git push validation from windows sets author to unknown

Question

Hello,

I have recently setup a new gitosis in my private network on ubuntu server. All other clients in network are windows xp machine except one linux client

I have following setup in gitosis.conf:

[group MyProjectTeam]
writable = MyProjectRepo
members = user1 user2 user3

I have also placed user1.pub, user2.pub and user3.pub key files in keydir. The keys were generated on Ubuntu server using ssh-keygen and distributed to respective users. Copy of public keys are placed in keydir.

First two users are windows xp users they use msysgit + tortoisegit to work with repository and one user is on linux machine to access the repository using default command line version of git.

Now all is setup well and everybody is able to do whatever they are expected to, they are able to pull, push, commit - everything looks fine except when we check logs!!!

Using user3 on linux machine, I tried "git log" command and got following output:

commit 1b249e239d270b814aab31eed7dc6f04ceceba32
Author: User3 <Admin@ubuntu-server.(none)>
Date:   Fri Sep 11 07:26:58 2009 +0530

    modifed by user3

commit 646f8b11a715273dc26280fc1da2507c997f981c
Author: unknown <Admin@.(none)>
Date:   Fri Sep 11 07:10:56 2009 +0530

    modified by user2

commit 9f86dc7a6bfafc1c1e520d6de3dac7c613ac85cb
Author: unknown <Admin@.(none)>
Date:   Fri Sep 11 06:50:22 2009 +0530

    modified

commit b1a3b64005795f9592aae05c422c70a03dbb9b58
Author: admin <Admin@ubuntu-server.(none)>
Date:   Fri Sep 11 06:18:54 2009 +0530

    test file added by admin

This is not correct. This log should be able to tell me who is the Author of Push. What I feel is that its giving correct values for users on Linux as their user name and emails are also added in the linux user info but for windows clients its not true so their names does not appear correctly. But even if I fix names on Windows machine, this can be compromised by emulating other users name, to avoid this I don't want to rely on user names.

I want name provided in SSH file be appear there or name of the SSH file that was used while push to be added as Author.

May be git's hook pre-receive can help here but I don't know how to use it... can anybody help?

Thanks, Rakesh

Answer 1

Did you try to set the user name with the following commands:

// global settings
$ git config --global user.name "FirstName LastName"
$ git config --global user.email "[email protected]"

or

// for a specific project
$ git config user.name "FirstName LastName"
$ git config user.email "[email protected]"

Edit: global settings are stored in the folder designated by the HOME environment variables, which should be unique for each Windows user, so you will have real data about the logged in user.

Answer 2

The problem lies with your Windows users. If you ask them to supply you with the output from

$ git config --list

when run within the project folder, you will probably see that they have omitted to set their user names and email.

Ask them to run the commands alexandrul suggests, again within the project folder, as there is not really much you can do on the server end without circumventing what gitosis is designed to do ie provide secure git access without shell accounts.

If you are likely to have other windows users in future, a pre-receive hook that checks for a valid user name and email could be used to avoid this. All it needs to do is reject the push with a message for the user to make the settings first.

See Previous SO question for help on this last point.

Answer 3

Hey alexandrul/Squelch

Thanks for answers.

alexandrul, I have not set the global settings this is because I want every user's information should be logged genuinely.

Squelch, you are correct I can see the users who are omitting their user names but how do I enforce them to do so. I can tell them to config their local project project and set username and email address but what if some one uses fake username or tries to use someone else username and email address, basically tries to personate other?

That's why I thought why not to log the name of private key file, e.g. I have set file name as user1.ppk for user1 similarly user2.ppk for user2. in such cases even if someone tries to personate other they wont succeed cause key names that are used for checking will tell me the truth.

any ideas???

Regards, Rakesh

Answer 4

Expanding further on alexandrul's amswers, There are several processes going on when a user accesses the repository.

• The user connects over SSH as user "Git" (or whatever your gitosis user is called) using their key pair for authentication. Think of it as user "Git" having multiple keys for access to the host.
• User "Git" has a restricted account that can only access repositories which are managed by gitosis admin.
• Gitosis uses the name of the public key in /keydir which is matched against the connected users key, and allows access to only those repositories they are a member of. The names are arbitrary, and are simply tokens to identify the key.
• Git does not know nor care about the connected user, and simply applies the commits locally as user "Git" on the host under the control of gitosis.
• The real git user identifies themselves within the commit, which can bear no relation to the SSH authenticated name.

As you have discovered, gitosis can only authenticate that a user has a right to connect, and that they have access to only those repositories they are a member of. It does not check for a valid name within the commit, and it is entirely possible for one user to impersonate another within a repository as long as they have access.

It is a matter of implicit trust on your part that your users do not abuse the system, you have already allowed them access to the repository after all. The logs would uncover which ssh authenticated user was connected when a particular push was made if you suspect wrongdoings.

I am not sure if gitosis exposes the name of the connected SSH user so a simple cross check can be made against the commit message, but I expect a talented Pythonista may be able to suggest something. Alternately, make a feature request with Tommi Virtanen the author of gitosis. TV's cobweb

Answer 5

Hi Guys,

Thanks for help. Squelch, thanks for taking time to explain in so much of details. I think that TV's cobweb has lot of info, reading it right now.

As of now one thing I have done is: asked my users to use update their config to include username and email address. But I got to solve the problem as I can not chase each and user.

I want something like SVN+SSH where we use tunnled username in key file and it gets recorded with SVN.

Regards, Rakesh