import os

import re

import shlex

import sys

import click

import kallithea

import kallithea.bin.kallithea_cli_base as cli_base

from kallithea.lib.utils2 import str2bool

from kallithea.lib.vcs.backends.git.ssh import GitSshHandler

from kallithea.lib.vcs.backends.hg.ssh import MercurialSshHandler

log = logging.getLogger(__name__)

@cli_base.register_command(config_file_initialize_app=True, hidden=True)

@click.argument('user-id', type=click.INT, required=True)

@click.argument('key-id', type=click.INT, required=True)

def ssh_serve(user_id, key_id):

    """Serve SSH repository protocol access.

    The trusted command that is invoked from .ssh/authorized_keys to serve SSH

            assert False # serve is written so it never will terminate

    sys.stderr.write("This account can only be used for repository access. SSH command %r is not supported.\n" % ssh_original_command)

    sys.exit(1)

@cli_base.register_command(config_file_initialize_app=True)

def ssh_update_authorized_keys():

    """Update .ssh/authorized_keys file.

    The file is usually maintained automatically, but this command will also re-write it.

    """

    SshKeyModel().write_authorized_keys()

import errno

import logging

import os

import stat

import tempfile

from tg import config

from tg.i18n import ugettext as _

from kallithea.lib import ssh

from kallithea.lib.utils2 import safe_str, str2bool

from kallithea.model.db import User, UserSshKeys

from kallithea.model.meta import Session

log = logging.getLogger(__name__)

    """Exception raised by SshKeyModel methods to report errors"""

class SshKeyModel(object):

    def create(self, user, description, public_key):

        """

        :param user: user or user_id

        :param description: description of SshKey

        :param publickey: public key text

        Will raise SshKeyModelException on errors

        """

        log.info('Writing %s', authorized_keys)

        authorized_keys_dir = os.path.dirname(authorized_keys)

        try:

            os.makedirs(authorized_keys_dir)

            os.chmod(authorized_keys_dir, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR) # ~/.ssh/ must be 0700

        except OSError as exception:

            if exception.errno != errno.EEXIST:

                raise

        # Now, test that the directory is or was created in a readable way by previous.

        if not (os.path.isdir(authorized_keys_dir) and

                os.access(authorized_keys_dir, os.W_OK)):

        # Make sure we don't overwrite a key file with important content

        if os.path.exists(authorized_keys):

            with open(authorized_keys) as f:

                for l in f:

                    if not l.strip() or l.startswith('#'):

                        pass # accept empty lines and comments

                    elif ssh.SSH_OPTIONS in l and ' ssh-serve ' in l:

                        pass # Kallithea entries are ok to overwrite

                    else:

        fh, tmp_authorized_keys = tempfile.mkstemp('.authorized_keys', dir=os.path.dirname(authorized_keys))

        with os.fdopen(fh, 'w') as f:

            f.write("# WARNING: This .ssh/authorized_keys file is managed by Kallithea. Manual editing or adding new entries will make Kallithea back off.\n")

            for key in UserSshKeys.query().join(UserSshKeys.user).filter(User.active == True):

                f.write(ssh.authorized_keys_line(kallithea_cli_path, config['__file__'], key))

        os.chmod(tmp_authorized_keys, stat.S_IRUSR | stat.S_IWUSR)

        # This preliminary remove is needed for Windows, not for Unix.

        # TODO In Python 3, the remove+rename sequence below should become os.replace.

        if os.path.exists(authorized_keys):

            os.remove(authorized_keys)

        os.rename(tmp_authorized_keys, authorized_keys)