3 # authrequired.cgi -- show certification authorization instructions on 401
4 # Copyright (c) 2014 Kyle J. McKay. All rights reserved.
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
22 # We pretend like we don't exist. Unless this was an attempt to access a
23 # push URL over HTTPS in which case we return a suitable error message in plain
24 # text (unless we detect the client isn't a Git client in which case it's HTML).
26 # Some of this detection requires REQUEST_URI to be set which is an Apache
27 # extension. If REQUEST_URI is not set that portion of the smart detection
30 # Also note that we return a 403 error instead of a 401 error because we require
31 # a user push certificate. Returning a 401 error and having the client then
32 # provide a user name and password is completely pointless since we now are
33 # providing copious amounts of help text.
38 printf '%s\r\n' "Status: $1"
39 printf '%s\r\n' "Expires: Fri, 01 Jan 1980 00:00:00 GMT"
40 printf '%s\r\n' "Pragma: no-cache"
41 printf '%s\r\n' "Cache-Control: no-cache, max-age=0, must-revalidate"
42 printf '%s\r\n' "Content-Type: $2"
47 # Simulate a 404 error as though we do not exist
48 headers
404 "text/html; charset=iso-8859-1"
50 [ -z "$REQUEST_URI" ] || SPACE
=" "
52 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
54 <title>404 Not Found</title>
57 <p>The requested URL $REQUEST_URI${SPACE}was not found on this server.</p>
65 # If the request is not over HTTPS return not found
66 [ "$HTTPS" = "on" ] || notfound
68 # Set isgit if we've detected a Git client or a Git-only URL
70 case "$HTTP_USER_AGENT" in *[Gg
]it
/*)
75 if [ -n "$REQUEST_URI" ]; then
76 # Try to detect whether or not it was something that needs auth
78 BASE
="${REQUEST_URI%%[?]*}"
79 QS
="${REQUEST_URI#$BASE}"
83 case "&$QS&" in *"&service=git-receive-pack&"*)
90 [ -z "$isgit" ] || needsauth
=1
101 [ -z "$isgit" ] || needsauth
=1
105 [ -n "$needsauth" ] || notfound
107 # Return a text/plain response WITHOUT any additional parameters (such as
108 # charset=) so that the Git client will display the result unless the client
109 # doesn't appear to be Git in which case send an HTML response.
111 # We need some config variables
114 if [ -n "$isgit" ]; then
115 headers
403 "text/plain"
117 ======================================================================
118 Authentication Required
119 ======================================================================
121 In order to push using https, you must first
122 configure a user push certificate.
124 You may download a user push certificate from
125 the edit user page that may be accessed at:
127 $cfg_webadmurl/edituser.cgi
129 Instructions for configuring Git to use the
130 downloaded push certificate can be found at:
132 $cfg_htmlurl/httpspush.html
134 Do not forget to also configure the location
135 of your private key (see the above page).
137 ======================================================================
142 # Send it in HTML instead as it appears that a Git push URL has been
143 # fetched using a browser instead of a Git client.
145 headers
403 "text/html; charset=iso-8859-1"
147 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
149 <title>Authentication Required</title>
151 <h1>Authentication Required</h1>
153 <p>In order to push using https, you must first
154 configure a user push certificate.</p>
156 <p>You may download a user push certificate from
157 the edit user page that may be accessed at:</p>
159 <ul><a href="$cfg_webadmurl/edituser.cgi">$cfg_webadmurl/edituser.cgi</a></ul>
161 <p>Instructions for configuring Git to use the
162 downloaded push certificate can be found at:</p>
164 <ul><a href="$cfg_htmlurl/httpspush.html">$cfg_htmlurl/httpspush.html</a></ul>
166 <p>Do not forget to also configure the location
167 of your private key (see the above page).</p>
170 $SERVER_SIGNATURE</body></html>