From: Nguyen Thai Ngoc Duy <pclouds@gmail.com>
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Cc: Jeff King <peff@peff.net>, git@vger.kernel.org
Subject: Re: [PATCH] transport: do not allow to push over git:// protocol
Date: Tue, 4 Oct 2011 05:13:38 +1100 [thread overview]
Message-ID: <20111003181338.GA13392@duynguyen-vnpc> (raw)
In-Reply-To: <20111003110159.GA13064@LK-Perkele-VI.localdomain>
On Mon, Oct 03, 2011 at 02:01:59PM +0300, Ilari Liusvaara wrote:
> On Mon, Oct 03, 2011 at 03:42:51AM -0400, Jeff King wrote:
> > On Sat, Oct 01, 2011 at 11:26:55AM +1000, Nguyen Thai Ngoc Duy wrote:
> >
> > The real problem here seems to be that instead of communicating "no, we
> > don't support that", git-daemon just hangs up. It would be a much nicer
> > fix if we could change that. I'm not sure it's possible, though. There's
> > not much room in the beginning of the room to make that communication in
> > a way that's backwards compatible.
>
> Oh, sure it is possible (except for remote snapshot):
>
> $ /usr/bin/git fetch git://localhost/foobar
> fatal: remote error: R access for foobar DENIED to anonymous
> $ /usr/bin/git push git://localhost/foobar
> fatal: remote error: W access for foobar DENIED to anonymous
> $ /usr/bin/git archive --remote=git://localhost/foobar HEAD
> fatal: git archive: protocol error
> $ /usr/bin/git --version
> git version 1.7.6.3
>
> Supported for fetch and push since 1.6.1-rc1 (And 1.6.1 was over
> 2.5 years ago). Oh, and even before that, but with slightly more
> ugly error message.
>
> Oh, and adding interpretation of ERR packets to git archive is easy
> (and I even happen to have git:// server that can send those to
> test against):
>
> $ git archive --remote=git://localhost/foobar HEAD
> fatal: remote error: R access for foobar DENIED to anonymous
>
> (I also tested that remote snapshotting of repository that should be
> readable succeeds, it does).
>
> --- >8 ----
> From ce3a402e4fa72cf603f92801d6f021ff89d3ac35 Mon Sep 17 00:00:00 2001
> From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
> Date: Mon, 3 Oct 2011 13:55:37 +0300
> Subject: [PATCH] Support ERR in remote archive like in fetch/push
>
> Make ERR as first packet of remote snapshot reply work like it does in
> fetch/push. Lets servers decline remote snapshot with message the same
> way as declining fetch/push with a message.
>
> Signed-off-by: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Yeah, maybe with this patch also?
-- 8< --
Subject: [PATCH] pack-protocol: document "ERR" line
Since a807328 (connect.c: add a way for git-daemon to pass an error
back to client), git client recognizes "ERR" line and prints a
friendly message to user if an error happens at server side.
Document this.
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
---
Documentation/technical/pack-protocol.txt | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/Documentation/technical/pack-protocol.txt b/Documentation/technical/pack-protocol.txt
index a7004c6..546980c 100644
--- a/Documentation/technical/pack-protocol.txt
+++ b/Documentation/technical/pack-protocol.txt
@@ -60,6 +60,13 @@ process on the server side over the Git protocol is this:
"0039git-upload-pack /schacon/gitbook.git\0host=example.com\0" |
nc -v example.com 9418
+If the server refuses the request for some reasons, it could abort
+gracefully with an error message.
