From: Junio C Hamano <gitster@pobox.com>
To: Knut Franke <k.franke@science-computing.de>
Cc: git@vger.kernel.org, Eric Sunshine <sunshine@sunshineco.com>
Subject: Re: [PATCH 1/2] http: allow selection of proxy authentication method
Date: Mon, 02 Nov 2015 14:46:59 -0800 [thread overview]
Message-ID: <xmqqfv0odnoc.fsf@gitster.mtv.corp.google.com> (raw)
In-Reply-To: <1446483264-15123-2-git-send-email-k.franke@science-computing.de> (Knut Franke's message of "Mon, 2 Nov 2015 17:54:23 +0100")
Knut Franke <k.franke@science-computing.de> writes:
> CURLAUTH_ANY does not work with proxies which answer unauthenticated requests
> with a 307 redirect to an error page instead of a 407 listing supported
> authentication methods. Therefore, allow the authentication method to be set
> using the environment variable GIT_HTTP_PROXY_AUTHMETHOD or configuration
> variables http.proxyAuthmethod and remote.<name>.proxyAuthmethod (in analogy
> to http.proxy and remote.<name>.proxy).
>
> The following values are supported:
>
> * anyauth (default)
> * basic
> * digest
> * negotiate
> * ntlm
>
> Signed-off-by: Knut Franke <k.franke@science-computing.de>
> Reviewed-by: Junio C Hamano <gitster@pobox.com>
> Reviewed-by: Eric Sunshine <sunshine@sunshineco.com>
Please add these only when you are doing the final submission,
sending the same version reviewed by these people after they said
the patch(es) look good. To credit others for helping you to polish
your patch, Helped-by: would be more appropriate.
> @@ -305,6 +326,42 @@ static void init_curl_http_auth(CURL *result)
> #endif
> }
>
> +/* assumes *var is either NULL or free-able */
> +static void env_override(const char **var, const char *envname)
> +{
> + const char *val = getenv(envname);
> + if (val) {
> + if (*var)
> + free((void*)*var);
Just
free((void *)*var);
would be more idiomatic (freeing NULL is not a crime but a norm).
Also as you did elsewhere, have a space between void and the
asterisk.
> +static void init_curl_proxy_auth(CURL *result)
> +{
> + env_override(&http_proxy_authmethod, "GIT_HTTP_PROXY_AUTHMETHOD");
Shouldn't this also be part of the #if/#endif?
> +
> +#if LIBCURL_VERSION_NUM >= 0x070a07 /* CURLOPT_PROXYAUTH and CURLAUTH_ANY */
> + if (http_proxy_authmethod) {
> + int i;
> + for (i = 0; i < ARRAY_SIZE(proxy_authmethods); i++) {
> + if (!strcmp(http_proxy_authmethod, proxy_authmethods[i].name)) {
> + curl_easy_setopt(result, CURLOPT_PROXYAUTH,
> + proxy_authmethods[i].curlauth_param);
> + break;
> + }
> + }
> + if (i == ARRAY_SIZE(proxy_authmethods)) {
> + warning("unsupported proxy authentication method %s: using anyauth",
> + http_proxy_authmethod);
> + curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
> + }
> + }
> + else
> + curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
> +#endif
> +}
> +
> static int has_cert_password(void)
> {
> if (ssl_cert == NULL || ssl_cert_password_required != 1)
> @@ -466,9 +523,7 @@ static CURL *get_curl_handle(void)
> if (curl_http_proxy) {
> curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy);
> }
> -#if LIBCURL_VERSION_NUM >= 0x070a07
> - curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
> -#endif
> + init_curl_proxy_auth(result);
>
> set_curl_keepalive(result);
>
> @@ -509,6 +564,12 @@ void http_init(struct remote *remote, const char *url, int proactive_auth)
> if (remote && remote->http_proxy)
> curl_http_proxy = xstrdup(remote->http_proxy);
>
> + if (remote && remote->http_proxy_authmethod) {
> + if (http_proxy_authmethod)
> + free((void*)http_proxy_authmethod);
Just
free((void *)http_proxy_authmethod);
without NULL-ness check.
