daemon: return "access denied" if a service is not allowed
The message is chosen to avoid leaking information, yet let users know that they are deliberately not allowed to use the service, not a fault in service configuration or the service itself. Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
parent
7ed863a85a
commit
723f7a1387
12
daemon.c
12
daemon.c
@ -257,11 +257,11 @@ static int run_service(char *dir, struct daemon_service *service)
|
||||
if (!enabled && !service->overridable) {
|
||||
logerror("'%s': service not enabled.", service->name);
|
||||
errno = EACCES;
|
||||
return -1;
|
||||
goto failed;
|
||||
}
|
||||
|
||||
if (!(path = path_ok(dir)))
|
||||
return -1;
|
||||
goto failed;
|
||||
|
||||
/*
|
||||
* Security on the cheap.
|
||||
@ -277,7 +277,7 @@ static int run_service(char *dir, struct daemon_service *service)
|
||||
if (!export_all_trees && access("git-daemon-export-ok", F_OK)) {
|
||||
logerror("'%s': repository not exported.", path);
|
||||
errno = EACCES;
|
||||
return -1;
|
||||
goto failed;
|
||||
}
|
||||
|
||||
if (service->overridable) {
|
||||
@ -291,7 +291,7 @@ static int run_service(char *dir, struct daemon_service *service)
|
||||
logerror("'%s': service not enabled for '%s'",
|
||||
service->name, path);
|
||||
errno = EACCES;
|
||||
return -1;
|
||||
goto failed;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -301,6 +301,10 @@ static int run_service(char *dir, struct daemon_service *service)
|
||||
signal(SIGTERM, SIG_IGN);
|
||||
|
||||
return service->fn();
|
||||
|
||||
failed:
|
||||
packet_write(1, "ERR %s: access denied", dir);
|
||||
return -1;
|
||||
}
|
||||
|
||||
static void copy_to_log(int fd)
|
||||
|
Loading…
Reference in New Issue
Block a user