From mboxrd@z Thu Jan  1 00:00:00 1970
From: valentin.haenel at gmx.de (Valentin Haenel)
Date: Tue, 30 Oct 2012 11:11:28 +0100
Subject: [PATCHv3 1/3] Add config option user-envvar
In-Reply-To: <1350378927-10834-1-git-send-email-valentin.haenel@gmx.de>
References: <1350378927-10834-1-git-send-email-valentin.haenel@gmx.de>
Message-ID: <1351591890-13605-2-git-send-email-valentin.haenel@gmx.de>

When cgit sits on a backend server and relies on a set of
front-ends to do authentication, it will read the username
from an environment variable defined by this option.

In this way, one can safely use any forwarded HTTP header
and not only the expected REMOTE_USER variable set by the
CGI standard.

Signed-off-by: Valentin Haenel <valentin.haenel at gmx.de>
---
 cgit.c       |   10 ++++++++++
 cgit.h       |    2 ++
 cgitrc.5.txt |    7 +++++++
 3 files changed, 19 insertions(+)

diff --git a/cgit.c b/cgit.c
index a97ed69653..5a8ae97a13 100644
--- a/cgit.c
+++ b/cgit.c
@@ -126,6 +126,8 @@ void config_cb(const char *name, const char *value)
 		repo_config(ctx.repo, name + 5, value);
 	else if (!strcmp(name, "readme"))
 		ctx.cfg.readme = xstrdup(value);
+	else if (!strcmp(name, "user-envvar"))
+		ctx.cfg.user_envvar = xstrdup(value);
 	else if (!strcmp(name, "root-title"))
 		ctx.cfg.root_title = xstrdup(value);
 	else if (!strcmp(name, "root-desc"))
@@ -379,6 +381,7 @@ static void prepare_context(struct cgit_context *ctx)
 	ctx->cfg.summary_tags = 10;
 	ctx->cfg.max_atom_items = 10;
 	ctx->cfg.ssdiff = 0;
+	ctx->cfg.user_envvar = xstrdupn("REMOTE_USER");
 	ctx->env.cgit_config = xstrdupn(getenv("CGIT_CONFIG"));
 	ctx->env.http_host = xstrdupn(getenv("HTTP_HOST"));
 	ctx->env.https = xstrdupn(getenv("HTTPS"));
@@ -823,6 +826,13 @@ int main(int argc, const char **argv)
 	ctx.repo = NULL;
 	http_parse_querystring(ctx.qry.raw, querystring_cb);
 
+	/*
+	 * Get the username of an authenticated user. It will get
+	 * from the environment variable defined by the user-header
+	 * option (defaults to REMOTE_USER)
+	 */
+	ctx.env.remote_user = xstrdupn(getenv(ctx.cfg.user_envvar));
+
 	/* If virtual-root isn't specified in cgitrc, lets pretend
 	 * that virtual-root equals SCRIPT_NAME, minus any possibly
 	 * trailing slashes.
diff --git a/cgit.h b/cgit.h
index 7a99135710..016baa8e7d 100644
--- a/cgit.h
+++ b/cgit.h
@@ -166,6 +166,7 @@ struct cgit_query {
 
 struct cgit_config {
 	char *agefile;
+	char *user_envvar;
 	char *cache_root;
 	char *clone_prefix;
 	char *clone_url;
@@ -263,6 +264,7 @@ struct cgit_environment {
 	char *script_name;
 	char *server_name;
 	char *server_port;
+	char *remote_user;
 };
 
 struct cgit_context {
diff --git a/cgitrc.5.txt b/cgitrc.5.txt
index 5887cee9a8..d2fca9fb9c 100644
--- a/cgitrc.5.txt
+++ b/cgitrc.5.txt
@@ -389,6 +389,13 @@ strict-export::
 	repositories to match those exported by git-daemon. This option MUST come
 	before 'scan-path'.
 
+user-envvar::
+	Environment variable to read the user name from in a CGI environment. By
+	default, CGI exports it with the REMOTE_USER variable. This parameter can
+	be adjusted to a custom variable (e.g. any HTTP header forwarded by an
+	external authentication engine like HTTP_X_FORWARDED_USER). Default value:
+	"REMOTE_USER".
+
 virtual-root::
 	Url which, if specified, will be used as root for all cgit links. It
 	will also cause cgit to generate 'virtual urls', i.e. urls like
-- 
1.7.9.5