Revision 2501aff8b7516115c409cb34cc50305cdde40a47 authored by Jeff King on 28 September 2013, 08:31:45 UTC, committed by Jonathan Nieder on 14 October 2013, 23:55:13 UTC
When we are handling a curl response code in http_request or
in the remote-curl RPC code, we use the handle_curl_result
helper to translate curl's response into an easy-to-use
code. When we see an HTTP 401, we do one of two things:
1. If we already had a filled-in credential, we mark it as
rejected, and then return HTTP_NOAUTH to indicate to
the caller that we failed.
2. If we didn't, then we ask for a new credential and tell
the caller HTTP_REAUTH to indicate that they may want
to try again.
Rejecting in the first case makes sense; it is the natural
result of the request we just made. However, prompting for
more credentials in the second step does not always make
sense. We do not know for sure that the caller is going to
make a second request, and nor are we sure that it will be
to the same URL. Logically, the prompt belongs not to the
request we just finished, but to the request we are (maybe)
about to make.
In practice, it is very hard to trigger any bad behavior.
Currently, if we make a second request, it will always be to
the same URL (even in the face of redirects, because curl
handles the redirects internally). And we almost always
retry on HTTP_REAUTH these days. The one exception is if we
are streaming a large RPC request to the server (e.g., a
pushed packfile), in which case we cannot restart. It's
extremely unlikely to see a 401 response at this stage,
though, as we would typically have seen it when we sent a
probe request, before streaming the data.
This patch drops the automatic prompt out of case 2, and
instead requires the caller to do it. This is a few extra
lines of code, and the bug it fixes is unlikely to come up
in practice. But it is conceptually cleaner, and paves the
way for better handling of credentials across redirects.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
1 parent 1bbcc22
git-shell.txt
git-shell(1)
============
NAME
----
git-shell - Restricted login shell for Git-only SSH access
SYNOPSIS
--------
[verse]
'chsh' -s $(command -v git-shell) <user>
'git clone' <user>`@localhost:/path/to/repo.git`
'ssh' <user>`@localhost`
DESCRIPTION
-----------
This is a login shell for SSH accounts to provide restricted Git access.
It permits execution only of server-side Git commands implementing the
pull/push functionality, plus custom commands present in a subdirectory
named `git-shell-commands` in the user's home directory.
COMMANDS
--------
'git shell' accepts the following commands after the '-c' option:
'git receive-pack <argument>'::
'git upload-pack <argument>'::
'git upload-archive <argument>'::
Call the corresponding server-side command to support
the client's 'git push', 'git fetch', or 'git archive --remote'
request.
'cvs server'::
Imitate a CVS server. See linkgit:git-cvsserver[1].
If a `~/git-shell-commands` directory is present, 'git shell' will
also handle other, custom commands by running
"`git-shell-commands/<command> <arguments>`" from the user's home
directory.
INTERACTIVE USE
---------------
By default, the commands above can be executed only with the '-c'
option; the shell is not interactive.
If a `~/git-shell-commands` directory is present, 'git shell'
can also be run interactively (with no arguments). If a `help`
command is present in the `git-shell-commands` directory, it is
run to provide the user with an overview of allowed actions. Then a
"git> " prompt is presented at which one can enter any of the
commands from the `git-shell-commands` directory, or `exit` to close
the connection.
Generally this mode is used as an administrative interface to allow
users to list repositories they have access to, create, delete, or
rename repositories, or change repository descriptions and
permissions.
If a `no-interactive-login` command exists, then it is run and the
interactive shell is aborted.
EXAMPLE
-------
To disable interactive logins, displaying a greeting instead:
+
----------------
$ chsh -s /usr/bin/git-shell
$ mkdir $HOME/git-shell-commands
$ cat >$HOME/git-shell-commands/no-interactive-login <<\EOF
#!/bin/sh
printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not"
printf '%s\n' "provide interactive shell access."
exit 128
EOF
$ chmod +x $HOME/git-shell-commands/no-interactive-login
----------------
SEE ALSO
--------
ssh(1),
linkgit:git-daemon[1],
contrib/git-shell-commands/README
GIT
---
Part of the linkgit:git[1] suite
Computing file changes ...