+
+----
+ error-line = PKT-LINE("ERR" SP explanation-text)
+----
+
SSH Transport
-------------
--
-- 8< --
next prev parent reply other threads:[~2011-10-03 18:13 UTC|newest]
Thread overview: 117+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-01 1:26 [PATCH] transport: do not allow to push over git:// protocol Nguyễn Thái Ngọc Duy
2011-10-01 2:25 ` Ilari Liusvaara
2011-10-01 4:27 ` Nguyen Thai Ngoc Duy
2011-10-01 5:29 ` Jonathan Nieder
2011-10-03 9:12 ` Nguyen Thai Ngoc Duy
[not found] ` <20111002223805.0bd6678b@zappedws>
2011-10-02 21:11 ` Nguyen Thai Ngoc Duy
2011-10-03 7:42 ` Jeff King
2011-10-03 8:44 ` Johannes Sixt
2011-10-03 9:39 ` Jeff King
2011-10-03 9:44 ` Nguyen Thai Ngoc Duy
2011-10-03 9:47 ` Jeff King
2011-10-03 9:52 ` Nguyen Thai Ngoc Duy
2011-10-03 11:13 ` Jonathan Nieder
2011-10-03 19:28 ` [PATCH] daemon: print "access denied" if a service does not work Nguyễn Thái Ngọc Duy
2011-10-03 19:54 ` Jonathan Nieder
2011-10-03 19:57 ` Junio C Hamano
2011-10-03 21:55 ` [PATCH] daemon: return "access denied" if a service is not allowed Nguyễn Thái Ngọc Duy
2011-10-03 22:20 ` Junio C Hamano
2011-10-12 20:09 ` Jeff King
2011-10-13 2:14 ` Jonathan Nieder
2011-10-13 4:45 ` Nguyen Thai Ngoc Duy
2011-10-13 5:59 ` Jonathan Nieder
2011-10-13 6:56 ` Nguyen Thai Ngoc Duy
2011-10-13 7:02 ` Nguyen Thai Ngoc Duy
2011-10-13 18:28 ` Jeff King
2011-10-14 5:01 ` Junio C Hamano
2011-10-14 13:10 ` Jeff King
2011-10-14 19:23 ` Jeff King
2011-10-14 19:27 ` Jeff King
2011-10-14 20:24 ` Junio C Hamano
2011-10-14 20:34 ` Jeff King
2011-10-14 20:48 ` Junio C Hamano
2011-10-14 21:05 ` Jeff King
2011-10-14 21:06 ` Jonathan Nieder
2011-10-14 21:20 ` Jonathan Nieder
2011-10-14 21:02 ` Jonathan Nieder
2011-10-14 21:12 ` Jeff King
2011-10-14 21:19 ` [PATCHv3] daemon: give friendlier error messages to clients Jeff King
2011-10-14 21:52 ` Junio C Hamano
2011-10-14 23:39 ` Sitaram Chamarty
2011-10-15 5:55 ` Junio C Hamano
2011-10-15 7:09 ` Sitaram Chamarty
2011-10-15 8:16 ` Jakub Narebski
2011-10-15 8:26 ` Jonathan Nieder
2011-10-15 20:13 ` Junio C Hamano
2011-10-15 22:17 ` Jonathan Nieder
2011-10-16 1:51 ` Sitaram Chamarty
2011-10-15 0:51 ` Nguyen Thai Ngoc Duy
2011-10-16 22:11 ` [PATCH 1/2] daemon: add tests Clemens Buchacher
2011-10-16 22:11 ` [PATCH 2/2] daemon: report permission denied error to clients Clemens Buchacher
2011-10-17 2:09 ` Jeff King
2011-10-17 19:48 ` Clemens Buchacher
2011-10-17 19:51 ` Jeff King
2011-10-17 21:03 ` Junio C Hamano
2011-10-18 20:41 ` Clemens Buchacher
2011-10-19 6:33 ` Clemens Buchacher
2011-10-17 19:58 ` [PATCH v2 " Clemens Buchacher
2011-10-21 19:25 ` Junio C Hamano
2011-10-17 2:01 ` [PATCH 1/2] daemon: add tests Jeff King
2011-10-17 19:55 ` [PATCH] use test number as port number Clemens Buchacher
2011-10-17 20:57 ` Junio C Hamano
2011-10-18 20:09 ` Clemens Buchacher
2011-10-17 20:05 ` [PATCH 1/2] daemon: add tests Clemens Buchacher
2011-10-17 20:08 ` Jeff King
