diff options
| author | Tarmigan Casebolt <tarmigan+git@gmail.com> | 2009-12-28 16:49:00 -0500 | 
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2010-01-06 01:16:50 -0800 | 
| commit | 8b2bd7cdacf71260dbc954316af2bed8e076c182 (patch) | |
| tree | 81e62e0a245f409adb2db62ec792c49ab1033901 | |
| parent | 902f235378cb2b2f6dd5dd664b9630c95321f0ae (diff) | |
| download | git-8b2bd7cdacf71260dbc954316af2bed8e076c182.tar.gz | |
Smart-http: check if repository is OK to export before serving it
Similar to how git-daemon checks whether a repository is OK to be
exported, smart-http should also check.  This check can be satisfied
in two different ways: the environmental variable GIT_HTTP_EXPORT_ALL
may be set to export all repositories, or the individual repository
may have the file git-daemon-export-ok.
Acked-by: Shawn O. Pearce <spearce@spearce.org>
Signed-off-by: Tarmigan Casebolt <tarmigan+git@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | Documentation/git-http-backend.txt | 10 | ||||
| -rw-r--r-- | http-backend.c | 3 | ||||
| -rw-r--r-- | t/lib-httpd/apache.conf | 5 | ||||
| -rwxr-xr-x | t/t5560-http-backend.sh | 39 | 
4 files changed, 55 insertions, 2 deletions
| diff --git a/Documentation/git-http-backend.txt b/Documentation/git-http-backend.txt index 67aec067c8..c8fe08a0c4 100644 --- a/Documentation/git-http-backend.txt +++ b/Documentation/git-http-backend.txt @@ -18,6 +18,11 @@ The program supports clients fetching using both the smart HTTP protcol  and the backwards-compatible dumb HTTP protocol, as well as clients  pushing using the smart HTTP protocol. +It verifies that the directory has the magic file +"git-daemon-export-ok", and it will refuse to export any git directory +that hasn't explicitly been marked for export this way (unless the +GIT_HTTP_EXPORT_ALL environmental variable is set). +  By default, only the `upload-pack` service is enabled, which serves  'git-fetch-pack' and 'git-ls-remote' clients, which are invoked from  'git-fetch', 'git-pull', and 'git-clone'.  If the client is authenticated, @@ -70,6 +75,7 @@ Apache 2.x::  +  ----------------------------------------------------------------  SetEnv GIT_PROJECT_ROOT /var/www/git +SetEnv GIT_HTTP_EXPORT_ALL  ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/  ----------------------------------------------------------------  + @@ -157,6 +163,10 @@ by the invoking web server, including:  * QUERY_STRING  * REQUEST_METHOD +The GIT_HTTP_EXPORT_ALL environmental variable may be passed to +'git-http-backend' to bypass the check for the "git-daemon-export-ok" +file in each repository before allowing export of that repository. +  The backend process sets GIT_COMMITTER_NAME to '$REMOTE_USER' and  GIT_COMMITTER_EMAIL to '$\{REMOTE_USER}@http.$\{REMOTE_ADDR\}',  ensuring that any reflogs created by 'git-receive-pack' contain some diff --git a/http-backend.c b/http-backend.c index f729488fc5..345c12b790 100644 --- a/http-backend.c +++ b/http-backend.c @@ -648,6 +648,9 @@ int main(int argc, char **argv)  	setup_path();  	if (!enter_repo(dir, 0))  		not_found("Not a git repository: '%s'", dir); +	if (!getenv("GIT_HTTP_EXPORT_ALL") && +	    access("git-daemon-export-ok", F_OK) ) +		not_found("Repository not exported: '%s'", dir);  	git_config(http_config, NULL);  	