* [PATCH v5.1 1/3] http-backend: Remove pointless objects/info/* service entry
@ 2009-11-05 1:16 Shawn O. Pearce
2009-11-05 1:16 ` [PATCH v5.1 2/3] http-backend: Use http.getanyfile to disable dumb HTTP serving Shawn O. Pearce
2009-11-05 1:16 ` [PATCH v5.1 3/3] http-backend: Test configuration options Shawn O. Pearce
0 siblings, 2 replies; 3+ messages in thread
From: Shawn O. Pearce @ 2009-11-05 1:16 UTC (permalink / raw)
To: git
In earlier versions of this patch series this rule was used to
match and serve objects/info/alternates and http-alternates.
Later versions of the patch series explicitly called out match
rules for those files, making this wildcard rule unnecessary.
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
---
This probably should be squashed into the commit that introduces
this CGI script ("Git-aware CGI to provide dumb HTTP transport").
http-backend.c | 1 -
1 files changed, 0 insertions(+), 1 deletions(-)
diff --git a/http-backend.c b/http-backend.c
index 8e5c0a2..7900cda 100644
--- a/http-backend.c
+++ b/http-backend.c
@@ -558,7 +558,6 @@ static struct service_cmd {
{"GET", "/objects/info/alternates$", get_text_file},
{"GET", "/objects/info/http-alternates$", get_text_file},
{"GET", "/objects/info/packs$", get_info_packs},
- {"GET", "/objects/info/[^/]*$", get_text_file},
{"GET", "/objects/[0-9a-f]{2}/[0-9a-f]{38}$", get_loose_object},
{"GET", "/objects/pack/pack-[0-9a-f]{40}\\.pack$", get_pack_file},
{"GET", "/objects/pack/pack-[0-9a-f]{40}\\.idx$", get_idx_file},
--
1.6.5.2.295.g0d105
^ permalink raw reply related [flat|nested] 3+ messages in thread* [PATCH v5.1 2/3] http-backend: Use http.getanyfile to disable dumb HTTP serving 2009-11-05 1:16 [PATCH v5.1 1/3] http-backend: Remove pointless objects/info/* service entry Shawn O. Pearce @ 2009-11-05 1:16 ` Shawn O. Pearce 2009-11-05 1:16 ` [PATCH v5.1 3/3] http-backend: Test configuration options Shawn O. Pearce 1 sibling, 0 replies; 3+ messages in thread From: Shawn O. Pearce @ 2009-11-05 1:16 UTC (permalink / raw) To: git Some repository owners may wish to enable smart HTTP, but disallow dumb content serving. Disallowing dumb serving might be because the owners want to rely upon reachability to control which objects clients may access from the repository, or they just want to encourage clients to use the more bandwidth efficient transport. If http.getanyfile is set to false the backend CGI will return with '403 Forbidden' when an object file is accessed by a dumb client. Signed-off-by: Shawn O. Pearce <spearce@spearce.org> --- Documentation/git-http-backend.txt | 8 ++++++++ http-backend.c | 34 ++++++++++++++++++++++++++++------ 2 files changed, 36 insertions(+), 6 deletions(-) diff --git a/Documentation/git-http-backend.txt b/Documentation/git-http-backend.txt index f17251a..67aec06 100644 --- a/Documentation/git-http-backend.txt +++ b/Documentation/git-http-backend.txt @@ -29,6 +29,14 @@ SERVICES These services can be enabled/disabled using the per-repository configuration file: +http.getanyfile:: + This serves older Git clients which are unable to use the + upload pack service. When enabled, clients are able to read + any file within the repository, including objects that are + no longer reachable from a branch but are still present. + It is enabled by default, but a repository can disable it + by setting this configuration item to `false`. + http.uploadpack:: This serves 'git-fetch-pack' and 'git-ls-remote' clients. It is enabled by default, but a repository can disable it diff --git a/http-backend.c b/http-backend.c