daemon: clarify directory arguments · freshlybakedca.ke/git@dee8a14

Git fork

daemon: clarify directory arguments

The undecorated arguments to the 'git-daemon' command provide a list of
directories. When at least one directory is specified, then 'git-daemon'
only serves requests that are within that directory list. The boolean
'--strict-paths' option makes the list more explicit in that
subdirectories are no longer included.

The existing documentation and error messages around this directory list
refer to it and its behavior as a "whitelist". The word "whitelist" has
cultural implications that are not inclusive. Thankfully, it is not
difficult to reword and avoid its use. In the process, we can define the
purpose of this directory list directly.

In Documentation/git-daemon.txt, rewrite the OPTIONS section around the
'<directory>' option. Add additional clarity to the other options that
refer to these directories.

Some error messages can also be improved in daemon.c. The
'--strict-paths' option requires '<directory>' arguments, so refer to
that section of the documentation directly. A logerror() call points out
that a requested directory is not in the specified directory list. We
can use "list" here without any loss of information.

Signed-off-by: Derrick Stolee <derrickstolee@github.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

authored by

Derrick Stolee and committed by

Junio C Hamano 3 years ago dee8a145 e4a4b315

+15 -14

2 changed files

expand all

unified split

Documentation

git-daemon.txt

daemon.c

+11 -10

Documentation/git-daemon.txt

··· 32 32 It verifies that the directory has the magic file "git-daemon-export-ok", and 33 33 it will refuse to export any Git directory that hasn't explicitly been marked 34 34 for export this way (unless the `--export-all` parameter is specified). If you 35 - pass some directory paths as 'git daemon' arguments, you can further restrict 36 - the offers to a whitelist comprising of those. 35 + pass some directory paths as 'git daemon' arguments, the offers are limited to 36 + repositories within those directories. 37 37 38 38 By default, only `upload-pack` service is enabled, which serves 39 39 'git fetch-pack' and 'git ls-remote' clients, which are invoked ··· 50 50 Match paths exactly (i.e. don't allow "/foo/repo" when the real path is 51 51 "/foo/repo.git" or "/foo/repo/.git") and don't do user-relative paths. 52 52 'git daemon' will refuse to start when this option is enabled and no 53 - whitelist is specified. 53 + directory arguments are provided. 54 54 55 55 --base-path=<path>:: 56 56 Remap all the path requests as relative to the given path. ··· 73 73 %IP for the server's IP address, %P for the port number, 74 74 and %D for the absolute path of the named repository. 75 75 After interpolation, the path is validated against the directory 76 - whitelist. 76 + list. 77 77 78 78 --export-all:: 79 79 Allow pulling from all directories that look like Git repositories ··· 218 218 it declines the service. 219 219 220 220 <directory>:: 221 - A directory to add to the whitelist of allowed directories. Unless 222 - --strict-paths is specified this will also include subdirectories 223 - of each named directory. 221 + The remaining arguments provide a list of directories. If any 222 + directories are specified, then the `git-daemon` process will 223 + serve a requested directory only if it is contained in one of 224 + these directories. If `--strict-paths` is specified, then the 225 + requested directory must match one of these directories exactly. 224 226 225 227 SERVICES 226 228 -------- ··· 264 266 265 267 'git daemon' as inetd server:: 266 268 To set up 'git daemon' as an inetd service that handles any 267 - repository under the whitelisted set of directories, /pub/foo 268 - and /pub/bar, place an entry like the following into 269 - /etc/inetd all on one line: 269 + repository within `/pub/foo` or `/pub/bar`, place an entry like 270 + the following into `/etc/inetd` all on one line: 270 271 + 271 272 ------------------------------------------------ 272 273 git stream tcp nowait nobody /usr/bin/git

+4 -4

daemon.c

··· 279 279 /* The validation is done on the paths after enter_repo 280 280 * appends optional {.git,.git/.git} and friends, but 281 281 * it does not use getcwd(). So if your /pub is 282 - * a symlink to /mnt/pub, you can whitelist /pub and 282 + * a symlink to /mnt/pub, you can include /pub and 283 283 * do not have to say /mnt/pub. 284 284 * Do not say /pub/. 285 285 */ ··· 298 298 return path; 299 299 } 300 300 301 - logerror("'%s': not in whitelist", path); 301 + logerror("'%s': not in directory list", path); 302 302 return NULL; /* Fallthrough. Deny by default */ 303 303 } 304 304 ··· 403 403 * a "git-daemon-export-ok" flag that says that the other side 404 404 * is ok with us doing this. 405 405 * 406 - * path_ok() uses enter_repo() and does whitelist checking. 406 + * path_ok() uses enter_repo() and checks for included directories. 407 407 * We only need to make sure the repository is exported. 408 408 */ 409 409 ··· 1444 1444 cred = prepare_credentials(user_name, group_name); 1445 1445 1446 1446 if (strict_paths && (!ok_paths || !*ok_paths)) 1447 - die("option --strict-paths requires a whitelist"); 1447 + die("option --strict-paths requires '<directory>' arguments"); 1448 1448 1449 1449 if (base_path && !is_directory(base_path)) 1450 1450 die("base-path '%s' does not exist or is not a directory",