Fossil SCM

Improved error messages from "fossil push" and similar when the push is disallowed over ssh because "localauth" setting is enabled.

drh 2025-04-18 14:59 trunk

Commit 2765f04694d36e6837cec9a800688e5b9403b881a1264f84dae5e8249760f1d1

Parent b6e029394d529dc…

1 file changed +20 -8

~ src/xfer.c

M src/xfer.c

+20 -8

		--- src/xfer.c
		+++ src/xfer.c
		@@ -1116,17 +1116,29 @@
1116	1116	blob_appendf(pXfer->pOut, "uvigot %s %lld %s %d\n",
1117	1117	zName, mtime, zHash, sz);
1118	1118	}
1119	1119	db_finalize(&uvq);
1120	1120	}
	1121	+
	1122	+/*
	1123	+** Return a string that contains supplemental information about a
	1124	+** "not authorized" error. The string might be empty if no additional
	1125	+** information is available.
	1126	+*/
	1127	+static char *whyNotAuth(void){
	1128	+ if( g.useLocalauth && db_get_int("localauth",0)!=0 ){
	1129	+ return "\\sbecause\\sthe\\s'localauth'\\ssetting\\sis\\senabled";
	1130	+ }
	1131	+ return "";
	1132	+}
1121	1133
1122	1134	/*
1123	1135	** Called when there is an attempt to transfer private content to and
1124	1136	** from a server without authorization.
1125	1137	*/
1126	1138	static void server_private_xfer_not_authorized(void){
1127		- @ error not\sauthorized\sto\ssync\sprivate\scontent
	1139	+ @ error not\sauthorized\sto\ssync\sprivate\scontent%s(whyNotAuth())
1128	1140	}
1129	1141
1130	1142	/*
1131	1143	** Return the common TH1 code to evaluate prior to evaluating any other
1132	1144	** TH1 transfer notification scripts.
		@@ -1316,11 +1328,11 @@
1316	1328	** Server accepts a file from the client.
1317	1329	*/
1318	1330	if( blob_eq(&xfer.aToken[0], "file") ){
1319	1331	if( !isPush ){
1320	1332	cgi_reset_content();
1321		- @ error not\sauthorized\sto\swrite
	1333	+ @ error not\sauthorized\sto\swrite%s(whyNotAuth())
1322	1334	nErr++;
1323	1335	break;
1324	1336	}
1325	1337	xfer_accept_file(&xfer, 0, pzUuidList, pnUuidList);
1326	1338	if( blob_size(&xfer.err) ){
		@@ -1337,11 +1349,11 @@
1337	1349	** Server accepts a compressed file from the client.
1338	1350	*/
1339	1351	if( blob_eq(&xfer.aToken[0], "cfile") ){
1340	1352	if( !isPush ){
1341	1353	cgi_reset_content();
1342		- @ error not\sauthorized\sto\swrite
	1354	+ @ error not\sauthorized\sto\swrite%s(whyNotAuth())
1343	1355	nErr++;
1344	1356	break;
1345	1357	}
1346	1358	xfer_accept_compressed_file(&xfer, pzUuidList, pnUuidList);
1347	1359	if( blob_size(&xfer.err) ){
		@@ -1461,23 +1473,23 @@
1461	1473	}
1462	1474	login_check_credentials();
1463	1475	if( blob_eq(&xfer.aToken[0], "pull") ){
1464	1476	if( !g.perm.Read ){
1465	1477	cgi_reset_content();
1466		- @ error not\sauthorized\sto\sread
	1478	+ @ error not\sauthorized\sto\sread%s(whyNotAuth())
1467	1479	nErr++;
1468	1480	break;
1469	1481	}
1470	1482	isPull = 1;
1471	1483	}else{
1472	1484	if( !g.perm.Write ){
1473	1485	if( !isPull ){
1474	1486	cgi_reset_content();
1475		- @ error not\sauthorized\sto\swrite
	1487	+ @ error not\sauthorized\sto\swrite%s(whyNotAuth())
1476	1488	nErr++;
1477	1489	}else{
1478		- @ message pull\sonly\s-\snot\sauthorized\sto\spush
	1490	+ @ message pull\sonly\s-\snot\sauthorized\sto\spush%s(whyNotAuth())
1479	1491	}
1480	1492	}else{
1481	1493	isPush = 1;
1482	1494	}
1483	1495	}
		@@ -1491,11 +1503,11 @@
1491	1503	int iVers;
1492	1504	login_check_credentials();
1493	1505	if( !g.perm.Clone ){
1494	1506	cgi_reset_content();
1495	1507	@ push %s(db_get("server-code", "x")) %s(db_get("project-code", "x"))
1496		- @ error not\sauthorized\sto\sclone
	1508	+ @ error not\sauthorized\sto\sclone%s(whyNotAuth())
1497	1509	nErr++;
1498	1510	break;
1499	1511	}
1500	1512	if( db_get_boolean("uv-sync",0) && !uvCatalogSent ){
1501	1513	@ pragma uv-pull-only
		@@ -1592,11 +1604,11 @@
1592	1604	}
1593	1605	blob_zero(&content);
1594	1606	blob_extract(xfer.pIn, size, &content);
1595	1607	if( !g.perm.Admin ){
1596	1608	cgi_reset_content();
1597		- @ error not\sauthorized\sto\spush\sconfiguration
	1609	+ @ error not\sauthorized\sto\spush\sconfiguration%s(whyNotAuth())
1598	1610	nErr++;
1599	1611	break;
1600	1612	}
1601	1613	configure_receive(zName, &content, CONFIGSET_ALL);
1602	1614	blob_reset(&content);
1603	1615

