Re: [PATCH] remote-curl: don't fall back to Basic auth if we haven't tried Negotiate

[Junio C Hamano <gitster@pobox.com>]

Dmitry Vilkov <dmitry.a.vilkov@gmail.com> writes:

> This is fix of bug introduced by 4dbe66464 commit.

That would be 4dbe6646 (remote-curl: fall back to Basic auth if
Negotiate fails, 2015-01-08) that appears in v2.3.1 and onward.

> The problem is that when username/password combination was not set,
> the first HTTP(S) request will fail and user will be asked for
> credentials. As a side effect of first HTTP(S) request, libcurl auth
> method GSS-Negotiate will be disabled unconditionally. Although, we
> haven't tried yet provided credentials for this auth method.

Brian, comments?  Here is what you wrote in that commit:

    If Basic and something else are offered, libcurl will never
    attempt to use Basic, even if the other option fails.  Teach the
    HTTP client code to stop trying authentication mechanisms that
    don't use a password (currently Negotiate) after the first
    failure, since if they failed the first time, they will never
    succeed.

Thanks.

> Signed-off-by: Dmitry Vilkov <dmitry.a.vilkov@gmail.com>
> ---
>  http.c | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/http.c b/http.c
> index 0da9e66..707ea84 100644
> --- a/http.c
> +++ b/http.c
> @@ -951,12 +951,15 @@ static int handle_curl_result(struct slot_results *results)
>  		return HTTP_MISSING_TARGET;
>  	else if (results->http_code == 401) {
>  		if (http_auth.username && http_auth.password) {
> +#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
> +			if (http_auth_methods & CURLAUTH_GSSNEGOTIATE) {
> +				http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE;
> +				return HTTP_REAUTH;
> +			}
> +#endif
>  			credential_reject(&http_auth);
>  			return HTTP_NOAUTH;
>  		} else {
> -#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
> -			http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE;
> -#endif
>  			return HTTP_REAUTH;
>  		}
>  	} else {