/brz/remove-bazaar

To get this branch, use:
bzr branch http://gegoxaren.bato24.eu/bzr/brz/remove-bazaar

« back to all changes in this revision

Viewing changes to contrib/bzr_access

  • Committer: Robert Collins
  • Date: 2010-05-05 00:05:29 UTC
  • mto: This revision was merged to the branch mainline in revision 5206.
  • Revision ID: robertc@robertcollins.net-20100505000529-ltmllyms5watqj5u
Make 'pydoc bzrlib.tests.build_tree_shape' useful.

Show diffs side-by-side

added added

removed removed

Lines of Context:
contrib/bzr_access
1
 
#!/usr/bin/env python3
 
1
#!/usr/bin/env python
2
2
###############################################################################
3
3
#
4
 
#  brz_access:
5
 
#    Simple access control for shared Breezy repository accessed over ssh.
 
4
#  bzr_access:
 
5
#    Simple access control for shared bazaar repository accessed over ssh.
6
6
#
7
7
# Copyright (C) 2007 Balint Aradi
8
8
#
22
22
#
23
23
###############################################################################
24
24
"""
25
 
Invocation: brz_access <brz_executable> <repo_collection> <user>
 
25
Invocation: bzr_access <bzr_executable> <repo_collection> <user>
26
26
 
27
27
The script extracts from the SSH_ORIGINAL_COMMAND environment variable the
28
 
repository, which Breezy tries to access through the brz+ssh protocol. The
 
28
repository, which bazaar tries to access through the bzr+ssh protocol. The
29
29
repository is assumed to be relative to <repo_collection>. Based
30
 
on the configuration file <repo_collection>/brz_access.conf it determines
 
30
on the configuration file <repo_collection>/bzr_access.conf it determines
31
31
the access rights (denied, read-only, read-write) for the specified user.
32
 
If the user has read-only or read-write access a Breezy smart server is
 
32
If the user has read-only or read-write access a bazaar smart server is
33
33
started for it in read-only or in read-write mode, rsp., using the specified
34
 
brz executable.
 
34
bzr executable.
35
35
 
36
36
Config file: INI format, pretty much similar to the authfile of subversion.
37
37
 
46
46
permissions: 'rw', 'r' and '' (without the quotes)
47
47
for read-write, read-only and no access, respectively.
48
48
 
49
 
Sample brz_access.conf::
 
49
Sample bzr_access.conf::
50
50
 
51
51
   [groups]
52
52
   admins = alpha
59
59
This allows you to set up a single SSH user, and customize the access based on
60
60
ssh key. Your ``.ssh/authorized_key`` file should look something like this::
61
61
 
62
 
   command="/path/to/brz_access /path/to/brz /path/to/repository <username>",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-<type> <key>
 
62
   command="/path/to/bzr_access /path/to/bzr /path/to/repository <username>",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-<type> <key>
63
63
"""
64
64
 
65
65
import ConfigParser
68
68
import subprocess
69
69
import sys
70
70
 
71
 
CONFIG_FILE = "brz_access.conf"
 
71
CONFIG_FILE = "bzr_access.conf"
72
72
SCRIPT_NAME = os.path.basename(sys.argv[0])
73
73
 
74
74
# Permission constants
79
79
 
80
80
# Exit codes
81
81
EXIT_BAD_NR_ARG = 1
82
 
EXIT_brz_NOEXEC = 2
 
82
EXIT_BZR_NOEXEC = 2
83
83
EXIT_REPO_NOREAD = 3
84
84
EXIT_BADENV = 4
85
85
EXIT_BADDIR = 5
87
87
EXIT_NOACCESS = 7
88
88
EXIT_BADUSERNAME = 8
89
89
 
90
 
# pattern for the brz command passed to ssh
91
 
PAT_SSH_COMMAND = re.compile(r"""^brz\s+
 
90
# pattern for the bzr command passed to ssh
 
91
PAT_SSH_COMMAND = re.compile(r"""^bzr\s+
92
92
                             serve\s+
93
93
                             --inet\s+
94
94
                             --directory=(?P<dir>\S+)\s+
95
95
                             --allow-writes\s*$""", re.VERBOSE)
96
96
 
97
 
# Command line for starting brz
98
 
brz_OPTIONS = ['serve', '--inet', '--directory']
99
 
brz_READWRITE_FLAGS = ['--allow-writes']
 
97
# Command line for starting bzr
 
98
BZR_OPTIONS = ['serve', '--inet', '--directory']
 
99
BZR_READWRITE_FLAGS = ['--allow-writes']
100
100
 
101
101
 
102
102
 
114
114
    def __init__(self, fp):
115
115
        """:param fp: File like object, containing the configuration options.
116
116
        """
117
 
        # TODO: jam 20071211 Consider switching to breezy.util.configobj
 
117
        # TODO: jam 20071211 Consider switching to bzrlib.util.configobj
118
118
        self.config = ConfigParser.ConfigParser()
119
119
        self.config.readfp(fp)
120
120
        self.groups = {}
180
180
    # Read arguments
181
181
    if len(sys.argv) != 4:
182
182
        error("Invalid number or arguments.", EXIT_BAD_NR_ARG)
183
 
    (brzExec, repoRoot, user) = sys.argv[1:4]
 
183
    (bzrExec, repoRoot, user) = sys.argv[1:4]
184
184
    
185
185
    # Sanity checks
186
 
    if not os.access(brzExec, os.X_OK):
187
 
        error("brz is not executable.", EXIT_brz_NOEXEC)
 
186
    if not os.access(bzrExec, os.X_OK):
 
187
        error("bzr is not executable.", EXIT_BZR_NOEXEC)
188
188
    if not os.access(repoRoot, os.R_OK):
189
189
        error("Path to repository not readable.", EXIT_REPO_NOREAD)
190
190
    
191
191
    # Extract the repository path from the command passed to ssh.
192
 
    if "SSH_ORIGINAL_COMMAND" not in os.environ:
 
192
    if not os.environ.has_key("SSH_ORIGINAL_COMMAND"):
193
193
        error("Environment variable SSH_ORIGINAL_COMMAND missing.", EXIT_BADENV)
194
194
    directory = get_directory(os.environ["SSH_ORIGINAL_COMMAND"])
195
195
    if len(directory) == 0:
209
209
    except IOError:
210
210
        error("Can't read config file.", EXIT_NOCONF)
211
211
    
212
 
    # Determine permission and execute brz with appropriate options
 
212
    # Determine permission and execute bzr with appropriate options
213
213
    perm = accessMan.permission(user)
214
 
    command = [brzExec] + brz_OPTIONS + [repoRoot]
 
214
    command = [bzrExec] + BZR_OPTIONS + [repoRoot]
215
215
    if perm == PERM_READ:
216
216
        # Nothing extra needed for readonly operations
217
217
        pass
218
218
    elif perm == PERM_READWRITE:
219
219
        # Add the write flags
220
 
        command.extend(brz_READWRITE_FLAGS)
 
220
        command.extend(BZR_READWRITE_FLAGS)
221
221
    else:
222
222
        error("Access denied.", EXIT_NOACCESS)
223
223
    return subprocess.call(command)