	--- src/xfer.c
	+++ src/xfer.c
	@@ -1116,17 +1116,29 @@
1116	blob_appendf(pXfer->pOut, "uvigot %s %lld %s %d\n",
1117	zName, mtime, zHash, sz);
1118	}
1119	db_finalize(&uvq);
1120	}












1121
1122	/*
1123	** Called when there is an attempt to transfer private content to and
1124	** from a server without authorization.
1125	*/
1126	static void server_private_xfer_not_authorized(void){
1127	@ error not\sauthorized\sto\ssync\sprivate\scontent
1128	}
1129
1130	/*
1131	** Return the common TH1 code to evaluate prior to evaluating any other
1132	** TH1 transfer notification scripts.
	@@ -1316,11 +1328,11 @@
1316	** Server accepts a file from the client.
1317	*/
1318	if( blob_eq(&xfer.aToken[0], "file") ){
1319	if( !isPush ){
1320	cgi_reset_content();
1321	@ error not\sauthorized\sto\swrite
1322	nErr++;
1323	break;
1324	}
1325	xfer_accept_file(&xfer, 0, pzUuidList, pnUuidList);
1326	if( blob_size(&xfer.err) ){
	@@ -1337,11 +1349,11 @@
1337	** Server accepts a compressed file from the client.
1338	*/
1339	if( blob_eq(&xfer.aToken[0], "cfile") ){
1340	if( !isPush ){
1341	cgi_reset_content();
1342	@ error not\sauthorized\sto\swrite
1343	nErr++;
1344	break;
1345	}
1346	xfer_accept_compressed_file(&xfer, pzUuidList, pnUuidList);
1347	if( blob_size(&xfer.err) ){
	@@ -1461,23 +1473,23 @@
1461	}
1462	login_check_credentials();
1463	if( blob_eq(&xfer.aToken[0], "pull") ){
1464	if( !g.perm.Read ){
1465	cgi_reset_content();
1466	@ error not\sauthorized\sto\sread
1467	nErr++;
1468	break;
1469	}
1470	isPull = 1;
1471	}else{
1472	if( !g.perm.Write ){
1473	if( !isPull ){
1474	cgi_reset_content();
1475	@ error not\sauthorized\sto\swrite
1476	nErr++;
1477	}else{
1478	@ message pull\sonly\s-\snot\sauthorized\sto\spush
1479	}
1480	}else{
1481	isPush = 1;
1482	}
1483	}
	@@ -1491,11 +1503,11 @@
1491	int iVers;
1492	login_check_credentials();
1493	if( !g.perm.Clone ){
1494	cgi_reset_content();
1495	@ push %s(db_get("server-code", "x")) %s(db_get("project-code", "x"))
1496	@ error not\sauthorized\sto\sclone
1497	nErr++;
1498	break;
1499	}
1500	if( db_get_boolean("uv-sync",0) && !uvCatalogSent ){
1501	@ pragma uv-pull-only
	@@ -1592,11 +1604,11 @@
1592	}
1593	blob_zero(&content);
1594	blob_extract(xfer.pIn, size, &content);
1595	if( !g.perm.Admin ){
1596	cgi_reset_content();
1597	@ error not\sauthorized\sto\spush\sconfiguration
1598	nErr++;
1599	break;
1600	}
1601	configure_receive(zName, &content, CONFIGSET_ALL);
1602	blob_reset(&content);
1603

