From 693b63273e05b5db4612178989271de14439b08f Mon Sep 17 00:00:00 2001 From: Frank Lichtenheld Date: Thu, 7 Jun 2007 16:57:01 +0200 Subject: [PATCH 1/3] cvsserver: Add some useful commandline options Make git-cvsserver understand some options inspired by git-daemon, namely --base-path, --export-all, --strict-paths. Also allow the caller to specify a whitelist of allowed directories, again similar to git-daemon. While already adding option parsing also support the common --help and --version options. Rationale: While the gitcvs.enabled configuration option already offers means to limit git-cvsserver access to a repository, there are some use cases where other methods of access control prove to be more useful. E.g. if setting up a pserver for a collection of public repositories one might want limit the exported repositories to exactly the directory this collection is located whithout having to worry about other repositories that might lie around with the configuration variable set (never trust your users ;) Signed-off-by: Frank Lichtenheld Signed-off-by: Junio C Hamano --- Documentation/git-cvsserver.txt | 42 ++++++++++++++++++ git-cvsserver.perl | 79 ++++++++++++++++++++++++++++++--- t/t9400-git-cvsserver-server.sh | 28 ++++++++++++ 3 files changed, 143 insertions(+), 6 deletions(-) diff --git a/Documentation/git-cvsserver.txt b/Documentation/git-cvsserver.txt index e5005f02f9..6d1e311740 100644 --- a/Documentation/git-cvsserver.txt +++ b/Documentation/git-cvsserver.txt @@ -7,10 +7,52 @@ git-cvsserver - A CVS server emulator for git SYNOPSIS -------- + +SSH: + [verse] export CVS_SERVER=git-cvsserver 'cvs' -d :ext:user@server/path/repo.git co +pserver (/etc/inetd.conf): + +[verse] +cvspserver stream tcp nowait nobody /usr/bin/git-cvsserver git-cvsserver pserver + +Usage: + +[verse] +'git-cvsserver' [options] [pserver|server] [ ...] + +OPTIONS +------- + +All these options obviously only make sense if enforced by the server side. +They have been implemented to resemble the gitlink:git-daemon[1] options as +closely as possible. + +--base-path :: +Prepend 'path' to requested CVSROOT + +--strict-paths:: +Don't allow recursing into subdirectories + +--export-all:: +Don't check for `gitcvs.enabled` in config + +--version, -V:: +Print version information and exit + +--help, -h, -H:: +Print usage information and exit + +:: +You can specify a list of allowed directories. If no directories +are given, all are allowed. This is an additional restriction, gitcvs +access still needs to be enabled by the `gitcvs.enabled` config option +unless '--export-all' was given, too. + + DESCRIPTION ----------- diff --git a/git-cvsserver.perl b/git-cvsserver.perl index d41b29f30b..9fbd9dbb20 100755 --- a/git-cvsserver.perl +++ b/git-cvsserver.perl @@ -22,6 +22,9 @@ use bytes; use Fcntl; use File::Temp qw/tempdir tempfile/; use File::Basename; +use Getopt::Long qw(:config require_order no_ignore_case); + +my $VERSION = '@@GIT_VERSION@@'; my $log = GITCVS::log->new(); my $cfg; @@ -85,15 +88,52 @@ my $methods = { my $state = { prependdir => '' }; $log->info("--------------- STARTING -----------------"); +my $usage = + "Usage: git-cvsserver [options] [pserver|server] [ ...]\n". + " --base-path : Prepend to requested CVSROOT\n". + " --strict-paths : Don't allow recursing into subdirectories\n". + " --export-all : Don't check for gitcvs.enabled in config\n". + " --version, -V : Print version information and exit\n". + " --help, -h, -H : Print usage information and exit\n". + "\n". + " ... is a list of allowed directories. If no directories\n". + "are given, all are allowed. This is an additional restriction, gitcvs\n". + "access still needs to be enabled by the gitcvs.enabled config option.