}
}
-static const char *status_abbrev(unsigned char sha1[20])
-{
- return find_unique_abbrev(sha1, DEFAULT_ABBREV);
-}
-
static void print_ok_ref_status(struct ref *ref, int porcelain)
{
if (ref->deletion)
char type;
const char *msg;
- strbuf_addstr(&quickref, status_abbrev(ref->old_oid.hash));
+ strbuf_add_unique_abbrev(&quickref, ref->old_oid.hash,
+ DEFAULT_ABBREV);
if (ref->forced_update) {
strbuf_addstr(&quickref, "...");
type = '+';
type = ' ';
msg = NULL;
}
- strbuf_addstr(&quickref, status_abbrev(ref->new_oid.hash));
+ strbuf_add_unique_abbrev(&quickref, ref->new_oid.hash,
+ DEFAULT_ABBREV);
print_ref_status(type, quickref.buf, ref, ref->peer_ref, msg, porcelain);
strbuf_release(&quickref);
static int print_one_push_status(struct ref *ref, const char *dest, int count, int porcelain)
{
- if (!count)
- fprintf(porcelain ? stdout : stderr, "To %s\n", dest);
+ if (!count) {
+ char *url = transport_anonymize_url(dest);
+ fprintf(porcelain ? stdout : stderr, "To %s\n", url);
+ free(url);
+ }
switch(ref->status) {
case REF_STATUS_NONE:
return enabled ? &allowed : NULL;
}
-int is_transport_allowed(const char *type)
+enum protocol_allow_config {
+ PROTOCOL_ALLOW_NEVER = 0,
+ PROTOCOL_ALLOW_USER_ONLY,
+ PROTOCOL_ALLOW_ALWAYS
+};
+
+static enum protocol_allow_config parse_protocol_config(const char *key,
+ const char *value)
{
- const struct string_list *allowed = protocol_whitelist();
- return !allowed || string_list_has_string(allowed, type);
+ if (!strcasecmp(value, "always"))
+ return PROTOCOL_ALLOW_ALWAYS;
+ else if (!strcasecmp(value, "never"))
+ return PROTOCOL_ALLOW_NEVER;
+ else if (!strcasecmp(value, "user"))
+ return PROTOCOL_ALLOW_USER_ONLY;
+
+ die("unknown value for config '%s': %s", key, value);
}
-void transport_check_allowed(const char *type)
+static enum protocol_allow_config get_protocol_config(const char *type)
{
- if (!is_transport_allowed(type))
- die("transport '%s' not allowed", type);
+ char *key = xstrfmt("protocol.%s.allow", type);
+ char *value;
+
+ /* first check the per-protocol config */
+ if (!git_config_get_string(key, &value)) {
+ enum protocol_allow_config ret =
+ parse_protocol_config(key, value);
+ free(key);
+ free(value);
+ return ret;
+ }
+ free(key);
+
+ /* if defined, fallback to user-defined default for unknown protocols */
+ if (!git_config_get_string("protocol.allow", &value)) {
+ enum protocol_allow_config ret =
+ parse_protocol_config("protocol.allow", value);
+ free(value);
+ return ret;
+ }
+
+ /* fallback to built-in defaults */
+ /* known safe */
+ if (!strcmp(type, "http") ||
+ !strcmp(type, "https") ||
+ !strcmp(type, "git") ||
+ !strcmp(type, "ssh") ||
+ !strcmp(type, "file"))
+ return PROTOCOL_ALLOW_ALWAYS;
+
+ /* known scary; err on the side of caution */
+ if (!strcmp(type, "ext"))
+ return PROTOCOL_ALLOW_NEVER;
+
+ /* unknown; by default let them be used only directly by the user */
+ return PROTOCOL_ALLOW_USER_ONLY;
}
-int transport_restrict_protocols(void)
+int is_transport_allowed(const char *type, int from_user)
{
- return !!protocol_whitelist();
+ const struct string_list *whitelist = protocol_whitelist();
+ if (whitelist)
+ return string_list_has_string(whitelist, type);
+
+ switch (get_protocol_config(type)) {
+ case PROTOCOL_ALLOW_ALWAYS:
+ return 1;
+ case PROTOCOL_ALLOW_NEVER:
+ return 0;
+ case PROTOCOL_ALLOW_USER_ONLY:
+ if (from_user < 0)
+ from_user = git_env_bool("GIT_PROTOCOL_FROM_USER", 1);
+ return from_user;
+ }
+
+ die("BUG: invalid protocol_allow_config type");
+}
+
+void transport_check_allowed(const char *type)
+{
+ if (!is_transport_allowed(type, -1))
+ die("transport '%s' not allowed", type);
}
struct transport *transport_get(struct remote *remote, const char *url)
projects / thirdparty / git.git / blobdiff