	--- src/xfer.c
	+++ src/xfer.c
	@@ -1116,17 +1116,29 @@
1116	blob_appendf(pXfer->pOut, "uvigot %s %lld %s %d\n",
1117	zName, mtime, zHash, sz);
1118	}
1119	db_finalize(&uvq);
1120	}
1121
1122	/*
1123	** Return a string that contains supplemental information about a
1124	** "not authorized" error. The string might be empty if no additional
1125	** information is available.
1126	*/
1127	static char *whyNotAuth(void){
1128	if( g.useLocalauth && db_get_int("localauth",0)!=0 ){
1129	return "\\sbecause\\sthe\\s'localauth'\\ssetting\\sis\\senabled";
1130	}
1131	return "";
1132	}
1133
1134	/*
1135	** Called when there is an attempt to transfer private content to and
1136	** from a server without authorization.
1137	*/
1138	static void server_private_xfer_not_authorized(void){
1139	@ error not\sauthorized\sto\ssync\sprivate\scontent%s(whyNotAuth())
1140	}
1141
1142	/*
1143	** Return the common TH1 code to evaluate prior to evaluating any other
1144	** TH1 transfer notification scripts.
	@@ -1316,11 +1328,11 @@
1328	** Server accepts a file from the client.
1329	*/
1330	if( blob_eq(&xfer.aToken[0], "file") ){
1331	if( !isPush ){
1332	cgi_reset_content();
1333	@ error not\sauthorized\sto\swrite%s(whyNotAuth())
1334	nErr++;
1335	break;
1336	}
1337	xfer_accept_file(&xfer, 0, pzUuidList, pnUuidList);
1338	if( blob_size(&xfer.err) ){
	@@ -1337,11 +1349,11 @@
1349	** Server accepts a compressed file from the client.
1350	*/
1351	if( blob_eq(&xfer.aToken[0], "cfile") ){
1352	if( !isPush ){
1353	cgi_reset_content();
1354	@ error not\sauthorized\sto\swrite%s(whyNotAuth())
1355	nErr++;
1356	break;
1357	}
1358	xfer_accept_compressed_file(&xfer, pzUuidList, pnUuidList);
1359	if( blob_size(&xfer.err) ){
	@@ -1461,23 +1473,23 @@
1473	}
1474	login_check_credentials();
1475	if( blob_eq(&xfer.aToken[0], "pull") ){
1476	if( !g.perm.Read ){
1477	cgi_reset_content();
1478	@ error not\sauthorized\sto\sread%s(whyNotAuth())
1479	nErr++;
1480	break;
1481	}
1482	isPull = 1;
1483	}else{
1484	if( !g.perm.Write ){
1485	if( !isPull ){
1486	cgi_reset_content();
1487	@ error not\sauthorized\sto\swrite%s(whyNotAuth())
1488	nErr++;
1489	}else{
1490	@ message pull\sonly\s-\snot\sauthorized\sto\spush%s(whyNotAuth())
1491	}
1492	}else{
1493	isPush = 1;
1494	}
1495	}
	@@ -1491,11 +1503,11 @@
1503	int iVers;
1504	login_check_credentials();
1505	if( !g.perm.Clone ){
1506	cgi_reset_content();
1507	@ push %s(db_get("server-code", "x")) %s(db_get("project-code", "x"))
1508	@ error not\sauthorized\sto\sclone%s(whyNotAuth())
1509	nErr++;
1510	break;
1511	}
1512	if( db_get_boolean("uv-sync",0) && !uvCatalogSent ){
1513	@ pragma uv-pull-only
	@@ -1592,11 +1604,11 @@
1604	}
1605	blob_zero(&content);
1606	blob_extract(xfer.pIn, size, &content);
1607	if( !g.perm.Admin ){
1608	cgi_reset_content();
1609	@ error not\sauthorized\sto\spush\sconfiguration%s(whyNotAuth())
1610	nErr++;
1611	break;
1612	}
1613	configure_receive(zName, &content, CONFIGSET_ALL);
1614	blob_reset(&content);
1615

Fossil SCM

Keyboard Shortcuts