\n"; + +my @opts = ( 'help|h|H', 'version|V', + 'base-path=s', 'strict-paths', 'export-all' ); +GetOptions( $state, @opts ) + or die $usage; + +if ($state->{version}) { + print "git-cvsserver version $VERSION\n"; + exit; +} +if ($state->{help}) { + print $usage; + exit; +} + my $TEMP_DIR = tempdir( CLEANUP => 1 ); $log->debug("Temporary directory is '$TEMP_DIR'"); +$state->{method} = 'ext'; +if (@ARGV) { + if ($ARGV[0] eq 'pserver') { + $state->{method} = 'pserver'; + shift @ARGV; + } elsif ($ARGV[0] eq 'server') { + shift @ARGV; + } +} + +# everything else is a directory +$state->{allowed_roots} = [ @ARGV ]; + # if we are called with a pserver argument, # deal with the authentication cat before entering the # main loop -$state->{method} = 'ext'; -if (@ARGV && $ARGV[0] eq 'pserver') { - $state->{method} = 'pserver'; +if ($state->{method} eq 'pserver') { my $line = ; chomp $line; unless( $line =~ /^BEGIN (AUTH|VERIFICATION) REQUEST$/) { die "E Do not understand $line - expecting BEGIN AUTH REQUEST\n"; @@ -178,13 +218,40 @@ sub req_Root return 0; } - $state->{CVSROOT} = $data; + $state->{CVSROOT} = $state->{'base-path'} || ''; + $state->{CVSROOT} =~ s#/+$##; + $state->{CVSROOT} .= $data; $ENV{GIT_DIR} = $state->{CVSROOT} . "/"; + + if (@{$state->{allowed_roots}}) { + my $allowed = 0; + foreach my $dir (@{$state->{allowed_roots}}) { + next unless $dir =~ m#^/#; + $dir =~ s#/+$##; + if ($state->{'strict-paths'}) { + if ($ENV{GIT_DIR} =~ m#^\Q$dir\E/?$#) { + $allowed = 1; + last; + } + } elsif ($ENV{GIT_DIR} =~ m#^\Q$dir\E(/?$|/)#) { + $allowed = 1; + last; + } + } + + unless ($allowed) { + print "E $ENV{GIT_DIR} does not seem to be a valid GIT repository\n"; + print "E \n"; + print "error 1 $ENV{GIT_DIR} is not a valid repository\n"; + return 0; + } + } + unless (-d $ENV{GIT_DIR} && -e $ENV{GIT_DIR}.'HEAD') { print "E $ENV{GIT_DIR} does not seem to be a valid GIT repository\n"; - print "E \n"; - print "error 1 $ENV{GIT_DIR} is not a valid repository\n"; + print "E \n"; + print "error 1 $ENV{GIT_DIR} is not a valid repository\n"; return 0; } diff --git a/t/t9400-git-cvsserver-server.sh b/t/t9400-git-cvsserver-server.sh index 41dcf646d1..392f890ce6 100755 --- a/t/t9400-git-cvsserver-server.sh +++ b/t/t9400-git-cvsserver-server.sh @@ -143,6 +143,34 @@ test_expect_success 'req_Root failure (conflicting roots)' \ 'cat request-conflict | git-cvsserver pserver >log 2>&1 && tail log | grep -q "^error 1 Conflicting roots specified$"' +test_expect_success 'req_Root (strict paths)' \ + 'cat request-anonymous | git-cvsserver --strict-paths pserver $SERVERDIR >log 2>&1 && + tail -n1 log | grep -q "^I LOVE YOU$"' + +test_expect_failure 'req_Root failure (strict-paths)' \ + 'cat request-anonymous | git-cvsserver --strict-paths pserver $WORKDIR >log 2>&1' + +test_expect_success 'req_Root (w/o strict-paths)' \ + 'cat request-anonymous | git-cvsserver pserver $WORKDIR/ >log 2>&1 && + tail -n1 log | grep -q "^I LOVE YOU$"' + +test_expect_failure 'req_Root failure (w/o strict-paths)' \ + 'cat request-anonymous | git-cvsserver pserver $WORKDIR/gitcvs >log 2>&1' + +cat >request-base <log 2>&1 && + tail -n1 log | grep -q "^I LOVE YOU$"' + +test_expect_failure 'req_Root failure (base-path)' \ + 'cat request-anonymous | git-cvsserver --strict-paths --base-path $WORKDIR pserver $SERVERDIR >log 2>&1' #-------------- # CONFIG TESTS From fd1cd91e9407bccba3380dad6dcb60c4154d94a2 Mon Sep 17 00:00:00 2001 From: Frank Lichtenheld Date: Fri, 15 Jun 2007 03:01:52 +0200 Subject: [PATCH 2/3] cvsserver: Let --base-path and pserver get along just fine Embarassing bug number one in my options patch. Since the code for --base-path support rewrote the cvsroot value after comparing it with a possible existing value (i.e. from pserver authentication) the check always failed. Signed-off-by: Frank Lichtenheld Signed-off-by: Junio C Hamano --- git-cvsserver.perl | 10 ++++++---- t/t9400-git-cvsserver-server.sh | 1 + 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/git-cvsserver.perl b/git-cvsserver.perl index 9fbd9dbb20..f78afe812e 100755 --- a/git-cvsserver.perl +++ b/git-cvsserver.perl @@ -212,15 +212,17 @@ sub req_Root return 0; } + my $cvsroot = $state->{'base-path'} || ''; + $cvsroot =~ s#/+$##; + $cvsroot .