From mboxrd@z Thu Jan 1 00:00:00 1970 From: valentin.haenel at gmx.de (Valentin Haenel) Date: Mon, 29 Oct 2012 10:22:18 +0100 Subject: [PATCHv2 1/3] Add config option user-envvar In-Reply-To: References: <1350378927-10834-1-git-send-email-valentin.haenel@gmx.de> <1350894558-24840-1-git-send-email-valentin.haenel@gmx.de> Message-ID: <20121029092218.GA17370@kudu.in-berlin.de> * Ben Boeckel [2012-10-28]: > On Mon, Oct 22, 2012 at 08:29:16 GMT, Valentin Haenel wrote: > > When cgit sits on a backend server and relies on a set of > > front-ends to do authentication, it will read the username > > from an environment variable defined by this option. > > > > In this way, one can safely use any forwarded HTTP header > > and not only the expected REMOTE_USER variable set by the > > CGI standard. > > > > Signed-off-by: Valentin Haenel > > --- > > cgit.c | 10 ++++++++++ > > cgit.h | 2 ++ > > cgitrc.5.txt | 6 ++++++ > > 3 files changed, 18 insertions(+) > > > > diff --git a/cgit.c b/cgit.c > > index a97ed69653..92e35ae958 100644 > > --- a/cgit.c > > +++ b/cgit.c > > @@ -126,6 +126,8 @@ void config_cb(const char *name, const char *value) > > repo_config(ctx.repo, name + 5, value); > > else if (!strcmp(name, "readme")) > > ctx.cfg.readme = xstrdup(value); > > + else if (!strcmp(name, "user-envvar")) > > + ctx.cfg.user_envvar = xstrdup(value); > > else if (!strcmp(name, "root-title")) > > ctx.cfg.root_title = xstrdup(value); > > else if (!strcmp(name, "root-desc")) > > @@ -379,6 +381,7 @@ static void prepare_context(struct cgit_context *ctx) > > ctx->cfg.summary_tags = 10; > > ctx->cfg.max_atom_items = 10; > > ctx->cfg.ssdiff = 0; > > + ctx->cfg.user_envvar = "REMOTE_USER"; > > Use xstrdupn here. It can't be free'd if it's static like this. Check. > > ctx->env.cgit_config = xstrdupn(getenv("CGIT_CONFIG")); > > ctx->env.http_host = xstrdupn(getenv("HTTP_HOST")); > > ctx->env.https = xstrdupn(getenv("HTTPS")); > > @@ -823,6 +826,13 @@ int main(int argc, const char **argv) > > ctx.repo = NULL; > > http_parse_querystring(ctx.qry.raw, querystring_cb); > > > > + /* > > + * Get the username of an authenticated user. It will get > > + * from the environment variable defined by the user-header > > + * option (defaults to REMOTE_USER) > > + */ > > + ctx.env.remote_user = xstrdupn(getenv(ctx.cfg.user_envvar)); > > + > > /* If virtual-root isn't specified in cgitrc, lets pretend > > * that virtual-root equals SCRIPT_NAME, minus any possibly > > * trailing slashes. > > diff --git a/cgit.h b/cgit.h > > index 7a99135710..016baa8e7d 100644 > > --- a/cgit.h > > +++ b/cgit.h > > @@ -166,6 +166,7 @@ struct cgit_query { > > > > struct cgit_config { > > char *agefile; > > + char *user_envvar; > > It should be free'd where the rest of these are free'd. I don't see that > here. > > > char *cache_root; > > char *clone_prefix; > > char *clone_url; > > @@ -263,6 +264,7 @@ struct cgit_environment { > > char *script_name; > > char *server_name; > > char *server_port; > > + char *remote_user; > > Same here. Forgive me if I am mistaken, but I don't see any of those free'd anywhere. V-