undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

http: add option to try authentication without username

Browse Source 
Performing GSS-Negotiate authentication using Kerberos does not require
specifying a username or password, since that information is already
included in the ticket itself.  However, libcurl refuses to perform
authentication if it has not been provided with a username and password.
Add an option, http.emptyAuth, that provides libcurl with an empty
username and password to make it attempt authentication anyway.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
brian m. carlson 2016-02-15 18:44:46 +00:00 committed by Junio C Hamano
parent a08595f761
commit 121061f67f
2 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Documentation/config.txt
View File

@ -1600,6 +1600,12 @@ http.proxy::
`curl(1)`). This can be overridden on a per-remote basis; see `curl(1)`). This can be overridden on a per-remote basis; see
remote.<name>.proxy remote.<name>.proxy
http.emptyAuth::
Attempt authentication without seeking a username or password. This
can be used to attempt GSS-Negotiate authentication without specifying
a username in the URL, as libcurl normally requires a username for
authentication.
http.cookieFile:: http.cookieFile::
File containing previously stored cookie lines which should be used File containing previously stored cookie lines which should be used
in the Git http session, if they match the server. The file format in the Git http session, if they match the server. The file format

13
http.c
View File

@ -67,6 +67,7 @@ static int curl_save_cookies;
struct credential http_auth = CREDENTIAL_INIT; struct credential http_auth = CREDENTIAL_INIT;
static int http_proactive_auth; static int http_proactive_auth;
static const char *user_agent; static const char *user_agent;
static int curl_empty_auth;
#if LIBCURL_VERSION_NUM >= 0x071700 #if LIBCURL_VERSION_NUM >= 0x071700
/* Use CURLOPT_KEYPASSWD as is */ /* Use CURLOPT_KEYPASSWD as is */
@ -273,14 +274,22 @@ static int http_options(const char *var, const char *value, void *cb)
if (!strcmp("http.useragent", var)) if (!strcmp("http.useragent", var))
return git_config_string(&user_agent, var, value); return git_config_string(&user_agent, var, value);
if (!strcmp("http.emptyauth", var)) {
curl_empty_auth = git_config_bool(var, value);
return 0;
}
/* Fall back on the default ones */ /* Fall back on the default ones */
return git_default_config(var, value, cb); return git_default_config(var, value, cb);
} }
static void init_curl_http_auth(CURL *result) static void init_curl_http_auth(CURL *result)
{ {
if (!http_auth.username) if (!http_auth.username) {
if (curl_empty_auth)
curl_easy_setopt(result, CURLOPT_USERPWD, ":");
return; return;
}
credential_fill(&http_auth); credential_fill(&http_auth);
@ -695,7 +704,7 @@ struct active_request_slot *get_active_slot(void)
#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY #ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
curl_easy_setopt(slot->curl, CURLOPT_HTTPAUTH, http_auth_methods); curl_easy_setopt(slot->curl, CURLOPT_HTTPAUTH, http_auth_methods);
#endif #endif
if (http_auth.password) if (http_auth.password || curl_empty_auth)
init_curl_http_auth(slot->curl); init_curl_http_auth(slot->curl);
return slot; return slot;