Add an option for using any HTTP authentication scheme, not only basic
This adds the configuration option http.authAny (overridable with the environment variable GIT_HTTP_AUTH_ANY), for instructing curl to allow any HTTP authentication scheme, not only basic (which sends the password in plaintext). When this is enabled, curl has to do double requests most of the time, in order to discover which HTTP authentication method to use, which lowers the performance slightly. Therefore this isn't enabled by default. One example of another authentication scheme to use is digest, which doesn't send the password in plaintext, but uses a challenge-response mechanism instead. Using digest authentication in practice requires at least curl 7.18.1, due to bugs in the digest handling in earlier versions of curl. Signed-off-by: Martin Storsjö <martin@martin.st> Signed-off-by: Tay Ray Chuan <rctay89@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
parent
ad75ebe5b3
commit
b8ac923010
@ -1158,6 +1158,13 @@ http.noEPSV::
|
||||
support EPSV mode. Can be overridden by the 'GIT_CURL_FTP_NO_EPSV'
|
||||
environment variable. Default is false (curl will use EPSV).
|
||||
|
||||
http.authAny::
|
||||
Allow any HTTP authentication method, not only basic. Enabling
|
||||
this lowers the performance slightly, by having to do requests
|
||||
without any authentication to discover the authentication method
|
||||
to use. Can be overridden by the 'GIT_HTTP_AUTH_ANY'
|
||||
environment variable. Default is false.
|
||||
|
||||
i18n.commitEncoding::
|
||||
Character encoding the commit messages are stored in; git itself
|
||||
does not care per se, but this information is necessary e.g. when
|
||||
|
22
http.c
22
http.c
@ -7,6 +7,10 @@ int active_requests;
|
||||
int http_is_verbose;
|
||||
size_t http_post_buffer = 16 * LARGE_PACKET_MAX;
|
||||
|
||||
#if LIBCURL_VERSION_NUM >= 0x070a06
|
||||
#define LIBCURL_CAN_HANDLE_AUTH_ANY
|
||||
#endif
|
||||
|
||||
static int min_curl_sessions = 1;
|
||||
static int curl_session_count;
|
||||
#ifdef USE_CURL_MULTI
|
||||
@ -36,6 +40,9 @@ static long curl_low_speed_time = -1;
|
||||
static int curl_ftp_no_epsv;
|
||||
static const char *curl_http_proxy;
|
||||
static char *user_name, *user_pass;
|
||||
#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
|
||||
static int curl_http_auth_any = 0;
|
||||
#endif
|
||||
|
||||
#if LIBCURL_VERSION_NUM >= 0x071700
|
||||
/* Use CURLOPT_KEYPASSWD as is */
|
||||
@ -190,6 +197,12 @@ static int http_options(const char *var, const char *value, void *cb)
|
||||
http_post_buffer = LARGE_PACKET_MAX;
|
||||
return 0;
|
||||
}
|
||||
#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
|
||||
if (!strcmp("http.authany", var)) {
|
||||
curl_http_auth_any = git_config_bool(var, value);
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Fall back on the default ones */
|
||||
return git_default_config(var, value, cb);
|
||||
@ -240,6 +253,10 @@ static CURL *get_curl_handle(void)
|
||||
#if LIBCURL_VERSION_NUM >= 0x070907
|
||||
curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
|
||||
#endif
|
||||
#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
|
||||
if (curl_http_auth_any)
|
||||
curl_easy_setopt(result, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
|
||||
#endif
|
||||
|
||||
init_curl_http_auth(result);
|
||||
|
||||
@ -391,6 +408,11 @@ void http_init(struct remote *remote)
|
||||
if (getenv("GIT_CURL_FTP_NO_EPSV"))
|
||||
curl_ftp_no_epsv = 1;
|
||||
|
||||
#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
|
||||
if (getenv("GIT_HTTP_AUTH_ANY"))
|
||||
curl_http_auth_any = 1;
|
||||
#endif
|
||||
|
||||
if (remote && remote->url && remote->url[0]) {
|
||||
http_auth_init(remote->url[0]);
|
||||
if (!ssl_cert_password_required &&
|
||||
|
Loading…
Reference in New Issue
Block a user