From: valentin.haenel at gmx.de (Valentin Haenel)
Subject: [PATCHv2 1/3] Add config option user-envvar
Date: Mon, 29 Oct 2012 10:22:18 +0100 [thread overview]
Message-ID: <20121029092218.GA17370@kudu.in-berlin.de> (raw)
In-Reply-To: <k6i03c$mp0$1@ger.gmane.org>
* Ben Boeckel <mathstuf at gmail.com> [2012-10-28]:
> On Mon, Oct 22, 2012 at 08:29:16 GMT, Valentin Haenel wrote:
> > When cgit sits on a backend server and relies on a set of
> > front-ends to do authentication, it will read the username
> > from an environment variable defined by this option.
> >
> > In this way, one can safely use any forwarded HTTP header
> > and not only the expected REMOTE_USER variable set by the
> > CGI standard.
> >
> > Signed-off-by: Valentin Haenel <valentin.haenel at gmx.de>
> > ---
> > cgit.c | 10 ++++++++++
> > cgit.h | 2 ++
> > cgitrc.5.txt | 6 ++++++
> > 3 files changed, 18 insertions(+)
> >
> > diff --git a/cgit.c b/cgit.c
> > index a97ed69653..92e35ae958 100644
> > --- a/cgit.c
> > +++ b/cgit.c
> > @@ -126,6 +126,8 @@ void config_cb(const char *name, const char *value)
> > repo_config(ctx.repo, name + 5, value);
> > else if (!strcmp(name, "readme"))
> > ctx.cfg.readme = xstrdup(value);
> > + else if (!strcmp(name, "user-envvar"))
> > + ctx.cfg.user_envvar = xstrdup(value);
> > else if (!strcmp(name, "root-title"))
> > ctx.cfg.root_title = xstrdup(value);
> > else if (!strcmp(name, "root-desc"))
> > @@ -379,6 +381,7 @@ static void prepare_context(struct cgit_context *ctx)
> > ctx->cfg.summary_tags = 10;
> > ctx->cfg.max_atom_items = 10;
> > ctx->cfg.ssdiff = 0;
> > + ctx->cfg.user_envvar = "REMOTE_USER";
>
> Use xstrdupn here. It can't be free'd if it's static like this.
Check.
> > ctx->env.cgit_config = xstrdupn(getenv("CGIT_CONFIG"));
> > ctx->env.http_host = xstrdupn(getenv("HTTP_HOST"));
> > ctx->env.https = xstrdupn(getenv("HTTPS"));
> > @@ -823,6 +826,13 @@ int main(int argc, const char **argv)
> > ctx.repo = NULL;
> > http_parse_querystring(ctx.qry.raw, querystring_cb);
> >
> > + /*
> > + * Get the username of an authenticated user. It will get
> > + * from the environment variable defined by the user-header
> > + * option (defaults to REMOTE_USER)
> > + */
> > + ctx.env.remote_user = xstrdupn(getenv(ctx.cfg.user_envvar));
> > +
> > /* If virtual-root isn't specified in cgitrc, lets pretend
> > * that virtual-root equals SCRIPT_NAME, minus any possibly
> > * trailing slashes.
> > diff --git a/cgit.h b/cgit.h
> > index 7a99135710..016baa8e7d 100644
> > --- a/cgit.h
> > +++ b/cgit.h
> > @@ -166,6 +166,7 @@ struct cgit_query {
> >
> > struct cgit_config {
> > char *agefile;
> > + char *user_envvar;
>
> It should be free'd where the rest of these are free'd. I don't see that
> here.
>
> > char *cache_root;
> > char *clone_prefix;
> > char *clone_url;
> > @@ -263,6 +264,7 @@ struct cgit_environment {
> > char *script_name;
> > char *server_name;
> > char *server_port;
> > + char *remote_user;
>
> Same here.
Forgive me if I am mistaken, but I don't see any of those free'd
anywhere.
V-
next prev parent reply other threads:[~2012-10-29 9:22 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-16 9:15 [PATCH 0/3] Implement authorization via external program valentin.haenel
2012-10-16 9:15 ` [PATCH 1/3] Add config option user-envvar valentin.haenel
2012-10-28 1:11 ` Jason
2012-10-29 9:49 ` valentin.haenel
2012-10-16 9:15 ` [PATCH 2/3] Add ability to authorize viewing a repository valentin.haenel
2012-10-16 11:21 ` Jason
2012-10-16 12:48 ` valentin.haenel
2012-10-16 9:15 ` [PATCH 2/3] Add ability to authorize viewing a repository using valentin.haenel
2012-10-16 9:17 ` valentin.haenel
2012-10-16 9:15 ` [PATCH 3/3] Helper script to interface to gitolite valentin.haenel
2012-10-22 8:29 ` [PATCHv2 1/3] Add config option user-envvar valentin.haenel
2012-10-28 1:00 ` mathstuf
2012-10-29 9:22 ` valentin.haenel [this message]
2012-10-29 14:53 ` mathstuf
2012-10-29 15:50 ` valentin.haenel
2012-10-22 8:29 ` [PATCHv2 2/3] Add ability to authorize viewing a repository valentin.haenel
2012-10-28 1:00 ` mathstuf
2012-10-28 1:16 ` Jason
2012-10-28 1:29 ` mathstuf
2012-10-28 1:33 ` Jason
2012-10-29 9:43 ` valentin.haenel
2012-10-29 14:52 ` mathstuf
2012-10-29 15:45 ` valentin.haenel
2012-10-28 1:17 ` Jason
2012-10-29 12:38 ` valentin.haenel
2012-10-30 9:54 ` valentin.haenel
2012-10-28 1:14 ` Jason
2012-10-29 9:36 ` valentin.haenel
2012-10-22 8:29 ` [PATCHv2 3/3] Helper script to interface to gitolite valentin.haenel
2012-10-28 1:00 ` mathstuf
2012-10-29 9:27 ` valentin.haenel
2012-10-30 10:11 ` [PATCHv3 0/3] Implement authorization via external program (v3) valentin.haenel
2012-10-30 15:04 ` mathstuf
2012-10-30 16:30 ` Jason
2012-10-30 10:11 ` [PATCHv3 1/3] Add config option user-envvar valentin.haenel
2012-10-30 16:29 ` Jason
2012-10-30 10:11 ` [PATCHv3 2/3] Add ability to authorize viewing a repository valentin.haenel
2012-10-30 16:30 ` Jason
2012-10-30 10:11 ` [PATCHv3 3/3] Helper script to interface to gitolite valentin.haenel
2012-10-30 15:05 ` mathstuf
2012-10-31 18:50 ` [PATCHv4 0/2] Authorize viewing a repository valentin.haenel
2012-10-31 18:52 ` [PATCHv4 1/2] Add ability to authorize " valentin.haenel
2012-10-31 18:52 ` [PATCHv4 2/2] Helper script to interface to gitolite valentin.haenel
2012-11-01 3:03 ` jamie.couture
2012-11-01 3:23 ` mathstuf
2012-11-01 4:20 ` Jason
2012-11-01 4:31 ` mathstuf
2012-11-01 8:58 ` valentin.haenel
2012-11-01 17:32 ` Jason
2012-11-01 10:40 ` [PATCHv4 0/2] Authorize viewing a repository valentin.haenel
2012-11-01 17:27 ` Jason
2012-11-01 17:32 ` valentin.haenel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121029092218.GA17370@kudu.in-berlin.de \
--to=cgit@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).