/usr/share/mercurial-server/mercurialserver/ruleset.py is in mercurial-server 1.2-2.2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 | """
Glob-based, order-based rules matcher that can answer "maybe"
where the inputs make clear that something is unknown.
"""
import sys
import re
import os
import os.path
def globmatcher(pattern):
p = "[^/]*".join(re.escape(c) for c in pattern.split("*"))
# ** means "match recursively" ie "ignore directories"
return re.compile(p.replace("[^/]*[^/]*", ".*") + "$")
# Returns 1 for a definite match
# -1 for a definite non-match
# 0 where we can't be sure because a key is None
def rmatch(k, m, kw):
if k not in kw:
return -1
kkw = kw[k]
if kkw is None:
return 0
elif m.match(kkw) is None:
return -1
else:
return 1
def rule(pairs):
matchers = [(k, globmatcher(v)) for k, v in pairs]
def c(kw):
return min(rmatch(k, m, kw) for k, m in matchers)
return c
class Ruleset(object):
'''Class representing the rules in a rule file'''
levels = ["init", "write", "read", "deny"]
def __init__(self):
self.rules = []
self.preset = {}
def set(self, **kw):
self.preset.update(kw)
def get(self, k):
return self.preset.get(k, None)
def allow(self, level, **kw):
levelindex = self.levels.index(level)
d = self.preset.copy()
d.update(kw)
for a, c in self.rules:
m = c(d)
if m == 1:
# Definite match - what it says goes
return a <= levelindex
elif m == 0:
# "Maybe match" - allow if it says yes, ignore if no
if a <= levelindex:
return True
return False
def readfile(self, fn):
f = open(fn)
try:
for l in f:
l = l.strip()
if len(l) == 0 or l.startswith("#"):
continue
l = l.split()
# Unrecognized actions are off the high end
if l[0] in self.levels:
ix = self.levels.index(l[0])
else:
ix = len(self.levels)
self.rules.append((ix,
rule([c.split("=", 1) for c in l[1:]])))
finally:
f.close()
rules = Ruleset()
|