Web lists-archives.com

Re: git-http-backend and Authenticated Pushes

Ryan Phillips <ryan@xxxxxxxxxxxxx> wrote:
> I'm trying to follow the git-http-backend man page on setting up
> authenticated pushes to my apache server. Pulls work fine, and fully
> authenticated pushes work fine. However, when I try and setup
> anonymous pulls and authenticated pushes the push fails.
> I believe the culprit is this 403 error:
> - - [09/Mar/2010:09:01:43 -0800] "GET
> /git/test.git/info/refs?service=git-receive-pack HTTP/1.1" 403 - "-"
> "git/"

Ugh.  Looks like I didn't design this thing right.

The backend wants you to be authenticated before it will service
the git-receive-pack advertisement.  Even though its the same
data as the git-upload-pack advertisement (but slightly different
capability strings).

Maybe we should consider doing something like this patch so that
the advertisement under info/refs?service=git-receive-pack can be
sent without needing authentication.  My only hesitation is this
makes it harder for the client to setup the authentication before
it needs to transmit the pack file, which may mean it needs to send
the pack twice.

diff --git a/http-backend.c b/http-backend.c
index 345c12b..462b07c 100644
--- a/http-backend.c
+++ b/http-backend.c
@@ -312,11 +312,6 @@ static struct rpc_service *select_service(const char *name)
 	if (!svc)
 		forbidden("Unsupported service: '%s'", name);
-	if (svc->enabled < 0) {
-		const char *user = getenv("REMOTE_USER");
-		svc->enabled = (user && *user) ? 1 : 0;
-	}
 	if (!svc->enabled)
 		forbidden("Service not enabled: '%s'", svc->name);
 	return svc;
@@ -519,6 +514,12 @@ static void service_rpc(char *service_name)
 	struct rpc_service *svc = select_service(service_name);
 	struct strbuf buf = STRBUF_INIT;
+	if (svc->enabled < 0) {
+		const char *user = getenv("REMOTE_USER");
+		if (!user || !*user)
+			forbidden("Service not enabled: '%s'", svc->name);
+	}
 	strbuf_addf(&buf, "application/x-git-%s-request", svc->name);
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html