Smart-http: check if repository is OK to export before serving it

Similar to how git-daemon checks whether a repository is OK to be
exported, smart-http should also check.  This check can be satisfied
in two different ways: the environmental variable GIT_HTTP_EXPORT_ALL
may be set to export all repositories, or the individual repository
may have the file git-daemon-export-ok.

Acked-by: Shawn O. Pearce <spearce@spearce.org>
Signed-off-by: Tarmigan Casebolt <tarmigan+git@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/Documentation/git-http-backend.txt b/Documentation/git-http-backend.txt
index 67aec067c8ffd75837ccc1d3e2524f5db2eb9a75..c8fe08a0c4e2c5c561ce1d653f3a722b511eca28 100644 (file)
--- a/Documentation/git-http-backend.txt
+++ b/Documentation/git-http-backend.txt
@@ -18,6 +18,11 @@ The program supports clients fetching using both the smart HTTP protcol
 and the backwards-compatible dumb HTTP protocol, as well as clients
 pushing using the smart HTTP protocol.
 
+It verifies that the directory has the magic file
+"git-daemon-export-ok", and it will refuse to export any git directory
+that hasn't explicitly been marked for export this way (unless the
+GIT_HTTP_EXPORT_ALL environmental variable is set).
+
 By default, only the `upload-pack` service is enabled, which serves
 'git-fetch-pack' and 'git-ls-remote' clients, which are invoked from
 'git-fetch', 'git-pull', and 'git-clone'.  If the client is authenticated,
@@ -70,6 +75,7 @@ Apache 2.x::
 +
 ----------------------------------------------------------------
 SetEnv GIT_PROJECT_ROOT /var/www/git
+SetEnv GIT_HTTP_EXPORT_ALL
 ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
 ----------------------------------------------------------------
 +
@@ -157,6 +163,10 @@ by the invoking web server, including:
 * QUERY_STRING
 * REQUEST_METHOD
 
+The GIT_HTTP_EXPORT_ALL environmental variable may be passed to
+'git-http-backend' to bypass the check for the "git-daemon-export-ok"
+file in each repository before allowing export of that repository.
+
 The backend process sets GIT_COMMITTER_NAME to '$REMOTE_USER' and
 GIT_COMMITTER_EMAIL to '$\{REMOTE_USER}@http.$\{REMOTE_ADDR\}',
 ensuring that any reflogs created by 'git-receive-pack' contain some

diff --git a/http-backend.c b/http-backend.c
index f729488fc5f787c0f4997aacdd1bb14732d717f7..345c12b79064f23e0ae0a15781731b9a42272d83 100644 (file)
--- a/http-backend.c
+++ b/http-backend.c
@@ -648,6 +648,9 @@ int main(int argc, char **argv)
        setup_path();
        if (!enter_repo(dir, 0))
                not_found("Not a git repository: '%s'", dir);
+       if (!getenv("GIT_HTTP_EXPORT_ALL") &&
+           access("git-daemon-export-ok", F_OK) )
+               not_found("Repository not exported: '%s'", dir);
 
        git_config(http_config, NULL);
        cmd->imp(cmd_arg);

diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf
index 0fe3fd0d012159f6abe7f7d8b006d3f8e59cbab3..4961505d1dd99da529b43abd42522e6a005961b1 100644 (file)
--- a/t/lib-httpd/apache.conf
+++ b/t/lib-httpd/apache.conf
@@ -22,8 +22,13 @@ Alias /dumb/ www/
 
 <Location /smart/>
        SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
+       SetEnv GIT_HTTP_EXPORT_ALL
+</Location>
+<Location /smart_noexport/>
+       SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
 </Location>
 ScriptAlias /smart/ ${GIT_EXEC_PATH}/git-http-backend/
+ScriptAlias /smart_noexport/ ${GIT_EXEC_PATH}/git-http-backend/
 <Directory ${GIT_EXEC_PATH}>
        Options None
 </Directory>

diff --git a/t/t5560-http-backend.sh b/t/t5560-http-backend.sh
index ed034bc980ca6636db4acda443d15426e470c25b..604ff4fe9db1965bf00572776299e3b7915809cc 100755 (executable)
--- a/t/t5560-http-backend.sh
+++ b/t/t5560-http-backend.sh
@@ -23,7 +23,7 @@ config() {
 }
 
