From: axel.ml@laposte.net
To: git@vger.kernel.org
Cc: git@vger.kernel.org
Subject: Re: REMOTE_USER value propagation through http push
Date: Wed, 13 Apr 2011 13:21:18 +0200 (CEST) [thread overview]
Message-ID: <5222475.65704.1302693678918.JavaMail.www@wwinf8226> (raw)
In-Reply-To: <m3sjtm2z8e.fsf@localhost.localdomain>
Message du 13/04/11 13:00
> De : "Jakub Narebski"
> A : "Axel"
> Copie à : git@vger.kernel.org
> Objet : Re: REMOTE_USER value propagation through http push
>
>
> Axel writes:
>
> > I set up a git server with HTTP authentication with Apache through
> > LDAP (Debian Squeeze + Apache 2.2 + mod_authnz_ldap).
> >
> > I m using gitweb for browsing the repositories. At this moment, the
> > commiter name appears to be the local user who called "git push". The
> > username used for HTTP authentication is not used as commiter name,
> > though the REMOTE_USER environment variable is defined.
> >
> > After a quick look at http-backend.c it looks like the
> > GIT_COMMITER_NAME variable should have been defined with the
> > REMOTE_USER variable. Is this right ?
> >
> > In Apache access logs, the REMOTE_USER appears to be defined in the
> > last request of the push :
> >
> > 127.0.1.1 - - [13/Apr/2011:11:45:08 +0200] "GET
> > /git/sandbox/info/refs?service=git-receive-pack HTTP/1.1" 200 467 "-"
> > "git/1.7.2.5"
> > 127.0.1.1 - - [13/Apr/2011:11:45:08 +0200] "POST
> > /git/sandbox/git-receive-pack HTTP/1.1" 401 618 "-" "git/1.7.2.5"
> > 127.0.1.1 - ldapuser [13/Apr/2011:11:45:08 +0200] "POST
> > /git/sandbox/git-receive-pack HTTP/1.1" 200 353 "-" "git/1.7.2.5"
> >
> > Is this behaviour expected ?
>
> I don't quite understand.
>
> With push over _any_ transport you transfer commits from your
> repository to remote repository *without changing them*. Committer is
> a person who created a commit, i.e. did "git commit" (or "git am", or
> "git rebase", or "git merge").
>
> The only place where user who did "git push" can appear in is _reflogs_
> (I don't know if it appears or not)... but gitweb doesn't show wny
> reflog information. That of course can be improved...
>
Indeed I wrongly used the "commit" word. I m switching from SVN/WebDAV, and the HTTP authentication name is usually used as the commiter name in the SVN repository. This name was informative only but useful when browsing repository and logs.
I would have enjoy to reproduce this behavior with git/http, since it s common (in our organisation at least) that the commiter is the pusher. In fact until today the authentication was almost only used as tracing commiters in logs and not really for security considerations.
So I assume that it s cannot be done for the moment :)
Thanks for your answer !
Une messagerie gratuite, garantie à vie et des services en plus, ça vous tente ?
Je crée ma boîte mail www.laposte.net
next prev parent reply other threads:[~2011-04-13 11:52 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-13 9:48 REMOTE_USER value propagation through http push Axel
2011-04-13 11:00 ` Jakub Narebski
2011-04-13 11:21 ` axel.ml [this message]
2011-04-13 12:53 ` Jakub Narebski
2011-04-13 13:39 ` axel.ml
2011-04-13 14:27 ` Jakub Narebski
2011-04-13 14:58 ` axel.ml
2011-04-13 16:32 ` Jakub Narebski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5222475.65704.1302693678918.JavaMail.www@wwinf8226 \
--to=axel.ml@laposte.net \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).