apache - Access control in Cgit -

-

i introduce access control cgit once cgi of cgit has been launched. idea list repos available in gitolite enable/disable directory listing based on user authentication.

i managed access control before apache executing cgit cgi:

 allowoverride none  authtype basic  authname "restricted files"  authuserfile /var/lib/git_alfonso/passwords    options +execcgi    order allow,deny    allow 

alias /cgit.png /var/www/htdocs/cgit/cgit.png alias /cgit.css /var/www/htdocs/cgit/cgit.css scriptalias /cgit "/var/www/htdocs/cgit/cgit.cgi" rewriterule ^$ / [r] rewriterule ^/(.*)$ /cgit.cgi/$1****

but don't know how same effect once repositories paths accessed, tried directory directive , adding authentication there once cgit launched apache doesn't apply other directive stated in http.conf file.

any clue on how achieve it?

thanks lot in advance.

br alfonso.

i have done precisely in own cgit config.

# cgit on @port_http_cgit@ listen @port_http_cgit@ <virtualhost @fqn@:@port_http_cgit@> servername @fqn@ serveralias @hostname@ setenv git_http_backend "@h@/usr/local/apps/git/libexec/git-core/git-http-backend" documentroot @h@/cgit alias /cgit @h@/cgit <directory @h@/cgit>   setenv git_project_root=@h@/repositories   addhandler cgi-script .cgi .pl   directoryindex cgit.pl

(the @xx@ template placeholder values)

the idea wrap cgit.cgi custom script cgit.pl (here perl script can use other scripting language want), will:

  • call gitolite
  • only display authorized gitolite

you can see full cgit.pl script here.

this when trying access specific repo:

if ($request_uri ne "/cgit/" && $request_uri ne "/cgit/cgit.pl/") {   (my $repo)=($path_info =~ /\/([^\/]+)/);   $perm = "r";   if ($repo ne "") {   $aperm = access( $repo, $user, 'r', 'any' );   # ($aperm, $creator) = &repo_rights($repo);     $perm=$aperm;   }   if ($perm !~ /denied/) {     system("@h@/cgit/cgit.cgi");   } }

this when calling cgit without repo: should list repos authorized see.
that, call native cgit.cgi, , filter output, removing line corresponding "denied" repo:

    $fname="$user.".timestamp().".tpl";     system("@h@/cgit/cgit.cgi > $fname");     open(info, $fname); # open file     @lines = <info>; # read array     close(info);     unlink($fname);     pop(@lines);     foreach (@lines) {       $line=$_;       (my $repo)=($line =~ /title='([^']+)'/); #'       $perm = "r";       if ($repo ne "") {       $aperm = access( $repo, $user, 'r', 'any' );         # ($aperm, $creator) = &repo_rights($repo);         $perm=$aperm;       }       if ($perm !~ /denied/) {         print $line;       }     }

Comments

Post a Comment

Popular posts from this blog

html5 - What is breaking my page when printing? -

-
Image
i have questioner , don't know why when printing it's creating break before first question. live demo (link) i able resolve issue removing fieldset container had wrapped in.. having fieldset element causing of fields grouped together, , since not fit on first page, being pushed second page. removing fieldset element, able firefox print first 2 questions on page 1 identically chrome. it seems not new problem firefox , fieldset not playing nice found old bugzilla ticket 2008 has persisted , still being commented on in 2014 (link) if retaining fieldset important, found solution else came here (link) <script type='text/javascript'> $(window).bind('beforeprint', function(){ $('fieldset').each( function(item) { $(this).replacewith($('<div class="fieldset">' + this.innerhtml + '</div>')); } ) }); $(window).bind(
Read more

c# - must be a non-abstract type with a public parameterless constructor in redis -

-
when save object, got below error must non-abstract type public parameterless constructor in order use parameter 't' in generic type or method 'servicestack.redis.redisclient.store<t>(t) redisclass.getinstnace().store(msg); // error here redisclass.getinstnace().save(); as third party's class, can not edit how save object? could create wrapper around third party object call constructor, store wrapper? e.g. public class mywrapper { public thirdpartyobject thirdpartyinstance { get; set; } public mywrapper() { thirdpartyinstance = new thirdpartyobject("constructors"); } }
Read more

ajax - PHP/JSON Login script (Twitter style) not setting sessions -

-
i'm having trouble getting twitter style login work properly, reason gets stuck at session_register("useremail"); session_register("userpass"); and doesn't redirect after it. if enter wrong account data, works , appropriate error message pops up. this full code: <?php if(empty($_post['email']) || empty($_post['password'])) { die(msg(0,"all fields required")); } if(!(preg_match("/^[\.a-z0-9_\-\+]+[@][a-z0-9_\-]+([.][a-z0-9_\-]+)+[a-z]{1,4}$/", $_post['email']))) die(msg(0,"you haven't provided valid e-mail")); $host="localhost"; $username="root"; $password="x"; $db_name="x"; $tbl_name="x"; mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select db"); $useremail=$_post['email']; $userpass=
Read more