daemon: return "access denied" if a service is not allowed
authorNguyễn Thái Ngọc Duy <pclouds@gmail.com>
Mon, 3 Oct 2011 21:55:09 +0000 (08:55 +1100)
committerJunio C Hamano <gitster@pobox.com>
Mon, 3 Oct 2011 22:20:25 +0000 (15:20 -0700)
The message is chosen to avoid leaking information, yet let users know
that they are deliberately not allowed to use the service, not a fault
in service configuration or the service itself.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
daemon.c

index 347fd0c52b4cd797f5dafffb6885324f7c7f0274..ac24b637e479cdeac12608a3eed7f9735be1ffeb 100644 (file)
--- a/daemon.c
+++ b/daemon.c
@@ -257,11 +257,11 @@ static int run_service(char *dir, struct daemon_service *service)
        if (!enabled && !service->overridable) {
                logerror("'%s': service not enabled.", service->name);
                errno = EACCES;
-               return -1;
+               goto failed;
        }
 
        if (!(path = path_ok(dir)))
-               return -1;
+               goto failed;
 
        /*
         * Security on the cheap.
@@ -277,7 +277,7 @@ static int run_service(char *dir, struct daemon_service *service)
        if (!export_all_trees && access("git-daemon-export-ok", F_OK)) {
                logerror("'%s': repository not exported.", path);
                errno = EACCES;
-               return -1;
+               goto failed;
        }
 
        if (service->overridable) {
@@ -291,7 +291,7 @@ static int run_service(char *dir, struct daemon_service *service)
                logerror("'%s': service not enabled for '%s'",
                         service->name, path);
                errno = EACCES;
-               return -1;
+               goto failed;
        }
 
        /*
@@ -301,6 +301,10 @@ static int run_service(char *dir, struct daemon_service *service)
        signal(SIGTERM, SIG_IGN);
 
        return service->fn();
+
+failed:
+       packet_write(1, "ERR %s: access denied", dir);
+       return -1;
 }
 
 static void copy_to_log(int fd)