将 gitolite 的 ACL 用于 CGIT/Apache httpd 的插件?
[英]Plugin to use gitolite's ACLs for CGIT/Apache httpd?
问题描述
We use gitolite's ACL mechanism to control who has access to different repositories.
我们使用 gitolite 的 ACL 机制来控制谁可以访问不同的存储库。 We also use CGIT with Apache httpd to allow browsing of readable repositories.我们还将 CGIT 与 Apache httpd 一起使用,以允许浏览可读存储库。
We'd like to also use the gitolite ACLs in the Apache httpd access control system.我们还想在 Apache httpd 访问控制系统中使用 gitolite ACL。
Is there an Apache httpd authn/authz module that provides this functionality?是否有提供此功能的 Apache httpd authn/authz 模块?
Thanks!谢谢!
1 个解决方案
解决方案1
1 2015-06-25 06:58:28
I have integrated CGit and gitolite a while ago with this cgi Perl script, calling gitolite: cgit/cgit.pl.tpl .不久前,我将 CGit 和 gitolite 与这个 cgi Perl 脚本集成在一起,调用 gitolite: cgit/cgit.pl.tpl 。
(don't mind the @H@ , those are template placeholder that are supposed to be valued later in order to produce the actual Perl script) (不要介意@H@ ,这些是模板占位符,应该在以后评估以生成实际的 Perl 脚本)
The idea is to benefit from the authentication done by Apache:这个想法是从 Apache 完成的身份验证中受益:
my $remote_user=$ENV{"REMOTE_USER"};
And to use that user when calling Gitolite to check if the access to a repo can be granted, calling the actual cgit.cgi C procedure if the access is granted:并在调用 Gitolite 时使用该用户检查是否可以授予对 repo 的访问权限,如果授予访问权限,则调用实际的cgit.cgi C 过程:
use Gitolite::Rc;
use Gitolite::Common;
use Gitolite::Conf::Load;
(my $repo)=($path_info =~ /\/([^\/]+)/);
my $perm = "R";
if ($repo ne "") {
my $aperm = access( $repo, $user, 'R', 'any' );
# my ($aperm, $creator) = &repo_rights($repo);
$perm=$aperm;
}
if ($perm !~ /DENIED/) {
system("@H@/cgit/cgit.cgi");
}
else {
print "Content-type: text/html\n\n";
print "<html>\n";
print "<body>\n";
print " <h1>HTTP Status 403 - Access is denied</h1>\n";
print " You don't have access to repo <b>$repo</b> as <b>$user</b>\n";
print "</body>\n";
print "</html>\n";
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.