Merge branch 'ds/doc-wo-whitelist' into maint
Avoid "white/black-list" in documentation and code comments. source: <pull.1274.v3.git.1658255537.gitgitgadget@gmail.com> * ds/doc-wo-whitelist: transport.c: avoid "whitelist" t: avoid "whitelist" git.txt: remove redundant language git-cvsserver: clarify directory list daemon: clarify directory arguments
This commit is contained in:
commit
ef7b9ad032
@ -63,11 +63,10 @@ Print version information and exit
|
||||
Print usage information and exit
|
||||
|
||||
<directory>::
|
||||
You can specify a list of allowed directories. If no directories
|
||||
are given, all are allowed. This is an additional restriction, gitcvs
|
||||
access still needs to be enabled by the `gitcvs.enabled` config option
|
||||
unless `--export-all` was given, too.
|
||||
|
||||
The remaining arguments provide a list of directories. If no directories
|
||||
are given, then all are allowed. Repositories within these directories
|
||||
still require the `gitcvs.enabled` config option, unless `--export-all`
|
||||
is specified.
|
||||
|
||||
LIMITATIONS
|
||||
-----------
|
||||
@ -311,11 +310,13 @@ ENVIRONMENT
|
||||
These variables obviate the need for command-line options in some
|
||||
circumstances, allowing easier restricted usage through git-shell.
|
||||
|
||||
GIT_CVSSERVER_BASE_PATH takes the place of the argument to --base-path.
|
||||
GIT_CVSSERVER_BASE_PATH::
|
||||
This variable replaces the argument to --base-path.
|
||||
|
||||
GIT_CVSSERVER_ROOT specifies a single-directory whitelist. The
|
||||
repository must still be configured to allow access through
|
||||
git-cvsserver, as described above.
|
||||
GIT_CVSSERVER_ROOT::
|
||||
This variable specifies a single directory, replacing the
|
||||
`<directory>...` argument list. The repository still requires the
|
||||
`gitcvs.enabled` config option, unless `--export-all` is specified.
|
||||
|
||||
When these environment variables are set, the corresponding
|
||||
command-line arguments may not be used.
|
||||
|
@ -32,8 +32,8 @@ that service if it is enabled.
|
||||
It verifies that the directory has the magic file "git-daemon-export-ok", and
|
||||
it will refuse to export any Git directory that hasn't explicitly been marked
|
||||
for export this way (unless the `--export-all` parameter is specified). If you
|
||||
pass some directory paths as 'git daemon' arguments, you can further restrict
|
||||
the offers to a whitelist comprising of those.
|
||||
pass some directory paths as 'git daemon' arguments, the offers are limited to
|
||||
repositories within those directories.
|
||||
|
||||
By default, only `upload-pack` service is enabled, which serves
|
||||
'git fetch-pack' and 'git ls-remote' clients, which are invoked
|
||||
@ -50,7 +50,7 @@ OPTIONS
|
||||
Match paths exactly (i.e. don't allow "/foo/repo" when the real path is
|
||||
"/foo/repo.git" or "/foo/repo/.git") and don't do user-relative paths.
|
||||
'git daemon' will refuse to start when this option is enabled and no
|
||||
whitelist is specified.
|
||||
directory arguments are provided.
|
||||
|
||||
--base-path=<path>::
|
||||
Remap all the path requests as relative to the given path.
|
||||
@ -73,7 +73,7 @@ OPTIONS
|
||||
%IP for the server's IP address, %P for the port number,
|
||||
and %D for the absolute path of the named repository.
|
||||
After interpolation, the path is validated against the directory
|
||||
whitelist.
|
||||
list.
|
||||
|
||||
--export-all::
|
||||
Allow pulling from all directories that look like Git repositories
|
||||
@ -218,9 +218,11 @@ standard output to be sent to the requestor as an error message when
|
||||
it declines the service.
|
||||
|
||||
<directory>::
|
||||
A directory to add to the whitelist of allowed directories. Unless
|
||||
--strict-paths is specified this will also include subdirectories
|
||||
of each named directory.
|
||||
The remaining arguments provide a list of directories. If any
|
||||
directories are specified, then the `git-daemon` process will
|
||||
serve a requested directory only if it is contained in one of
|
||||
these directories. If `--strict-paths` is specified, then the
|
||||
requested directory must match one of these directories exactly.
