contrib/hg-ssh
author Matt Mackall <mpm@selenic.com>
Fri, 09 Jun 2006 18:03:35 -0500
changeset 2421 a1cfe679192c
parent 1640 9a5b778f7e2d
child 5191 831ebc408ffb
permissions -rwxr-xr-x
ssh: add capability detection at startup Because older servers don't return any output for unknown commands, it's tricky to add new commands. The approach is this: we add a "hello" command that reports any interesting capabilities (and other things that might be of interest in the future). To detect whether this new command is supported, we issue both it and our startup detection command ("between") at the beginning of a connection.

#!/usr/bin/env python
#
# Copyright 2005, 2006 by Intevation GmbH <intevation@intevation.de>
# Author(s):
# Thomas Arendsen Hein <thomas@intevation.de>
#
# This software may be used and distributed according to the terms
# of the GNU General Public License, incorporated herein by reference.

"""
hg-ssh - a wrapper for ssh access to a limited set of mercurial repos

To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8):
command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ...
(probably together with these other useful options:
 no-port-forwarding,no-X11-forwarding,no-agent-forwarding)

This allows pull/push over ssh to to the repositories given as arguments.

If all your repositories are subdirectories of a common directory, you can
allow shorter paths with:
command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2"

You can use pattern matching of your normal shell, e.g.:
command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}"
"""

from mercurial import commands

import sys, os

cwd = os.getcwd()
allowed_paths = [os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
                 for path in sys.argv[1:]]
orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?')

if orig_cmd.startswith('hg -R ') and orig_cmd.endswith(' serve --stdio'):
    path = orig_cmd[6:-14]
    repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
    if repo in allowed_paths:
        commands.dispatch(['-R', repo, 'serve', '--stdio'])
    else:
        sys.stderr.write("Illegal repository %r\n" % repo)
        sys.exit(-1)
else:
    sys.stderr.write("Illegal command %r\n" % orig_cmd)
    sys.exit(-1)