diff options
author | Nguyễn Thái Ngọc Duy <pclouds@gmail.com> | 2011-10-04 08:55:09 +1100 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2011-10-03 15:20:25 -0700 |
commit | 723f7a1387f1d79541fdbe66ad3778f2aaa370c4 (patch) | |
tree | 29ad61c0fa683260d59c8dc6f0fe4c30a0b1aa42 /daemon.c | |
parent | Git 1.7.4 (diff) | |
download | tgif-723f7a1387f1d79541fdbe66ad3778f2aaa370c4.tar.xz |
daemon: return "access denied" if a service is not allowed
The message is chosen to avoid leaking information, yet let users know
that they are deliberately not allowed to use the service, not a fault
in service configuration or the service itself.
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'daemon.c')
-rw-r--r-- | daemon.c | 12 |
1 files changed, 8 insertions, 4 deletions
@@ -257,11 +257,11 @@ static int run_service(char *dir, struct daemon_service *service) if (!enabled && !service->overridable) { logerror("'%s': service not enabled.", service->name); errno = EACCES; - return -1; + goto failed; } if (!(path = path_ok(dir))) - return -1; + goto failed; /* * Security on the cheap. @@ -277,7 +277,7 @@ static int run_service(char *dir, struct daemon_service *service) if (!export_all_trees && access("git-daemon-export-ok", F_OK)) { logerror("'%s': repository not exported.", path); errno = EACCES; - return -1; + goto failed; } if (service->overridable) { @@ -291,7 +291,7 @@ static int run_service(char *dir, struct daemon_service *service) logerror("'%s': service not enabled for '%s'", service->name, path); errno = EACCES; - return -1; + goto failed; } /* @@ -301,6 +301,10 @@ static int run_service(char *dir, struct daemon_service *service) signal(SIGTERM, SIG_IGN); return service->fn(); + +failed: + packet_write(1, "ERR %s: access denied", dir); + return -1; } static void copy_to_log(int fd) |