmd)
				self.handlers[rsp.__class__](self, rsp)
				elif cmd:
				impl = getattr(self, 'do_' + cmd, None)
				if impl:
				r = impl()
				if r is not None:
				self.sendresponse(r)
				else: self.sendresponse("")
				return cmd != ''

				def do_lock(self):
				'''DEPRECATED - allowing remote client to lock repo is not safe'''

				self.lock = self.repo.lock()
				return ""

				def do_unlock(self):
				'''DEPRECATED'''

				if self.lock:
				self.lock.release()
				self.lock = None
				return ""

				def do_addchangegroup(self):
				'''DEPRECATED'''

				if not self.lock:
				self.sendresponse("not locked")
				return

				self.sendresponse("")
				cg = changegroup.unbundle10(self.fin, "UN")
				r = self.repo.addchangegroup(cg, 'serve', self._client(),
				lock=self.lock)
				return str(r)

				def _client(self):
				client = os.environ.get('SSH_CLIENT', '').split(' ', 1)[0]
				return 'remote:ssh:' + client