|
||||
|
||||
SERVICES
|
||||
--------
|
||||
@ -264,9 +266,8 @@ git 9418/tcp # Git Version Control System
|
||||
|
||||
'git daemon' as inetd server::
|
||||
To set up 'git daemon' as an inetd service that handles any
|
||||
repository under the whitelisted set of directories, /pub/foo
|
||||
and /pub/bar, place an entry like the following into
|
||||
/etc/inetd all on one line:
|
||||
repository within `/pub/foo` or `/pub/bar`, place an entry like
|
||||
the following into `/etc/inetd` all on one line:
|
||||
+
|
||||
------------------------------------------------
|
||||
git stream tcp nowait nobody /usr/bin/git
|
||||
|
@ -885,9 +885,7 @@ for full details.
|
||||
If set to a colon-separated list of protocols, behave as if
|
||||
`protocol.allow` is set to `never`, and each of the listed
|
||||
protocols has `protocol.<name>.allow` set to `always`
|
||||
(overriding any existing configuration). In other words, any
|
||||
protocol not mentioned will be disallowed (i.e., this is a
|
||||
whitelist, not a blacklist). See the description of
|
||||
(overriding any existing configuration). See the description of
|
||||
`protocol.allow` in linkgit:git-config[1] for more details.
|
||||
|
||||
`GIT_PROTOCOL_FROM_USER`::
|
||||
|
8
daemon.c
8
daemon.c
@ -279,7 +279,7 @@ static const char *path_ok(const char *directory, struct hostinfo *hi)
|
||||
/* The validation is done on the paths after enter_repo
|
||||
* appends optional {.git,.git/.git} and friends, but
|
||||
* it does not use getcwd(). So if your /pub is
|
||||
* a symlink to /mnt/pub, you can whitelist /pub and
|
||||
* a symlink to /mnt/pub, you can include /pub and
|
||||
* do not have to say /mnt/pub.
|
||||
* Do not say /pub/.
|
||||
*/
|
||||
@ -298,7 +298,7 @@ static const char *path_ok(const char *directory, struct hostinfo *hi)
|
||||
return path;
|
||||
}
|
||||
|
||||
logerror("'%s': not in whitelist", path);
|
||||
logerror("'%s': not in directory list", path);
|
||||
return NULL; /* Fallthrough. Deny by default */
|
||||
}
|
||||
|
||||
@ -403,7 +403,7 @@ static int run_service(const char *dir, struct daemon_service *service,
|
||||
* a "git-daemon-export-ok" flag that says that the other side
|
||||
* is ok with us doing this.
|
||||
*
|
||||
* path_ok() uses enter_repo() and does whitelist checking.
|
||||
* path_ok() uses enter_repo() and checks for included directories.
|
||||
* We only need to make sure the repository is exported.
|
||||
*/
|
||||
|
||||
@ -1444,7 +1444,7 @@ int cmd_main(int argc, const char **argv)
|
||||
cred = prepare_credentials(user_name, group_name);
|
||||
|
||||
if (strict_paths && (!ok_paths || !*ok_paths))
|
||||
die("option --strict-paths requires a whitelist");
|
||||
die("option --strict-paths requires '<directory>' arguments");
|
||||
|
||||
if (base_path && !is_directory(base_path))
|
||||
die("base-path '%s' does not exist or is not a directory",
|
||||
|
@ -152,7 +152,7 @@ $state->{allowed_roots} = [ @ARGV ];
|
||||
|
||||
# don't export the whole system unless the users requests it
|
||||
if ($state->{'export-all'} && !@{$state->{allowed_roots}}) {
|
||||
die "--export-all can only be used together with an explicit whitelist\n";
|
||||
die "--export-all can only be used together with an explicit '<directory>...' list\n";
