From b2741f63d43a17ce9dafd1f97614bd6dbba72887 Mon Sep 17 00:00:00 2001 From: Andy Parkins Date: Tue, 13 Feb 2007 15:12:45 +0000 Subject: [PATCH] Have git-cvsserver call hooks/update before really altering the ref git-cvsserver is analogous to git-receive-pack; a checking from a cvs client to a central server is like a git-push from a working repository. Therefore it's nice to use the same access control (and email sending) that a receive-pack would perform. This patch tests for an executable update hook; if it is it is run with the ref being updated and the old and new hashes as normal. If the update hook returns an error code the update is aborted and the ref is never updated. The cvsserver returns "error 1" to the client to signal there was an EPERM error. Signed-off-by: Andy Parkins Signed-off-by: Junio C Hamano --- git-cvsserver.perl | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/git-cvsserver.perl b/git-cvsserver.perl index 9371788fab..84520e7ad5 100755 --- a/git-cvsserver.perl +++ b/git-cvsserver.perl @@ -1171,6 +1171,21 @@ sub req_ci exit; } + # Check that this is allowed, just as we would with a receive-pack + my @cmd = ( $ENV{GIT_DIR}.'hooks/update', "refs/heads/$state->{module}", + $parenthash, $commithash ); + if( -x $cmd[0] ) { + unless( system( @cmd ) == 0 ) + { + $log->warn("Commit failed (update hook declined to update ref)"); + print "error 1 Commit failed (update hook declined)\n"; + close LOCKFILE; + unlink($lockfile); + chdir "/"; + exit; + } + } + print LOCKFILE $commithash; $updater->update();