* [PATCH] cvsserver: Let --base-path and pserver get along just fine
@ 2007-06-15 1:01 Frank Lichtenheld
2007-06-15 1:01 ` [PATCH] cvsserver: Actually implement --export-all Frank Lichtenheld
0 siblings, 1 reply; 4+ messages in thread
From: Frank Lichtenheld @ 2007-06-15 1:01 UTC (permalink / raw)
To: Junio C Hamano; +Cc: Git Mailing List, Martin Langhoff, Frank Lichtenheld
Embarassing bug number one in my options patch.
Since the code for --base-path support rewrote
the cvsroot value after comparing it with a possible
existing value (i.e. from pserver authentication)
the check always failed.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.de>
---
git-cvsserver.perl | 10 ++++++----
t/t9400-git-cvsserver-server.sh | 1 +
2 files changed, 7 insertions(+), 4 deletions(-)
I can also squash these two fix-ups into the previous commit
if preferred.
diff --git a/git-cvsserver.perl b/git-cvsserver.perl
index 9fbd9db..f78afe8 100755
--- a/git-cvsserver.perl
+++ b/git-cvsserver.perl
@@ -212,15 +212,17 @@ sub req_Root
return 0;
}
+ my $cvsroot = $state->{'base-path'} || '';
+ $cvsroot =~ s#/+$##;
+ $cvsroot .= $data;
+
if ($state->{CVSROOT}
- && ($state->{CVSROOT} ne $data)) {
+ && ($state->{CVSROOT} ne $cvsroot)) {
print "error 1 Conflicting roots specified\n";
return 0;
}
- $state->{CVSROOT} = $state->{'base-path'} || '';
- $state->{CVSROOT} =~ s#/+$##;
- $state->{CVSROOT} .= $data;
+ $state->{CVSROOT} = $cvsroot;
$ENV{GIT_DIR} = $state->{CVSROOT} . "/";
diff --git a/t/t9400-git-cvsserver-server.sh b/t/t9400-git-cvsserver-server.sh
index 392f890..9b69452 100755
--- a/t/t9400-git-cvsserver-server.sh
+++ b/t/t9400-git-cvsserver-server.sh
@@ -163,6 +163,7 @@ BEGIN AUTH REQUEST
anonymous
END AUTH REQUEST
+Root /gitcvs.git
EOF
test_expect_success 'req_Root (base-path)' \
--
1.5.2.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH] cvsserver: Actually implement --export-all
2007-06-15 1:01 [PATCH] cvsserver: Let --base-path and pserver get along just fine Frank Lichtenheld
@ 2007-06-15 1:01 ` Frank Lichtenheld
2007-06-16 23:52 ` Alex Riesen
0 siblings, 1 reply; 4+ messages in thread
From: Frank Lichtenheld @ 2007-06-15 1:01 UTC (permalink / raw)
To: Junio C Hamano; +Cc: Git Mailing List, Martin Langhoff, Frank Lichtenheld
Embarrassing bug number two in my options patch.
Also enforce that --export-all is only ever used together with an
explicit whitelist. Otherwise people might export every git repository
on the whole system without realising.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.de>
---
Documentation/git-cvsserver.txt | 3 ++-
git-cvsserver.perl | 8 +++++++-
t/t9400-git-cvsserver-server.sh | 16 ++++++++++++++++
3 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/Documentation/git-cvsserver.txt b/Documentation/git-cvsserver.txt
index 6d1e311..60d0bcf 100644
--- a/Documentation/git-cvsserver.txt
+++ b/Documentation/git-cvsserver.txt
@@ -38,7 +38,8 @@ Prepend 'path' to requested CVSROOT
Don't allow recursing into subdirectories
--export-all::
-Don't check for `gitcvs.enabled` in config
+Don't check for `gitcvs.enabled` in config. You also have to specify a list
+of allowed directories (see below) if you want to use this option.
