diff options
| -rw-r--r-- | Documentation/git-daemon.txt | 10 | ||||
| -rw-r--r-- | daemon.c | 29 | 
2 files changed, 31 insertions, 8 deletions
| diff --git a/Documentation/git-daemon.txt b/Documentation/git-daemon.txt index 69a1e4af9e..31b28fc29f 100644 --- a/Documentation/git-daemon.txt +++ b/Documentation/git-daemon.txt @@ -161,6 +161,16 @@ the facility of inet daemon to achieve the same before spawning  	repository configuration.  By default, all the services  	are overridable. +--informative-errors:: +--no-informative-errors:: +	When informative errors are turned on, git-daemon will report +	more verbose errors to the client, differentiating conditions +	like "no such repository" from "repository not exported". This +	is more convenient for clients, but may leak information about +	the existence of unexported repositories.  When informative +	errors are not enabled, all errors report "access denied" to the +	client. The default is --no-informative-errors. +  <directory>::  	A directory to add to the whitelist of allowed directories. Unless  	--strict-paths is specified this will also include subdirectories @@ -20,6 +20,7 @@  static int log_syslog;  static int verbose;  static int reuseaddr; +static int informative_errors;  static const char daemon_usage[] =  "git daemon [--verbose] [--syslog] [--export-all]\n" @@ -247,6 +248,14 @@ static int git_daemon_config(const char *var, const char *value, void *cb)  	return 0;  } +static int daemon_error(const char *dir, const char *msg) +{ +	if (!informative_errors) +		msg = "access denied or repository not exported"; +	packet_write(1, "ERR %s: %s", msg, dir); +	return -1; +} +  static int run_service(char *dir, struct daemon_service *service)  {  	const char *path; @@ -257,11 +266,11 @@ static int run_service(char *dir, struct daemon_service *service)  	if (!enabled && !service->overridable) {  		logerror("'%s': service not enabled.", service->name);  		errno = EACCES; -		goto failed; +		return daemon_error(dir, "service not enabled");  	}  	if (!(path = path_ok(dir))) -		goto failed; +		return daemon_error(dir, "no such repository");  	/*  	 * Security on the cheap. @@ -277,7 +286,7 @@ static int run_service(char *dir, struct daemon_service *service)  	if (!export_all_trees && access("git-daemon-export-ok", F_OK)) {  		logerror("'%s': repository not exported.", path);  		errno = EACCES; -		goto failed; +		return daemon_error(dir, "repository not exported");  	}  	if (service->overridable) { @@ -291,7 +300,7 @@ static int run_service(char *dir, struct daemon_service *service)  		logerror("'%s': service not enabled for '%s'",  			 service->name, path);  		errno = EACCES; -		goto failed; +		return daemon_error(dir, "service not enabled");  	}  	/* @@ -301,10 +310,6 @@ static int run_service(char *dir, struct daemon_service *service)  	signal(SIGTERM, SIG_IGN);  	return service->fn(); - -failed: -	packet_write(1, "ERR %s: access denied", dir); -	return -1;  }  static void copy_to_log(int fd) @@ -1208,6 +1213,14 @@ int main(int argc, char **argv)  			make_service_overridable(arg + 18, 0);  			continue;  		} +		if (!prefixcmp(arg, "--informative-errors")) { +			informative_errors = 1; +			continue; +		} +		if (!prefixcmp(arg, "--no-informative-errors")) { +			informative_errors = 0; +			continue; +		}  		if (!strcmp(arg, "--")) {  			ok_paths = &argv[i+1];  			break; | 
