[PATCH] git-daemon: set REMOTE_ADDR to client address

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] git-daemon: set REMOTE_ADDR to client address
@ 2008-10-24  5:48 Joey Hess
  0 siblings, 0 replies; only message in thread
From: Joey Hess @ 2008-10-24  5:48 UTC (permalink / raw)
  To: git

This allows hooks like pre-receive to look at the client's IP
address.

Of course the IP address can't be used to get strong security;
git-daemon isn't the right thing to use if you need that. However,
basic IP address checking can be good enough in some situations.

REMOTE_ADDR is the same environment variable used to communicate the
client's address to CGI scripts.

Signed-off-by: Joey Hess <joey@kitenet.net>
---

Real world example: ikiwiki can use pre-receive to check that the pushed
changes are ones that anyone could make to the wiki's source via the web
interface, and thus safe to accept. It's useful to be able to ban IP
addresses from editing a wiki on the web, as a first line of defence to
guard against spammers etc. With this patch the same IP guards can be
applied to changes pushed in via git-daemon.

 Documentation/git-daemon.txt |    9 +++++++++
 daemon.c                     |    4 ++++
 2 files changed, 13 insertions(+), 0 deletions(-)

diff --git a/Documentation/git-daemon.txt b/Documentation/git-daemon.txt
index b08a08c..f1a570a 100644
--- a/Documentation/git-daemon.txt
+++ b/Documentation/git-daemon.txt
@@ -270,6 +270,15 @@ selectively enable/disable services per repository::
 ----------------------------------------------------------------

+ENVIRONMENT
+-----------
+'git-daemon' will set REMOTE_ADDR to the IP address of the client
+that connected to it, if the IP address is available. REMOTE_ADDR will
+be available in the environment of hooks called when
+services are performed.
+
+
+
 Author
 ------
 Written by Linus Torvalds <torvalds@osdl.org>, YOSHIFUJI Hideaki
diff --git a/daemon.c b/daemon.c
index 3e5582d..b9ba44c 100644
--- a/daemon.c
+++ b/daemon.c
@@ -537,6 +537,10 @@ static int execute(struct sockaddr *addr)
 #endif
 		}
 		loginfo("Connection from %s:%d", addrbuf, port);
+		setenv("REMOTE_ADDR", addrbuf, 1);
+	}
+	else {
+		unsetenv("REMOTE_ADDR");
 	}

 	alarm(init_timeout ? init_timeout : timeout);

-- 
1.5.6.5

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2008-10-24  5:50 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-10-24  5:48 [PATCH] git-daemon: set REMOTE_ADDR to client address Joey Hess

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).