--version, -V::
Print version information and exit
diff --git a/git-cvsserver.perl b/git-cvsserver.perl
index f78afe8..5cbf27e 100755
--- a/git-cvsserver.perl
+++ b/git-cvsserver.perl
@@ -130,6 +130,11 @@ if (@ARGV) {
# everything else is a directory
$state->{allowed_roots} = [ @ARGV ];
+# don't export the whole system unless the users requests it
+if ($state->{'export-all'} && !@{$state->{allowed_roots}}) {
+ die "--export-all can only be used together with an explicit whitelist\n";
+}
+
# if we are called with a pserver argument,
# deal with the authentication cat before entering the
# main loop
@@ -276,7 +281,8 @@ sub req_Root
my $enabled = ($cfg->{gitcvs}{$state->{method}}{enabled}
|| $cfg->{gitcvs}{enabled});
- unless ($enabled && $enabled =~ /^\s*(1|true|yes)\s*$/i) {
+ unless ($state->{'export-all'} ||
+ ($enabled && $enabled =~ /^\s*(1|true|yes)\s*$/i)) {
print "E GITCVS emulation needs to be enabled on this repo\n";
print "E the repo config file needs a [gitcvs] section added, and the parameter 'enabled' set to 1\n";
print "E \n";
diff --git a/t/t9400-git-cvsserver-server.sh b/t/t9400-git-cvsserver-server.sh
index 9b69452..b442b5d 100755
--- a/t/t9400-git-cvsserver-server.sh
+++ b/t/t9400-git-cvsserver-server.sh
@@ -173,6 +173,22 @@ test_expect_success 'req_Root (base-path)' \
test_expect_failure 'req_Root failure (base-path)' \
'cat request-anonymous | git-cvsserver --strict-paths --base-path $WORKDIR pserver $SERVERDIR >log 2>&1'
+GIT_DIR="$SERVERDIR" git config --bool gitcvs.enabled false || exit 1
+
+test_expect_success 'req_Root (export-all)' \
+ 'cat request-anonymous | git-cvsserver --export-all pserver $WORKDIR >log 2>&1 &&
+ tail -n1 log | grep -q "^I LOVE YOU$"'
+
+test_expect_failure 'req_Root failure (export-all w/o whitelist)' \
+ 'cat request-anonymous | git-cvsserver --export-all pserver >log 2>&1
+ || false'
+
+test_expect_success 'req_Root (everything together)' \
+ 'cat request-base | git-cvsserver --export-all --strict-paths --base-path $WORKDIR/ pserver $SERVERDIR >log 2>&1 &&
+ tail -n1 log | grep -q "^I LOVE YOU$"'
+
+GIT_DIR="$SERVERDIR" git config --bool gitcvs.enabled true || exit 1
+
#--------------
# CONFIG TESTS
#--------------
--
1.5.2.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] cvsserver: Actually implement --export-all
2007-06-15 1:01 ` [PATCH] cvsserver: Actually implement --export-all Frank Lichtenheld
@ 2007-06-16 23:52 ` Alex Riesen
2007-06-17 1:01 ` Junio C Hamano
0 siblings, 1 reply; 4+ messages in thread
From: Alex Riesen @ 2007-06-16 23:52 UTC (permalink / raw)
To: Frank Lichtenheld; +Cc: Junio C Hamano, Git Mailing List, Martin Langhoff
Frank Lichtenheld, Fri, Jun 15, 2007 03:01:53 +0200:
> +test_expect_failure 'req_Root failure (export-all w/o whitelist)' \
> + 'cat request-anonymous | git-cvsserver --export-all pserver >log 2>&1
> + || false'
This does not work, at least for bash in current Ubuntu:
GNU bash, version 3.2.13(1)-release
You have to put "||" on the previous line:
diff --git a/t/t9400-git-cvsserver-server.sh b/t/t9400-git-cvsserver-server.sh
index b442b5d..0331770 100755
--- a/t/t9400-git-cvsserver-server.sh
+++ b/t/t9400-git-cvsserver-server.sh
@@ -180,8 +180,8 @@ test_expect_success 'req_Root (export-all)' \
tail -n1 log | grep -q "^I LOVE YOU$"'
test_expect_failure 'req_Root failure (export-all w/o whitelist)' \
- 'cat request-anonymous | git-cvsserver --export-all pserver >log 2>&1
- || false'
+ 'cat request-anonymous | git-cvsserver --export-all pserver >log 2>&1 ||
+ false'
test_expect_success 'req_Root (everything together)' \
'cat request-base | git-cvsserver --export-all --strict-paths --base-path $WORKDIR/ pserver $SERVERDIR >log 2>&1 &&
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] cvsserver: Actually implement --export-all
2007-06-16 23:52 ` Alex Riesen
@ 2007-06-17 1:01 ` Junio C Hamano
0 siblings, 0 replies; 4+ messages in thread
From: Junio C Hamano @ 2007-06-17 1:01 UTC (permalink / raw)
To: Alex Riesen; +Cc: Frank Lichtenheld, Git Mailing List, Martin Langhoff
Thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-06-17 1:01 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-06-15 1:01 [PATCH] cvsserver: Let --base-path and pserver get along just fine Frank Lichtenheld
2007-06-15 1:01 ` [PATCH] cvsserver: Actually implement --export-all Frank Lichtenheld
2007-06-16 23:52 ` Alex Riesen
2007-06-17 1:01 ` Junio C Hamano
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).