From: Jeff King <peff@peff.net>
To: Iain Paton <ipaton0@gmail.com>
Cc: Junio C Hamano <gitster@pobox.com>, git@vger.kernel.org
Subject: [PATCH 0/8] fix password prompting for "half-auth" servers
Date: Mon, 27 Aug 2012 09:21:45 -0400 [thread overview]
Message-ID: <20120827132145.GA17265@sigill.intra.peff.net> (raw)
In-Reply-To: <20120826101341.GA12566@sigill.intra.peff.net>
On Sun, Aug 26, 2012 at 06:13:41AM -0400, Jeff King wrote:
> No problem. I'll probably be a day or two on the patches, as the http
> tests are in need of some refactoring before adding more tests. But in
> the meantime, I think your config change is a sane work-around.
OK, here is the series. For those just joining us, the problem is that
git will not correctly prompt for credentials when pushing to a
repository which allows the initial GET of
".../info/refs?service=git-receive-pack", but then gives a 401 when we
try to POST the pack. This has never worked for a plain URL, but used to
work if you put the username in the URL (because we would
unconditionally load the credentials before making any requests). That
was broken by 986bbc0, which does not do that proactive prompting for
smart-http, meaning such repositories cannot be pushed to at all.
Such a server-side setup is questionable in my opinion (because the
client will actually create the pack before failing), but we have been
advertising it for a long time in git-http-backend(1) as the right way
to make repositories that are anonymous for fetching but require auth
for pushing.
The fix is somewhat uglier than I would like, but I think it's practical
and the right thing to do (see the final patch for lots of discussion).
I built this on the current tip of "master". It might make sense to
backport it directly on top of 986bbc0 for the maint track. There are
conflicts, but they are all textual. Another option would be to revert
986bbc0 for the maint track, as that commit is itself fixing a minor bug
that is of decreasing relevance (it fixed extra password prompting when
.netrc was in use, but one can work around it by dropping the username
from the URL).
The patches are:
[1/8]: t5550: put auth-required repo in auth/dumb
[2/8]: t5550: factor out http auth setup
[3/8]: t/lib-httpd: only route auth/dumb to dumb repos
[4/8]: t/lib-httpd: recognize */smart/* repos as smart-http
[5/8]: t: test basic smart-http authentication
These are all refactoring of the test scripts in preparation for 6/8
(and are where all of the conflicts lie).
[6/8]: t: test http access to "half-auth" repositories
This demonstrates the bug.
[7/8]: http: factor out http error code handling
Refactoring to support 8/8.
[8/8]: http: prompt for credentials on failed POST
And this one is the actual fix.
I'd like to have a 9/8 which tweaks the git-http-backend documentation
to provide better example apache config, but I haven't yet figured out
the right incantation. Suggestions from apache gurus are welcome.
-Peff
next prev parent reply other threads:[~2012-08-27 13:22 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-24 20:19 git no longer prompting for password Iain Paton
2012-08-24 21:25 ` Jeff King
[not found] ` <5038E781.1090008@gmail.com>
2012-08-25 20:39 ` Jeff King
2012-08-26 9:57 ` Iain Paton
2012-08-26 10:13 ` Jeff King
2012-08-26 14:18 ` Iain Paton
2012-08-27 13:21 ` Jeff King [this message]
2012-08-27 13:23 ` [PATCH 1/8] t5550: put auth-required repo in auth/dumb Jeff King
2012-08-27 13:24 ` [PATCH 2/8] t5550: factor out http auth setup Jeff King
2012-08-27 13:24 ` [PATCH 3/8] t/lib-httpd: only route auth/dumb to dumb repos Jeff King
2012-08-27 13:25 ` [PATCH 4/8] t/lib-httpd: recognize */smart/* repos as smart-http Jeff King
2012-08-27 13:25 ` [PATCH 5/8] t: test basic smart-http authentication Jeff King
2012-08-27 13:25 ` [PATCH 6/8] t: test http access to "half-auth" repositories Jeff King
2012-08-27 13:26 ` [PATCH 7/8] http: factor out http error code handling Jeff King
2012-08-28 18:06 ` Junio C Hamano
2012-08-27 13:27 ` [PATCH 8/8] http: prompt for credentials on failed POST Jeff King
2012-08-27 17:48 ` Junio C Hamano
2012-08-27 21:49 ` Jeff King
2012-08-27 23:29 ` Junio C Hamano
2012-08-27 17:14 ` [PATCH 0/8] fix password prompting for "half-auth" servers Junio C Hamano
2012-08-27 8:28 ` git no longer prompting for password Iain Paton
2012-08-27 13:33 ` BJ Hargrave
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120827132145.GA17265@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=ipaton0@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).