From: Jeff King <peff@peff.net>
To: Nelson Benitez Leon <nelsonjesus.benitez@seap.minhap.es>
Cc: git@vger.kernel.org
Subject: Re: [PATCH 2/6] http: handle proxy proactive authentication
Date: Fri, 4 May 2012 03:16:32 -0400 [thread overview]
Message-ID: <20120504071632.GB21895@sigill.intra.peff.net> (raw)
In-Reply-To: <4FA2B4DA.60908@seap.minhap.es>
On Thu, May 03, 2012 at 06:39:54PM +0200, Nelson Benitez Leon wrote:
> If http_proactive_auth flag is set and there is a username
> but no password in the proxy url, then interactively ask for
> the password.
>
> This makes possible to not have the password written down in
> http_proxy env var or in http.proxy config option.
>
> Also take care that CURLOPT_PROXY don't include username or
> password, as we now set them in the new set_proxy_auth() function
> where we use their specific cURL options.
Do we actually need to do that? If we set CURLOPT_PROXYUSERNAME, will
curl ignore it in favor of what's in the URL? I ask, because there is a
bug here:
> @@ -351,8 +366,19 @@ static CURL *get_curl_handle(const char *url)
> }
>
> if (curl_http_proxy) {
> - curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy);
> + struct strbuf proxyhost = STRBUF_INIT;
> +
> + if (!proxy_auth.host) /* check to parse only once */
> + credential_from_url(&proxy_auth, curl_http_proxy);
> +
> + if (http_proactive_auth && proxy_auth.username && !proxy_auth.password)
> + /* proxy string has username but no password, ask for password */
> + credential_fill(&proxy_auth);
> +
> + strbuf_addf(&proxyhost, "%s://%s", proxy_auth.protocol, proxy_auth.host);
> + curl_easy_setopt(result, CURLOPT_PROXY, strbuf_detach(&proxyhost, NULL));
When you parse the URL via credential_from_url, the components you get
will have any URL-encoding removed. So when you regenerate the URL in
the proxyhost variable, you would need to re-encode.
But if we can stop doing this regeneration at all, then the problem goes
away.
Also, newer versions of curl will copy the string instead of taking
ownership of the pointer. Unfortunately we have to deal with both old
and new, but you can get around it by using a static strbuf (so we leak,
but we only leak once per program, not once per get_curl_handle call).
This issue would also go away if we stop regenerating the URL.
-Peff
next prev parent reply other threads:[~2012-05-04 7:16 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-03 16:39 [PATCH 2/6] http: handle proxy proactive authentication Nelson Benitez Leon
2012-05-04 7:16 ` Jeff King [this message]
2012-05-04 11:10 ` Nelson Benitez Leon
2012-05-04 10:51 ` Jeff King
2012-05-04 13:55 ` Nelson Benitez Leon
2012-05-04 13:55 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120504071632.GB21895@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=nelsonjesus.benitez@seap.minhap.es \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).