Here is the new hg-ssh I'm using with my cdm gate-side policy enforcement.
Dean
Index: mercurial.hg/contrib/hg-ssh
===================================================================
--- mercurial.hg.orig/contrib/hg-ssh 2008-03-21 10:45:40.000000000 -0500
+++ mercurial.hg/contrib/hg-ssh 2008-04-16 12:06:44.400654000 -0500
@@ -11,7 +11,7 @@
hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8):
-command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ...
+command="hg-ssh User at domain.com path/to/repo1 /path/to/repo2 ~/repo3
~user/repo4" ssh-dss ...
(probably together with these other useful options:
no-port-forwarding,no-X11-forwarding,no-agent-forwarding)
@@ -19,10 +19,10 @@ This allows pull/push over ssh to to the
If all your repositories are subdirectories of a common directory, you can
allow shorter paths with:
-command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2"
+command="cd path/to/my/repositories && hg-ssh User at domain.com repo1
subdir/repo2"
You can use pattern matching of your normal shell, e.g.:
-command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}"
+command="cd repos && hg-ssh User at domain.com user/thomas/*
projects/{mercurial,foo}"
"""
# enable importing on demand to reduce startup time
@@ -34,12 +34,17 @@ import sys, os
cwd = os.getcwd()
allowed_paths = [os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
- for path in sys.argv[1:]]
+ for path in sys.argv[2:]]
orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?')
+sys.stderr.write("User (%s)\n" % sys.argv[1])
+os.environ['CALLING_USER'] = sys.argv[1]
+
if orig_cmd.startswith('hg -R ') and orig_cmd.endswith(' serve --stdio'):
path = orig_cmd[6:-14]
repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path)))
+ sys.stderr.write("Repo (%s)\n" % repo)
+ os.environ['CALLED_REPO'] = repo
if repo in allowed_paths:
dispatch.dispatch(['-R', repo, 'serve', '--stdio'])
else:
