Git推送结果返回码22

Question

我已经在这里解决了相关问题，但对我没有任何帮助。

我正在尝试通过 Apache 使用 LDAP 身份验证设置 git。身份验证有效，我可以克隆。但是当我尝试推送时，我得到“返回码 22”。

我在 CentOS 7 和 Ubuntu 16.04 上都试过了。两者都更新了。

客户端系统是 Windows 10 和来自 git-scm.com 的最新版本。

我猜我的 Apache conf 有问题。

这是我创建 git 目录的方式

git init --bare /var/www/html/git/gitrepo.git
cd /var/www/html/git/gitrepo.git
mv hooks/post-update.sample  hooks/post-update
chmod a+x  hooks/post-update
git update-server-info

这是我的 apache 配置文件：

LDAPSharedCacheSize 500000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600
LDAPVerifyServerCert Off

<Directory "/var/www/html/git">
   Options +ExecCGI
   Require all granted
</Directory>

<VirtualHost *:80>
   AcceptPathInfo On
   DocumentRoot  "/var/www/html/git"
   ServerName git.site.domain.com
   DirectoryIndex index.html

   SetEnv GIT_PROJECT_ROOT /var/www/html/git
   SetEnv GIT_HTTP_EXPORT_ALL
   SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
   ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
   RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
   RewriteCond %{REQUEST_URI} /git-receive-pack$ 
   RewriteRule ^/git/ - [E=AUTHREQUIRED:yes]


    <LocationMatch "/">

        Options +ExecCGI
        AuthType Basic
        AuthName "site.domain.com"
        AuthLDAPBindAuthoritative on
        AuthBasicProvider ldap
        AuthLDAPBindDN "CN=LDAP_User,CN=Users,DC=site,DC=domain,DC=com"
        AuthLDAPBindPassword "password"
        AuthLDAPURL "ldap://dc.site.domain.com/dc=site,dc=domain,dc=com?sAMAccountName?Sub?(objectCategory=person)(objectClass=User)"
        AuthLDAPGroupAttributeIsDN on
        Require valid-user

    </LocationMatch>

</VirtualHost>

这是 .git 中的客户端配置：

[core]
    repositoryformatversion = 0
    filemode = false
    bare = false
    logallrefupdates = true
    symlinks = false
    ignorecase = true
[remote "origin"]
    url = http://192.168.16.147/gitrepo.git
    fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
    remote = origin
    merge = refs/heads/master

我使用了 GIT_CURL_VERBOSE，它最初显示身份验证工作，但在 propfind 后失败：

$ GIT_CURL_VERBOSE=1 git push origin master
* Couldn't find host git.site.domain.com in the _netrc file; using defaults
* timeout on name lookup is not supported
*   Trying 192.168.16.147...
* TCP_NODELAY set
* Connected to git.site.domain.com (192.168.16.147) port 80 (#0)
> GET /gitrepo.git/info/refs?service=git-receive-pack HTTP/1.1
Host: git.site.domain.com
User-Agent: git/2.12.2.windows.2
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 401 Unauthorized
< Date: Wed, 26 Apr 2017 19:27:03 GMT
< Server: Apache/2.4.6 (CentOS)
< WWW-Authenticate: Basic realm="site.domain.com"
< Content-Length: 381
< Content-Type: text/html; charset=iso-8859-1
<
* Connection #0 to host git.site.domain.com left intact
* Couldn't find host git.site.domain.com in the _netrc file; using defaults
* Found bundle for host git.site.domain.com: 0x290be50 [can pipeline]
* Re-using existing connection! (#0) with host git.site.domain.com
* Connected to git.site.domain.com (192.168.16.147) port 80 (#0)
* Server auth using Basic with user 'bobsaget'
> GET /gitrepo.git/info/refs?service=git-receive-pack HTTP/1.1
Host: git.site.domain.com
Authorization: Basic encryptedstring
User-Agent: git/2.12.2.windows.2
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 200 OK
< Date: Wed, 26 Apr 2017 19:27:03 GMT
< Server: Apache/2.4.6 (CentOS)
< Last-Modified: Tue, 25 Apr 2017 18:11:35 GMT
< ETag: "0-54e01a77ac500"
< Accept-Ranges: bytes
< Content-Length: 0
< Content-Type: text/plain; charset=UTF-8
<
* Connection #0 to host git.site.domain.com left intact
* Couldn't find host git.site.domain.com in the _netrc file; using defaults
* Found bundle for host git.site.domain.com: 0x290be50 [can pipeline]
* Re-using existing connection! (#0) with host git.site.domain.com
* Connected to git.site.domain.com (192.168.16.147) port 80 (#0)
* Server auth using Basic with user 'bobsaget'
> GET /gitrepo.git/HEAD HTTP/1.1
Host: git.site.domain.com
Authorization: Basic encryptedstring
User-Agent: git/2.12.2.windows.2
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 200 OK
< Date: Wed, 26 Apr 2017 19:27:07 GMT
< Server: Apache/2.4.6 (CentOS)
< Last-Modified: Mon, 24 Apr 2017 20:51:42 GMT
< ETag: "17-54defc6469818"
< Accept-Ranges: bytes
< Content-Length: 23
<
* Connection #0 to host git.site.domain.com left intact
* Couldn't find host git.site.domain.com in the _netrc file; using defaults
* timeout on name lookup is not supported
*   Trying 192.168.16.147...
* TCP_NODELAY set
* Connected to git.site.domain.com (192.168.16.147) port 80 (#0)
> PROPFIND /gitrepo.git/ HTTP/1.1
Host: git.site.domain.com
User-Agent: git/2.12.2.windows.2
Accept: */*
Depth: 0
Content-Type: text/xml
Content-Length: 172
Expect: 100-continue

