74b082ad34
Currently, remote-curl acts as a proxy and blindly forwards packets between an HTTP server and fetch-pack. In the case of a stateless RPC connection where the connection is terminated with a partially written packet, remote-curl will blindly send the partially written packet before waiting on more input from fetch-pack. Meanwhile, fetch-pack will read the partial packet and continue reading, expecting more input. This results in a deadlock between the two processes. For a stateless connection, inspect packets before sending them and error out if a packet line packet is incomplete. Helped-by: Jeff King <peff@peff.net> Signed-off-by: Denton Liu <liu.denton@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
267 lines
7.5 KiB
ApacheConf
267 lines
7.5 KiB
ApacheConf
ServerName dummy
|
|
PidFile httpd.pid
|
|
DocumentRoot www
|
|
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
|
CustomLog access.log common
|
|
ErrorLog error.log
|
|
<IfModule !mod_log_config.c>
|
|
LoadModule log_config_module modules/mod_log_config.so
|
|
</IfModule>
|
|
<IfModule !mod_alias.c>
|
|
LoadModule alias_module modules/mod_alias.so
|
|
</IfModule>
|
|
<IfModule !mod_cgi.c>
|
|
LoadModule cgi_module modules/mod_cgi.so
|
|
</IfModule>
|
|
<IfModule !mod_env.c>
|
|
LoadModule env_module modules/mod_env.so
|
|
</IfModule>
|
|
<IfModule !mod_rewrite.c>
|
|
LoadModule rewrite_module modules/mod_rewrite.so
|
|
</IFModule>
|
|
<IfModule !mod_version.c>
|
|
LoadModule version_module modules/mod_version.so
|
|
</IfModule>
|
|
<IfModule !mod_headers.c>
|
|
LoadModule headers_module modules/mod_headers.so
|
|
</IfModule>
|
|
<IfModule !mod_setenvif.c>
|
|
LoadModule setenvif_module modules/mod_setenvif.so
|
|
</IfModule>
|
|
|
|
<IfVersion < 2.4>
|
|
LockFile accept.lock
|
|
</IfVersion>
|
|
|
|
<IfVersion < 2.1>
|
|
<IfModule !mod_auth.c>
|
|
LoadModule auth_module modules/mod_auth.so
|
|
</IfModule>
|
|
</IfVersion>
|
|
|
|
<IfVersion >= 2.1>
|
|
<IfModule !mod_auth_basic.c>
|
|
LoadModule auth_basic_module modules/mod_auth_basic.so
|
|
</IfModule>
|
|
<IfModule !mod_authn_file.c>
|
|
LoadModule authn_file_module modules/mod_authn_file.so
|
|
</IfModule>
|
|
<IfModule !mod_authz_user.c>
|
|
LoadModule authz_user_module modules/mod_authz_user.so
|
|
</IfModule>
|
|
<IfModule !mod_authz_host.c>
|
|
LoadModule authz_host_module modules/mod_authz_host.so
|
|
</IfModule>
|
|
</IfVersion>
|
|
|
|
<IfVersion >= 2.4>
|
|
<IfModule !mod_authn_core.c>
|
|
LoadModule authn_core_module modules/mod_authn_core.so
|
|
</IfModule>
|
|
<IfModule !mod_authz_core.c>
|
|
LoadModule authz_core_module modules/mod_authz_core.so
|
|
</IfModule>
|
|
<IfModule !mod_access_compat.c>
|
|
LoadModule access_compat_module modules/mod_access_compat.so
|
|
</IfModule>
|
|
<IfModule !mod_mpm_prefork.c>
|
|
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
|
|
</IfModule>
|
|
<IfModule !mod_unixd.c>
|
|
LoadModule unixd_module modules/mod_unixd.so
|
|
</IfModule>
|
|
</IfVersion>
|
|
|
|
PassEnv GIT_VALGRIND
|
|
PassEnv GIT_VALGRIND_OPTIONS
|
|
PassEnv GNUPGHOME
|
|
PassEnv ASAN_OPTIONS
|
|
PassEnv LSAN_OPTIONS
|
|
PassEnv GIT_TRACE
|
|
PassEnv GIT_CONFIG_NOSYSTEM
|
|
