aboutsummaryrefslogtreecommitdiff
path: root/git-cvsserver.perl
diff options
context:
space:
mode:
authorFrank Lichtenheld <frank@lichtenheld.de>2007-06-07 16:57:01 +0200
committerJunio C Hamano <gitster@pobox.com>2007-06-08 02:56:18 -0700
commit693b63273e05b5db4612178989271de14439b08f (patch)
treedd3a0b2185f8099ac72b0a057b1d6d94cda4d47e /git-cvsserver.perl
parentabc403f58452da667b261274a1091af61dfec35c (diff)
downloadgit-693b63273e05b5db4612178989271de14439b08f.tar.gz
git-693b63273e05b5db4612178989271de14439b08f.tar.xz
cvsserver: Add some useful commandline options
Make git-cvsserver understand some options inspired by git-daemon, namely --base-path, --export-all, --strict-paths. Also allow the caller to specify a whitelist of allowed directories, again similar to git-daemon. While already adding option parsing also support the common --help and --version options. Rationale: While the gitcvs.enabled configuration option already offers means to limit git-cvsserver access to a repository, there are some use cases where other methods of access control prove to be more useful. E.g. if setting up a pserver for a collection of public repositories one might want limit the exported repositories to exactly the directory this collection is located whithout having to worry about other repositories that might lie around with the configuration variable set (never trust your users ;) Signed-off-by: Frank Lichtenheld <frank@lichtenheld.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'git-cvsserver.perl')
-rwxr-xr-xgit-cvsserver.perl79
1 files changed, 73 insertions, 6 deletions
diff --git a/git-cvsserver.perl b/git-cvsserver.perl
index d41b29f30..9fbd9dbb2 100755
--- a/git-cvsserver.perl
+++ b/git-cvsserver.perl
@@ -22,6 +22,9 @@ use bytes;
use Fcntl;
use File::Temp qw/tempdir tempfile/;
use File::Basename;
+use Getopt::Long qw(:config require_order no_ignore_case);
+
+my $VERSION = '@@GIT_VERSION@@';
my $log = GITCVS::log->new();
my $cfg;
@@ -85,15 +88,52 @@ my $methods = {
my $state = { prependdir => '' };
$log->info("--------------- STARTING -----------------");
+my $usage =
+ "Usage: git-cvsserver [options] [pserver|server] [<directory> ...]\n".
+ " --base-path <path> : Prepend to requested CVSROOT\n".
+ " --strict-paths : Don't allow recursing into subdirectories\n".
+ " --export-all : Don't check for gitcvs.enabled in config\n".
+ " --version, -V : Print version information and exit\n".
+ " --help, -h, -H : Print usage information and exit\n".
+ "\n".
+ "<directory> ... is a list of allowed directories. If no directories\n".
+ "are given, all are allowed. This is an additional restriction, gitcvs\n".
+ "access still needs to be enabled by the gitcvs.enabled config option.\n";
+
+my @opts = ( 'help|h|H', 'version|V',
+ 'base-path=s', 'strict-paths', 'export-all' );
+GetOptions( $state, @opts )
+ or die $usage;
+
+if ($state->{version}) {
+ print "git-cvsserver version $VERSION\n";
+ exit;
+}
+if ($state->{help}) {
+ print $usage;
+ exit;
+}
+
my $TEMP_DIR = tempdir( CLEANUP => 1 );
$log->debug("Temporary directory is '$TEMP_DIR'");
+$state->{method} = 'ext';
+if (@ARGV) {
+ if ($ARGV[0] eq 'pserver') {
+ $state->{method} = 'pserver';
+ shift @ARGV;
+ } elsif ($ARGV[0] eq 'server') {
+ shift @ARGV;
+ }
+}
+
+# everything else is a directory
+$state->{allowed_roots} = [ @ARGV ];
+
# if we are called with a pserver argument,
# deal with the authentication cat before entering the
# main loop
-$state->{method} = 'ext';
-if (@ARGV && $ARGV[0] eq 'pserver') {
- $state->{method} = 'pserver';
+if ($state->{method} eq 'pserver') {
my $line = <STDIN>; chomp $line;
unless( $line =~ /^BEGIN (AUTH|VERIFICATION) REQUEST$/) {
die "E Do not understand $line - expecting BEGIN AUTH REQUEST\n";
@@ -178,13 +218,40 @@ sub req_Root
return 0;
}
- $state->{CVSROOT} = $data;
+ $state->{CVSROOT} = $state->{'base-path'} || '';
+ $state->{CVSROOT} =~ s#/+$##;
+ $state->{CVSROOT} .= $data;
$ENV{GIT_DIR} = $state->{CVSROOT} . "/";
+
+ if (@{$state->{allowed_roots}}) {
+ my $allowed = 0;
+ foreach my $dir (@{$state->{allowed_roots}}) {
+ next unless $dir =~ m#^/#;
+ $dir =~ s#/+$##;
+ if ($state->{'strict-paths'}) {
+ if ($ENV{GIT_DIR} =~ m#^\Q$dir\E/?$#) {
+ $allowed = 1;
+ last;
+ }
+ } elsif ($ENV{GIT_DIR} =~ m#^\Q$dir\E(/?$|/)#) {
+ $allowed = 1;
+ last;
+ }
+ }
+
+ unless ($allowed) {
+ print "E $ENV{GIT_DIR} does not seem to be a valid GIT repository\n";
+ print "E \n";
+ print "error 1 $ENV{GIT_DIR} is not a valid repository\n";
+ return 0;
+ }
+ }
+
unless (-d $ENV{GIT_DIR} && -e $ENV{GIT_DIR}.'HEAD') {
print "E $ENV{GIT_DIR} does not seem to be a valid GIT repository\n";
- print "E \n";
- print "error 1 $ENV{GIT_DIR} is not a valid repository\n";
+ print "E \n";
+ print "error 1 $ENV{GIT_DIR} is not a valid repository\n";
return 0;
}