Git push results in return code 22

Question

I've gone through related questions on here and nothing has worked for me.

I'm trying to setup git with LDAP authentication through Apache. The authentication works and I can clone. But when I try to push I get "return code 22."

I have tried on both CentOS 7 and Ubuntu 16.04. Both are updated.

The client system is Windows 10 and the latest version from git-scm.com.

I'm guessing there's an issue with my Apache conf.

Here's how I created the git directory

git init --bare /var/www/html/git/gitrepo.git
cd /var/www/html/git/gitrepo.git
mv hooks/post-update.sample  hooks/post-update
chmod a+x  hooks/post-update
git update-server-info

Here's my apache conf:

LDAPSharedCacheSize 500000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600
LDAPVerifyServerCert Off


   Options +ExecCGI
   Require all granted



   AcceptPathInfo On
   DocumentRoot  "/var/www/html/git"
   ServerName git.site.domain.com
   DirectoryIndex index.html

   SetEnv GIT_PROJECT_ROOT /var/www/html/git
   SetEnv GIT_HTTP_EXPORT_ALL
   SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
   ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
   RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
   RewriteCond %{REQUEST_URI} /git-receive-pack$ 
   RewriteRule ^/git/ - [E=AUTHREQUIRED:yes]


    

        Options +ExecCGI
        AuthType Basic
        AuthName "site.domain.com"
        AuthLDAPBindAuthoritative on
        AuthBasicProvider ldap
        AuthLDAPBindDN "CN=LDAP_User,CN=Users,DC=site,DC=domain,DC=com"
        AuthLDAPBindPassword "password"
        AuthLDAPURL "ldap://dc.site.domain.com/dc=site,dc=domain,dc=com?sAMAccountName?Sub?(objectCategory=person)(objectClass=User)"
        AuthLDAPGroupAttributeIsDN on
        Require valid-user

Here's the client config in .git:

[core]
    repositoryformatversion = 0
    filemode = false
    bare = false
    logallrefupdates = true
    symlinks = false
    ignorecase = true
[remote "origin"]
    url = http://192.168.16.147/gitrepo.git
    fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
    remote = origin
    merge = refs/heads/master

I used GIT_CURL_VERBOSE and it shows the authentication works initially but then fails after a propfind:

$ GIT_CURL_VERBOSE=1 git push origin master
* Couldn't find host git.site.domain.com in the _netrc file; using defaults
* timeout on name lookup is not supported
*   Trying 192.168.16.147...
* TCP_NODELAY set
* Connected to git.site.domain.com (192.168.16.147) port 80 (#0)
> GET /gitrepo.git/info/refs?service=git-receive-pack HTTP/1.1
Host: git.site.domain.com
User-Agent: git/2.12.2.windows.2
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 401 Unauthorized
< Date: Wed, 26 Apr 2017 19:27:03 GMT
< Server: Apache/2.4.6 (CentOS)
< WWW-Authenticate: Basic realm="site.domain.com"
< Content-Length: 381
< Content-Type: text/html; charset=iso-8859-1
<
* Connection #0 to host git.site.domain.com left intact
* Couldn't find host git.site.domain.com in the _netrc file; using defaults
* Found bundle for host git.site.domain.com: 0x290be50 [can pipeline]
* Re-using existing connection! (#0) with host git.site.domain.com
* Connected to git.site.domain.com (192.168.16.147) port 80 (#0)
* Server auth using Basic with user 'bobsaget'
> GET /gitrepo.git/info/refs?service=git-receive-pack HTTP/1.1
Host: git.site.domain.com
Authorization: Basic encryptedstring
User-Agent: git/2.12.2.windows.2
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 200 OK
< Date: Wed, 26 Apr 2017 19:27:03 GMT
< Server: Apache/2.4.6 (CentOS)
< Last-Modified: Tue, 25 Apr 2017 18:11:35 GMT
< ETag: "0-54e01a77ac500"
< Accept-Ranges: bytes
< Content-Length: 0
< Content-Type: text/plain; charset=UTF-8
<
* Connection #0 to host git.site.domain.com left intact
* Couldn't find host git.site.domain.com in the _netrc file; using defaults
* Found bundle for host git.site.domain.com: 0x290be50 [can pipeline]
* Re-using existing connection! (#0) with host git.site.domain.com
* Connected to git.site.domain.com (192.168.16.147) port 80 (#0)
* Server auth using Basic with user 'bobsaget'
> GET /gitrepo.git/HEAD HTTP/1.1
Host: git.site.domain.com
Authorization: Basic encryptedstring
User-Agent: git/2.12.2.windows.2
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 200 OK
< Date: Wed, 26 Apr 2017 19:27:07 GMT
< Server: Apache/2.4.6 (CentOS)
< Last-Modified: Mon, 24 Apr 2017 20:51:42 GMT
< ETag: "17-54defc6469818"
< Accept-Ranges: bytes
< Content-Length: 23
<
* Connection #0 to host git.site.domain.com left intact
* Couldn't find host git.site.domain.com in the _netrc file; using defaults
* timeout on name lookup is not supported
*   Trying 192.168.16.147...
* TCP_NODELAY set
* Connected to git.site.domain.com (192.168.16.147) port 80 (#0)
> PROPFIND /gitrepo.git/ HTTP/1.1
Host: git.site.domain.com
User-Agent: git/2.12.2.windows.2
Accept: */*
Depth: 0
Content-Type: text/xml
Content-Length: 172
Expect: 100-continue

* The requested URL returned error: 401 Unauthorized
* stopped the pause stream!
* Closing connection 0
error: Cannot access URL http://git.site.domain.com/gitrepo.git/, return code 22
fatal: git-http-push failed
error: failed to push some refs to 'http://git.site.domain.com/gitrepo.git'

Apache error log shows successful authentication but fails without making a second attempt:

[Wed Apr 26 15:27:07.177075 2017] [authnz_ldap:debug] [pid 32543] mod_authnz_ldap.c(501): [client 192.168.16.216:54725] AH01691: auth_ldap authenticate: using URL ldap://192.168.16.222/dc=site,dc=domain,dc=com?sAMAccountName?Sub?(objectCategory=person)(objectClass=User)
[Wed Apr 26 15:27:07.177094 2017] [authnz_ldap:debug] [pid 32543] mod_authnz_ldap.c(593): [client 192.168.16.216:54725] AH01697: auth_ldap authenticate: accepting bobsaget
[Wed Apr 26 15:27:07.177100 2017] [authz_core:debug] [pid 32543] mod_authz_core.c(809): [client 192.168.16.216:54725] AH01626: authorization result of Require valid-user : granted
[Wed Apr 26 15:27:07.177104 2017] [authz_core:debug] [pid 32543] mod_authz_core.c(809): [client 192.168.16.216:54725] AH01626: authorization result of : granted
[Wed Apr 26 15:27:07.227516 2017] [authz_core:debug] [pid 32548] mod_authz_core.c(809): [client 192.168.16.216:54728] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Wed Apr 26 15:27:07.227564 2017] [authz_core:debug] [pid 32548] mod_authz_core.c(809): [client 192.168.16.216:54728] AH01626: authorization result of : denied (no authenticated user yet)

EDIT: I added "AcceptPathInfo On" to my httpd.conf and checked the environment variables needed according to git help http-backend are set.

I also added the rewrite conditions used there. Updated the configuration above accordingly.

Git push results in return code 22

Answers (1)

Related Questions