From 723f7a1387f1d79541fdbe66ad3778f2aaa370c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20Th=C3=A1i=20Ng=E1=BB=8Dc=20Duy?= Date: Tue, 4 Oct 2011 08:55:09 +1100 Subject: daemon: return "access denied" if a service is not allowed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The message is chosen to avoid leaking information, yet let users know that they are deliberately not allowed to use the service, not a fault in service configuration or the service itself. Signed-off-by: Nguyễn Thái Ngọc Duy Signed-off-by: Junio C Hamano --- daemon.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/daemon.c b/daemon.c index 347fd0c52b..ac24b637e4 100644 --- a/daemon.c +++ b/daemon.c @@ -257,11 +257,11 @@ static int run_service(char *dir, struct daemon_service *service) if (!enabled && !service->overridable) { logerror("'%s': service not enabled.", service->name); errno = EACCES; - return -1; + goto failed; } if (!(path = path_ok(dir))) - return -1; + goto failed; /* * Security on the cheap. @@ -277,7 +277,7 @@ static int run_service(char *dir, struct daemon_service *service) if (!export_all_trees && access("git-daemon-export-ok", F_OK)) { logerror("'%s': repository not exported.", path); errno = EACCES; - return -1; + goto failed; } if (service->overridable) { @@ -291,7 +291,7 @@ static int run_service(char *dir, struct daemon_service *service) logerror("'%s': service not enabled for '%s'", service->name, path); errno = EACCES; - return -1; + goto failed; } /* @@ -301,6 +301,10 @@ static int run_service(char *dir, struct daemon_service *service) signal(SIGTERM, SIG_IGN); return service->fn(); + +failed: + packet_write(1, "ERR %s: access denied", dir); + return -1; } static void copy_to_log(int fd) -- cgit v1.2.1