[PATCH 1/3] Add config option user-envvar

Valentin Haenel valentin.haenel at gmx.de
Tue Oct 16 11:15:24 CEST 2012


When cgit sits on a backend server and relies on a set of
front-ends to do authentication, it will read the username
from an environment variable defined by this option.

In this way, one can safely use any forwarded HTTP header
and not only the expected REMOTE_USER variable set by the
CGI standard.

Signed-off-by: Valentin Haenel <valentin.haenel at gmx.de>
---
 cgit.c       |   10 ++++++++++
 cgit.h       |    2 ++
 cgitrc.5.txt |    6 ++++++
 3 files changed, 18 insertions(+)

diff --git a/cgit.c b/cgit.c
index 1ec02e74ac..101954e12a 100644
--- a/cgit.c
+++ b/cgit.c
@@ -121,6 +121,8 @@ void config_cb(const char *name, const char *value)
 		repo_config(ctx.repo, name + 5, value);
 	else if (!strcmp(name, "readme"))
 		ctx.cfg.readme = xstrdup(value);
+	else if (!strcmp(name, "user-envvar"))
+		ctx.cfg.user_envvar = xstrdup(value);
 	else if (!strcmp(name, "root-title"))
 		ctx.cfg.root_title = xstrdup(value);
 	else if (!strcmp(name, "root-desc"))
@@ -370,6 +372,7 @@ static void prepare_context(struct cgit_context *ctx)
 	ctx->cfg.summary_tags = 10;
 	ctx->cfg.max_atom_items = 10;
 	ctx->cfg.ssdiff = 0;
+	ctx->cfg.user_envvar = "REMOTE_USER";
 	ctx->env.cgit_config = xstrdupn(getenv("CGIT_CONFIG"));
 	ctx->env.http_host = xstrdupn(getenv("HTTP_HOST"));
 	ctx->env.https = xstrdupn(getenv("HTTPS"));
@@ -814,6 +817,13 @@ int main(int argc, const char **argv)
 	ctx.repo = NULL;
 	http_parse_querystring(ctx.qry.raw, querystring_cb);
 
+	/*
+	 * Get the username of an authenticated user. It will get
+	 * from the environment variable defined by the user-header
+	 * option (defaults to REMOTE_USER)
+	 */
+	ctx.env.remote_user = xstrdupn(getenv(ctx.cfg.user_envvar));
+
 	/* If virtual-root isn't specified in cgitrc, lets pretend
 	 * that virtual-root equals SCRIPT_NAME, minus any possibly
 	 * trailing slashes.
diff --git a/cgit.h b/cgit.h
index 79ba7adffe..369dd8af8b 100644
--- a/cgit.h
+++ b/cgit.h
@@ -165,6 +165,7 @@ struct cgit_query {
 
 struct cgit_config {
 	char *agefile;
+	char *user_envvar;
 	char *cache_root;
 	char *clone_prefix;
 	char *clone_url;
@@ -262,6 +263,7 @@ struct cgit_environment {
 	char *script_name;
 	char *server_name;
 	char *server_port;
+	char *remote_user;
 };
 
 struct cgit_context {
diff --git a/cgitrc.5.txt b/cgitrc.5.txt
index 902fff3e66..cd7327a4b3 100644
--- a/cgitrc.5.txt
+++ b/cgitrc.5.txt
@@ -386,6 +386,12 @@ strict-export::
 	repositories to match those exported by git-daemon. This option MUST come
 	before 'scan-path'.
 
+user-envvar::
+	Environment variable to read the user name from in a CGI environment. By
+	default, CGI exports it with the REMOTE_USER variable. This parameter can
+	be adjusted to a custom variable (e.g. any HTTP header forwarded by an
+	external authentication engine like HTTP_X_FORWARDED_USER)
+
 virtual-root::
 	Url which, if specified, will be used as root for all cgit links. It
 	will also cause cgit to generate 'virtual urls', i.e. urls like
-- 
1.7.9.5





More information about the CGit mailing list