grim/hgkeeper

basic access control is working!

2019-09-10, Gary Kramlich
803e8c53ff13
Parents f59237b3e3f2
Children ea4d0c4e0f66
basic access control is working!
5 files changed, 57 insertions(+), 5 deletions(-)
  • +1 -0
    go.mod
  • +2 -0
    go.sum
  • +19 -3
    hg/hg.go
  • +31 -0
    hg/hgrc.go
  • +4 -2
    ssh/commands/run.go
    • --- a/go.mod Tue Sep 10 01:37:08 2019 -0500
    +++ b/go.mod Tue Sep 10 02:11:53 2019 -0500
    @@ -7,4 +7,5 @@
    github.com/sirupsen/logrus v1.4.1
    github.com/stretchr/testify v1.3.0
    golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a
    + gopkg.in/ini.v1 v1.46.0
    )
    --- a/go.sum Tue Sep 10 01:37:08 2019 -0500
    +++ b/go.sum Tue Sep 10 02:11:53 2019 -0500
    @@ -27,3 +27,5 @@
    golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
    golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e h1:nFYrTHrdrAOpShe27kaFHjsqYSEQ0KWqdWLu3xuZJts=
    golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
    +gopkg.in/ini.v1 v1.46.0 h1:VeDZbLYGaupuvIrsYCEOe/L/2Pcs5n7hdO1ZTjporag=
    +gopkg.in/ini.v1 v1.46.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
    --- a/hg/hg.go Tue Sep 10 01:37:08 2019 -0500
    +++ b/hg/hg.go Tue Sep 10 02:11:53 2019 -0500
    @@ -3,6 +3,8 @@
    import (
    "os"
    "os/exec"
    +
    + log "github.com/sirupsen/logrus"
    )
    type Command struct {
    @@ -11,12 +13,26 @@
    writeable bool
    }
    -func (c *Command) Setup() {
    - c.cmd.Env = append(os.Environ(), "HGRCPATH=/dev/null")
    +func (c *Command) Setup() error {
    + hgrc, err := createHgrc(c.writeable)
    + if err != nil {
    + return err
    + }
    +
    + c.tmpHgrc = hgrc
    +
    + c.cmd.Env = append(os.Environ(), "HGRCPATH="+c.tmpHgrc)
    +
    + return nil
    }
    func (c *Command) Teardown() {
    -
    + if c.tmpHgrc != "" {
    + if err := os.Remove(c.tmpHgrc); err != nil {
    + log.Warnf("failed to remove %q: %v", c.tmpHgrc, err)
    + }
    + c.tmpHgrc = ""
    + }
    }
    func (c *Command) Cmd() *exec.Cmd {
    --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/hg/hgrc.go Tue Sep 10 02:11:53 2019 -0500
    @@ -0,0 +1,31 @@
    +package hg
    +
    +import (
    + "io/ioutil"
    +
    + "gopkg.in/ini.v1"
    +)
    +
    +func createHgrc(writeable bool) (string, error) {
    + tmpfile, err := ioutil.TempFile("", "hgkeeper-*.hgrc")
    + if err != nil {
    + return "", err
    + }
    +
    + hgrc := ini.Empty()
    +
    + if !writeable {
    + hooks, err := hgrc.NewSection("hooks")
    + if err != nil {
    + return "", err
    + }
    +
    + hooks.NewKey("pretxnchangegroup", "/bin/false")
    + }
    +
    + if err := hgrc.SaveTo(tmpfile.Name()); err != nil {
    + return "", err
    + }
    +
    + return tmpfile.Name(), nil
    +}
    --- a/ssh/commands/run.go Tue Sep 10 01:37:08 2019 -0500
    +++ b/ssh/commands/run.go Tue Sep 10 02:11:53 2019 -0500
    @@ -14,6 +14,10 @@
    func run(hgCmd *hg.Command, conn ssh.Channel, serverConn *ssh.ServerConn, req *ssh.Request) error {
    cmd := hgCmd.Cmd()
    + if err := hgCmd.Setup(); err != nil {
    + return err
    + }
    +
    teardown := func() {
    conn.Close()
    @@ -73,8 +77,6 @@
    once.Do(teardown)
    }()
    - hgCmd.Setup()
    -
    if err := cmd.Start(); err != nil {
    req.Reply(false, nil)
    once.Do(teardown)