Fossil SCM
Add experimental --chroot option to the 'http' and 'server' commands.
Commit
acd75ce64ce8d79e3c2d03aedd60b1f0ecf326ed0750f9287d012e1074c52047
Parent
784f147dc457991…
1 file changed
+15
-2
+15
-2
| --- src/main.c | ||
| +++ src/main.c | ||
| @@ -2597,10 +2597,11 @@ | ||
| 2597 | 2597 | ** for requests coming from localhost, if the "localauth" setting is not |
| 2598 | 2598 | ** enabled. |
| 2599 | 2599 | ** |
| 2600 | 2600 | ** Options: |
| 2601 | 2601 | ** --baseurl URL base URL (useful with reverse proxies) |
| 2602 | +** --chroot DIR Use directory for chroot instead of repository path. | |
| 2602 | 2603 | ** --ckout-alias N Treat URIs of the form /doc/N/... as if they were |
| 2603 | 2604 | ** /doc/ckout/... |
| 2604 | 2605 | ** --extroot DIR document root for the /ext extension mechanism |
| 2605 | 2606 | ** --files GLOB comma-separate glob patterns for static file to serve |
| 2606 | 2607 | ** --host NAME specify hostname of the server |
| @@ -2644,10 +2645,11 @@ | ||
| 2644 | 2645 | const char *zHost; |
| 2645 | 2646 | const char *zAltBase; |
| 2646 | 2647 | const char *zFileGlob; |
| 2647 | 2648 | const char *zInFile; |
| 2648 | 2649 | const char *zOutFile; |
| 2650 | + const char *zChRoot; | |
| 2649 | 2651 | int useSCGI; |
| 2650 | 2652 | int noJail; |
| 2651 | 2653 | int allowRepoList; |
| 2652 | 2654 | |
| 2653 | 2655 | Th_InitTraceLog(); |
| @@ -2665,10 +2667,11 @@ | ||
| 2665 | 2667 | }else{ |
| 2666 | 2668 | zFileGlob = find_option("files",0,1); |
| 2667 | 2669 | } |
| 2668 | 2670 | skin_override(); |
| 2669 | 2671 | zNotFound = find_option("notfound", 0, 1); |
| 2672 | + zChRoot = find_option("chroot",0,1); | |
| 2670 | 2673 | noJail = find_option("nojail",0,0)!=0; |
| 2671 | 2674 | allowRepoList = find_option("repolist",0,0)!=0; |
| 2672 | 2675 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 2673 | 2676 | g.sslNotAvailable = find_option("nossl", 0, 0)!=0; |
| 2674 | 2677 | g.fNoHttpCompress = find_option("nocompress",0,0)!=0; |
| @@ -2716,11 +2719,15 @@ | ||
| 2716 | 2719 | zIpAddr = cgi_ssh_remote_addr(0); |
| 2717 | 2720 | if( zIpAddr && zIpAddr[0] ){ |
| 2718 | 2721 | g.fSshClient |= CGI_SSH_CLIENT; |
| 2719 | 2722 | } |
| 2720 | 2723 | } |
| 2721 | - g.zRepositoryName = enter_chroot_jail(g.zRepositoryName, noJail); | |
| 2724 | + if( zChRoot ){ | |
| 2725 | + enter_chroot_jail(zChRoot, noJail); | |
| 2726 | + }else{ | |
| 2727 | + g.zRepositoryName = enter_chroot_jail(g.zRepositoryName, noJail); | |
| 2728 | + } | |
| 2722 | 2729 | if( useSCGI ){ |
| 2723 | 2730 | cgi_handle_scgi_request(); |
| 2724 | 2731 | }else if( g.fSshClient & CGI_SSH_CLIENT ){ |
| 2725 | 2732 | ssh_request_loop(zIpAddr, glob_create(zFileGlob)); |
| 2726 | 2733 | }else{ |
| @@ -2892,10 +2899,11 @@ | ||
| 2892 | 2899 | ** connection is from localhost. The "ui" command also enables --repolist |
| 2893 | 2900 | ** by default. |
| 2894 | 2901 | ** |
| 2895 | 2902 | ** Options: |
