summaryrefslogtreecommitdiff
path: root/daemon.c
diff options
context:
space:
mode:
authorLibravatar Nguyễn Thái Ngọc Duy <pclouds@gmail.com>2011-10-04 08:55:09 +1100
committerLibravatar Junio C Hamano <gitster@pobox.com>2011-10-03 15:20:25 -0700
commit723f7a1387f1d79541fdbe66ad3778f2aaa370c4 (patch)
tree29ad61c0fa683260d59c8dc6f0fe4c30a0b1aa42 /daemon.c
parentGit 1.7.4 (diff)
downloadtgif-723f7a1387f1d79541fdbe66ad3778f2aaa370c4.tar.xz
daemon: return "access denied" if a service is not allowed
The message is chosen to avoid leaking information, yet let users know that they are deliberately not allowed to use the service, not a fault in service configuration or the service itself. Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'daemon.c')
-rw-r--r--daemon.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/daemon.c b/daemon.c
index 347fd0c52b..ac24b637e4 100644
--- a/daemon.c
+++ b/daemon.c
@@ -257,11 +257,11 @@ static int run_service(char *dir, struct daemon_service *service)
if (!enabled && !service->overridable) {
logerror("'%s': service not enabled.", service->name);
errno = EACCES;
- return -1;
+ goto failed;
}
if (!(path = path_ok(dir)))
- return -1;
+ goto failed;
/*
* Security on the cheap.
@@ -277,7 +277,7 @@ static int run_service(char *dir, struct daemon_service *service)
if (!export_all_trees && access("git-daemon-export-ok", F_OK)) {
logerror("'%s': repository not exported.", path);
errno = EACCES;
- return -1;
+ goto failed;
}
if (service->overridable) {
@@ -291,7 +291,7 @@ static int run_service(char *dir, struct daemon_service *service)
logerror("'%s': service not enabled for '%s'",
service->name, path);
errno = EACCES;
- return -1;
+ goto failed;
}
/*
@@ -301,6 +301,10 @@ static int run_service(char *dir, struct daemon_service *service)
signal(SIGTERM, SIG_IGN);
return service->fn();
+
+failed:
+ packet_write(1, "ERR %s: access denied", dir);
+ return -1;
}
static void copy_to_log(int fd)