Mercurial > hg
view contrib/hg-ssh @ 5584:d2831a5d5947
hgwebdir: normalize virtual paths before stripping the separator
It is not even clear that virtual paths should be normalized as normal paths at all, we could expect slash to be the natural separator.
| author | Patrick Mezard <pmezard@gmail.com> |
|---|---|
| date | Sun, 02 Dec 2007 19:39:27 +0100 |
| parents | 55860a45bbf2 |
| children | 46293a0c7e9f |
line wrap: on
line source
#!/usr/bin/env python # # Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de> # Author(s): # Thomas Arendsen Hein <thomas@intevation.de> # # This software may be used and distributed according to the terms # of the GNU General Public License, incorporated herein by reference. """ hg-ssh - a wrapper for ssh access to a limited set of mercurial repos To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8): command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ... (probably together with these other useful options: no-port-forwarding,no-X11-forwarding,no-agent-forwarding) This allows pull/push over ssh to to the repositories given as arguments. If all your repositories are subdirectories of a common directory, you can allow shorter paths with: command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2" You can use pattern matching of your normal shell, e.g.: command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}" """ # enable importing on demand to reduce startup time from mercurial import demandimport; demandimport.enable() from mercurial import dispatch import sys, os cwd = os.getcwd() allowed_paths = [os.path.normpath(os.path.join(cwd, os.path.expanduser(path))) for path in sys.argv[1:]] orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?') if orig_cmd.startswith('hg -R ') and orig_cmd.endswith(' serve --stdio'): path = orig_cmd[6:-14] repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path))) if repo in allowed_paths: dispatch.dispatch(['-R', repo, 'serve', '--stdio']) else: sys.stderr.write("Illegal repository %r\n" % repo) sys.exit(-1) else: sys.stderr.write("Illegal command %r\n" % orig_cmd) sys.exit(-1)