[PATCH] git-daemon: set REMOTE_ADDR to client address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This allows hooks like pre-receive to look at the client's IP
address.

Of course the IP address can't be used to get strong security;
git-daemon isn't the right thing to use if you need that. However,
basic IP address checking can be good enough in some situations.

REMOTE_ADDR is the same environment variable used to communicate the
client's address to CGI scripts.

Signed-off-by: Joey Hess <joey@xxxxxxxxxxx>
---

Real world example: ikiwiki can use pre-receive to check that the pushed
changes are ones that anyone could make to the wiki's source via the web
interface, and thus safe to accept. It's useful to be able to ban IP
addresses from editing a wiki on the web, as a first line of defence to
guard against spammers etc. With this patch the same IP guards can be
applied to changes pushed in via git-daemon.

 Documentation/git-daemon.txt |    9 +++++++++
 daemon.c                     |    4 ++++
 2 files changed, 13 insertions(+), 0 deletions(-)

diff --git a/Documentation/git-daemon.txt b/Documentation/git-daemon.txt
index b08a08c..f1a570a 100644
--- a/Documentation/git-daemon.txt
+++ b/Documentation/git-daemon.txt
@@ -270,6 +270,15 @@ selectively enable/disable services per repository::
 ----------------------------------------------------------------
 
 
+ENVIRONMENT
+-----------
+'git-daemon' will set REMOTE_ADDR to the IP address of the client
+that connected to it, if the IP address is available. REMOTE_ADDR will
+be available in the environment of hooks called when
+services are performed.
+
+
+
 Author
 ------
 Written by Linus Torvalds <torvalds@xxxxxxxx>, YOSHIFUJI Hideaki
diff --git a/daemon.c b/daemon.c
index 3e5582d..b9ba44c 100644
--- a/daemon.c
+++ b/daemon.c
@@ -537,6 +537,10 @@ static int execute(struct sockaddr *addr)
 #endif
 		}
 		loginfo("Connection from %s:%d", addrbuf, port);
+		setenv("REMOTE_ADDR", addrbuf, 1);
+	}
+	else {
+		unsetenv("REMOTE_ADDR");
 	}
 
 	alarm(init_timeout ? init_timeout : timeout);

-- 
1.5.6.5
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux