diff options
author | Frank Lichtenheld <frank@lichtenheld.de> | 2007-06-15 03:01:53 +0200 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2007-06-15 22:38:48 -0700 |
commit | 226bccb9ad42441269507a2101b47424d7c9c477 (patch) | |
tree | 1e852b988345967220866a605ab29717dd104631 | |
parent | fd1cd91e9407bccba3380dad6dcb60c4154d94a2 (diff) | |
download | git-226bccb9ad42441269507a2101b47424d7c9c477.tar.gz git-226bccb9ad42441269507a2101b47424d7c9c477.tar.xz |
cvsserver: Actually implement --export-all
Embarrassing bug number two in my options patch.
Also enforce that --export-all is only ever used together with an
explicit whitelist. Otherwise people might export every git repository
on the whole system without realising.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r-- | Documentation/git-cvsserver.txt | 3 | ||||
-rwxr-xr-x | git-cvsserver.perl | 8 | ||||
-rwxr-xr-x | t/t9400-git-cvsserver-server.sh | 16 |
3 files changed, 25 insertions, 2 deletions
diff --git a/Documentation/git-cvsserver.txt b/Documentation/git-cvsserver.txt index 6d1e31174..60d0bcf0f 100644 --- a/Documentation/git-cvsserver.txt +++ b/Documentation/git-cvsserver.txt @@ -38,7 +38,8 @@ Prepend 'path' to requested CVSROOT Don't allow recursing into subdirectories --export-all:: -Don't check for `gitcvs.enabled` in config +Don't check for `gitcvs.enabled` in config. You also have to specify a list +of allowed directories (see below) if you want to use this option. --version, -V:: Print version information and exit diff --git a/git-cvsserver.perl b/git-cvsserver.perl index f78afe812..5cbf27eeb 100755 --- a/git-cvsserver.perl +++ b/git-cvsserver.perl @@ -130,6 +130,11 @@ if (@ARGV) { # everything else is a directory $state->{allowed_roots} = [ @ARGV ]; +# don't export the whole system unless the users requests it +if ($state->{'export-all'} && !@{$state->{allowed_roots}}) { + die "--export-all can only be used together with an explicit whitelist\n"; +} + # if we are called with a pserver argument, # deal with the authentication cat before entering the # main loop @@ -276,7 +281,8 @@ sub req_Root my $enabled = ($cfg->{gitcvs}{$state->{method}}{enabled} || $cfg->{gitcvs}{enabled}); - unless ($enabled && $enabled =~ /^\s*(1|true|yes)\s*$/i) { + unless ($state->{'export-all'} || + ($enabled && $enabled =~ /^\s*(1|true|yes)\s*$/i)) { print "E GITCVS emulation needs to be enabled on this repo\n"; print "E the repo config file needs a [gitcvs] section added, and the parameter 'enabled' set to 1\n"; print "E \n"; diff --git a/t/t9400-git-cvsserver-server.sh b/t/t9400-git-cvsserver-server.sh index 9b69452d6..b442b5d14 100755 --- a/t/t9400-git-cvsserver-server.sh +++ b/t/t9400-git-cvsserver-server.sh @@ -173,6 +173,22 @@ test_expect_success 'req_Root (base-path)' \ test_expect_failure 'req_Root failure (base-path)' \ 'cat request-anonymous | git-cvsserver --strict-paths --base-path $WORKDIR pserver $SERVERDIR >log 2>&1' +GIT_DIR="$SERVERDIR" git config --bool gitcvs.enabled false || exit 1 + +test_expect_success 'req_Root (export-all)' \ + 'cat request-anonymous | git-cvsserver --export-all pserver $WORKDIR >log 2>&1 && + tail -n1 log | grep -q "^I LOVE YOU$"' + +test_expect_failure 'req_Root failure (export-all w/o whitelist)' \ + 'cat request-anonymous | git-cvsserver --export-all pserver >log 2>&1 + || false' + +test_expect_success 'req_Root (everything together)' \ + 'cat request-base | git-cvsserver --export-all --strict-paths --base-path $WORKDIR/ pserver $SERVERDIR >log 2>&1 && + tail -n1 log | grep -q "^I LOVE YOU$"' + +GIT_DIR="$SERVERDIR" git config --bool gitcvs.enabled true || exit 1 + #-------------- # CONFIG TESTS #-------------- |