Dear list,
Here is a really ugly hack that fixed my problem for clone and pull/push/sync
trying to execute as "nobody". I elevate privileges to "s" in order to perform
each operation. Not sure if this is safe, but it works well enough for my
usage at the moment.
I think the reason why no one else has seen this problem is because I set
anonymous and nobody to have no privileges at all. (which I deem essential for
certain private repositories that I work on, such as for my /etc directory)
I know this patch is probably very dangerous, but it is here if anyone else
experiences this problem with ssh protocol support.
Any critiques are welcome. It isn't high quality enough for me to make a
branch, but if people are interested, I could try to polish it for inclusion.
--- src/xfer.c.orig 2012-05-07 03:02:24.000000000 -0700
+++ src/xfer.c 2012-05-08 17:11:00.000000000 -0700
@@ -860,6 +860,8 @@
}
g.zLogin = "anonymous";
login_set_anon_nobody_capabilities();
+ /* doesn't work here, not sure why..*/
+ /* login_set_capabilities("s", 0); */
login_check_credentials();
memset(&xfer, 0, sizeof(xfer));
blobarray_zero(xfer.aToken, count(xfer.aToken));
@@ -992,6 +994,10 @@
nErr++;
break;
}
+ /* this is actually needed here */
+ /* not high enough capabilities to run gimme */
+ /* login_set_capabilities("gio", 0); */
+ login_set_capabilities("s", 0);
login_check_credentials();
if( blob_eq(&xfer.aToken[0], "pull") ){
if( !g.perm.Read ){
@@ -1022,6 +1028,8 @@
*/
if( blob_eq(&xfer.aToken[0], "clone") ){
int iVers;
+ /* this is actually needed here to clone */
+ login_set_capabilities("s", 0);
login_check_credentials();
if( !g.perm.Clone ){
cgi_reset_content();
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
