6 # GNU General Public License version 2, incorporated herein by reference. |
6 # GNU General Public License version 2, incorporated herein by reference. |
7 # |
7 # |
8 |
8 |
9 '''provide simple hooks for access control |
9 '''provide simple hooks for access control |
10 |
10 |
11 Authorization is against local user name on system where hook is run, not |
11 This hook makes it possible to allow or deny write access to portions |
12 committer of original changeset (since that is easy to spoof). |
12 of a repository when receiving incoming changesets. |
13 |
13 |
14 The acl hook is best to use if you use hgsh to set up restricted shells for |
14 The authorization is matched based on the local user name on the |
15 authenticated users to only push to / pull from. It's not safe if user has |
15 system where the hook runs, and not the committer of the original |
16 interactive shell access, because they can disable the hook. It's also not |
16 changeset (since the latter is merely informative). |
17 safe if remote users share one local account, because then there's no way to |
|
18 tell remote users apart. |
|
19 |
17 |
20 To use, configure the acl extension in hgrc like this: |
18 The acl hook is best used along with a restricted shell like hgsh, |
|
19 preventing authenticating users from doing anything other than |
|
20 pushing or pulling. The hook is not safe to use if users have |
|
21 interactive shell access, as they can then disable the hook. |
|
22 Nor is it safe if remote users share an account, because then there |
|
23 is no way to distinguish them. |
|
24 |
|
25 To use this hook, configure the acl extension in your hgrc like this: |
21 |
26 |
22 [extensions] |
27 [extensions] |
23 hgext.acl = |
28 hgext.acl = |
24 |
29 |
25 [hooks] |
30 [hooks] |
26 pretxnchangegroup.acl = python:hgext.acl.hook |
31 pretxnchangegroup.acl = python:hgext.acl.hook |
27 |
32 |
28 [acl] |
33 [acl] |
29 sources = serve # check if source of incoming changes in this list |
34 # Check whether the source of incoming changes is in this list |
30 # ("serve" == ssh or http, "push", "pull", "bundle") |
35 # ("serve" == ssh or http, "push", "pull", "bundle") |
|
36 sources = serve |
31 |
37 |
32 Allow and deny lists have a subtree pattern (default syntax is glob) on the |
38 The allow and deny sections take a subtree pattern as key (with a |
33 left and user names on right. The deny list is checked before the allow list. |
39 glob syntax by default), and a comma separated list of users as |
|
40 the corresponding value. The deny list is checked before the allow |
|
41 list is. |
34 |
42 |
35 [acl.allow] |
43 [acl.allow] |
36 # if acl.allow not present, all users allowed by default |
44 # If acl.allow is not present, all users are allowed by default. |
37 # empty acl.allow = no users allowed |
45 # An empty acl.allow section means no users allowed. |
38 docs/** = doc_writer |
46 docs/** = doc_writer |
39 .hgtags = release_engineer |
47 .hgtags = release_engineer |
40 |
48 |
41 [acl.deny] |
49 [acl.deny] |
42 # if acl.deny not present, no users denied by default |
50 # If acl.deny is not present, no users are refused by default. |
43 # empty acl.deny = all users allowed |
51 # An empty acl.deny section means all users allowed. |
44 glob pattern = user4, user5 |
52 glob pattern = user4, user5 |
45 ** = user6 |
53 ** = user6 |
46 ''' |
54 ''' |
47 |
55 |
48 from mercurial.i18n import _ |
56 from mercurial.i18n import _ |