[PATCH/RFC] http: pass http.cookiefile using CURLOPT

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH/RFC] http: pass http.cookiefile using CURLOPT_COOKIEFILE
@ 2011-06-02 20:31 Duncan Brown
  2011-06-03  0:01 ` Shawn Pearce
  0 siblings, 1 reply; 3+ messages in thread
From: Duncan Brown @ 2011-06-02 20:31 UTC (permalink / raw)
  To: git; +Cc: dabrown, gitster, skoranda

If the config option http.cookiefile is set, pass this file to libCURL using
the CURLOPT_COOKIEFILE option. This is similar to calling curl with the -b
option.  This allows git http authorization with authentication mechanisms
that use cookies, such as SAML Enhanced Client or Proxy (ECP) used by
Shibboleth.

To use SAML/ECP, the user needs to request a session cookie with their own ECP
code. See for example:

<https://wiki.shibboleth.net/confluence/display/SHIB2/ECP>

Once the cookie file has been created, it can be passed to git with, e.g.

git config --global http.cookiefile "/home/dbrown/.curlcookies"

libCURL will then pass the appropriate session cookies to the git http server.

Signed-off-by: Duncan Brown <duncan.brown@ligo.org>
---
 Documentation/config.txt |    8 ++++++++
 http.c                   |    5 +++++
 2 files changed, 13 insertions(+), 0 deletions(-)

diff --git a/Documentation/config.txt b/Documentation/config.txt
index 6b93777..c631d1c 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -1196,6 +1196,14 @@ http.proxy::
 	environment variable (see linkgit:curl[1]).  This can be overridden
 	on a per-remote basis; see remote.<name>.proxy
 
+http.cookiefile::
+	File containing previously stored cookie lines which should be used
+	in the git http session, if they match the server. The file format
+	of the file to read cookies from should be plain HTTP headers or
+	the Netscape/Mozilla cookie file format (see linkgit:curl[1]).
+	NOTE that the file specified with http.cookiefile is only used as
+	input. No cookies will be stored in the file.
+
 http.sslVerify::
 	Whether to verify the SSL certificate when fetching or pushing
 	over HTTPS. Can be overridden by the 'GIT_SSL_NO_VERIFY' environment
diff --git a/http.c b/http.c
index b2ae8de..a1ea3db 100644
--- a/http.c
+++ b/http.c
@@ -41,6 +41,7 @@ static long curl_low_speed_limit = -1;
 static long curl_low_speed_time = -1;
 static int curl_ftp_no_epsv;
 static const char *curl_http_proxy;
+static const char *curl_cookie_file;
 static char *user_name, *user_pass;
 static const char *user_agent;
 
@@ -191,6 +192,9 @@ static int http_options(const char *var, const char *value, void *cb)
 	if (!strcmp("http.proxy", var))
 		return git_config_string(&curl_http_proxy, var, value);
 
+	if (!strcmp("http.cookiefile", var))
+		return git_config_string(&curl_cookie_file, var, value);
+
 	if (!strcmp("http.postbuffer", var)) {
 		http_post_buffer = git_config_int(var, value);
 		if (http_post_buffer < LARGE_PACKET_MAX)
@@ -531,6 +535,7 @@ struct active_request_slot *get_active_slot(void)
 	slot->finished = NULL;
 	slot->callback_data = NULL;
 	slot->callback_func = NULL;
+	curl_easy_setopt(slot->curl, CURLOPT_COOKIEFILE, curl_cookie_file);
 	curl_easy_setopt(slot->curl, CURLOPT_HTTPHEADER, pragma_header);
 	curl_easy_setopt(slot->curl, CURLOPT_ERRORBUFFER, curl_errorstr);
 	curl_easy_setopt(slot->curl, CURLOPT_CUSTOMREQUEST, NULL);
-- 
1.7.3.4

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH/RFC] http: pass http.cookiefile using CURLOPT_COOKIEFILE
  2011-06-02 20:31 [PATCH/RFC] http: pass http.cookiefile using CURLOPT_COOKIEFILE Duncan Brown
@ 2011-06-03  0:01 ` Shawn Pearce
  2011-06-03  2:43   ` Duncan Brown
  0 siblings, 1 reply; 3+ messages in thread
From: Shawn Pearce @ 2011-06-03  0:01 UTC (permalink / raw)
  To: Duncan Brown, gitster; +Cc: git, skoranda

On Thu, Jun 2, 2011 at 13:31, Duncan Brown <dabrown@physics.syr.edu> wrote:
> If the config option http.cookiefile is set, pass this file to libCURL using
> the CURLOPT_COOKIEFILE option. This is similar to calling curl with the -b
> option.  This allows git http authorization with authentication mechanisms
> that use cookies, such as SAML Enhanced Client or Proxy (ECP) used by
> Shibboleth.

