Skip to content

[JENKINS-72606] Make Git repos work via HTTP#112

Open
daniel-beck wants to merge 1 commit intojenkinsci:masterfrom
daniel-beck:JENKINS-72606
Open

[JENKINS-72606] Make Git repos work via HTTP#112
daniel-beck wants to merge 1 commit intojenkinsci:masterfrom
daniel-beck:JENKINS-72606

Conversation

@daniel-beck
Copy link
Member

@daniel-beck daniel-beck commented Jan 25, 2024

https://issues.jenkins.io/browse/JENKINS-72606

Testing done

Installed https://plugins.jenkins.io/git-userContent/ and ran

GIT_TRACE=1 GIT_TRACE_PACKET=1 GIT_CURL_VERBOSE=1 git clone http://localhost/8080/userContent.git

Without this fix, it fails with

09:12:45.193646 http.c:646              => Send header, 0000000264 bytes (0x00000108)
09:12:45.193649 http.c:658              => Send header: POST /userContent.git/git-upload-pack HTTP/1.1
09:12:45.193650 http.c:658              => Send header: Host: localhost:8080
09:12:45.193652 http.c:658              => Send header: User-Agent: git/2.39.3 (Apple Git-145)
09:12:45.193653 http.c:658              => Send header: Accept-Encoding: deflate, gzip
09:12:45.193654 http.c:658              => Send header: Content-Type: application/x-git-upload-pack-request
09:12:45.193656 http.c:658              => Send header: Accept: application/x-git-upload-pack-result
09:12:45.193657 http.c:658              => Send header: Content-Length: 157
09:12:45.193658 http.c:658              => Send header:
09:12:45.194968 http.c:646              <= Recv header, 0000000024 bytes (0x00000018)
09:12:45.194989 http.c:658              <= Recv header: HTTP/1.1 403 Forbidden
09:12:45.194993 http.c:646              <= Recv header, 0000000037 bytes (0x00000025)
09:12:45.194999 http.c:658              <= Recv header: Date: Thu, 25 Jan 2024 08:12:45 GMT
09:12:45.195002 http.c:646              <= Recv header, 0000000033 bytes (0x00000021)
09:12:45.195004 http.c:658              <= Recv header: X-Content-Type-Options: nosniff
09:12:45.195006 http.c:646              <= Recv header, 0000000050 bytes (0x00000032)
09:12:45.195009 http.c:658              <= Recv header: Cache-Control: must-revalidate,no-cache,no-store
09:12:45.195012 http.c:646              <= Recv header, 0000000019 bytes (0x00000013)
09:12:45.195013 http.c:658              <= Recv header: Content-Length: 0
09:12:45.195015 http.c:646              <= Recv header, 0000000024 bytes (0x00000018)
09:12:45.195017 http.c:658              <= Recv header: Server: Jetty(10.0.18)
09:12:45.195019 http.c:646              <= Recv header, 0000000002 bytes (0x00000002)
09:12:45.195020 http.c:658              <= Recv header:
09:12:45.195026 http.c:699              == Info: Connection #0 to host localhost left intact
error: RPC failed; HTTP 403 curl 22 The requested URL returned error: 403
fatal: the remote end hung up unexpectedly

### Submitter checklist
- [x] Make sure you are opening from a **topic/feature/bugfix branch** (right side) and not your main branch!
- [x] Ensure that the pull request title represents the desired changelog entry
- [x] Please describe what you did
- [x] Link to relevant issues in GitHub or Jira
- [ ] Link to relevant pull requests, esp. upstream and downstream changes
- [ ] Ensure you have provided tests - that demonstrates feature works or fixes the issue

@daniel-beck daniel-beck requested a review from a team as a code owner January 25, 2024 08:25
MarkEWaite
MarkEWaite approved these changes Jan 25, 2024
View reviewed changes
Copy link
Contributor

@MarkEWaite MarkEWaite left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@jglick
Copy link
Member

jglick commented Jan 25, 2024

Be very careful here. This plugin is a bad idea generally, but my distant memory of it is that HTTP mode is essentially useless because it does not support authentication at all and so is only appropriate for an unsecured controller. You have to use SSH if you want authentication. It is possible this PR opens up all Git servers for anonymous pull over HTTP, which could be a serious vulnerability. I am not sure what protection exists for pushes.

I do not follow the justification in Jira either. In the unlikely event that you were using this plugin, you should be using it via SSH; it does not make sense to disable the SSHD port in Jenkins as a workaround and then install the git-server update with this PR since if you installed that update you would also have gotten 068ac7c which makes SSH access safe again.

@daniel-beck
Copy link
Member Author

daniel-beck commented Jan 25, 2024

I do not follow the justification in Jira either.

Jira comment relating to bug discovery than justification. The mode being broken meant we could not mention it as a workaround.

It is possible this PR opens up all Git servers for anonymous pull over HTTP

All implementations currently use RootAction (not Unprotected) so would not expose the URLs to unauthenticated users.

@daniel-beck daniel-beck mentioned this pull request Jan 29, 2024
Draft
@daniel-beck
Copy link
Member Author

daniel-beck commented Jan 29, 2024

my distant memory of it is that HTTP mode is essentially useless because it does not support authentication at all and so is only appropriate for an unsecured controller

Looks like all that was missing is an HTTP auth challenge, which Jenkins doesn't usually send. The following isn't particularly pretty (probably better off in this repo), but works for me: jenkinsci/git-userContent-plugin#5

@mtughan mtughan mentioned this pull request Dec 2, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@MarkEWaite MarkEWaite MarkEWaite approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@daniel-beck @jglick @MarkEWaite