index 7900cda..9021266 100644 --- a/http-backend.c +++ b/http-backend.c @@ -10,6 +10,7 @@ static const char content_type[] = "Content-Type"; static const char content_length[] = "Content-Length"; static const char last_modified[] = "Last-Modified"; +static int getanyfile = 1; static struct string_list *query_params; @@ -194,6 +195,12 @@ static NORETURN void forbidden(const char *err, ...) exit(0); } +static void select_getanyfile(void) +{ + if (!getanyfile) + forbidden("Unsupported service: getanyfile"); +} + static void send_strbuf(const char *type, struct strbuf *buf) { hdr_int(content_length, buf->len); @@ -238,38 +245,51 @@ static void send_file(const char *the_type, const char *name) static void get_text_file(char *name) { + select_getanyfile(); hdr_nocache(); send_file("text/plain", name); } static void get_loose_object(char *name) { + select_getanyfile(); hdr_cache_forever(); send_file("application/x-git-loose-object", name); } static void get_pack_file(char *name) { + select_getanyfile(); hdr_cache_forever(); send_file("application/x-git-packed-objects", name); } static void get_idx_file(char *name) { + select_getanyfile(); hdr_cache_forever(); send_file("application/x-git-packed-objects-toc", name); } static int http_config(const char *var, const char *value, void *cb) { - struct rpc_service *svc = cb; - - if (!prefixcmp(var, "http.") && - !strcmp(var + 5, svc->config_name)) { - svc->enabled = git_config_bool(var, value); + if (!strcmp(var, "http.getanyfile")) { + getanyfile = git_config_bool(var, value); return 0; } + if (!prefixcmp(var, "http.")) { + int i; + + for (i = 0; i < ARRAY_SIZE(rpc_service); i++) { + struct rpc_service *svc = &rpc_service[i]; + if (!strcmp(var + 5, svc->config_name)) { + svc->enabled = git_config_bool(var, value); + return 0; + } + } + } + /* we are not interested in parsing any other configuration here */ return 0; } @@ -293,7 +313,6 @@ static struct rpc_service *select_service(const char *name) if (!svc) forbidden("Unsupported service: '%s'", name); - git_config(http_config, svc); if (svc->enabled < 0) { const char *user = getenv("REMOTE_USER"); svc->enabled = (user && *user) ? 1 : 0; @@ -442,6 +461,7 @@ static void get_info_refs(char *arg) run_service(argv); } else { + select_getanyfile(); for_each_ref(show_text_ref, &buf); send_strbuf("text/plain", &buf); } @@ -455,6 +475,7 @@ static void get_info_packs(char *arg) struct packed_git *p; size_t cnt = 0; + select_getanyfile(); prepare_packed_git(); for (p = packed_git; p; p = p->next) { if (p->pack_local) @@ -621,6 +642,7 @@ int main(int argc, char **argv) if (!enter_repo(dir, 0)) not_found("Not a git repository: '%s'", dir); + git_config(http_config, NULL); cmd->imp(cmd_arg); return 0; } -- 1.6.5.2.295.g0d105 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH v5.1 3/3] http-backend: Test configuration options 2009-11-05 1:16 [PATCH v5.1 1/3] http-backend: Remove pointless objects/info/* service entry Shawn O. Pearce 2009-11-05 1:16 ` [PATCH v5.1 2/3] http-backend: Use http.getanyfile to disable dumb HTTP serving Shawn O. Pearce @ 2009-11-05 1:16 ` Shawn O. Pearce 1 sibling, 0 replies; 3+ messages in thread From: Shawn O. Pearce @ 2009-11-05 1:16 UTC (permalink / raw) To: git Test the major configuration settings which control access to the repository: http.getanyfile http.uploadpack http.receivepack Signed-off-by: Shawn O. Pearce <spearce@spearce.org> --- t/t5560-http-backend.sh | 229 +++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 229 insertions(+), 0 deletions(-) create mode 100755 t/t5560-http-backend.sh diff --git a/t/t5560-http-backend.sh b/t/t5560-http-backend.sh new file mode 100755 index 0000000..908ba07 --- /dev/null +++ b/t/t5560-http-backend.sh @@ -0,0 +1,229 @@ +#!