PassEnv GIT_TEST_SIDEBAND_ALL
|
|
|
|
SetEnvIf Git-Protocol ".*" GIT_PROTOCOL=$0
|
|
|
|
Alias /dumb/ www/
|
|
Alias /auth/dumb/ www/auth/dumb/
|
|
|
|
<LocationMatch /smart/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
</LocationMatch>
|
|
<LocationMatch /smart_noexport/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
</LocationMatch>
|
|
<LocationMatch /smart_custom_env/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
SetEnv GIT_COMMITTER_NAME "Custom User"
|
|
SetEnv GIT_COMMITTER_EMAIL custom@example.com
|
|
</LocationMatch>
|
|
<LocationMatch /smart_namespace/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
SetEnv GIT_NAMESPACE ns
|
|
</LocationMatch>
|
|
<LocationMatch /smart_cookies/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
Header set Set-Cookie name=value
|
|
</LocationMatch>
|
|
<LocationMatch /smart_headers/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
</LocationMatch>
|
|
<LocationMatch /one_time_perl/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
</LocationMatch>
|
|
ScriptAlias /smart/incomplete_length/git-upload-pack incomplete-length-upload-pack-v2-http.sh/
|
|
ScriptAlias /smart/incomplete_body/git-upload-pack incomplete-body-upload-pack-v2-http.sh/
|
|
ScriptAliasMatch /error_git_upload_pack/(.*)/git-upload-pack error.sh/
|
|
ScriptAliasMatch /smart_*[^/]*/(.*) ${GIT_EXEC_PATH}/git-http-backend/$1
|
|
ScriptAlias /broken_smart/ broken-smart-http.sh/
|
|
ScriptAlias /error_smart/ error-smart-http.sh/
|
|
ScriptAlias /error/ error.sh/
|
|
ScriptAliasMatch /one_time_perl/(.*) apply-one-time-perl.sh/$1
|
|
<Directory ${GIT_EXEC_PATH}>
|
|
Options FollowSymlinks
|
|
</Directory>
|
|
<Files incomplete-length-upload-pack-v2-http.sh>
|
|
Options ExecCGI
|
|
</Files>
|
|
<Files incomplete-body-upload-pack-v2-http.sh>
|
|
Options ExecCGI
|
|
</Files>
|
|
<Files broken-smart-http.sh>
|
|
Options ExecCGI
|
|
</Files>
|
|
<Files error-smart-http.sh>
|
|
Options ExecCGI
|
|
</Files>
|
|
<Files error.sh>
|
|
Options ExecCGI
|
|
</Files>
|
|
<Files apply-one-time-perl.sh>
|
|
Options ExecCGI
|
|
</Files>
|
|
<Files ${GIT_EXEC_PATH}/git-http-backend>
|
|
Options ExecCGI
|
|
</Files>
|
|
|
|
RewriteEngine on
|
|
RewriteRule ^/dumb-redir/(.*)$ /dumb/$1 [R=301]
|
|
RewriteRule ^/smart-redir-perm/(.*)$ /smart/$1 [R=301]
|
|
RewriteRule ^/smart-redir-temp/(.*)$ /smart/$1 [R=302]
|
|
RewriteRule ^/smart-redir-auth/(.*)$ /auth/smart/$1 [R=301]
|
|
RewriteRule ^/smart-redir-limited/(.*)/info/refs$ /smart/$1/info/refs [R=301]
|
|
RewriteRule ^/ftp-redir/(.*)$ ftp://localhost:1000/$1 [R=302]
|
|
|
|
RewriteRule ^/loop-redir/x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-(.*) /$1 [R=302]
|
|
RewriteRule ^/loop-redir/(.*)$ /loop-redir/x-$1 [R=302]
|
|
|
|
# redir-to/502/x?y -> really-redir-to?path=502/x&qs=y which returns 502
|
|
# redir-to/x?y -> really-redir-to?path=x&qs=y -> x?y
|
|
RewriteCond %{QUERY_STRING} ^(.*)$
|
|
RewriteRule ^/redir-to/(.*)$ /really-redir-to?path=$1&qs=%1 [R=302]
|
|
RewriteCond %{QUERY_STRING} ^path=502/(.*)&qs=(.*)$
|
|
RewriteRule ^/really-redir-to$ - [R=502,L]
|
|
RewriteCond %{QUERY_STRING} ^path=(.*)&qs=(.*)$
|
|
RewriteRule ^/really-redir-to$ /%1?%2 [R=302]
