aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrank Lichtenheld <frank@lichtenheld.de>2007-06-15 03:01:53 +0200
committerJunio C Hamano <gitster@pobox.com>2007-06-15 22:38:48 -0700
commit226bccb9ad42441269507a2101b47424d7c9c477 (patch)
tree1e852b988345967220866a605ab29717dd104631
parentfd1cd91e9407bccba3380dad6dcb60c4154d94a2 (diff)
downloadgit-226bccb9ad42441269507a2101b47424d7c9c477.tar.gz
git-226bccb9ad42441269507a2101b47424d7c9c477.tar.xz
cvsserver: Actually implement --export-all
Embarrassing bug number two in my options patch. Also enforce that --export-all is only ever used together with an explicit whitelist. Otherwise people might export every git repository on the whole system without realising. Signed-off-by: Frank Lichtenheld <frank@lichtenheld.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--Documentation/git-cvsserver.txt3
-rwxr-xr-xgit-cvsserver.perl8
-rwxr-xr-xt/t9400-git-cvsserver-server.sh16
3 files changed, 25 insertions, 2 deletions
diff --git a/Documentation/git-cvsserver.txt b/Documentation/git-cvsserver.txt
index 6d1e31174..60d0bcf0f 100644
--- a/Documentation/git-cvsserver.txt
+++ b/Documentation/git-cvsserver.txt
@@ -38,7 +38,8 @@ Prepend 'path' to requested CVSROOT
Don't allow recursing into subdirectories
--export-all::
-Don't check for `gitcvs.enabled` in config
+Don't check for `gitcvs.enabled` in config. You also have to specify a list
+of allowed directories (see below) if you want to use this option.
--version, -V::
Print version information and exit
diff --git a/git-cvsserver.perl b/git-cvsserver.perl
index f78afe812..5cbf27eeb 100755
--- a/git-cvsserver.perl
+++ b/git-cvsserver.perl
@@ -130,6 +130,11 @@ if (@ARGV) {
# everything else is a directory
$state->{allowed_roots} = [ @ARGV ];
+# don't export the whole system unless the users requests it
+if ($state->{'export-all'} && !@{$state->{allowed_roots}}) {
+ die "--export-all can only be used together with an explicit whitelist\n";
+}
+
# if we are called with a pserver argument,
# deal with the authentication cat before entering the
# main loop
@@ -276,7 +281,8 @@ sub req_Root
my $enabled = ($cfg->{gitcvs}{$state->{method}}{enabled}
|| $cfg->{gitcvs}{enabled});
- unless ($enabled && $enabled =~ /^\s*(1|true|yes)\s*$/i) {
+ unless ($state->{'export-all'} ||
+ ($enabled && $enabled =~ /^\s*(1|true|yes)\s*$/i)) {
print "E GITCVS emulation needs to be enabled on this repo\n";
print "E the repo config file needs a [gitcvs] section added, and the parameter 'enabled' set to 1\n";
print "E \n";
diff --git a/t/t9400-git-cvsserver-server.sh b/t/t9400-git-cvsserver-server.sh
index 9b69452d6..b442b5d14 100755
--- a/t/t9400-git-cvsserver-server.sh
+++ b/t/t9400-git-cvsserver-server.sh
@@ -173,6 +173,22 @@ test_expect_success 'req_Root (base-path)' \
test_expect_failure 'req_Root failure (base-path)' \
'cat request-anonymous | git-cvsserver --strict-paths --base-path $WORKDIR pserver $SERVERDIR >log 2>&1'
+GIT_DIR="$SERVERDIR" git config --bool gitcvs.enabled false || exit 1
+
+test_expect_success 'req_Root (export-all)' \
+ 'cat request-anonymous | git-cvsserver --export-all pserver $WORKDIR >log 2>&1 &&
+ tail -n1 log | grep -q "^I LOVE YOU$"'
+
+test_expect_failure 'req_Root failure (export-all w/o whitelist)' \
+ 'cat request-anonymous | git-cvsserver --export-all pserver >log 2>&1
+ || false'
+
+test_expect_success 'req_Root (everything together)' \
+ 'cat request-base | git-cvsserver --export-all --strict-paths --base-path $WORKDIR/ pserver $SERVERDIR >log 2>&1 &&
+ tail -n1 log | grep -q "^I LOVE YOU$"'
+
+GIT_DIR="$SERVERDIR" git config --bool gitcvs.enabled true || exit 1
+
#--------------
# CONFIG TESTS
#--------------