|
||||
}
|
||||
|
||||
# Environment handling for running under git-shell
|
||||
|
@ -1,7 +1,7 @@
|
||||
# Test routines for checking protocol disabling.
|
||||
|
||||
# Test clone/fetch/push with GIT_ALLOW_PROTOCOL whitelist
|
||||
test_whitelist () {
|
||||
# Test clone/fetch/push with GIT_ALLOW_PROTOCOL environment variable
|
||||
test_allow_var () {
|
||||
desc=$1
|
||||
proto=$2
|
||||
url=$3
|
||||
@ -183,7 +183,7 @@ test_config () {
|
||||
# $2 - machine-readable name of the protocol
|
||||
# $3 - the URL to try cloning
|
||||
test_proto () {
|
||||
test_whitelist "$@"
|
||||
test_allow_var "$@"
|
||||
|
||||
test_config "$@"
|
||||
}
|
||||
|
@ -16,7 +16,7 @@ test_expect_success 'create git-accessible repo' '
|
||||
|
||||
test_proto "smart http" http "$HTTPD_URL/smart/repo.git"
|
||||
|
||||
test_expect_success 'curl redirects respect whitelist' '
|
||||
test_expect_success 'http(s) transport respects GIT_ALLOW_PROTOCOL' '
|
||||
test_must_fail env GIT_ALLOW_PROTOCOL=http:https \
|
||||
GIT_SMART_HTTP=0 \
|
||||
git clone "$HTTPD_URL/ftp-redir/repo.git" 2>stderr &&
|
||||
|
@ -1,6 +1,6 @@
|
||||
#!/bin/sh
|
||||
|
||||
test_description='test protocol whitelisting with submodules'
|
||||
test_description='test protocol filtering with submodules'
|
||||
. ./test-lib.sh
|
||||
. "$TEST_DIRECTORY"/lib-proto-disable.sh
|
||||
|
||||
@ -36,7 +36,7 @@ test_expect_success 'update of ext not allowed' '
|
||||
test_must_fail git -C dst submodule update ext-module
|
||||
'
|
||||
|
||||
test_expect_success 'user can override whitelist' '
|
||||
test_expect_success 'user can filter protocols with GIT_ALLOW_PROTOCOL' '
|
||||
GIT_ALLOW_PROTOCOL=ext git -C dst submodule update ext-module
|
||||
'
|
||||
|
||||
|
@ -221,7 +221,7 @@ test_expect_success 'req_Root (export-all)' \
|
||||
'cat request-anonymous | git-cvsserver --export-all pserver "$WORKDIR" >log 2>&1 &&
|
||||
sed -ne \$p log | grep "^I LOVE YOU\$"'
|
||||
|
||||
test_expect_success 'req_Root failure (export-all w/o whitelist)' \
|
||||
test_expect_success 'req_Root failure (export-all w/o directory list)' \
|
||||
'! (cat request-anonymous | git-cvsserver --export-all pserver >log 2>&1 || false)'
|
||||
|
||||
test_expect_success 'req_Root (everything together)' \
|
||||
|
@ -651,8 +651,7 @@ test_set_prereq () {
|
||||
# test_unset_prereq()
|
||||
!*)
|
||||
;;
|
||||
# (Temporary?) whitelist of things we can't easily
|
||||
# pretend not to support
|
||||
# List of things we can't easily pretend to not support
|
||||
SYMLINKS)
|
||||
;;
|
||||
# Inspecting whether GIT_TEST_FAIL_PREREQS is on
|
||||
|
@ -940,7 +940,7 @@ static int external_specification_len(const char *url)
|
||||
return strchr(url, ':') - url;
|
||||
}
|
||||
|
||||
static const struct string_list *protocol_whitelist(void)
|
||||
static const struct string_list *protocol_allow_list(void)
|
||||
{
|
||||
static int enabled = -1;
|
||||
static struct string_list allowed = STRING_LIST_INIT_DUP;
|
||||
@ -1020,9 +1020,9 @@ static enum protocol_allow_config get_protocol_config(const char *type)
|
||||
|
||||
int is_transport_allowed(const char *type, int from_user)
|
||||
{
|
||||
const struct string_list *whitelist = protocol_whitelist();
|
||||
if (whitelist)
|
||||
return string_list_has_string(whitelist, type);
|
||||
const struct string_list *allow_list = protocol_allow_list();
|
||||
if (allow_list)
|
||||
return string_list_has_string(allow_list, type);
|
||||
|
||||
switch (get_protocol_config(type)) {
|
||||
case PROTOCOL_ALLOW_ALWAYS:
|
||||
|
Loading…
Reference in New Issue
Block a user