2012-01-02 9:25 ` Jonathan Nieder
2012-01-02 19:47 ` Clemens Buchacher
2012-01-03 19:18 ` Jeff King
2012-01-03 19:34 ` Junio C Hamano
2012-01-04 15:55 ` Clemens Buchacher
2012-01-04 15:55 ` [PATCH 1/6] t5550: repack everything into one file Clemens Buchacher
2012-01-04 18:05 ` Junio C Hamano
2012-01-04 15:55 ` [PATCH 2/6] daemon: add tests Clemens Buchacher
2012-01-04 15:55 ` [PATCH 3/6] avoid use of pkill Clemens Buchacher
2012-01-04 15:55 ` [PATCH 4/6] explain expected exit code Clemens Buchacher
2012-01-04 15:55 ` [PATCH 5/6] t5570: repack everything into one file Clemens Buchacher
2012-01-04 15:55 ` [PATCH 6/6] chmod: use lower-case x Clemens Buchacher
2012-01-04 18:00 ` [PATCH 1/2] daemon: add tests Junio C Hamano
2012-01-04 20:13 ` Junio C Hamano
2012-01-04 20:40 ` Clemens Buchacher
2012-01-04 22:15 ` Junio C Hamano
2012-01-04 22:26 ` Jeff King
2012-01-05 0:07 ` Clemens Buchacher
2012-01-05 0:24 ` Junio C Hamano
2012-01-05 0:38 ` Clemens Buchacher
2012-01-05 2:55 ` Jeff King
2012-01-05 16:06 ` Clemens Buchacher
2012-01-06 15:52 ` Jeff King
2012-01-06 19:48 ` Clemens Buchacher
2012-01-06 22:32 ` Jeff King
2012-01-07 11:54 ` [PATCH] credentials: unable to connect to cache daemon Clemens Buchacher
2012-01-07 14:55 ` Jeff King
2012-01-06 22:49 ` [PATCH 1/2] daemon: add tests Junio C Hamano
2012-01-07 11:42 ` Clemens Buchacher
2012-01-07 11:42 ` [PATCH 1/5] run-command: optionally kill children on exit Clemens Buchacher
2012-01-07 12:45 ` Erik Faye-Lund
2012-01-08 20:56 ` Clemens Buchacher
2012-01-07 14:41 ` Jeff King
2012-01-07 11:42 ` [PATCH 2/5] run-command: kill children on exit by default Clemens Buchacher
2012-01-07 14:50 ` Jeff King
2012-01-08 6:26 ` Junio C Hamano
2012-01-08 20:41 ` [PATCH 2/5 v2] dashed externals: kill children on exit Clemens Buchacher
2012-01-08 21:07 ` Jeff King
2012-01-07 11:42 ` [PATCH 3/5] git-daemon: add tests Clemens Buchacher
2012-01-07 11:42 ` [PATCH 4/5] git-daemon: produce output when ready Clemens Buchacher
2012-01-07 11:42 ` [PATCH 5/5] git-daemon tests: wait until daemon is ready Clemens Buchacher
2012-01-05 2:24 ` [PATCH 1/2] daemon: add tests Jakub Narebski
2012-01-05 2:51 ` Jeff King
2012-01-06 23:35 ` Jakub Narebski
2012-01-07 11:46 ` Clemens Buchacher
2012-01-06 6:17 ` Brian Gernhardt
2011-10-03 9:49 ` [PATCH] transport: do not allow to push over git:// protocol Jakub Narebski
2011-10-03 10:02 ` Jeff King
2011-10-03 11:01 ` Ilari Liusvaara
2011-10-03 11:26 ` [PATCH] Support ERR in remote archive like in fetch/push Jonathan Nieder
2011-10-03 11:45 ` René Scharfe
2011-10-03 18:13 ` Nguyen Thai Ngoc Duy [this message]
2011-10-03 20:27 ` [PATCH] transport: do not allow to push over git:// protocol Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111003181338.GA13392@duynguyen-vnpc \
--to=pclouds@gmail.com \
--cc=git@vger.kernel.org \
--cc=ilari.liusvaara@elisanet.fi \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).