git-daemon: allow virtual hosts to forbit tilde parts in URLs

diff --git a/git-daemon/git-daemon-vhosts.pl b/git-daemon/git-daemon-vhosts.pl
index 2046f9f264f62a6c707d437109d346d4adb937e7..7c37b7a57e2082adc3d3f45aa2aee8aeffe83a80 100644 (file)
--- a/git-daemon/git-daemon-vhosts.pl
+++ b/git-daemon/git-daemon-vhosts.pl
@@ -14,22 +14,26 @@ $REPO     = qr{[-+._0-9A-Za-z]+};
 
 # The vhost_default_user hash specifies what user handles git requests
 # for each virtual host, if the URL does not have a tilde part, or if
 
 # The vhost_default_user hash specifies what user handles git requests
 # for each virtual host, if the URL does not have a tilde part, or if

-# the virtual host does not appear in the vhost_user_from_tilde hash.
-# If a virtual host does not appear in this hash then URLs without a
-# tilde part are forbidden for that virtual host.
+# the virtual hosts does not appear in either vhost_tilde hash. If a
+# virtual host does not appear in this hash then it does not permit
+# URLs without tilde parts.

 
 %vhost_default_user = (
        'dotat.at' => 'fanf',
 );
 
 
 %vhost_default_user = (
        'dotat.at' => 'fanf',
 );
 

-# The vhost_user_from_tilde hash lists which virtual hosts allow the
-# tilde part to specify the user that should handle the request. If a
-# virtual host is not present in this hash then its default user
-# handles all requests. If a virtual host is not present in either map
-# then no requests are permitted.
+# The vhost_tilde_is_user hash specifies which virtual hosts use the
+# tilde part of a URL to specify the user that handles the request.

 
 

-%vhost_user_from_tilde = (
+%vhost_tilde_is_user = (

        'chiark.greenend.org.uk' => 1,
 );
 
        'chiark.greenend.org.uk' => 1,
 );
 

+# The vhost_tilde_forbidden hash specifies which virtual hosts do not
+# permit URLs with tilde parts.
+
+%vhost_tilde_forbidden = (
+       'dotat.at' => 1,
+);
+

 # end
 # end

diff --git a/git-daemon/git-daemon.pl b/git-daemon/git-daemon.pl
index 5458c08fcd2c77036fcf34261d900640fbbb010e..a17412f1fa9ccf28c11246d3ae71e41d27faecfe 100755 (executable)
--- a/git-daemon/git-daemon.pl
+++ b/git-daemon/git-daemon.pl
@@ -17,8 +17,8 @@ use POSIX;
 use Socket;
 use Sys::Syslog;
 
 use Socket;
 use Sys::Syslog;
 

-use vars qw{ %vhost_default_user %vhost_user_from_tilde
-             $TILDE $REPO $HOSTNAME };
+use vars qw{ $TILDE $REPO $HOSTNAME
+   %vhost_default_user %vhost_tilde_is_user %vhost_tilde_forbidden };

 
 use lib '/etc/userv';
 require 'git-daemon-vhosts.pl';
 
 use lib '/etc/userv';
 require 'git-daemon-vhosts.pl';


@@ -67,8 +67,9 @@ unless ($line =~ m{^git-upload-pack (?:~($TILDE)/)?($REPO[.]git)\0host=($HOSTNAM
 my ($tilde,$repo,$host) = ($1,$2,$3);
 my $url = $tilde ? "git://$host/~$tilde/$repo" : "git://$host/$repo";
 
 my ($tilde,$repo,$host) = ($1,$2,$3);
 my $url = $tilde ? "git://$host/~$tilde/$repo" : "git://$host/$repo";
 

-my $user = $vhost_user_from_tilde{$host} ? $tilde : $vhost_default_user{$host};
-fail "no user configuration for $url" unless defined $user;
+fail "tilde forbidden for $url" if defined $tilde and $vhost_tilde_forbidden{$host};
+my $user = $vhost_tilde_is_user{$host} ? $tilde : $vhost_default_user{$host};
+fail "no user configured for $url" unless defined $user;

 syslog 'info', "$peer $user $url";
 
 my @opts = ("-DHOST=$host", "-DREPO=$repo");
 syslog 'info', "$peer $user $url";
 
 my @opts = ("-DHOST=$host", "-DREPO=$repo");