|
|
|
|
# The first rule issues a client-side redirect to something
|
|
# that _doesn't_ look like a git repo. The second rule is a
|
|
# server-side rewrite, so that it turns out the odd-looking
|
|
# thing _is_ a git repo. The "[PT]" tells Apache to match
|
|
# the usual ScriptAlias rules for /smart.
|
|
RewriteRule ^/insane-redir/(.*)$ /intern-redir/$1/foo [R=301]
|
|
RewriteRule ^/intern-redir/(.*)/foo$ /smart/$1 [PT]
|
|
|
|
# Serve info/refs internally without redirecting, but
|
|
# issue a redirect for any object requests.
|
|
RewriteRule ^/redir-objects/(.*/info/refs)$ /dumb/$1 [PT]
|
|
RewriteRule ^/redir-objects/(.*/objects/.*)$ /dumb/$1 [R=301]
|
|
|
|
# Apache 2.2 does not understand <RequireAll>, so we use RewriteCond.
|
|
# And as RewriteCond does not allow testing for non-matches, we match
|
|
# the desired case first (one has abra, two has cadabra), and let it
|
|
# pass by marking the RewriteRule as [L], "last rule, do not process
|
|
# any other matching RewriteRules after this"), and then have another
|
|
# RewriteRule that matches all other cases and lets them fail via '[F]',
|
|
# "fail the request".
|
|
RewriteCond %{HTTP:x-magic-one} =abra
|
|
RewriteCond %{HTTP:x-magic-two} =cadabra
|
|
RewriteRule ^/smart_headers/.* - [L]
|
|
RewriteRule ^/smart_headers/.* - [F]
|
|
|
|
<IfDefine SSL>
|
|
LoadModule ssl_module modules/mod_ssl.so
|
|
|
|
SSLCertificateFile httpd.pem
|
|
SSLCertificateKeyFile httpd.pem
|
|
SSLRandomSeed startup file:/dev/urandom 512
|
|
SSLRandomSeed connect file:/dev/urandom 512
|
|
SSLSessionCache none
|
|
SSLMutex file:ssl_mutex
|
|
SSLEngine On
|
|
</IfDefine>
|
|
|
|
<Location /auth/>
|
|
AuthType Basic
|
|
AuthName "git-auth"
|
|
AuthUserFile passwd
|
|
Require valid-user
|
|
</Location>
|
|
|
|
<LocationMatch "^/auth-push/.*/git-receive-pack$">
|
|
AuthType Basic
|
|
AuthName "git-auth"
|
|
AuthUserFile passwd
|
|
Require valid-user
|
|
</LocationMatch>
|
|
|
|
<LocationMatch "^/auth-fetch/.*/git-upload-pack$">
|
|
AuthType Basic
|
|
AuthName "git-auth"
|
|
AuthUserFile passwd
|
|
Require valid-user
|
|
</LocationMatch>
|
|
|
|
RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
|
|
RewriteCond %{REQUEST_URI} /git-receive-pack$
|
|
RewriteRule ^/half-auth-complete/ - [E=AUTHREQUIRED:yes]
|
|
|
|
<Location /half-auth-complete/>
|
|
Order Deny,Allow
|
|
Deny from env=AUTHREQUIRED
|
|
|
|
AuthType Basic
|
|
AuthName "Git Access"
|
|
AuthUserFile passwd
|
|
Require valid-user
|
|
Satisfy Any
|
|
</Location>
|
|
|
|
<IfDefine DAV>
|
|
LoadModule dav_module modules/mod_dav.so
|
|
LoadModule dav_fs_module modules/mod_dav_fs.so
|
|
|
|
DAVLockDB DAVLock
|
|
<Location /dumb/>
|
|
Dav on
|
|
</Location>
|
|
<Location /auth/dumb>
|
|
Dav on
|
|
</Location>
|
|
</IfDefine>
|
|
|
|
<IfDefine SVN>
|
|
LoadModule dav_svn_module modules/mod_dav_svn.so
|
|
|
|
<Location /${LIB_HTTPD_SVN}>
|
|
DAV svn
|
|
SVNPath "${LIB_HTTPD_SVNPATH}"
|
|
</Location>
|
|
</IfDefine>
|