contrib/hg-ssh
author David Schleimer <dschleimer@fb.com>
Tue, 22 May 2012 15:17:37 -0700
changeset 16836 1ba3e17186c8
parent 16779 67bfe7f64e57
child 25127 2b9cda9040f7
permissions -rwxr-xr-x
hg-ssh: read-only flag Allows you to restrict a ssh key to have read-only access to a set of repos by passing the --read-only flag to hg-ssh. This is useful in an environment where the number of unix users you can or are willing to create is limited. In such an environment, multiple users or applications will share a single unix account. Some of those applications will likely need read-only access to the repository. This change makes it possible to grant them such access without requiring that they use a separate unix account.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
     1
#!/usr/bin/env python
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
     2
#
5191
831ebc408ffb Adjust contrib/hg-ssh for moved dispatch() function.
Thomas Arendsen Hein <thomas@intevation.de>
parents: 1640
diff changeset
     3
# Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de>
8228
eee2319c5895 add blank line after copyright notices and after header
Martin Geisler <mg@lazybytes.net>
parents: 8225
diff changeset
     4
#
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
     5
# Author(s):
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
     6
# Thomas Arendsen Hein <thomas@intevation.de>
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
     7
#
8225
46293a0c7e9f updated license to be explicit about GPL version 2
Martin Geisler <mg@lazybytes.net>
parents: 5197
diff changeset
     8
# This software may be used and distributed according to the terms of the
10263
25e572394f5c Update license to GPLv2+
Matt Mackall <mpm@selenic.com>
parents: 8228
diff changeset
     9
# GNU General Public License version 2 or any later version.
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    10
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    11
"""
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    12
hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    13
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    14
To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8):
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    15
command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ...
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    16
(probably together with these other useful options:
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    17
 no-port-forwarding,no-X11-forwarding,no-agent-forwarding)
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    18
13996
1cafa0426a1a hg-ssh: fix duplicate word in docstring
Andreas Freimuth <andreas.freimuth@united-bits.de>
parents: 10263
diff changeset
    19
This allows pull/push over ssh from/to the repositories given as arguments.
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    20
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    21
If all your repositories are subdirectories of a common directory, you can
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    22
allow shorter paths with:
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    23
command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2"
1640
9a5b778f7e2d Added hint to hg-ssh that you can use shell pattern matching.
Thomas Arendsen Hein <thomas@intevation.de>
parents: 1537
diff changeset
    24
9a5b778f7e2d Added hint to hg-ssh that you can use shell pattern matching.
Thomas Arendsen Hein <thomas@intevation.de>
parents: 1537
diff changeset
    25
You can use pattern matching of your normal shell, e.g.:
9a5b778f7e2d Added hint to hg-ssh that you can use shell pattern matching.
Thomas Arendsen Hein <thomas@intevation.de>
parents: 1537
diff changeset
    26
command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}"
16836
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    27
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    28
You can also add a --read-only flag to allow read-only access to a key, e.g.:
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    29
command="hg-ssh --read-only repos/*"
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    30
"""
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    31
5197
55860a45bbf2 Enable demandimport only in scripts, not in importable modules (issue605)
Thomas Arendsen Hein <thomas@intevation.de>
parents: 5191
diff changeset
    32
# enable importing on demand to reduce startup time
55860a45bbf2 Enable demandimport only in scripts, not in importable modules (issue605)
Thomas Arendsen Hein <thomas@intevation.de>
parents: 5191
diff changeset
    33
from mercurial import demandimport; demandimport.enable()
55860a45bbf2 Enable demandimport only in scripts, not in importable modules (issue605)
Thomas Arendsen Hein <thomas@intevation.de>
parents: 5191
diff changeset
    34
5191
831ebc408ffb Adjust contrib/hg-ssh for moved dispatch() function.
Thomas Arendsen Hein <thomas@intevation.de>
parents: 1640
diff changeset
    35
from mercurial import dispatch
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    36
15897
cc021114fc98 hg-ssh: use shlex for shell-like parsing of SSH_ORIGINAL_COMMAND
Mads Kiilerich <mads@kiilerich.com>
parents: 14462
diff changeset
    37
import sys, os, shlex
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    38
16779
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    39
def main():
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    40
    cwd = os.getcwd()
16836
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    41
    readonly = False
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    42
    args = sys.argv[1:]
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    43
    while len(args):
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    44
        if args[0] == '--read-only':
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    45
            readonly = True
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    46
            args.pop(0)
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    47
        else:
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    48
            break
16779
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    49
    allowed_paths = [os.path.normpath(os.path.join(cwd,
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    50
                                                   os.path.expanduser(path)))
16836
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    51
                     for path in args]
16779
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    52
    orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?')
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    53
    try:
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    54
        cmdargv = shlex.split(orig_cmd)
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    55
    except ValueError, e:
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    56
        sys.stderr.write('Illegal command "%s": %s\n' % (orig_cmd, e))
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    57
        sys.exit(255)
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    58
16779
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    59
    if cmdargv[:2] == ['hg', '-R'] and cmdargv[3:] == ['serve', '--stdio']:
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    60
        path = cmdargv[2]
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    61
        repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    62
        if repo in allowed_paths:
16836
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    63
            cmd = ['-R', repo, 'serve', '--stdio']
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    64
            if readonly:
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    65
                cmd += [
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    66
                    '--config',
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    67
                    'hooks.prechangegroup.hg-ssh=python:__main__.rejectpush',
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    68
                    '--config',
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    69
                    'hooks.prepushkey.hg-ssh=python:__main__.rejectpush'
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    70
                    ]
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    71
            dispatch.dispatch(dispatch.request(cmd))
16779
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    72
        else:
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    73
            sys.stderr.write('Illegal repository "%s"\n' % repo)
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    74
            sys.exit(255)
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    75
    else:
16779
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    76
        sys.stderr.write('Illegal command "%s"\n' % orig_cmd)
16607
feb1fd2d13a9 hg-ssh: exit with 255 instead of -1 on error
Mads Kiilerich <mads@kiilerich.com>
parents: 16606
diff changeset
    77
        sys.exit(255)
1537
583b3696d24d Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff changeset
    78
16836
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    79
def rejectpush(ui, **kwargs):
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    80
    ui.warn("Permission denied\n")
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    81
    # mercurial hooks use unix process conventions for hook return values
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    82
    # so a truthy return means failure
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    83
    return True
1ba3e17186c8 hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents: 16779
diff changeset
    84
16779
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    85
if __name__ == '__main__':
67bfe7f64e57 hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents: 16607
diff changeset
    86
    main()