 GET() {
-       curl --include "$HTTPD_URL/smart/repo.git/$1" >out 2>/dev/null &&
+       curl --include "$HTTPD_URL/$SMART/repo.git/$1" >out 2>/dev/null &&
        tr '\015' Q <out |
        sed '
                s/Q$//
@@ -91,6 +91,7 @@ get_static_files() {
        GET $IDX_URL "$1"
 }
 
+SMART=smart
 test_expect_success 'direct refs/heads/master not found' '
        log_div "refs/heads/master"
        GET refs/heads/master "404 Not Found"
@@ -99,6 +100,19 @@ test_expect_success 'static file is ok' '
        log_div "getanyfile default"
        get_static_files "200 OK"
 '
+SMART=smart_noexport
+test_expect_success 'no export by default' '
+       log_div "no git-daemon-export-ok"
+       get_static_files "404 Not Found"
+'
+test_expect_success 'export if git-daemon-export-ok' '
+       log_div "git-daemon-export-ok"
+       (cd "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" &&
+        touch git-daemon-export-ok
+       ) &&
+       get_static_files "200 OK"
+'
+SMART=smart
 test_expect_success 'static file if http.getanyfile true is ok' '
        log_div "getanyfile true"
        config http.getanyfile true &&
@@ -145,7 +159,6 @@ test_expect_success 'http.receivepack false' '
        GET info/refs?service=git-receive-pack "403 Forbidden" &&
        POST git-receive-pack 0000 "403 Forbidden"
 '
-
 run_backend() {
        REQUEST_METHOD=GET \
        GIT_PROJECT_ROOT="$HTTPD_DOCUMENT_ROOT_PATH" \
@@ -194,6 +207,28 @@ GET  /smart/repo.git/$LOOSE_URL HTTP/1.1 200
 GET  /smart/repo.git/$PACK_URL HTTP/1.1 200
 GET  /smart/repo.git/$IDX_URL HTTP/1.1 200
 
+###  no git-daemon-export-ok
+###
+GET  /smart_noexport/repo.git/HEAD HTTP/1.1 404 -
+GET  /smart_noexport/repo.git/info/refs HTTP/1.1 404 -
+GET  /smart_noexport/repo.git/objects/info/packs HTTP/1.1 404 -
+GET  /smart_noexport/repo.git/objects/info/alternates HTTP/1.1 404 -
+GET  /smart_noexport/repo.git/objects/info/http-alternates HTTP/1.1 404 -
+GET  /smart_noexport/repo.git/$LOOSE_URL HTTP/1.1 404 -
+GET  /smart_noexport/repo.git/$PACK_URL HTTP/1.1 404 -
+GET  /smart_noexport/repo.git/$IDX_URL HTTP/1.1 404 -
+
+###  git-daemon-export-ok
+###
+GET  /smart_noexport/repo.git/HEAD HTTP/1.1 200
+GET  /smart_noexport/repo.git/info/refs HTTP/1.1 200
+GET  /smart_noexport/repo.git/objects/info/packs HTTP/1.1 200
+GET  /smart_noexport/repo.git/objects/info/alternates HTTP/1.1 200 -
+GET  /smart_noexport/repo.git/objects/info/http-alternates HTTP/1.1 200 -
+GET  /smart_noexport/repo.git/$LOOSE_URL HTTP/1.1 200
+GET  /smart_noexport/repo.git/$PACK_URL HTTP/1.1 200
+GET  /smart_noexport/repo.git/$IDX_URL HTTP/1.1 200
+
 ###  getanyfile true
 ###
 GET  /smart/repo.git/HEAD HTTP/1.1 200