From: "Shawn O. Pearce" <spearce@spearce.org>
To: Ryan Phillips <ryan@trolocsis.com>
Cc: git@vger.kernel.org
Subject: Re: git-http-backend and Authenticated Pushes
Date: Tue, 9 Mar 2010 11:27:26 -0800 [thread overview]
Message-ID: <20100309192726.GA12461@spearce.org> (raw)
In-Reply-To: <46a47f951003090908s62512bd7xcbb707205958e004@mail.gmail.com>
Ryan Phillips <ryan@trolocsis.com> wrote:
> I'm trying to follow the git-http-backend man page on setting up
> authenticated pushes to my apache server. Pulls work fine, and fully
> authenticated pushes work fine. However, when I try and setup
> anonymous pulls and authenticated pushes the push fails.
>
> I believe the culprit is this 403 error:
>
> 192.168.1.1 - - [09/Mar/2010:09:01:43 -0800] "GET
> /git/test.git/info/refs?service=git-receive-pack HTTP/1.1" 403 - "-"
> "git/1.7.0.2.dirty"
Ugh. Looks like I didn't design this thing right.
The backend wants you to be authenticated before it will service
the git-receive-pack advertisement. Even though its the same
data as the git-upload-pack advertisement (but slightly different
capability strings).
Maybe we should consider doing something like this patch so that
the advertisement under info/refs?service=git-receive-pack can be
sent without needing authentication. My only hesitation is this
makes it harder for the client to setup the authentication before
it needs to transmit the pack file, which may mean it needs to send
the pack twice.
diff --git a/http-backend.c b/http-backend.c
index 345c12b..462b07c 100644
--- a/http-backend.c
+++ b/http-backend.c
@@ -312,11 +312,6 @@ static struct rpc_service *select_service(const char *name)
if (!svc)
forbidden("Unsupported service: '%s'", name);
-
- if (svc->enabled < 0) {
- const char *user = getenv("REMOTE_USER");
- svc->enabled = (user && *user) ? 1 : 0;
- }
if (!svc->enabled)
forbidden("Service not enabled: '%s'", svc->name);
return svc;
@@ -519,6 +514,12 @@ static void service_rpc(char *service_name)
struct rpc_service *svc = select_service(service_name);
struct strbuf buf = STRBUF_INIT;
+ if (svc->enabled < 0) {
+ const char *user = getenv("REMOTE_USER");
+ if (!user || !*user)
+ forbidden("Service not enabled: '%s'", svc->name);
+ }
+
strbuf_reset(&buf);
strbuf_addf(&buf, "application/x-git-%s-request", svc->name);
check_content_type(buf.buf);
--
Shawn.
next prev parent reply other threads:[~2010-03-09 19:27 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-09 17:08 git-http-backend and Authenticated Pushes Ryan Phillips
2010-03-09 19:01 ` Antonio García Domínguez
2010-03-09 19:17 ` BJ Hargrave
2010-03-09 19:23 ` Antonio García Domínguez
2010-03-09 19:27 ` Shawn O. Pearce [this message]
2010-03-10 2:13 ` Ryan Phillips
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100309192726.GA12461@spearce.org \
--to=spearce@spearce.org \
--cc=git@vger.kernel.org \
--cc=ryan@trolocsis.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).