Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fixed the --chroot flag to "fossil server" and "fossil http" to allow it to work in conjunction with the single-repository case. Before, it blindly assumed --repolist mode. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
6f92ad99d992f61c0dee9b3f67422f87 |
| User & Date: | wyoung 2022-08-13 21:21:42 |
Context
|
2022-08-13
| ||
| 22:14 | Moved the setting of g.fJail flag into the repo = "/" case since it exists only to communicate the chroot status to --repolist mode. (This confirms the speculation in the prior commit's comment: the prior behavior existed to serve repolist mode only.) ... (check-in: 324d232c user: wyoung tags: trunk) | |
| 21:21 | Fixed the --chroot flag to "fossil server" and "fossil http" to allow it to work in conjunction with the single-repository case. Before, it blindly assumed --repolist mode. ... (check-in: 6f92ad99 user: wyoung tags: trunk) | |
|
2022-08-12
| ||
| 17:01 | Fixed pointless use of interwiki link in the new section 2.2 material of fossil-v-git. ... (check-in: 73c95307 user: wyoung tags: trunk) | |
Changes
Changes to src/main.c.
| ︙ | ︙ | |||
1469 1470 1471 1472 1473 1474 1475 | } /* ** If running as root, chroot to the directory containing the ** repository zRepo and then drop root privileges. Return the ** new repository name. ** | | | > > > | > > > > > > > > > > > | > | 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 |
}
/*
** If running as root, chroot to the directory containing the
** repository zRepo and then drop root privileges. Return the
** new repository name.
**
** zRepo can be a directory. If so and if the repo name was saved
** to g.zRepositoryName before we were called, we canonicalize the
** two paths and check that one is the prefix of the other, else you
** won't be able to open the repo inside the jail. If it all works
** out, we return the "jailed" version of the repo name.
**
** Assume the user-id and group-id of the repository, or if zRepo
** is a directory, of that directory.
**
** The noJail flag means that the chroot jail is not entered. But
** privileges are still lowered to that of the user-id and group-id
** of the repository file.
*/
static char *enter_chroot_jail(const char *zRepo, int noJail){
#if !defined(_WIN32)
if( getuid()==0 ){
int i;
struct stat sStat;
Blob dir;
char *zDir;
if( g.db!=0 ){
db_close(1);
}
file_canonical_name(zRepo, &dir, 0);
zDir = blob_str(&dir);
if( !noJail ){
if( file_isdir(zDir, ExtFILE)==1 ){
if( file_chdir(zDir, 1) ){
fossil_panic("unable to chroot into %s", zDir);
}
g.fJail = 1;
if( g.zRepositoryName ){
size_t n = strlen(zDir);
Blob repo;
file_canonical_name(g.zRepositoryName, &repo, 0);
zRepo = blob_str(&repo);
if( strncmp(zRepo, zDir, n)!=0 ){
fossil_fatal("repo %s not under chroot dir %s", zRepo, zDir);
}
zRepo += n;
if( *zRepo == '\0' ) zRepo = "/";
}else {
zRepo = "/";
}
}else{
for(i=strlen(zDir)-1; i>0 && zDir[i]!='/'; i--){}
if( zDir[i]!='/' ) fossil_fatal("bad repository name: %s", zRepo);
if( i>0 ){
zDir[i] = 0;
if( file_chdir(zDir, 1) ){
fossil_fatal("unable to chroot into %s", zDir);
|
| ︙ | ︙ | |||
1525 1526 1527 1528 1529 1530 1531 |
fossil_fatal("setgid/uid() failed with errno %d", errno);
}
if( g.db==0 && file_isfile(zRepo, ExtFILE) ){
db_open_repository(zRepo);
}
}
#endif
| | | 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 |
fossil_fatal("setgid/uid() failed with errno %d", errno);
}
if( g.db==0 && file_isfile(zRepo, ExtFILE) ){
db_open_repository(zRepo);
}
}
#endif
return (char*)zRepo; /* no longer const: always reassigned from blob_str() */
}
/*
** Called whenever a crash is encountered while processing a webpage.
*/
void sigsegv_handler(int x){
#if HAVE_BACKTRACE
|
| ︙ | ︙ | |||
2812 2813 2814 2815 2816 2817 2818 |
find_server_repository(2, 0);
if( zIpAddr==0 ){
zIpAddr = cgi_ssh_remote_addr(0);
if( zIpAddr && zIpAddr[0] ){
g.fSshClient |= CGI_SSH_CLIENT;
}
}
| < < < | < > | 2827 2828 2829 2830 2831 2832 2833 2834 2835 2836 2837 2838 2839 2840 2841 2842 |
find_server_repository(2, 0);
if( zIpAddr==0 ){
zIpAddr = cgi_ssh_remote_addr(0);
if( zIpAddr && zIpAddr[0] ){
g.fSshClient |= CGI_SSH_CLIENT;
}
}
g.zRepositoryName = enter_chroot_jail(
zChRoot ? zChRoot : g.zRepositoryName, noJail);
if( useSCGI ){
cgi_handle_scgi_request();
}else if( g.fSshClient & CGI_SSH_CLIENT ){
ssh_request_loop(zIpAddr, glob_create(zFileGlob));
}else{
#if FOSSIL_ENABLE_SSL
if( g.httpUseSSL ){
|
| ︙ | ︙ | |||
3317 3318 3319 3320 3321 3322 3323 |
fprintf(stderr, "/***** Subprocess %d *****/\n", getpid());
}
g.cgiOutput = 1;
find_server_repository(2, 0);
if( fossil_strcmp(g.zRepositoryName,"/")==0 ){
allowRepoList = 1;
}else{
| < < < | < > | 3329 3330 3331 3332 3333 3334 3335 3336 3337 3338 3339 3340 3341 3342 3343 3344 |
fprintf(stderr, "/***** Subprocess %d *****/\n", getpid());
}
g.cgiOutput = 1;
find_server_repository(2, 0);
if( fossil_strcmp(g.zRepositoryName,"/")==0 ){
allowRepoList = 1;
}else{
g.zRepositoryName = enter_chroot_jail(
zChRoot ? zChRoot : g.zRepositoryName, noJail);
}
if( flags & HTTP_SERVER_SCGI ){
cgi_handle_scgi_request();
}else if( g.httpUseSSL ){
#if FOSSIL_ENABLE_SSL
g.httpSSLConn = ssl_new_server(0);
#endif
|
| ︙ | ︙ |