* The requested URL returned error: 401 Unauthorized
* stopped the pause stream!
* Closing connection 0
error: Cannot access URL http://git.site.domain.com/gitrepo.git/, return code 22
fatal: git-http-push failed
error: failed to push some refs to 'http://git.site.domain.com/gitrepo.git'

Apache 错误日志显示身份验证成功，但未进行第二次尝试就失败了：

[Wed Apr 26 15:27:07.177075 2017] [authnz_ldap:debug] [pid 32543] mod_authnz_ldap.c(501): [client 192.168.16.216:54725] AH01691: auth_ldap authenticate: using URL ldap://192.168.16.222/dc=site,dc=domain,dc=com?sAMAccountName?Sub?(objectCategory=person)(objectClass=User)
[Wed Apr 26 15:27:07.177094 2017] [authnz_ldap:debug] [pid 32543] mod_authnz_ldap.c(593): [client 192.168.16.216:54725] AH01697: auth_ldap authenticate: accepting bobsaget
[Wed Apr 26 15:27:07.177100 2017] [authz_core:debug] [pid 32543] mod_authz_core.c(809): [client 192.168.16.216:54725] AH01626: authorization result of Require valid-user : granted
[Wed Apr 26 15:27:07.177104 2017] [authz_core:debug] [pid 32543] mod_authz_core.c(809): [client 192.168.16.216:54725] AH01626: authorization result of <RequireAny>: granted
[Wed Apr 26 15:27:07.227516 2017] [authz_core:debug] [pid 32548] mod_authz_core.c(809): [client 192.168.16.216:54728] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Wed Apr 26 15:27:07.227564 2017] [authz_core:debug] [pid 32548] mod_authz_core.c(809): [client 192.168.16.216:54728] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)

编辑：我在 httpd.conf 中添加了“AcceptPathInfo On”，并根据设置了 git help http-backend 检查了所需的环境变量。

我还添加了那里使用的重写条件。相应地更新了上面的配置。

Answer 1

因此，感谢 git 邮件列表，我们在我的配置中发现了一个错误。

DocumentRoot 必须是“/var/www/html”。

如果它对其他人有用，这是我迄今为止工作的 conf：

LDAPSharedCacheSize 500000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600
LDAPVerifyServerCert Off

<Directory "/var/www/html/git">
   Options +ExecCGI
   Require all granted
</Directory>

<VirtualHost *:80>
   AcceptPathInfo On
   DocumentRoot  "/var/www/html"
   ServerName git.site.domain.com
   DirectoryIndex index.html

   SetEnv GIT_PROJECT_ROOT /var/www/html/git
   SetEnv GIT_HTTP_EXPORT_ALL
   SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
   ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
   RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
   RewriteCond %{REQUEST_URI} /git-receive-pack$ 
   RewriteRule ^/git/ - [E=AUTHREQUIRED:yes]


    <LocationMatch "/">

        Options +ExecCGI
        AuthType Basic
        AuthName "site.domain.com"
        AuthLDAPBindAuthoritative on
        AuthBasicProvider ldap
        AuthLDAPBindDN "CN=LDAP_User,CN=Users,DC=site,DC=domain,DC=com"
        AuthLDAPBindPassword "password"
        AuthLDAPURL "ldap://dc.site.domain.com/dc=site,dc=domain,dc=com?sAMAccountName?Sub?(objectCategory=person)(objectClass=User)"
        AuthLDAPGroupAttributeIsDN on
        Require valid-user

    </LocationMatch>

</VirtualHost>