diff options
| author | Nguyễn Thái Ngọc Duy <pclouds@gmail.com> | 2011-10-04 08:55:09 +1100 | 
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2011-10-03 15:20:25 -0700 | 
| commit | 723f7a1387f1d79541fdbe66ad3778f2aaa370c4 (patch) | |
| tree | 29ad61c0fa683260d59c8dc6f0fe4c30a0b1aa42 | |
| parent | 7ed863a85a6ce2c4ac4476848310b8f917ab41f9 (diff) | |
| download | git-723f7a1387f1d79541fdbe66ad3778f2aaa370c4.tar.gz | |
daemon: return "access denied" if a service is not allowednd/git-daemon-error-msgs
The message is chosen to avoid leaking information, yet let users know
that they are deliberately not allowed to use the service, not a fault
in service configuration or the service itself.
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | daemon.c | 12 | 
1 files changed, 8 insertions, 4 deletions
| @@ -257,11 +257,11 @@ static int run_service(char *dir, struct daemon_service *service)  	if (!enabled && !service->overridable) {  		logerror("'%s': service not enabled.", service->name);  		errno = EACCES; -		return -1; +		goto failed;  	}  	if (!(path = path_ok(dir))) -		return -1; +		goto failed;  	/*  	 * Security on the cheap. @@ -277,7 +277,7 @@ static int run_service(char *dir, struct daemon_service *service)  	if (!export_all_trees && access("git-daemon-export-ok", F_OK)) {  		logerror("'%s': repository not exported.", path);  		errno = EACCES; -		return -1; +		goto failed;  	}  	if (service->overridable) { @@ -291,7 +291,7 @@ static int run_service(char *dir, struct daemon_service *service)  		logerror("'%s': service not enabled for '%s'",  			 service->name, path);  		errno = EACCES; -		return -1; +		goto failed;  	}  	/* @@ -301,6 +301,10 @@ static int run_service(char *dir, struct daemon_service *service)  	signal(SIGTERM, SIG_IGN);  	return service->fn(); + +failed: +	packet_write(1, "ERR %s: access denied", dir); +	return -1;  }  static void copy_to_log(int fd) | 
