Fossil SCM
Add --chroot option to the 'http' and 'server' commands.
Commit
bf6be1e3259b9e67478708ce227730c7bf459ab884e262bed71e6da1e269fe85
Parent
784f147dc457991…
1 file changed
+16
-2
+16
-2
| --- src/main.c | ||
| +++ src/main.c | ||
| @@ -2597,10 +2597,11 @@ | ||
| 2597 | 2597 | ** for requests coming from localhost, if the "localauth" setting is not |
| 2598 | 2598 | ** enabled. |
| 2599 | 2599 | ** |
| 2600 | 2600 | ** Options: |
| 2601 | 2601 | ** --baseurl URL base URL (useful with reverse proxies) |
| 2602 | +** --chroot DIR Use directory for chroot instead of repository path. | |
| 2602 | 2603 | ** --ckout-alias N Treat URIs of the form /doc/N/... as if they were |
| 2603 | 2604 | ** /doc/ckout/... |
| 2604 | 2605 | ** --extroot DIR document root for the /ext extension mechanism |
| 2605 | 2606 | ** --files GLOB comma-separate glob patterns for static file to serve |
| 2606 | 2607 | ** --host NAME specify hostname of the server |
| @@ -2644,10 +2645,11 @@ | ||
| 2644 | 2645 | const char *zHost; |
| 2645 | 2646 | const char *zAltBase; |
| 2646 | 2647 | const char *zFileGlob; |
| 2647 | 2648 | const char *zInFile; |
| 2648 | 2649 | const char *zOutFile; |
| 2650 | + const char *zChRoot; | |
| 2649 | 2651 | int useSCGI; |
| 2650 | 2652 | int noJail; |
| 2651 | 2653 | int allowRepoList; |
| 2652 | 2654 | |
| 2653 | 2655 | Th_InitTraceLog(); |
| @@ -2665,10 +2667,11 @@ | ||
| 2665 | 2667 | }else{ |
| 2666 | 2668 | zFileGlob = find_option("files",0,1); |
| 2667 | 2669 | } |
| 2668 | 2670 | skin_override(); |
| 2669 | 2671 | zNotFound = find_option("notfound", 0, 1); |
| 2672 | + zChRoot = find_option("chroot",0,1); | |
| 2670 | 2673 | noJail = find_option("nojail",0,0)!=0; |
| 2671 | 2674 | allowRepoList = find_option("repolist",0,0)!=0; |
| 2672 | 2675 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 2673 | 2676 | g.sslNotAvailable = find_option("nossl", 0, 0)!=0; |
| 2674 | 2677 | g.fNoHttpCompress = find_option("nocompress",0,0)!=0; |
| @@ -2716,11 +2719,15 @@ | ||
| 2716 | 2719 | zIpAddr = cgi_ssh_remote_addr(0); |
| 2717 | 2720 | if( zIpAddr && zIpAddr[0] ){ |
| 2718 | 2721 | g.fSshClient |= CGI_SSH_CLIENT; |
| 2719 | 2722 | } |
| 2720 | 2723 | } |
| 2721 | - g.zRepositoryName = enter_chroot_jail(g.zRepositoryName, noJail); | |
| 2724 | + if( zChRoot ){ | |
| 2725 | + enter_chroot_jail((char*)zChRoot, noJail); | |
| 2726 | + }else{ | |
| 2727 | + g.zRepositoryName = enter_chroot_jail(g.zRepositoryName, noJail); | |
| 2728 | + } | |
| 2722 | 2729 | if( useSCGI ){ |
| 2723 | 2730 | cgi_handle_scgi_request(); |
| 2724 | 2731 | }else if( g.fSshClient & CGI_SSH_CLIENT ){ |
| 2725 | 2732 | ssh_request_loop(zIpAddr, glob_create(zFileGlob)); |
| 2726 | 2733 | }else{ |
| @@ -2892,10 +2899,11 @@ | ||
| 2892 | 2899 | ** connection is from localhost. The "ui" command also enables --repolist |
| 2893 | 2900 | ** by default. |
| 2894 | 2901 | ** |
| 2895 | 2902 | ** Options: |
| 2896 | 2903 | ** --baseurl URL Use URL as the base (useful for reverse proxies) |
| 2904 | +** --chroot DIR Use directory for chroot instead of repository path. | |
| 2897 | 2905 | ** --ckout-alias NAME Treat URIs of the form /doc/NAME/... as if they were |
| 2898 | 2906 | ** /doc/ckout/... |
| 2899 | 2907 | ** --create Create a new REPOSITORY if it does not already exist |
| 2900 | 2908 | ** --extroot DIR Document root for the /ext extension mechanism |
| 2901 | 2909 | ** --files GLOBLIST Comma-separated list of glob patterns for static files |
