From b8db4eb5d8ffd32a50e5173af7472f6a1cf56f42 Mon Sep 17 00:00:00 2001 From: Tony Finch Date: Fri, 26 Mar 2010 18:56:43 +0000 Subject: git-daemon: allow virtual hosts to forbit tilde parts in URLs --- git-daemon/git-daemon-vhosts.pl | 22 +++++++++++++--------- git-daemon/git-daemon.pl | 9 +++++---- 2 files changed, 18 insertions(+), 13 deletions(-) (limited to 'git-daemon') diff --git a/git-daemon/git-daemon-vhosts.pl b/git-daemon/git-daemon-vhosts.pl index 2046f9f..7c37b7a 100644 --- a/git-daemon/git-daemon-vhosts.pl +++ b/git-daemon/git-daemon-vhosts.pl @@ -14,22 +14,26 @@ $REPO = qr{[-+._0-9A-Za-z]+}; # The vhost_default_user hash specifies what user handles git requests # for each virtual host, if the URL does not have a tilde part, or if -# the virtual host does not appear in the vhost_user_from_tilde hash. -# If a virtual host does not appear in this hash then URLs without a -# tilde part are forbidden for that virtual host. +# the virtual hosts does not appear in either vhost_tilde hash. If a +# virtual host does not appear in this hash then it does not permit +# URLs without tilde parts. %vhost_default_user = ( 'dotat.at' => 'fanf', ); -# The vhost_user_from_tilde hash lists which virtual hosts allow the -# tilde part to specify the user that should handle the request. If a -# virtual host is not present in this hash then its default user -# handles all requests. If a virtual host is not present in either map -# then no requests are permitted. +# The vhost_tilde_is_user hash specifies which virtual hosts use the +# tilde part of a URL to specify the user that handles the request. -%vhost_user_from_tilde = ( +%vhost_tilde_is_user = ( 'chiark.greenend.org.uk' => 1, ); +# The vhost_tilde_forbidden hash specifies which virtual hosts do not +# permit URLs with tilde parts. + +%vhost_tilde_forbidden = ( + 'dotat.at' => 1, +); + # end diff --git a/git-daemon/git-daemon.pl b/git-daemon/git-daemon.pl index 5458c08..a17412f 100755 --- a/git-daemon/git-daemon.pl +++ b/git-daemon/git-daemon.pl @@ -17,8 +17,8 @@ use POSIX; use Socket; use Sys::Syslog; -use vars qw{ %vhost_default_user %vhost_user_from_tilde - $TILDE $REPO $HOSTNAME }; +use vars qw{ $TILDE $REPO $HOSTNAME + %vhost_default_user %vhost_tilde_is_user %vhost_tilde_forbidden }; use lib '/etc/userv'; require 'git-daemon-vhosts.pl'; @@ -67,8 +67,9 @@ unless ($line =~ m{^git-upload-pack (?:~($TILDE)/)?($REPO[.]git)\0host=($HOSTNAM my ($tilde,$repo,$host) = ($1,$2,$3); my $url = $tilde ? "git://$host/~$tilde/$repo" : "git://$host/$repo"; -my $user = $vhost_user_from_tilde{$host} ? $tilde : $vhost_default_user{$host}; -fail "no user configuration for $url" unless defined $user; +fail "tilde forbidden for $url" if defined $tilde and $vhost_tilde_forbidden{$host}; +my $user = $vhost_tilde_is_user{$host} ? $tilde : $vhost_default_user{$host}; +fail "no user configured for $url" unless defined $user; syslog 'info', "$peer $user $url"; my @opts = ("-DHOST=$host", "-DREPO=$repo"); -- cgit v1.2.3