BUG in http-backend.c > http.receivepack

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* BUG in http-backend.c  > http.receivepack
@ 2014-11-24  8:18 Springer, Stephan
  2014-11-25  3:56 ` Jeff King
  0 siblings, 1 reply; 2+ messages in thread
From: Springer, Stephan @ 2014-11-24  8:18 UTC (permalink / raw)
  To: 'git@vger.kernel.org'

[-- Attachment #1: Type: text/plain, Size: 1273 bytes --]

Hello Guys,

I found bug in http-backend.c with config-flag "http.receivepack"  You describe in our documentation: "This serves git send-pack clients, allowing push. It is disabled by default for anonymous users, and enabled by default for users authenticated by the web server. It can be disabled by setting this item to false, or enabled for all users, including anonymous users, by setting it to true."
That cannot work, while svc-enable less than 0. See attachment 

I tested with Centos 6.x,  Nginx 1.0.15 and Git 2.2.0-rc3 and Git 2.1.3

I hope you understand me and I don´t talk nonsense. My English a little rusty and this is my first bug report for open source project :-)  

Best regards
Stephan Springer
__________________________________________

SLOMAN NEPTUN Schiffahrts-Aktiengesellschaft
Langenstr. 44, 28195 Bremen / Germany
Telephone: ++49 (0) 421 1763 - 291
Telefax:   ++49 (0) 421 1763 - 400
E-Mail: springer@sloman-neptun.com
Page: www.sloman-neptun.com

Registergericht/Registered office: Amtsgericht Bremen (HRB 4046)
Vorsitzender des Aufsichtsrats/Chairman of the Supervisory Board: Fritz Lütke-Uhlenbrock
Vorstand / Board of Managing Directors: Sven-Michael Edye, Dirk Lohmann  
__________________________________________


[-- Attachment #2: bug.txt --]
[-- Type: text/plain, Size: 1613 bytes --]

https://github.com/git/git/blob/master/http-backend.c

static void http_config(void)
{
        int i, value = 0;
        struct strbuf var = STRBUF_INIT;

        git_config_get_bool("http.getanyfile", &getanyfile);

        for (i = 0; i < ARRAY_SIZE(rpc_service); i++) {
               struct rpc_service *svc = &rpc_service[i];
               strbuf_addf(&var, "http.%s", svc->config_name);
               if (!git_config_get_bool(var.buf, &value))
                       svc->enabled = value;  <#### 1 or 0 
               strbuf_reset(&var);
        }

        strbuf_release(&var);
}

static struct rpc_service *select_service(const char *name)
{
        const char *svc_name;
        struct rpc_service *svc = NULL;
        int i;

        if (!skip_prefix(name, "git-", &svc_name))
               forbidden("Unsupported service: '%s'", name);

        for (i = 0; i < ARRAY_SIZE(rpc_service); i++) {
               struct rpc_service *s = &rpc_service[i];
               if (!strcmp(s->name, svc_name)) {
                       svc = s;
                       break;
               }
        }

        if (!svc)
               forbidden("Unsupported service: '%s'", name);

        #
        # better (svc->enabled <= 0) than can “REMOTE_USER” enable push function 
        #
        if (svc->enabled < 0) {        
               const char *user = getenv("REMOTE_USER");
               svc->enabled = (user && *user) ? 1 : 0;
        }
        if (!svc->enabled)
               forbidden("Service not enabled: '%s'", svc->name);
        return svc;
}

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: BUG in http-backend.c  > http.receivepack
  2014-11-24  8:18 BUG in http-backend.c > http.receivepack Springer, Stephan
@ 2014-11-25  3:56 ` Jeff King
  0 siblings, 0 replies; 2+ messages in thread
From: Jeff King @ 2014-11-25  3:56 UTC (permalink / raw)
  To: Springer, Stephan; +Cc: 'git@vger.kernel.org'

On Mon, Nov 24, 2014 at 09:18:52AM +0100, Springer, Stephan wrote:

> I found bug in http-backend.c with config-flag "http.receivepack"  You
> describe in our documentation: "This serves git send-pack clients,
> allowing push. It is disabled by default for anonymous users, and
> enabled by default for users authenticated by the web server. It can
> be disabled by setting this item to false, or enabled for all users,
> including anonymous users, by setting it to true."
> That cannot work, while svc-enable less than 0. See attachment

Sorry, I don't quite understand. The "enabled" field is one of:

  -1: we allow access if $REMOTE_USER is set, and otherwise not
   0: we never allow access
   1: we always allow access

The default is -1. By setting it to "true" or "false" you get 1 or 0,
respectively. You cannot explicitly ask for the default, except by not
setting the value in the first place.

>         #
>         # better (svc->enabled <= 0) than can ?REMOTE_USER? enable push function 
>         #
>         if (svc->enabled < 0) {        
>                const char *user = getenv("REMOTE_USER");
>                svc->enabled = (user && *user) ? 1 : 0;
>         }

If this condition were "svc->enabled <= 0", then setting the config
option to "false", which should turn off access, will respect
$REMOTE_USER instead. That is not right.

Can you describe what you're configuring and running, what behavior you
expect, and what you get instead?

-Peff

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2014-11-25  3:56 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-24  8:18 BUG in http-backend.c > http.receivepack Springer, Stephan
2014-11-25  3:56 ` Jeff King

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).