From: Nguyễn Thái Ngọc Duy Date: Mon, 3 Oct 2011 21:55:09 +0000 (+1100) Subject: daemon: return "access denied" if a service is not allowed X-Git-Tag: v1.7.8-rc0~83^2 X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=723f7a1387f1d79541fdbe66ad3778f2aaa370c4;p=git.git daemon: return "access denied" if a service is not allowed The message is chosen to avoid leaking information, yet let users know that they are deliberately not allowed to use the service, not a fault in service configuration or the service itself. Signed-off-by: Nguyễn Thái Ngọc Duy Signed-off-by: Junio C Hamano --- diff --git a/daemon.c b/daemon.c index 347fd0c52..ac24b637e 100644 --- a/daemon.c +++ b/daemon.c @@ -257,11 +257,11 @@ static int run_service(char *dir, struct daemon_service *service) if (!enabled && !service->overridable) { logerror("'%s': service not enabled.", service->name); errno = EACCES; - return -1; + goto failed; } if (!(path = path_ok(dir))) - return -1; + goto failed; /* * Security on the cheap. @@ -277,7 +277,7 @@ static int run_service(char *dir, struct daemon_service *service) if (!export_all_trees && access("git-daemon-export-ok", F_OK)) { logerror("'%s': repository not exported.", path); errno = EACCES; - return -1; + goto failed; } if (service->overridable) { @@ -291,7 +291,7 @@ static int run_service(char *dir, struct daemon_service *service) logerror("'%s': service not enabled for '%s'", service->name, path); errno = EACCES; - return -1; + goto failed; } /* @@ -301,6 +301,10 @@ static int run_service(char *dir, struct daemon_service *service) signal(SIGTERM, SIG_IGN); return service->fn(); + +failed: + packet_write(1, "ERR %s: access denied", dir); + return -1; } static void copy_to_log(int fd)