| 2896 | 2903 | ** --baseurl URL Use URL as the base (useful for reverse proxies) |
| 2904 | +** --chroot DIR Use directory for chroot instead of repository path. | |
| 2897 | 2905 | ** --ckout-alias NAME Treat URIs of the form /doc/NAME/... as if they were |
| 2898 | 2906 | ** /doc/ckout/... |
| 2899 | 2907 | ** --create Create a new REPOSITORY if it does not already exist |
| 2900 | 2908 | ** --extroot DIR Document root for the /ext extension mechanism |
| 2901 | 2909 | ** --files GLOBLIST Comma-separated list of glob patterns for static files |
| @@ -2983,10 +2991,11 @@ | ||
| 2983 | 2991 | }else{ |
| 2984 | 2992 | zFileGlob = find_option("files",0,1); |
| 2985 | 2993 | } |
| 2986 | 2994 | skin_override(); |
| 2987 | 2995 | #if !defined(_WIN32) |
| 2996 | + zChRoot = find_option("chroot",0,1); | |
| 2988 | 2997 | noJail = find_option("nojail",0,0)!=0; |
| 2989 | 2998 | zTimeout = find_option("max-latency",0,1); |
| 2990 | 2999 | #endif |
| 2991 | 3000 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 2992 | 3001 | Th_InitTraceLog(); |
| @@ -3176,11 +3185,15 @@ | ||
| 3176 | 3185 | g.cgiOutput = 1; |
| 3177 | 3186 | find_server_repository(2, 0); |
| 3178 | 3187 | if( fossil_strcmp(g.zRepositoryName,"/")==0 ){ |
| 3179 | 3188 | allowRepoList = 1; |
| 3180 | 3189 | }else{ |
| 3181 | - g.zRepositoryName = enter_chroot_jail(g.zRepositoryName, noJail); | |
| 3190 | + if( zChRoot ){ | |
| 3191 | + enter_chroot_jail(zChRoot, noJail); | |
| 3192 | + }else{ | |
| 3193 | + g.zRepositoryName = enter_chroot_jail(g.zRepositoryName, noJail); | |
| 3194 | + } | |
| 3182 | 3195 | } |
| 3183 | 3196 | if( flags & HTTP_SERVER_SCGI ){ |
| 3184 | 3197 | cgi_handle_scgi_request(); |
| 3185 | 3198 | }else{ |
| 3186 | 3199 | cgi_handle_http_request(0); |
| 3187 | 3200 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -2597,10 +2597,11 @@ | |
| 2597 | ** for requests coming from localhost, if the "localauth" setting is not |
| 2598 | ** enabled. |
| 2599 | ** |
| 2600 | ** Options: |
| 2601 | ** --baseurl URL base URL (useful with reverse proxies) |
| 2602 | ** --ckout-alias N Treat URIs of the form /doc/N/... as if they were |
| 2603 | ** /doc/ckout/... |
| 2604 | ** --extroot DIR document root for the /ext extension mechanism |
| 2605 | ** --files GLOB comma-separate glob patterns for static file to serve |
| 2606 | ** --host NAME specify hostname of the server |
| @@ -2644,10 +2645,11 @@ | |
| 2644 | const char *zHost; |
| 2645 | const char *zAltBase; |
| 2646 | const char *zFileGlob; |
| 2647 | const char *zInFile; |
| 2648 | const char *zOutFile; |
| 2649 | int useSCGI; |
| 2650 | int noJail; |
| 2651 | int allowRepoList; |
| 2652 | |
| 2653 | Th_InitTraceLog(); |
| @@ -2665,10 +2667,11 @@ | |
| 2665 | }else{ |
| 2666 | zFileGlob = find_option("files",0,1); |
| 2667 | } |
| 2668 | skin_override(); |
| 2669 | zNotFound = find_option("notfound", 0, 1); |
| 2670 | noJail = find_option("nojail",0,0)!=0; |