But this makes me wonder if env_override() was a good abstraction.
That is, with this helper:
/* existing value in *var must be freeable */
static void var_override(const char **var, char *value)
{
if (value) {
free((void *)(*var));
var = xstrdup(value);
}
}
the beginning of the init_proxy_auth() would become:
static void init_curl_proxy_auth(CURL *result)
{
#if LIBCURL_VERSION_NUM >= 0x070a07 /* CURLOPT_PROXYAUTH and CURLAUTH_ANY */
var_override(&http_proxy_authmethod, getenv("GIT_HTTP_PROXY_AUTHMETHOD"));
...
and this code would be:
if (remote)
var_override(&http_proxy_authmethod, remote->http_proxy_authmethod);
which might be even cleaner.
> + http_proxy_authmethod = xstrdup(remote->http_proxy_authmethod);
> + }
> +
> pragma_header = curl_slist_append(pragma_header, "Pragma: no-cache");
> no_pragma_header = curl_slist_append(no_pragma_header, "Pragma:");
>
> @@ -607,6 +668,11 @@ void http_cleanup(void)
> curl_http_proxy = NULL;
> }
>
> + if (http_proxy_authmethod) {
> + free((void *)http_proxy_authmethod);
> + http_proxy_authmethod = NULL;
> + }
No need for NULL-ness check here, either.
Other than the above nits, looks cleanly done.
Thanks.
next prev parent reply other threads:[~2015-11-02 22:47 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-26 17:55 [PATCH 1/2] http: allow selection of proxy authentication method Knut Franke
2015-10-26 17:55 ` [PATCH 2/2] http: use credential API to handle proxy authentication Knut Franke
2015-10-26 20:33 ` [PATCH 1/2] http: allow selection of proxy authentication method Junio C Hamano
2015-10-27 8:47 ` Knut Franke
2015-10-28 9:40 ` [PATCH v2] http proxy authentication improvements Knut Franke
2015-10-28 9:40 ` [PATCH 1/2] http: allow selection of proxy authentication method Knut Franke
2015-10-28 16:51 ` Junio C Hamano
2015-10-28 16:59 ` Junio C Hamano
2015-10-30 18:01 ` Knut Franke
2015-10-30 19:19 ` Junio C Hamano
2015-10-28 18:54 ` Eric Sunshine
2015-10-28 9:40 ` [PATCH 2/2] http: use credential API to handle proxy authentication Knut Franke
2015-10-28 18:58 ` Eric Sunshine
2015-10-30 18:24 ` Knut Franke
2015-10-30 19:31 ` Junio C Hamano
2015-10-30 19:35 ` Eric Sunshine
2015-11-02 16:54 ` [PATCH v3 0/2] Knut Franke
2015-11-02 16:54 ` [PATCH 1/2] http: allow selection of proxy authentication method Knut Franke
2015-11-02 22:46 ` Junio C Hamano [this message]
2015-11-03 9:07 ` Knut Franke
2015-11-03 19:46 ` Junio C Hamano
2015-11-02 16:54 ` [PATCH 2/2] http: use credential API to handle proxy authentication Knut Franke
2015-11-02 22:54 ` Junio C Hamano
2015-11-03 9:31 ` Knut Franke
2015-11-03 18:12 ` Eric Sunshine
2015-11-04 9:13 ` [PATCH v4 0/2] Knut Franke
2015-11-04 9:13 ` [PATCH 1/2] http: allow selection of proxy authentication method Knut Franke
2015-11-04 19:42 ` Junio C Hamano
2015-11-04 9:13 ` [PATCH 2/2] http: use credential API to handle proxy authentication Knut Franke
2015-11-04 19:41 ` Eric Sunshine
2015-11-04 19:53 ` Junio C Hamano
2015-11-05 8:24 ` Jeff King
2015-11-05 11:56 ` Knut Franke
2015-11-05 17:30 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqfv0odnoc.fsf@gitster.mtv.corp.google.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=k.franke@science-computing.de \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.