Similar to how git-daemon checks whether a repository is OK to be exported, smart-http should also check. This check can be satisfied in two different ways: the environmental variable GIT_HTTP_EXPORT_ALL may be set to export all repositories, or the individual repository may have the file git-daemon-export-ok. Acked-by: Shawn O. Pearce <spearce@xxxxxxxxxxx> Signed-off-by: Tarmigan Casebolt <tarmigan+git@xxxxxxxxx> --- Documentation/git-http-backend.txt | 10 +++++++++ http-backend.c | 3 ++ t/lib-httpd/apache.conf | 5 ++++ t/t5560-http-backend.sh | 39 ++++++++++++++++++++++++++++++++++- 4 files changed, 55 insertions(+), 2 deletions(-) diff --git a/Documentation/git-http-backend.txt b/Documentation/git-http-backend.txt index 67aec06..c8fe08a 100644 --- a/Documentation/git-http-backend.txt +++ b/Documentation/git-http-backend.txt @@ -18,6 +18,11 @@ The program supports clients fetching using both the smart HTTP protcol and the backwards-compatible dumb HTTP protocol, as well as clients pushing using the smart HTTP protocol. +It verifies that the directory has the magic file +"git-daemon-export-ok", and it will refuse to export any git directory +that hasn't explicitly been marked for export this way (unless the +GIT_HTTP_EXPORT_ALL environmental variable is set). + By default, only the `upload-pack` service is enabled, which serves 'git-fetch-pack' and 'git-ls-remote' clients, which are invoked from 'git-fetch', 'git-pull', and 'git-clone'. If the client is authenticated, @@ -70,6 +75,7 @@ Apache 2.x:: + ---------------------------------------------------------------- SetEnv GIT_PROJECT_ROOT /var/www/git +SetEnv GIT_HTTP_EXPORT_ALL ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/ ---------------------------------------------------------------- + @@ -157,6 +163,10 @@ by the invoking web server, including: * QUERY_STRING * REQUEST_METHOD +The GIT_HTTP_EXPORT_ALL environmental variable may be passed to +'git-http-backend' to bypass the check for the "git-daemon-export-ok" +file in each repository before allowing export of that repository. + The backend process sets GIT_COMMITTER_NAME to '$REMOTE_USER' and GIT_COMMITTER_EMAIL to '$\{REMOTE_USER}@http.$\{REMOTE_ADDR\}', ensuring that any reflogs created by 'git-receive-pack' contain some diff --git a/http-backend.c b/http-backend.c index f729488..9de85cb 100644 --- a/http-backend.c +++ b/http-backend.c @@ -648,6 +648,9 @@ int main(int argc, char **argv) setup_path(); if (!enter_repo(dir, 0)) not_found("Not a git repository: '%s'", dir); + if (!getenv("GIT_HTTP_EXPORT_ALL") && + access("git-daemon-export-ok", F_OK) ) + forbidden("Repository not exported: '%s'", dir); git_config(http_config, NULL); cmd->imp(cmd_arg); diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf index 0fe3fd0..4961505 100644 --- a/t/lib-httpd/apache.conf +++ b/t/lib-httpd/apache.conf @@ -22,8 +22,13 @@ Alias /dumb/ www/ <Location /smart/> SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} + SetEnv GIT_HTTP_EXPORT_ALL +</Location> +<Location /smart_noexport/> + SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} </Location> ScriptAlias /smart/ ${GIT_EXEC_PATH}/git-http-backend/ +ScriptAlias /smart_noexport/ ${GIT_EXEC_PATH}/git-http-backend/ <Directory ${GIT_EXEC_PATH}> Options None </Directory> diff --git a/t/t5560-http-backend.sh b/t/t5560-http-backend.sh index ed034bc..126f6d5 100755 --- a/t/t5560-http-backend.sh +++ b/t/t5560-http-backend.sh @@ -23,7 +23,7 @@ config() { } GET() { - curl --include "$HTTPD_URL/smart/repo.git/$1" >out 2>/dev/null && + curl --include "$HTTPD_URL/$SMART/repo.git/$1" >out 2>/dev/null && tr '\015' Q <out | sed ' s/Q$// @@ -91,6 +91,20 @@ get_static_files() { GET $IDX_URL "$1" } +SMART=smart_noexport +test_expect_success 'no export by default' ' + log_div "no git-daemon-export-ok" + get_static_files "403 Forbidden" +' +test_expect_success 'export if git-daemon-export-ok' ' + log_div "git-daemon-export-ok" + (cd "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && + touch git-daemon-export-ok + ) && + get_static_files "200 OK" +' + +SMART=smart test_expect_success 'direct refs/heads/master not found' ' log_div "refs/heads/master" GET refs/heads/master "404 Not Found" @@ -145,7 +159,6 @@ test_expect_success 'http.receivepack false' ' GET info/refs?service=git-receive-pack "403 Forbidden" && POST git-receive-pack 0000 "403 Forbidden" ' - run_backend() { REQUEST_METHOD=GET \ GIT_PROJECT_ROOT="$HTTPD_DOCUMENT_ROOT_PATH" \ @@ -179,6 +192,28 @@ test_expect_success 'http-backend blocks bad PATH_INFO' ' cat >exp <<EOF +### no git-daemon-export-ok +### +GET /smart_noexport/repo.git/HEAD HTTP/1.1 403 - +GET /smart_noexport/repo.git/info/refs HTTP/1.1 403 - +GET /smart_noexport/repo.git/objects/info/packs HTTP/1.1 403 - +GET /smart_noexport/repo.git/objects/info/alternates HTTP/1.1 403 - +GET /smart_noexport/repo.git/objects/info/http-alternates HTTP/1.1 403 - +GET /smart_noexport/repo.git/$LOOSE_URL HTTP/1.1 403 - +GET /smart_noexport/repo.git/$PACK_URL HTTP/1.1 403 - +GET /smart_noexport/repo.git/$IDX_URL HTTP/1.1 403 - + +### git-daemon-export-ok +### +GET /smart_noexport/repo.git/HEAD HTTP/1.1 200 +GET /smart_noexport/repo.git/info/refs HTTP/1.1 200 +GET /smart_noexport/repo.git/objects/info/packs HTTP/1.1 200 +GET /smart_noexport/repo.git/objects/info/alternates HTTP/1.1 200 - +GET /smart_noexport/repo.git/objects/info/http-alternates HTTP/1.1 200 - +GET /smart_noexport/repo.git/$LOOSE_URL HTTP/1.1 200 +GET /smart_noexport/repo.git/$PACK_URL HTTP/1.1 200 +GET /smart_noexport/repo.git/$IDX_URL HTTP/1.1 200 + ### refs/heads/master ### GET /smart/repo.git/refs/heads/master HTTP/1.1 404 - -- 1.6.6.1.g8eede.dirty -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html