| @@ -2946,10 +2954,11 @@ | ||
| 2946 | 2954 | char *zBrowserCmd = 0; /* Command to launch the web browser */ |
| 2947 | 2955 | int isUiCmd; /* True if command is "ui", not "server' */ |
| 2948 | 2956 | const char *zNotFound; /* The --notfound option or NULL */ |
| 2949 | 2957 | int flags = 0; /* Server flags */ |
| 2950 | 2958 | #if !defined(_WIN32) |
| 2959 | + const char *zChRoot; /* Use for chroot instead of repository path */ | |
| 2951 | 2960 | int noJail; /* Do not enter the chroot jail */ |
| 2952 | 2961 | const char *zTimeout = 0; /* Max runtime of any single HTTP request */ |
| 2953 | 2962 | #endif |
| 2954 | 2963 | int allowRepoList; /* List repositories on URL "/" */ |
| 2955 | 2964 | const char *zAltBase; /* Argument to the --baseurl option */ |
| @@ -2983,10 +2992,11 @@ | ||
| 2983 | 2992 | }else{ |
| 2984 | 2993 | zFileGlob = find_option("files",0,1); |
| 2985 | 2994 | } |
| 2986 | 2995 | skin_override(); |
| 2987 | 2996 | #if !defined(_WIN32) |
| 2997 | + zChRoot = find_option("chroot",0,1); | |
| 2988 | 2998 | noJail = find_option("nojail",0,0)!=0; |
| 2989 | 2999 | zTimeout = find_option("max-latency",0,1); |
| 2990 | 3000 | #endif |
| 2991 | 3001 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 2992 | 3002 | Th_InitTraceLog(); |
| @@ -3176,11 +3186,15 @@ | ||
| 3176 | 3186 | g.cgiOutput = 1; |
| 3177 | 3187 | find_server_repository(2, 0); |
| 3178 | 3188 | if( fossil_strcmp(g.zRepositoryName,"/")==0 ){ |
| 3179 | 3189 | allowRepoList = 1; |
| 3180 | 3190 | }else{ |
| 3181 | - g.zRepositoryName = enter_chroot_jail(g.zRepositoryName, noJail); | |
| 3191 | + if( zChRoot ){ | |
| 3192 | + enter_chroot_jail((char*)zChRoot, noJail); | |
| 3193 | + }else{ | |
| 3194 | + g.zRepositoryName = enter_chroot_jail(g.zRepositoryName, noJail); | |
| 3195 | + } | |
| 3182 | 3196 | } |
| 3183 | 3197 | if( flags & HTTP_SERVER_SCGI ){ |
| 3184 | 3198 | cgi_handle_scgi_request(); |
| 3185 | 3199 | }else{ |
| 3186 | 3200 | cgi_handle_http_request(0); |
| 3187 | 3201 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -2597,10 +2597,11 @@ | |
| 2597 | ** for requests coming from localhost, if the "localauth" setting is not |
| 2598 | ** enabled. |
| 2599 | ** |
| 2600 | ** Options: |
| 2601 | ** --baseurl URL base URL (useful with reverse proxies) |
| 2602 | ** --ckout-alias N Treat URIs of the form /doc/N/... as if they were |
| 2603 | ** /doc/ckout/... |
| 2604 | ** --extroot DIR document root for the /ext extension mechanism |
| 2605 | ** --files GLOB comma-separate glob patterns for static file to serve |
| 2606 | ** --host NAME specify hostname of the server |
| @@ -2644,10 +2645,11 @@ | |
| 2644 | const char *zHost; |
| 2645 | const char *zAltBase; |
| 2646 | const char *zFileGlob; |
| 2647 | const char *zInFile; |
| 2648 | const char *zOutFile; |
| 2649 | int useSCGI; |
| 2650 | int noJail; |
| 2651 | int allowRepoList; |
| 2652 | |
| 2653 | Th_InitTraceLog(); |
| @@ -2665,10 +2667,11 @@ | |
| 2665 | }else{ |
| 2666 | zFileGlob = find_option("files",0,1); |
| 2667 | } |
| 2668 | skin_override(); |
| 2669 | zNotFound = find_option("notfound", 0, 1); |
| 2670 | noJail = find_option("nojail",0,0)!=0; |
| 2671 | allowRepoList = find_option("repolist",0,0)!=0; |
| 2672 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 2673 | g.sslNotAvailable = find_option("nossl", 0, 0)!=0; |
| 2674 | g.fNoHttpCompress = find_option("nocompress",0,0)!=0; |
| @@ -2716,11 +2719,15 @@ | |
| 2716 | zIpAddr = cgi_ssh_remote_addr(0); |
