![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fd1cd91)
raw | patch | inline | side by side (parent: fd1cd91)
| author | Frank Lichtenheld <frank@lichtenheld.de> | |
| Fri, 15 Jun 2007 01:01:53 +0000 (03:01 +0200) | ||
| committer | Junio C Hamano <gitster@pobox.com> | |
| Sat, 16 Jun 2007 05:38:48 +0000 (22:38 -0700) |
Embarrassing bug number two in my options patch.
Also enforce that --export-all is only ever used together with an
explicit whitelist. Otherwise people might export every git repository
on the whole system without realising.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Also enforce that --export-all is only ever used together with an
explicit whitelist. Otherwise people might export every git repository
on the whole system without realising.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| Documentation/git-cvsserver.txt | patch | blob | history | |
| git-cvsserver.perl | patch | blob | history | |
| t/t9400-git-cvsserver-server.sh | patch | blob | history |
index 6d1e3117408f0b1f115511e2996dc70f122f8cba..60d0bcf0f31e6b4da6e56d7726ed942744704cbb 100644 (file)
Don't allow recursing into subdirectories
--export-all::
-Don't check for `gitcvs.enabled` in config
+Don't check for `gitcvs.enabled` in config. You also have to specify a list
+of allowed directories (see below) if you want to use this option.
--version, -V::
Print version information and exit
diff --git a/git-cvsserver.perl b/git-cvsserver.perl
index f78afe812e2082c687f3436401401be6022196bb..5cbf27eebc0f090c0d7e45e82064344b30d326fc 100755 (executable)
--- a/git-cvsserver.perl
+++ b/git-cvsserver.perl
# everything else is a directory
$state->{allowed_roots} = [ @ARGV ];
+# don't export the whole system unless the users requests it
+if ($state->{'export-all'} && !@{$state->{allowed_roots}}) {
+ die "--export-all can only be used together with an explicit whitelist\n";
+}
+
# if we are called with a pserver argument,
# deal with the authentication cat before entering the
# main loop
my $enabled = ($cfg->{gitcvs}{$state->{method}}{enabled}
|| $cfg->{gitcvs}{enabled});
- unless ($enabled && $enabled =~ /^\s*(1|true|yes)\s*$/i) {
+ unless ($state->{'export-all'} ||
+ ($enabled && $enabled =~ /^\s*(1|true|yes)\s*$/i)) {
print "E GITCVS emulation needs to be enabled on this repo\n";
print "E the repo config file needs a [gitcvs] section added, and the parameter 'enabled' set to 1\n";
print "E \n";
index 9b69452d6f4836f637c28854ea0660afbedb62b8..b442b5d145234ee18e646c3693e04307287263be 100755 (executable)
test_expect_failure 'req_Root failure (base-path)' \
'cat request-anonymous | git-cvsserver --strict-paths --base-path $WORKDIR pserver $SERVERDIR >log 2>&1'
+GIT_DIR="$SERVERDIR" git config --bool gitcvs.enabled false || exit 1
+
+test_expect_success 'req_Root (export-all)' \
+ 'cat request-anonymous | git-cvsserver --export-all pserver $WORKDIR >log 2>&1 &&
+ tail -n1 log | grep -q "^I LOVE YOU$"'
+
+test_expect_failure 'req_Root failure (export-all w/o whitelist)' \
+ 'cat request-anonymous | git-cvsserver --export-all pserver >log 2>&1
+ || false'
+
+test_expect_success 'req_Root (everything together)' \
+ 'cat request-base | git-cvsserver --export-all --strict-paths --base-path $WORKDIR/ pserver $SERVERDIR >log 2>&1 &&
+ tail -n1 log | grep -q "^I LOVE YOU$"'
+
+GIT_DIR="$SERVERDIR" git config --bool gitcvs.enabled true || exit 1
+
#--------------
# CONFIG TESTS
#--------------