submodule: add absorb-git-dir function
[gitweb.git] / http.c
diff --git a/http.c b/http.c
index 1044f9ba0e28ff825fa58c56d535861cd9f56a59..4c4a812fcc39509e32fbcae3db21871b97a1a5eb 100644 (file)
--- a/http.c
+++ b/http.c
@@ -11,6 +11,7 @@
 #include "gettext.h"
 #include "transport.h"
 
+static struct trace_key trace_curl = TRACE_KEY_INIT(CURL);
 #if LIBCURL_VERSION_NUM >= 0x070a08
 long int git_curl_ipresolve = CURL_IPRESOLVE_WHATEVER;
 #else
@@ -89,6 +90,18 @@ static struct {
         * here, too
         */
 };
+#if LIBCURL_VERSION_NUM >= 0x071600
+static const char *curl_deleg;
+static struct {
+       const char *name;
+       long curl_deleg_param;
+} curl_deleg_levels[] = {
+       { "none", CURLGSSAPI_DELEGATION_NONE },
+       { "policy", CURLGSSAPI_DELEGATION_POLICY_FLAG },
+       { "always", CURLGSSAPI_DELEGATION_FLAG },
+};
+#endif
+
 static struct credential proxy_auth = CREDENTIAL_INIT;
 static const char *curl_proxyuserpwd;
 static const char *curl_cookie_file;
@@ -114,6 +127,7 @@ static unsigned long http_auth_methods = CURLAUTH_ANY;
 
 static struct curl_slist *pragma_header;
 static struct curl_slist *no_pragma_header;
+static struct curl_slist *extra_http_headers;
 
 static struct active_request_slot *active_queue_head;
 
@@ -199,6 +213,13 @@ static void finish_active_slot(struct active_request_slot *slot)
                slot->callback_func(slot->callback_data);
 }
 
+static void xmulti_remove_handle(struct active_request_slot *slot)
+{
+#ifdef USE_CURL_MULTI
+       curl_multi_remove_handle(curlm, slot->curl);
+#endif
+}
+
 #ifdef USE_CURL_MULTI
 static void process_curl_messages(void)
 {
@@ -214,7 +235,7 @@ static void process_curl_messages(void)
                               slot->curl != curl_message->easy_handle)
                                slot = slot->next;
                        if (slot != NULL) {
-                               curl_multi_remove_handle(curlm, slot->curl);
+                               xmulti_remove_handle(slot);
                                slot->curl_result = curl_result;
                                finish_active_slot(slot);
                        } else {
@@ -314,6 +335,15 @@ static int http_options(const char *var, const char *value, void *cb)
                return 0;
        }
 
+       if (!strcmp("http.delegation", var)) {
+#if LIBCURL_VERSION_NUM >= 0x071600
+               return git_config_string(&curl_deleg, var, value);
+#else
+               warning(_("Delegation control is not supported with cURL < 7.22.0"));
+               return 0;
+#endif
+       }
+
        if (!strcmp("http.pinnedpubkey", var)) {
 #if LIBCURL_VERSION_NUM >= 0x072c00
                return git_config_pathname(&ssl_pinnedkey, var, value);
@@ -323,13 +353,26 @@ static int http_options(const char *var, const char *value, void *cb)
 #endif
        }
 
+       if (!strcmp("http.extraheader", var)) {
+               if (!value) {
+                       return config_error_nonbool(var);
+               } else if (!*value) {
+                       curl_slist_free_all(extra_http_headers);
+                       extra_http_headers = NULL;
+               } else {
+                       extra_http_headers =
+                               curl_slist_append(extra_http_headers, value);
+               }
+               return 0;
+       }
+
        /* Fall back on the default ones */
        return git_default_config(var, value, cb);
 }
 
 static void init_curl_http_auth(CURL *result)
 {
-       if (!http_auth.username) {
+       if (!http_auth.username || !*http_auth.username) {
                if (curl_empty_auth)
                        curl_easy_setopt(result, CURLOPT_USERPWD, ":");
                return;
@@ -446,8 +489,7 @@ static int sockopt_callback(void *client, curl_socket_t fd, curlsocktype type)
 
        rc = setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&ka, len);
        if (rc < 0)
-               warning("unable to set SO_KEEPALIVE on socket %s",
-                       strerror(errno));
+               warning_errno("unable to set SO_KEEPALIVE on socket");
 
        return 0; /* CURL_SOCKOPT_OK only exists since curl 7.21.5 */
 }
@@ -464,6 +506,125 @@ static void set_curl_keepalive(CURL *c)
 }
 #endif
 