Wow, the patch was this simple?

Thanks Duncan!

> ---
>  Documentation/config.txt |    8 ++++++++
>  http.c                   |    5 +++++
>  2 files changed, 13 insertions(+), 0 deletions(-)

Junio, I didn't test this myself, but the code looks good to me. I
don't see any obvious issues with it.

-- 
Shawn.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH/RFC] http: pass http.cookiefile using CURLOPT_COOKIEFILE
  2011-06-03  0:01 ` Shawn Pearce
@ 2011-06-03  2:43   ` Duncan Brown
  0 siblings, 0 replies; 3+ messages in thread
From: Duncan Brown @ 2011-06-03  2:43 UTC (permalink / raw)
  To: git

Hi Shawn,

On Jun 2, 2011, at 8:01 PM, Shawn Pearce wrote:

> On Thu, Jun 2, 2011 at 13:31, Duncan Brown <dabrown@physics.syr.edu> wrote:
>> If the config option http.cookiefile is set, pass this file to libCURL using
>> the CURLOPT_COOKIEFILE option. This is similar to calling curl with the -b
>> option.  This allows git http authorization with authentication mechanisms
>> that use cookies, such as SAML Enhanced Client or Proxy (ECP) used by
>> Shibboleth.
> 
> Wow, the patch was this simple?

Yep, it took longer to google for the libCURL docs than it did to write the code! With this patch, I can do the following:

[dbrown@spice-dev2 test]$ ./ecp.sh SUGWG https://sugwg-git.phy.syr.edu/git/qm/info/refs?service=git-upload-pack dbrown
Enter host password for user 'dbrown':

001e# service=git-upload-pack
0000009b0b31a9bef84542ff7dd5a10eb72ef2a67d176a35 HEADmulti_ack thin-pack side-band side-band-64k ofs-delta shallow no-progress include-tag multi_ack_detailed
003f0b31a9bef84542ff7dd5a10eb72ef2a67d176a35 refs/heads/master
00424b2259eb6bada1a160e8dcf394b93fa60a60c90d refs/tags/first_corr
004266eea9443af5f0026a44d58990547f8ff60897c6 refs/tags/pre_double
0043f8d991153a857af157e9dfaa9e8851ae2440cafd refs/tags/ptf_test_01
0000

ecp.sh is Scott Koranda's demonstration ECP client:

<https://wiki.shibboleth.net/confluence/display/SHIB2/Contributions#Contributions-simplebash>

It gets a Shib session cookie and stores it in ~/.curlcookies with curl and xlstproc command line tools. Now that I have my session cookie, I can do

[dbrown@spice-dev2 test]$ git config --global http.cookiefile "/home/dbrown/.curlcookies"
[dbrown@spice-dev2 test]$ git clone https://sugwg-git.phy.syr.edu/git/qm
Cloning into qm...
remote: Counting objects: 2071, done.
remote: Compressing objects: 100% (833/833), done.
remote: Total 2071 (delta 1352), reused 1851 (delta 1224)
Receiving objects: 100% (2071/2071), 681.53 KiB, done.
Resolving deltas: 100% (1352/1352), done.

Without the session cookie:

[dbrown@spice-dev2 test]$ rm ~/.curlcookies 
[dbrown@spice-dev2 test]$ git clone https://sugwg-git.phy.syr.edu/git/qm
Cloning into qm...
warning: remote HEAD refers to nonexistent ref, unable to checkout.

> Thanks Duncan!

No problem.

Cheers,
Duncan.

> 
>> ---
>>  Documentation/config.txt |    8 ++++++++
>>  http.c                   |    5 +++++
>>  2 files changed, 13 insertions(+), 0 deletions(-)
> 
> Junio, I didn't test this myself, but the code looks good to me. I
> don't see any obvious issues with it.
> 
> -- 
> Shawn.
> 

-- 

Duncan Brown                          Room 263-1, Department of Physics,
Associate Professor of Physics        Syracuse University, NY 13244, USA
Phone: (315) 443 5993             http://www.gravity.phy.syr.edu/~duncan

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2011-06-03  2:43 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-06-02 20:31 [PATCH/RFC] http: pass http.cookiefile using CURLOPT_COOKIEFILE Duncan Brown
2011-06-03  0:01 ` Shawn Pearce
2011-06-03  2:43   ` Duncan Brown

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).