commit - 2df845d59f19a7c87fc48af1f9d4124e57ebf2b0
commit + 4b3827cd43394b89d2af822dcd1d9a9179c1ee10
blob - 1ed8d3dc9b6ae29d105bff2710d33de54cf0bc13
blob + 28645f07dc93480582fce4b5f7dea5813b028a23
--- gitwrapper/gitwrapper.c
+++ gitwrapper/gitwrapper.c
confpath = getenv("GOTD_CONF_PATH");
if (confpath == NULL)
confpath = GOTD_CONF_PATH;
- parse_config(confpath, PROC_GOTD, &gotd, 0);
+ parse_config(confpath, PROC_GITWRAPPER, &gotd);
error = apply_unveil(myserver);
if (error)
blob - 68a99a122229289490584888ded7f2beb2d99042
blob + 4432aec44c71cf0db3723fa870ba885b23ddd037
--- gotd/gotd.c
+++ gotd/gotd.c
"session_read",
"session_write",
"repo_read",
- "repo_write"
+ "repo_write",
+ "gitwrapper"
};
static void
if (geteuid() && (proc_id == PROC_GOTD || proc_id == PROC_LISTEN))
fatalx("need root privileges");
- if (parse_config(confpath, proc_id, &gotd, 1) != 0)
+ if (parse_config(confpath, proc_id, &gotd) != 0)
return 1;
pw = getpwnam(gotd.user_name);
blob - e902d6f53b03f7682202e2b9b3d0af5fc28c25b6
blob + acb40dee8cd351b48669c3c3247c42ed5f44501b
--- gotd/gotd.h
+++ gotd/gotd.h
PROC_SESSION_WRITE,
PROC_REPO_READ,
PROC_REPO_WRITE,
+ PROC_GITWRAPPER,
PROC_MAX,
};
uint32_t client_id;
};
-int parse_config(const char *, enum gotd_procid, struct gotd *, int);
+int parse_config(const char *, enum gotd_procid, struct gotd *);
struct gotd_repo *gotd_find_repo_by_name(const char *, struct gotd *);
struct gotd_repo *gotd_find_repo_by_path(const char *, struct gotd *);
struct gotd_uid_connection_limit *gotd_find_uid_connection_limit(
blob - a3860760379f26a53fcf3788e84f9efb36efbdd3
blob + cc7231514a823861b662e419be141a4492c833fd
--- gotd/parse.y
+++ gotd/parse.y
if (gotd_proc_id == PROC_GOTD ||
gotd_proc_id == PROC_AUTH ||
- gotd_proc_id == PROC_REPO_WRITE) {
+ gotd_proc_id == PROC_REPO_WRITE ||
+ gotd_proc_id == PROC_GITWRAPPER) {
new_repo = conf_new_repo($2);
}
free($2);
repoopts1 : PATH STRING {
if (gotd_proc_id == PROC_GOTD ||
gotd_proc_id == PROC_AUTH ||
- gotd_proc_id == PROC_REPO_WRITE) {
+ gotd_proc_id == PROC_REPO_WRITE ||
+ gotd_proc_id == PROC_GITWRAPPER) {
if (!got_path_is_absolute($2)) {
yyerror("%s: path %s is not absolute",
__func__, $2);
YYERROR;
}
if (realpath($2, new_repo->path) == NULL) {
- yyerror("realpath %s: %s", $2,
- strerror(errno));
/*
- * Give admin a chance to create
- * missing repositories at run-time.
+ * To give admins a chance to create
+ * missing repositories at run-time
+ * we only warn about ENOENT here.
+ *
+ * And ignore 'permission denied' when
+ * running in gitwrapper. Users may be
+ * able to access this repository via
+ * gotd regardless.
*/
- if (errno != ENOENT) {
+ if (errno == ENOENT) {
+ yyerror("realpath %s: %s", $2,
+ strerror(errno));
+ } else if (errno != EACCES ||
+ gotd_proc_id != PROC_GITWRAPPER) {
+ yyerror("realpath %s: %s", $2,
+ strerror(errno));
free($2);
YYERROR;
- } else if (strlcpy(new_repo->path, $2,
+ }
+
+ if (strlcpy(new_repo->path, $2,
sizeof(new_repo->path)) >=
sizeof(new_repo->path))
yyerror("path too long");
int
parse_config(const char *filename, enum gotd_procid proc_id,
- struct gotd *env, int require_config_file)
+ struct gotd *env)
{
struct sym *sym, *next;
struct gotd_repo *repo;
+ int require_config_file = (proc_id != PROC_GITWRAPPER);
memset(env, 0, sizeof(*env));