| 2671 | allowRepoList = find_option("repolist",0,0)!=0; |
| 2672 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 2673 | g.sslNotAvailable = find_option("nossl", 0, 0)!=0; |
| 2674 | g.fNoHttpCompress = find_option("nocompress",0,0)!=0; |
| @@ -2716,11 +2719,15 @@ | |
| 2716 | zIpAddr = cgi_ssh_remote_addr(0); |
| 2717 | if( zIpAddr && zIpAddr[0] ){ |
| 2718 | g.fSshClient |= CGI_SSH_CLIENT; |
| 2719 | } |
| 2720 | } |
| 2721 | g.zRepositoryName = enter_chroot_jail(g.zRepositoryName, noJail); |
| 2722 | if( useSCGI ){ |
| 2723 | cgi_handle_scgi_request(); |
| 2724 | }else if( g.fSshClient & CGI_SSH_CLIENT ){ |
| 2725 | ssh_request_loop(zIpAddr, glob_create(zFileGlob)); |
| 2726 | }else{ |
| @@ -2892,10 +2899,11 @@ | |
| 2892 | ** connection is from localhost. The "ui" command also enables --repolist |
| 2893 | ** by default. |
| 2894 | ** |
| 2895 | ** Options: |
| 2896 | ** --baseurl URL Use URL as the base (useful for reverse proxies) |
| 2897 | ** --ckout-alias NAME Treat URIs of the form /doc/NAME/... as if they were |
| 2898 | ** /doc/ckout/... |
| 2899 | ** --create Create a new REPOSITORY if it does not already exist |
| 2900 | ** --extroot DIR Document root for the /ext extension mechanism |
| 2901 | ** --files GLOBLIST Comma-separated list of glob patterns for static files |
| @@ -2983,10 +2991,11 @@ | |
| 2983 | }else{ |
| 2984 | zFileGlob = find_option("files",0,1); |
| 2985 | } |
| 2986 | skin_override(); |
| 2987 | #if !defined(_WIN32) |
| 2988 | noJail = find_option("nojail",0,0)!=0; |
| 2989 | zTimeout = find_option("max-latency",0,1); |
| 2990 | #endif |
| 2991 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 2992 | Th_InitTraceLog(); |
| @@ -3176,11 +3185,15 @@ | |
| 3176 | g.cgiOutput = 1; |
| 3177 | find_server_repository(2, 0); |
| 3178 | if( fossil_strcmp(g.zRepositoryName,"/")==0 ){ |
| 3179 | allowRepoList = 1; |
| 3180 | }else{ |
| 3181 | g.zRepositoryName = enter_chroot_jail(g.zRepositoryName, noJail); |
| 3182 | } |
| 3183 | if( flags & HTTP_SERVER_SCGI ){ |
| 3184 | cgi_handle_scgi_request(); |
| 3185 | }else{ |
| 3186 | cgi_handle_http_request(0); |
| 3187 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -2597,10 +2597,11 @@ | |
| 2597 | ** for requests coming from localhost, if the "localauth" setting is not |
| 2598 | ** enabled. |
| 2599 | ** |
| 2600 | ** Options: |
| 2601 | ** --baseurl URL base URL (useful with reverse proxies) |
| 2602 | ** --chroot DIR Use directory for chroot instead of repository path. |
| 2603 | ** --ckout-alias N Treat URIs of the form /doc/N/... as if they were |
| 2604 | ** /doc/ckout/... |
| 2605 | ** --extroot DIR document root for the /ext extension mechanism |
| 2606 | ** --files GLOB comma-separate glob patterns for static file to serve |
| 2607 | ** --host NAME specify hostname of the server |
| @@ -2644,10 +2645,11 @@ | |
| 2645 | const char *zHost; |
| 2646 | const char *zAltBase; |
| 2647 | const char *zFileGlob; |
| 2648 | const char *zInFile; |