| 2717 | if( zIpAddr && zIpAddr[0] ){ |
| 2718 | g.fSshClient |= CGI_SSH_CLIENT; |
| 2719 | } |
| 2720 | } |
| 2721 | g.zRepositoryName = enter_chroot_jail(g.zRepositoryName, noJail); |
| 2722 | if( useSCGI ){ |
| 2723 | cgi_handle_scgi_request(); |
| 2724 | }else if( g.fSshClient & CGI_SSH_CLIENT ){ |
| 2725 | ssh_request_loop(zIpAddr, glob_create(zFileGlob)); |
| 2726 | }else{ |
| @@ -2892,10 +2899,11 @@ | |
| 2892 | ** connection is from localhost. The "ui" command also enables --repolist |
| 2893 | ** by default. |
| 2894 | ** |
| 2895 | ** Options: |
| 2896 | ** --baseurl URL Use URL as the base (useful for reverse proxies) |
| 2897 | ** --ckout-alias NAME Treat URIs of the form /doc/NAME/... as if they were |
| 2898 | ** /doc/ckout/... |
| 2899 | ** --create Create a new REPOSITORY if it does not already exist |
| 2900 | ** --extroot DIR Document root for the /ext extension mechanism |
| 2901 | ** --files GLOBLIST Comma-separated list of glob patterns for static files |
| @@ -2946,10 +2954,11 @@ | |
| 2946 | char *zBrowserCmd = 0; /* Command to launch the web browser */ |
| 2947 | int isUiCmd; /* True if command is "ui", not "server' */ |
| 2948 | const char *zNotFound; /* The --notfound option or NULL */ |
| 2949 | int flags = 0; /* Server flags */ |
| 2950 | #if !defined(_WIN32) |
| 2951 | int noJail; /* Do not enter the chroot jail */ |
| 2952 | const char *zTimeout = 0; /* Max runtime of any single HTTP request */ |
| 2953 | #endif |
| 2954 | int allowRepoList; /* List repositories on URL "/" */ |
| 2955 | const char *zAltBase; /* Argument to the --baseurl option */ |
| @@ -2983,10 +2992,11 @@ | |
| 2983 | }else{ |
| 2984 | zFileGlob = find_option("files",0,1); |
| 2985 | } |
| 2986 | skin_override(); |
| 2987 | #if !defined(_WIN32) |
| 2988 | noJail = find_option("nojail",0,0)!=0; |
| 2989 | zTimeout = find_option("max-latency",0,1); |
| 2990 | #endif |
| 2991 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 2992 | Th_InitTraceLog(); |
| @@ -3176,11 +3186,15 @@ | |
| 3176 | g.cgiOutput = 1; |
| 3177 | find_server_repository(2, 0); |
| 3178 | if( fossil_strcmp(g.zRepositoryName,"/")==0 ){ |
| 3179 | allowRepoList = 1; |
| 3180 | }else{ |
| 3181 | g.zRepositoryName = enter_chroot_jail(g.zRepositoryName, noJail); |
| 3182 | } |
| 3183 | if( flags & HTTP_SERVER_SCGI ){ |
| 3184 | cgi_handle_scgi_request(); |
| 3185 | }else{ |
| 3186 | cgi_handle_http_request(0); |
| 3187 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -2597,10 +2597,11 @@ | |
| 2597 | ** for requests coming from localhost, if the "localauth" setting is not |
| 2598 | ** enabled. |
| 2599 | ** |
| 2600 | ** Options: |
| 2601 | ** --baseurl URL base URL (useful with reverse proxies) |
| 2602 | ** --chroot DIR Use directory for chroot instead of repository path. |
| 2603 | ** --ckout-alias N Treat URIs of the form /doc/N/... as if they were |
| 2604 | ** /doc/ckout/... |
| 2605 | ** --extroot DIR document root for the /ext extension mechanism |
| 2606 | ** --files GLOB comma-separate glob patterns for static file to serve |
| 2607 | ** --host NAME specify hostname of the server |
| @@ -2644,10 +2645,11 @@ | |
| 2645 | const char *zHost; |
| 2646 | const char *zAltBase; |
| 2647 | const char *zFileGlob; |
| 2648 | const char *zInFile; |
| 2649 | const char *zOutFile; |
| 2650 | const char *zChRoot; |
| 2651 | int useSCGI; |
| 2652 | int noJail; |
| 2653 | int allowRepoList; |
| 2654 | |
| 2655 | Th_InitTraceLog(); |
