Wow. That's elaborate. And all this is to replace the beginning of execute() part of daemon.c? What I am assuming is that after exchanging command-response initially, you still plan to eventually have the protocol driver such as upload-pack to take things over, once "send-pack <path>" is issued, but is my assumption correct? Or are you also thinking about redoing upload-pack as well (otherwise you cannot issue 5.4 errors)? I am wondering if we can just get away with a simpler scheme Linus outlined instead. One drawback of that approach is it does not easily allow things like challenge-response uniformly across different commands (admittedly we only have "upload-pack" command right now, but we could add list of supported commands easily in execute()), but you could do something along this, I presume? When daemon is started with --require-challenge-response, the client needs to issue "challenge-me" command and complete challenge_response successfully before being able to issue any other commands. NOTE: this is just an outline, not a compilable patch. You need to fill in the details of challenge response, definition of "require_challenge_response" variable of type bool, and a command line parsing to set that variable. --- git diff diff --git a/daemon.c b/daemon.c index c3381b3..8a8746a 100644 --- a/daemon.c +++ b/daemon.c @@ -204,20 +204,55 @@ static int upload(char *dir) return -1; } -static int execute(void) +static int challenge_response(const char *me) { - static char line[1000]; - int len; + char line[1000]; - alarm(init_timeout ? init_timeout : timeout); + packet_write(1, "here comes your challenge"); + + alarm(timeout); len = packet_read_line(0, line, sizeof(line)); alarm(0); if (len && line[len-1] == '\n') line[--len] = 0; - if (!strncmp("git-upload-pack /", line, 17)) - return upload(line+16); + if ("validate response we obtained in line here") + return 1; + return 0; +} + +static int execute(void) +{ + static char line[1000]; + int len; + int client_ok = !require_challenge_response; + unsigned int time_out = init_timeout; + + while (1) { + + alarm(time_out); + time_out = timeout; + len = packet_read_line(0, line, sizeof(line)); + alarm(0); + if (len && line[len-1] == '\n') + line[--len] = 0; + + if (!strncmp("challenge-me ", line, 13)) { + client_ok = challenge_response(line+13); + continue; + } + + if (!client_ok) + break; + + if (!strncmp("git-upload-pack /", line, 17)) + return upload(line+16); + + /* more commands here later */ + + break; + } logerror("Protocol error: '%s'", line); return -1; - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.htmlReceived on Thu Oct 20 16:11:52 2005
This archive was generated by hypermail 2.1.8 : 2005-10-20 16:11:56 EST