From mboxrd@z Thu Jan  1 00:00:00 1970
From: jamie.couture at gmail.com (Jamie Couture)
Date: Wed, 31 Oct 2012 23:03:01 -0400
Subject: [PATCHv4 2/2] Helper script to interface to gitolite
In-Reply-To: <1351709556-29355-2-git-send-email-valentin.haenel@gmx.de>
References: <1351709440-29185-1-git-send-email-valentin.haenel@gmx.de>
 <1351709556-29355-2-git-send-email-valentin.haenel@gmx.de>
Message-ID: <20121101030301.GA28025@neptune.phub.net.cable.rogers.com>

On Wed, Oct 31, 2012 at 07:52:36PM +0100, Valentin Haenel wrote:
> From: Carlos Aguado Sanchez <carlos.aguado at epfl.ch>
> 
> Signed-off-by: Carlos Aguado Sanchez <carlos.aguado at epfl.ch>
> Signed-off-by: Valentin Haenel <valentin.haenel at gmx.de>
> ---
>  contrib/gl-check-user |   20 ++++++++++++++++++++
>  1 file changed, 20 insertions(+)
>  create mode 100755 contrib/gl-check-user
> 
> diff --git a/contrib/gl-check-user b/contrib/gl-check-user
> new file mode 100755
> index 0000000000..45eb95fead
> --- /dev/null
> +++ b/contrib/gl-check-user
> @@ -0,0 +1,20 @@
> +#!/bin/sh
> +# Wrapper around gitolite to perform
> +# repository authentication from a
> +# CGI environment
> +prog="/usr/local/bin/gitolite"
What about users that have installed gitolite via their distro's
package manager, as opposed to local install?

I do not think the script should assume to know where gitolite lives.

This might be agnostic:
prog="$(which gitolite)"

But that could lead to PATH abuse; potential security problems.

Maybe obtaining the value from another environment variable, say in
your web server's virtual host:

SetEnv GITOLITE_PROG /path/to/gitolite

---

prog="${GITOLITE_PROG}"


Not sure how much of a crutch that is, but I wouldn't want the helper
script to assume where gitolite lives; and if any distro were to
include these scripts people might want it to work out of the box.

> +
> +# HTTPD will not set some essential
> +# variables expexted by gitolite
> +# Set them here (EUID expected final)
> +
> +export REPO="${CGIT_REPO_URL%.git}"
> +# Get the user from webserver environment.
> +# May be either REMOTE_USER or HTTP_X_FORWARDED_USER
> +export REMOTE_USER="${HTTP_X_FORWARDED_USER}"
> +# Looking for read permission from gitolite
> +export PERM="R"
> +# Gitolite needs homedir set
> +export HOME="$( getent passwd $(id -n -u) | cut -d":" -f 6 )"
> +
> +exec "$prog" access -q "${REPO}" "${REMOTE_USER}" "${PERM}"
> -- 
> 1.7.9.5
> 
> 
> _______________________________________________
> cgit mailing list
> cgit at hjemli.net
> http://hjemli.net/mailman/listinfo/cgit