/bin/sh + +test_description='test git-http-backend' +. ./test-lib.sh + +if test -n "$NO_CURL"; then + say 'skipping test, git built without http support' + test_done +fi + +LIB_HTTPD_PORT=${LIB_HTTPD_PORT-'5560'} +. "$TEST_DIRECTORY"/lib-httpd.sh +start_httpd + +find_file() { + cd "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && + find $1 -type f | + sed -e 1q +} + +config() { + git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/repo.git" config $1 $2 +} + +GET() { + curl --include "$HTTPD_URL/smart/repo.git/$1" >out 2>/dev/null && + tr '\015' Q <out | + sed ' + s/Q$// + 1q + ' >act && + echo "HTTP/1.1 $2" >exp && + test_cmp exp act +} + +POST() { + curl --include --data "$2" \ + --header "Content-Type: application/x-$1-request" \ + "$HTTPD_URL/smart/repo.git/$1" >out 2>/dev/null && + tr '\015' Q <out | + sed ' + s/Q$// + 1q + ' >act && + echo "HTTP/1.1 $3" >exp && + test_cmp exp act +} + +log_div() { + echo >>"$HTTPD_ROOT_PATH"/access.log + echo "### $1" >>"$HTTPD_ROOT_PATH"/access.log + echo "###" >>"$HTTPD_ROOT_PATH"/access.log +} + +test_expect_success 'setup repository' ' + echo content >file && + git add file && + git commit -m one && + + mkdir "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && + (cd "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && + git --bare init && + : >objects/info/alternates && + : >objects/info/http-alternates + ) && + git remote add public "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && + git push public master:master && + + (cd "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && + git repack -a -d + ) && + + echo other >file && + git add file && + git commit -m two && + git push public master:master && + + LOOSE_URL=$(find_file objects/??) && + PACK_URL=$(find_file objects/pack/*.pack) && + IDX_URL=$(find_file objects/pack/*.idx) +' + +get_static_files() { + GET HEAD "$1" && + GET info/refs "$1" && + GET objects/info/packs "$1" && + GET objects/info/alternates "$1" && + GET objects/info/http-alternates "$1" && + GET $LOOSE_URL "$1" && + GET $PACK_URL "$1" && + GET $IDX_URL "$1" +} + +test_expect_success 'direct refs/heads/master not found' ' + log_div "refs/heads/master" + GET refs/heads/master "404 Not Found" +' +test_expect_success 'static file is ok' ' + log_div "getanyfile default" + get_static_files "200 OK" +' +test_expect_success 'static file if http.getanyfile true is ok' ' + log_div "getanyfile true" + config http.getanyfile true && + get_static_files "200 OK" +' +test_expect_success 'static file if http.getanyfile false fails' ' + log_div "getanyfile false" + config http.getanyfile false && + get_static_files "403 Forbidden" +' + +test_expect_success 'http.uploadpack default enabled' ' + log_div "uploadpack default" + GET info/refs?service=git-upload-pack "200 OK" && + POST git-upload-pack 0000 "200 OK" +' +test_expect_success 'http.uploadpack true' ' + log_div "uploadpack true" + config http.uploadpack true && + GET info/refs?service=git-upload-pack "200 OK" && + POST git-upload-pack 0000 "200 OK" +' +test_expect_success 'http.uploadpack false' ' + log_div "uploadpack false" + config http.uploadpack false && + GET info/refs?service=git-upload-pack "403 Forbidden" && + POST git-upload-pack 0000 "403 Forbidden" +' + +test_expect_success 'http.receivepack default disabled' ' + log_div "receivepack default" + GET