| 2649 | const char *zOutFile; |
| 2650 | const char *zChRoot; |
| 2651 | int useSCGI; |
| 2652 | int noJail; |
| 2653 | int allowRepoList; |
| 2654 | |
| 2655 | Th_InitTraceLog(); |
| @@ -2665,10 +2667,11 @@ | |
| 2667 | }else{ |
| 2668 | zFileGlob = find_option("files",0,1); |
| 2669 | } |
| 2670 | skin_override(); |
| 2671 | zNotFound = find_option("notfound", 0, 1); |
| 2672 | zChRoot = find_option("chroot",0,1); |
| 2673 | noJail = find_option("nojail",0,0)!=0; |
| 2674 | allowRepoList = find_option("repolist",0,0)!=0; |
| 2675 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 2676 | g.sslNotAvailable = find_option("nossl", 0, 0)!=0; |
| 2677 | g.fNoHttpCompress = find_option("nocompress",0,0)!=0; |
| @@ -2716,11 +2719,15 @@ | |
| 2719 | zIpAddr = cgi_ssh_remote_addr(0); |
| 2720 | if( zIpAddr && zIpAddr[0] ){ |
| 2721 | g.fSshClient |= CGI_SSH_CLIENT; |
| 2722 | } |
| 2723 | } |
| 2724 | if( zChRoot ){ |
| 2725 | enter_chroot_jail(zChRoot, noJail); |
| 2726 | }else{ |
| 2727 | g.zRepositoryName = enter_chroot_jail(g.zRepositoryName, noJail); |
| 2728 | } |
| 2729 | if( useSCGI ){ |
| 2730 | cgi_handle_scgi_request(); |
| 2731 | }else if( g.fSshClient & CGI_SSH_CLIENT ){ |
| 2732 | ssh_request_loop(zIpAddr, glob_create(zFileGlob)); |
| 2733 | }else{ |
| @@ -2892,10 +2899,11 @@ | |
| 2899 | ** connection is from localhost. The "ui" command also enables --repolist |
| 2900 | ** by default. |
| 2901 | ** |
| 2902 | ** Options: |
| 2903 | ** --baseurl URL Use URL as the base (useful for reverse proxies) |
| 2904 | ** --chroot DIR Use directory for chroot instead of repository path. |
| 2905 | ** --ckout-alias NAME Treat URIs of the form /doc/NAME/... as if they were |
| 2906 | ** /doc/ckout/... |
| 2907 | ** --create Create a new REPOSITORY if it does not already exist |
| 2908 | ** --extroot DIR Document root for the /ext extension mechanism |
| 2909 | ** --files GLOBLIST Comma-separated list of glob patterns for static files |
| @@ -2983,10 +2991,11 @@ | |
| 2991 | }else{ |
| 2992 | zFileGlob = find_option("files",0,1); |
| 2993 | } |
| 2994 | skin_override(); |
| 2995 | #if !defined(_WIN32) |
| 2996 | zChRoot = find_option("chroot",0,1); |
| 2997 | noJail = find_option("nojail",0,0)!=0; |
| 2998 | zTimeout = find_option("max-latency",0,1); |
| 2999 | #endif |
| 3000 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 3001 | Th_InitTraceLog(); |
| @@ -3176,11 +3185,15 @@ | |
| 3185 | g.cgiOutput = 1; |
| 3186 | find_server_repository(2, 0); |
| 3187 | if( fossil_strcmp(g.zRepositoryName,"/")==0 ){ |
| 3188 | allowRepoList = 1; |
| 3189 | }else{ |
| 3190 | if( zChRoot ){ |
| 3191 | enter_chroot_jail(zChRoot, noJail); |
| 3192 | }else{ |
| 3193 | g.zRepositoryName = enter_chroot_jail(g.zRepositoryName, noJail); |
| 3194 | } |
| 3195 | } |
| 3196 | if( flags & HTTP_SERVER_SCGI ){ |
| 3197 | cgi_handle_scgi_request(); |
| 3198 | }else{ |
| 3199 | cgi_handle_http_request(0); |
| 3200 |