From: "Martin Storsjö" <martin@martin.st>
To: git@vger.kernel.org
Subject: [PATCH] Add an option for using any HTTP authentication scheme, not only basic
Date: Tue, 14 Apr 2009 23:52:11 +0300 (EEST) [thread overview]
Message-ID: <Pine.LNX.4.64.0904142350140.7479@localhost.localdomain> (raw)
This adds the configuration option http.authAny (overridable with
the environment variable GIT_HTTP_AUTH_ANY), for instructing curl
to allow any HTTP authentication scheme, not only basic (which
sends the password in plaintext).
When this is enabled, curl has to do double requests most of the time,
in order to discover which HTTP authentication method to use, which
lowers the performance slightly. Therefore this isn't enabled by default.
One example of another authentication scheme to use is digest, which
doesn't send the password in plaintext, but uses a challenge-response
mechanism instead. Using digest authentication in practice requires
at least curl 7.18.2, due to bugs in the digest handling in earlier
versions of curl.
Signed-off-by: Martin Storsjo <martin@martin.st>
---
This is a resend of a patch I sent a few weeks ago. Now this functionality
is configurable and disabled by default.
Documentation/config.txt | 7 +++++++
http.c | 18 ++++++++++++++++++
2 files changed, 25 insertions(+), 0 deletions(-)
diff --git a/Documentation/config.txt b/Documentation/config.txt
index f3ebd2f..1515d77 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -1011,6 +1011,13 @@ http.noEPSV::
support EPSV mode. Can be overridden by the 'GIT_CURL_FTP_NO_EPSV'
environment variable. Default is false (curl will use EPSV).
+http.authAny::
+ Allow any HTTP authentication method, not only basic. Enabling
+ this lowers the performance slightly, by having to do requests
+ without any authentication to discover the authentication method
+ to use. Can be overridden by the 'GIT_HTTP_AUTH_ANY'
+ environment variable. Default is false.
+
i18n.commitEncoding::
Character encoding the commit messages are stored in; git itself
does not care per se, but this information is necessary e.g. when
diff --git a/http.c b/http.c
index 2e3d649..0b18c64 100644
--- a/http.c
+++ b/http.c
@@ -26,6 +26,9 @@ static long curl_low_speed_time = -1;
static int curl_ftp_no_epsv;
static const char *curl_http_proxy;
static char *user_name, *user_pass;
+#if LIBCURL_VERSION_NUM >= 0x070a06
+static int curl_http_auth_any = 0;
+#endif
static struct curl_slist *pragma_header;
@@ -150,6 +153,12 @@ static int http_options(const char *var, const char *value, void *cb)
}
if (!strcmp("http.proxy", var))
return git_config_string(&curl_http_proxy, var, value);
+#if LIBCURL_VERSION_NUM >= 0x070a06
+ if (!strcmp("http.authany", var)) {
+ curl_http_auth_any = git_config_bool(var, value);
+ return 0;
+ }
+#endif
/* Fall back on the default ones */
return git_default_config(var, value, cb);
@@ -184,6 +193,10 @@ static CURL *get_curl_handle(void)
#if LIBCURL_VERSION_NUM >= 0x070907
curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
#endif
+#if LIBCURL_VERSION_NUM >= 0x070a06
+ if (curl_http_auth_any)
+ curl_easy_setopt(result, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
+#endif
init_curl_http_auth(result);
@@ -329,6 +342,11 @@ void http_init(struct remote *remote)
if (getenv("GIT_CURL_FTP_NO_EPSV"))
curl_ftp_no_epsv = 1;
+#if LIBCURL_VERSION_NUM >= 0x070a06
+ if (getenv("GIT_HTTP_AUTH_ANY"))
+ curl_http_auth_any = 1;
+#endif
+
if (remote && remote->url && remote->url[0])
http_auth_init(remote->url[0]);
--
1.6.0.2
next prev reply other threads:[~2009-04-14 20:54 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-02 17:28 HTTP NTLM Authentication gsky
2009-10-02 19:04 ` [PATCH] Use the best HTTP authentication method supported by the server Nicholas Miell
2009-11-27 15:41 ` [PATCH 0/2] http: allow multi-pass authentication Tay Ray Chuan
2009-04-14 21:56 ` [PATCH v2] Add an option for using any HTTP authentication scheme, not only basic Martin Storsjö
2009-04-14 20:52 ` Martin Storsjö [this message]
2009-04-14 21:08 ` [PATCH] " Johannes Schindelin
2009-04-14 21:15 ` Martin Storsjö
2009-04-14 21:42 ` Johannes Schindelin
2009-12-01 10:28 ` [PATCH 0/2] http: allow multi-pass authentication Martin Storsjö
2009-12-01 10:33 ` [PATCH/RFC] Allow curl to rewind the RPC read buffer Martin Storsjö
2009-12-01 16:01 ` Shawn O. Pearce
2009-12-01 16:12 ` Tay Ray Chuan
2009-12-01 16:16 ` Shawn O. Pearce
2009-12-01 16:51 ` Martin Storsjö
2009-12-01 17:49 ` Junio C Hamano
2009-12-02 2:32 ` Tay Ray Chuan
2009-12-02 7:45 ` Martin Storsjö
2009-12-01 10:37 ` [PATCH/RFC] Allow curl to rewind the RPC read buffer at any time Martin Storsjö
2009-12-01 16:14 ` Shawn O. Pearce
2009-12-01 16:59 ` Martin Storsjö
2009-12-02 3:15 ` Tay Ray Chuan
2009-12-01 18:18 ` Daniel Stenberg
2009-12-02 2:03 ` Tay Ray Chuan
2009-12-02 9:19 ` Daniel Stenberg
2009-12-02 9:32 ` Martin Storsjö
2009-12-02 10:04 ` Daniel Stenberg
2009-11-27 15:42 ` [PATCH 1/2] http: maintain curl sessions Tay Ray Chuan
2009-11-27 15:43 ` [PATCH 2/2] Add an option for using any HTTP authentication scheme, not only basic Tay Ray Chuan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.64.0904142350140.7479@localhost.localdomain \
--to=martin@martin.st \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).