diff options
| author | Junio C Hamano <gitster@pobox.com> | 2016-12-27 00:11:41 -0800 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2016-12-27 00:11:41 -0800 |
| commit | 9d540e97267fa94d9701d3e1aa5cdf2926858472 (patch) | |
| tree | 692790eca6a1f1ed5dd56a0f336bf910e76d15e5 /http-walker.c | |
| parent | 05f6e1be8cdae1ebedf3cf7b7a072a3b35f945b5 (diff) | |
| parent | abcbdc03895ff3f00280e54af11fee92d6877044 (diff) | |
| download | git-9d540e97267fa94d9701d3e1aa5cdf2926858472.tar.xz | |
Merge branch 'bw/transport-protocol-policy'
Finer-grained control of what protocols are allowed for transports
during clone/fetch/push have been enabled via a new configuration
mechanism.
* bw/transport-protocol-policy:
http: respect protocol.*.allow=user for http-alternates
transport: add from_user parameter to is_transport_allowed
http: create function to get curl allowed protocols
transport: add protocol policy config option
http: always warn if libcurl version is too old
lib-proto-disable: variable name fix
Diffstat (limited to 'http-walker.c')
| -rw-r--r-- | http-walker.c | 50 |
1 files changed, 40 insertions, 10 deletions
diff --git a/http-walker.c b/http-walker.c index c2f81cd6af..b34b6ace7c 100644 --- a/http-walker.c +++ b/http-walker.c @@ -3,6 +3,7 @@ #include "walker.h" #include "http.h" #include "list.h" +#include "transport.h" struct alt_base { char *base; @@ -160,6 +161,32 @@ static void prefetch(struct walker *walker, unsigned char *sha1) #endif } +static int is_alternate_allowed(const char *url) +{ + const char *protocols[] = { + "http", "https", "ftp", "ftps" + }; + int i; + + for (i = 0; i < ARRAY_SIZE(protocols); i++) { + const char *end; + if (skip_prefix(url, protocols[i], &end) && + starts_with(end, "://")) + break; + } + + if (i >= ARRAY_SIZE(protocols)) { + warning("ignoring alternate with unknown protocol: %s", url); + return 0; + } + if (!is_transport_allowed(protocols[i], 0)) { + warning("ignoring alternate with restricted protocol: %s", url); + return 0; + } + + return 1; +} + static void process_alternates_response(void *callback_data) { struct alternates_request *alt_req = @@ -274,17 +301,20 @@ static void process_alternates_response(void *callback_data) struct strbuf target = STRBUF_INIT; strbuf_add(&target, base, serverlen); strbuf_add(&target, data + i, posn - i - 7); - warning("adding alternate object store: %s", - target.buf); - newalt = xmalloc(sizeof(*newalt)); - newalt->next = NULL; - newalt->base = strbuf_detach(&target, NULL); - newalt->got_indices = 0; - newalt->packs = NULL; - while (tail->next != NULL) - tail = tail->next; - tail->next = newalt; + if (is_alternate_allowed(target.buf)) { + warning("adding alternate object store: %s", + target.buf); + newalt = xmalloc(sizeof(*newalt)); + newalt->next = NULL; + newalt->base = strbuf_detach(&target, NULL); + newalt->got_indices = 0; + newalt->packs = NULL; + + while (tail->next != NULL) + tail = tail->next; + tail->next = newalt; + } } } i = posn + 1; |