kernel
/
git
mirror of https://git.kernel.org/pub/scm/git/git.git
1
0
Fork 0
Code Releases Activity
Browse Source

http: add option to try authentication without username 

Performing GSS-Negotiate authentication using Kerberos does not require
specifying a username or password, since that information is already
included in the ticket itself.  However, libcurl refuses to perform
authentication if it has not been provided with a username and password.
Add an option, http.emptyAuth, that provides libcurl with an empty
username and password to make it attempt authentication anyway.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
maint
brian m. carlson 9 years ago committed by Junio C Hamano
parent
a08595f761
commit
121061f67f
2 changed files with 17 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      Documentation/config.txt
  2. 13
      http.c

6
Documentation/config.txt
Unescape View File

@ -1600,6 +1600,12 @@ http.proxy::
`curl(1)`). This can be overridden on a per-remote basis; see `curl(1)`). This can be overridden on a per-remote basis; see
remote.<name>.proxy remote.<name>.proxy


http.emptyAuth::
Attempt authentication without seeking a username or password. This
can be used to attempt GSS-Negotiate authentication without specifying
a username in the URL, as libcurl normally requires a username for
authentication.

http.cookieFile:: http.cookieFile::
File containing previously stored cookie lines which should be used File containing previously stored cookie lines which should be used
in the Git http session, if they match the server. The file format in the Git http session, if they match the server. The file format

13
http.c
Unescape View File

@ -67,6 +67,7 @@ static int curl_save_cookies;
struct credential http_auth = CREDENTIAL_INIT; struct credential http_auth = CREDENTIAL_INIT;
static int http_proactive_auth; static int http_proactive_auth;
static const char *user_agent; static const char *user_agent;
static int curl_empty_auth;


#if LIBCURL_VERSION_NUM >= 0x071700 #if LIBCURL_VERSION_NUM >= 0x071700
/* Use CURLOPT_KEYPASSWD as is */ /* Use CURLOPT_KEYPASSWD as is */
@ -273,14 +274,22 @@ static int http_options(const char *var, const char *value, void *cb)
if (!strcmp("http.useragent", var)) if (!strcmp("http.useragent", var))
return git_config_string(&user_agent, var, value); return git_config_string(&user_agent, var, value);


if (!strcmp("http.emptyauth", var)) {
curl_empty_auth = git_config_bool(var, value);
return 0;
}

/* Fall back on the default ones */ /* Fall back on the default ones */
return git_default_config(var, value, cb); return git_default_config(var, value, cb);
} }


static void init_curl_http_auth(CURL *result) static void init_curl_http_auth(CURL *result)
{ {
if (!http_auth.username) if (!http_auth.username) {
if (curl_empty_auth)
curl_easy_setopt(result, CURLOPT_USERPWD, ":");
return; return;
}


credential_fill(&http_auth); credential_fill(&http_auth);


@ -695,7 +704,7 @@ struct active_request_slot *get_active_slot(void)
#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY #ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
curl_easy_setopt(slot->curl, CURLOPT_HTTPAUTH, http_auth_methods); curl_easy_setopt(slot->curl, CURLOPT_HTTPAUTH, http_auth_methods);
#endif #endif
if (http_auth.password) if (http_auth.password || curl_empty_auth)
init_curl_http_auth(slot->curl); init_curl_http_auth(slot->curl);


return slot; return slot;

Write Preview
Loading…
Cancel
Save