info/refs?service=git-receive-pack "403 Forbidden" && + POST git-receive-pack 0000 "403 Forbidden" +' +test_expect_success 'http.receivepack true' ' + log_div "receivepack true" + config http.receivepack true && + GET info/refs?service=git-receive-pack "200 OK" && + POST git-receive-pack 0000 "200 OK" +' +test_expect_success 'http.receivepack false' ' + log_div "receivepack false" + config http.receivepack false && + GET info/refs?service=git-receive-pack "403 Forbidden" && + POST git-receive-pack 0000 "403 Forbidden" +' + +cat >exp <<EOF + +### refs/heads/master +### +GET /smart/repo.git/refs/heads/master HTTP/1.1 404 - + +### getanyfile default +### +GET /smart/repo.git/HEAD HTTP/1.1 200 +GET /smart/repo.git/info/refs HTTP/1.1 200 +GET /smart/repo.git/objects/info/packs HTTP/1.1 200 +GET /smart/repo.git/objects/info/alternates HTTP/1.1 200 - +GET /smart/repo.git/objects/info/http-alternates HTTP/1.1 200 - +GET /smart/repo.git/$LOOSE_URL HTTP/1.1 200 +GET /smart/repo.git/$PACK_URL HTTP/1.1 200 +GET /smart/repo.git/$IDX_URL HTTP/1.1 200 + +### getanyfile true +### +GET /smart/repo.git/HEAD HTTP/1.1 200 +GET /smart/repo.git/info/refs HTTP/1.1 200 +GET /smart/repo.git/objects/info/packs HTTP/1.1 200 +GET /smart/repo.git/objects/info/alternates HTTP/1.1 200 - +GET /smart/repo.git/objects/info/http-alternates HTTP/1.1 200 - +GET /smart/repo.git/$LOOSE_URL HTTP/1.1 200 +GET /smart/repo.git/$PACK_URL HTTP/1.1 200 +GET /smart/repo.git/$IDX_URL HTTP/1.1 200 + +### getanyfile false +### +GET /smart/repo.git/HEAD HTTP/1.1 403 - +GET /smart/repo.git/info/refs HTTP/1.1 403 - +GET /smart/repo.git/objects/info/packs HTTP/1.1 403 - +GET /smart/repo.git/objects/info/alternates HTTP/1.1 403 - +GET /smart/repo.git/objects/info/http-alternates HTTP/1.1 403 - +GET /smart/repo.git/$LOOSE_URL HTTP/1.1 403 - +GET /smart/repo.git/$PACK_URL HTTP/1.1 403 - +GET /smart/repo.git/$IDX_URL HTTP/1.1 403 - + +### uploadpack default +### +GET /smart/repo.git/info/refs?service=git-upload-pack HTTP/1.1 200 +POST /smart/repo.git/git-upload-pack HTTP/1.1 200 - + +### uploadpack true +### +GET /smart/repo.git/info/refs?service=git-upload-pack HTTP/1.1 200 +POST /smart/repo.git/git-upload-pack HTTP/1.1 200 - + +### uploadpack false +### +GET /smart/repo.git/info/refs?service=git-upload-pack HTTP/1.1 403 - +POST /smart/repo.git/git-upload-pack HTTP/1.1 403 - + +### receivepack default +### +GET /smart/repo.git/info/refs?service=git-receive-pack HTTP/1.1 403 - +POST /smart/repo.git/git-receive-pack HTTP/1.1 403 - + +### receivepack true +### +GET /smart/repo.git/info/refs?service=git-receive-pack HTTP/1.1 200 +POST /smart/repo.git/git-receive-pack HTTP/1.1 200 - + +### receivepack false +### +GET /smart/repo.git/info/refs?service=git-receive-pack HTTP/1.1 403 - +POST /smart/repo.git/git-receive-pack HTTP/1.1 403 - +EOF +test_expect_success 'server request log matches test results' ' + sed -e " + s/^.* \"// + s/\"// + s/ [1-9][0-9]*\$// + s/^GET /GET / + " >act <"$HTTPD_ROOT_PATH"/access.log && + test_cmp exp act +' + +stop_httpd +test_done -- 1.6.5.2.295.g0d105 ^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-11-05 1:17 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2009-11-05 1:16 [PATCH v5.1 1/3] http-backend: Remove pointless objects/info/* service entry Shawn O. Pearce 2009-11-05 1:16 ` [PATCH v5.1 2/3] http-backend: Use http.getanyfile to disable dumb HTTP serving Shawn O. Pearce 2009-11-05 1:16 ` [PATCH v5.1 3/3] http-backend: Test configuration options Shawn O. Pearce
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).