| @@ -2665,10 +2667,11 @@ | |
| 2667 | }else{ |
| 2668 | zFileGlob = find_option("files",0,1); |
| 2669 | } |
| 2670 | skin_override(); |
| 2671 | zNotFound = find_option("notfound", 0, 1); |
| 2672 | zChRoot = find_option("chroot",0,1); |
| 2673 | noJail = find_option("nojail",0,0)!=0; |
| 2674 | allowRepoList = find_option("repolist",0,0)!=0; |
| 2675 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 2676 | g.sslNotAvailable = find_option("nossl", 0, 0)!=0; |
| 2677 | g.fNoHttpCompress = find_option("nocompress",0,0)!=0; |
| @@ -2716,11 +2719,15 @@ | |
| 2719 | zIpAddr = cgi_ssh_remote_addr(0); |
| 2720 | if( zIpAddr && zIpAddr[0] ){ |
| 2721 | g.fSshClient |= CGI_SSH_CLIENT; |
| 2722 | } |
| 2723 | } |
| 2724 | if( zChRoot ){ |
| 2725 | enter_chroot_jail((char*)zChRoot, noJail); |
| 2726 | }else{ |
| 2727 | g.zRepositoryName = enter_chroot_jail(g.zRepositoryName, noJail); |
| 2728 | } |
| 2729 | if( useSCGI ){ |
| 2730 | cgi_handle_scgi_request(); |
| 2731 | }else if( g.fSshClient & CGI_SSH_CLIENT ){ |
| 2732 | ssh_request_loop(zIpAddr, glob_create(zFileGlob)); |
| 2733 | }else{ |
| @@ -2892,10 +2899,11 @@ | |
| 2899 | ** connection is from localhost. The "ui" command also enables --repolist |
| 2900 | ** by default. |
| 2901 | ** |
| 2902 | ** Options: |
| 2903 | ** --baseurl URL Use URL as the base (useful for reverse proxies) |
| 2904 | ** --chroot DIR Use directory for chroot instead of repository path. |
| 2905 | ** --ckout-alias NAME Treat URIs of the form /doc/NAME/... as if they were |
| 2906 | ** /doc/ckout/... |
| 2907 | ** --create Create a new REPOSITORY if it does not already exist |
| 2908 | ** --extroot DIR Document root for the /ext extension mechanism |
| 2909 | ** --files GLOBLIST Comma-separated list of glob patterns for static files |
| @@ -2946,10 +2954,11 @@ | |
| 2954 | char *zBrowserCmd = 0; /* Command to launch the web browser */ |
| 2955 | int isUiCmd; /* True if command is "ui", not "server' */ |
| 2956 | const char *zNotFound; /* The --notfound option or NULL */ |
| 2957 | int flags = 0; /* Server flags */ |
| 2958 | #if !defined(_WIN32) |
| 2959 | const char *zChRoot; /* Use for chroot instead of repository path */ |
| 2960 | int noJail; /* Do not enter the chroot jail */ |
| 2961 | const char *zTimeout = 0; /* Max runtime of any single HTTP request */ |
| 2962 | #endif |
| 2963 | int allowRepoList; /* List repositories on URL "/" */ |
| 2964 | const char *zAltBase; /* Argument to the --baseurl option */ |
| @@ -2983,10 +2992,11 @@ | |
| 2992 | }else{ |
| 2993 | zFileGlob = find_option("files",0,1); |
| 2994 | } |
| 2995 | skin_override(); |
| 2996 | #if !defined(_WIN32) |
| 2997 | zChRoot = find_option("chroot",0,1); |
| 2998 | noJail = find_option("nojail",0,0)!=0; |
| 2999 | zTimeout = find_option("max-latency",0,1); |
| 3000 | #endif |
| 3001 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 3002 | Th_InitTraceLog(); |
| @@ -3176,11 +3186,15 @@ | |
| 3186 | g.cgiOutput = 1; |
| 3187 | find_server_repository(2, 0); |
| 3188 | if( fossil_strcmp(g.zRepositoryName,"/")==0 ){ |
| 3189 | allowRepoList = 1; |
| 3190 | }else{ |
| 3191 | if( zChRoot ){ |
| 3192 | enter_chroot_jail((char*)zChRoot, noJail); |
| 3193 | }else{ |
| 3194 | g.zRepositoryName = enter_chroot_jail(g.zRepositoryName, noJail); |
| 3195 | } |
| 3196 | } |
| 3197 | if( flags & HTTP_SERVER_SCGI ){ |
| 3198 | cgi_handle_scgi_request(); |
| 3199 | }else{ |
| 3200 | cgi_handle_http_request(0); |
| 3201 |