= $data; + if ($state->{CVSROOT} - && ($state->{CVSROOT} ne $data)) { + && ($state->{CVSROOT} ne $cvsroot)) { print "error 1 Conflicting roots specified\n"; return 0; } - $state->{CVSROOT} = $state->{'base-path'} || ''; - $state->{CVSROOT} =~ s#/+$##; - $state->{CVSROOT} .= $data; + $state->{CVSROOT} = $cvsroot; $ENV{GIT_DIR} = $state->{CVSROOT} . "/"; diff --git a/t/t9400-git-cvsserver-server.sh b/t/t9400-git-cvsserver-server.sh index 392f890ce6..9b69452d6f 100755 --- a/t/t9400-git-cvsserver-server.sh +++ b/t/t9400-git-cvsserver-server.sh @@ -163,6 +163,7 @@ BEGIN AUTH REQUEST anonymous END AUTH REQUEST +Root /gitcvs.git EOF test_expect_success 'req_Root (base-path)' \ From 226bccb9ad42441269507a2101b47424d7c9c477 Mon Sep 17 00:00:00 2001 From: Frank Lichtenheld Date: Fri, 15 Jun 2007 03:01:53 +0200 Subject: [PATCH 3/3] cvsserver: Actually implement --export-all Embarrassing bug number two in my options patch. Also enforce that --export-all is only ever used together with an explicit whitelist. Otherwise people might export every git repository on the whole system without realising. Signed-off-by: Frank Lichtenheld Signed-off-by: Junio C Hamano --- Documentation/git-cvsserver.txt | 3 ++- git-cvsserver.perl | 8 +++++++- t/t9400-git-cvsserver-server.sh | 16 ++++++++++++++++ 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/Documentation/git-cvsserver.txt b/Documentation/git-cvsserver.txt index 6d1e311740..60d0bcf0f3 100644 --- a/Documentation/git-cvsserver.txt +++ b/Documentation/git-cvsserver.txt @@ -38,7 +38,8 @@ Prepend 'path' to requested CVSROOT Don't allow recursing into subdirectories --export-all:: -Don't check for `gitcvs.enabled` in config +Don't check for `gitcvs.enabled` in config. You also have to specify a list +of allowed directories (see below) if you want to use this option. --version, -V:: Print version information and exit diff --git a/git-cvsserver.perl b/git-cvsserver.perl index f78afe812e..5cbf27eebc 100755 --- a/git-cvsserver.perl +++ b/git-cvsserver.perl @@ -130,6 +130,11 @@ if (@ARGV) { # everything else is a directory $state->{allowed_roots} = [ @ARGV ]; +# don't export the whole system unless the users requests it +if ($state->{'export-all'} && !@{$state->{allowed_roots}}) { + die "--export-all can only be used together with an explicit whitelist\n"; +} + # if we are called with a pserver argument, # deal with the authentication cat before entering the # main loop @@ -276,7 +281,8 @@ sub req_Root my $enabled = ($cfg->{gitcvs}{$state->{method}}{enabled} || $cfg->{gitcvs}{enabled}); - unless ($enabled && $enabled =~ /^\s*(1|true|yes)\s*$/i) { + unless ($state->{'export-all'} || + ($enabled && $enabled =~ /^\s*(1|true|yes)\s*$/i)) { print "E GITCVS emulation needs to be enabled on this repo\n"; print "E the repo config file needs a [gitcvs] section added, and the parameter 'enabled' set to 1\n"; print "E \n"; diff --git a/t/t9400-git-cvsserver-server.sh b/t/t9400-git-cvsserver-server.sh index 9b69452d6f..b442b5d145 100755 --- a/t/t9400-git-cvsserver-server.sh +++ b/t/t9400-git-cvsserver-server.sh @@ -173,6 +173,22 @@ test_expect_success 'req_Root (base-path)' \ test_expect_failure 'req_Root failure (base-path)' \ 'cat request-anonymous | git-cvsserver --strict-paths --base-path $WORKDIR pserver $SERVERDIR >log 2>&1' +GIT_DIR="$SERVERDIR" git config --bool gitcvs.enabled false || exit 1 + +test_expect_success 'req_Root (export-all)' \ + 'cat request-anonymous | git-cvsserver --export-all pserver $WORKDIR >log 2>&1 && + tail -n1 log | grep -q "^I LOVE YOU$"' + +test_expect_failure 'req_Root failure (export-all w/o whitelist)' \ + 'cat request-anonymous | git-cvsserver --export-all pserver >log 2>&1 + || false' + +test_expect_success 'req_Root (everything together)' \ + 'cat request-base | git-cvsserver --export-all --strict-paths --base-path $WORKDIR/ pserver $SERVERDIR >log 2>&1 && + tail -n1 log | grep -q "^I LOVE YOU$"' + +GIT_DIR="$SERVERDIR" git config --bool gitcvs.enabled true || exit 1 + #-------------- # CONFIG TESTS #--------------