cmd->imp(cmd_arg); diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf index 0fe3fd0d01..4961505d1d 100644 --- a/t/lib-httpd/apache.conf +++ b/t/lib-httpd/apache.conf @@ -22,8 +22,13 @@ Alias /dumb/ www/  <Location /smart/>  	SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} +	SetEnv GIT_HTTP_EXPORT_ALL +</Location> +<Location /smart_noexport/> +	SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}  </Location>  ScriptAlias /smart/ ${GIT_EXEC_PATH}/git-http-backend/ +ScriptAlias /smart_noexport/ ${GIT_EXEC_PATH}/git-http-backend/  <Directory ${GIT_EXEC_PATH}>  	Options None  </Directory> diff --git a/t/t5560-http-backend.sh b/t/t5560-http-backend.sh index ed034bc980..604ff4fe9d 100755 --- a/t/t5560-http-backend.sh +++ b/t/t5560-http-backend.sh @@ -23,7 +23,7 @@ config() {  }  GET() { -	curl --include "$HTTPD_URL/smart/repo.git/$1" >out 2>/dev/null && +	curl --include "$HTTPD_URL/$SMART/repo.git/$1" >out 2>/dev/null &&  	tr '\015' Q <out |  	sed '  		s/Q$// @@ -91,6 +91,7 @@ get_static_files() {  	GET $IDX_URL "$1"  } +SMART=smart  test_expect_success 'direct refs/heads/master not found' '  	log_div "refs/heads/master"  	GET refs/heads/master "404 Not Found" @@ -99,6 +100,19 @@ test_expect_success 'static file is ok' '  	log_div "getanyfile default"  	get_static_files "200 OK"  ' +SMART=smart_noexport +test_expect_success 'no export by default' ' +	log_div "no git-daemon-export-ok" +	get_static_files "404 Not Found" +' +test_expect_success 'export if git-daemon-export-ok' ' +	log_div "git-daemon-export-ok" +	(cd "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && +	 touch git-daemon-export-ok +	) && +	get_static_files "200 OK" +' +SMART=smart  test_expect_success 'static file if http.getanyfile true is ok' '  	log_div "getanyfile true"  	config http.getanyfile true && @@ -145,7 +159,6 @@ test_expect_success 'http.receivepack false' '  	GET info/refs?service=git-receive-pack "403 Forbidden" &&  	POST git-receive-pack 0000 "403 Forbidden"  ' -  run_backend() {  	REQUEST_METHOD=GET \  	GIT_PROJECT_ROOT="$HTTPD_DOCUMENT_ROOT_PATH" \ @@ -194,6 +207,28 @@ GET  /smart/repo.git/$LOOSE_URL HTTP/1.1 200  GET  /smart/repo.git/$PACK_URL HTTP/1.1 200  GET  /smart/repo.git/$IDX_URL HTTP/1.1 200 +###  no git-daemon-export-ok +### +GET  /smart_noexport/repo.git/HEAD HTTP/1.1 404 - +GET  /smart_noexport/repo.git/info/refs HTTP/1.1 404 - +GET  /smart_noexport/repo.git/objects/info/packs HTTP/1.1 404 - +GET  /smart_noexport/repo.git/objects/info/alternates HTTP/1.1 404 - +GET  /smart_noexport/repo.git/objects/info/http-alternates HTTP/1.1 404 - +GET  /smart_noexport/repo.git/$LOOSE_URL HTTP/1.1 404 - +GET  /smart_noexport/repo.git/$PACK_URL HTTP/1.1 404 - +GET  /smart_noexport/repo.git/$IDX_URL HTTP/1.1 404 - + +###  git-daemon-export-ok +### +GET  /smart_noexport/repo.git/HEAD HTTP/1.1 200 +GET  /smart_noexport/repo.git/info/refs HTTP/1.1 200 +GET  /smart_noexport/repo.git/objects/info/packs HTTP/1.1 200 +GET  /smart_noexport/repo.git/objects/info/alternates HTTP/1.1 200 - +GET  /smart_noexport/repo.git/objects/info/http-alternates HTTP/1.1 200 - +GET  /smart_noexport/repo.git/$LOOSE_URL HTTP/1.1 200 +GET  /smart_noexport/repo.git/$PACK_URL HTTP/1.1 200 +GET  /smart_noexport/repo.git/$IDX_URL HTTP/1.1 200 +  ###  getanyfile true  ###  GET  /smart/repo.git/HEAD HTTP/1.1 200 | 