+static void redact_sensitive_header(struct strbuf *header)
+{
+       const char *sensitive_header;
+
+       if (skip_prefix(header->buf, "Authorization:", &sensitive_header) ||
+           skip_prefix(header->buf, "Proxy-Authorization:", &sensitive_header)) {
+               /* The first token is the type, which is OK to log */
+               while (isspace(*sensitive_header))
+                       sensitive_header++;
+               while (*sensitive_header && !isspace(*sensitive_header))
+                       sensitive_header++;
+               /* Everything else is opaque and possibly sensitive */
+               strbuf_setlen(header,  sensitive_header - header->buf);
+               strbuf_addstr(header, " <redacted>");
+       }
+}
+
+static void curl_dump_header(const char *text, unsigned char *ptr, size_t size, int hide_sensitive_header)
+{
+       struct strbuf out = STRBUF_INIT;
+       struct strbuf **headers, **header;
+
+       strbuf_addf(&out, "%s, %10.10ld bytes (0x%8.8lx)\n",
+               text, (long)size, (long)size);
+       trace_strbuf(&trace_curl, &out);
+       strbuf_reset(&out);
+       strbuf_add(&out, ptr, size);
+       headers = strbuf_split_max(&out, '\n', 0);
+
+       for (header = headers; *header; header++) {
+               if (hide_sensitive_header)
+                       redact_sensitive_header(*header);
+               strbuf_insert((*header), 0, text, strlen(text));
+               strbuf_insert((*header), strlen(text), ": ", 2);
+               strbuf_rtrim((*header));
+               strbuf_addch((*header), '\n');
+               trace_strbuf(&trace_curl, (*header));
+       }
+       strbuf_list_free(headers);
+       strbuf_release(&out);
+}
+
+static void curl_dump_data(const char *text, unsigned char *ptr, size_t size)
+{
+       size_t i;
+       struct strbuf out = STRBUF_INIT;
+       unsigned int width = 60;
+
+       strbuf_addf(&out, "%s, %10.10ld bytes (0x%8.8lx)\n",
+               text, (long)size, (long)size);
+       trace_strbuf(&trace_curl, &out);
+
+       for (i = 0; i < size; i += width) {
+               size_t w;
+
+               strbuf_reset(&out);
+               strbuf_addf(&out, "%s: ", text);
+               for (w = 0; (w < width) && (i + w < size); w++) {
+                       unsigned char ch = ptr[i + w];
+
+                       strbuf_addch(&out,
+                                      (ch >= 0x20) && (ch < 0x80)
+                                      ? ch : '.');
+               }
+               strbuf_addch(&out, '\n');
+               trace_strbuf(&trace_curl, &out);
+       }
+       strbuf_release(&out);
+}
+
+static int curl_trace(CURL *handle, curl_infotype type, char *data, size_t size, void *userp)
+{
+       const char *text;
+       enum { NO_FILTER = 0, DO_FILTER = 1 };
+
+       switch (type) {
+       case CURLINFO_TEXT:
+               trace_printf_key(&trace_curl, "== Info: %s", data);
+       default:                /* we ignore unknown types by default */
+               return 0;
+
+       case CURLINFO_HEADER_OUT:
+               text = "=> Send header";
+               curl_dump_header(text, (unsigned char *)data, size, DO_FILTER);
+               break;
+       case CURLINFO_DATA_OUT:
+               text = "=> Send data";
+               curl_dump_data(text, (unsigned char *)data, size);
+               break;
+       case CURLINFO_SSL_DATA_OUT:
+               text = "=> Send SSL data";
+               curl_dump_data(text, (unsigned char *)data, size);
+               break;
+       case CURLINFO_HEADER_IN:
+               text = "<= Recv header";
+               curl_dump_header(text, (unsigned char *)data, size, NO_FILTER);
+               break;
+       case CURLINFO_DATA_IN:
+               text = "<= Recv data";
+               curl_dump_data(text, (unsigned char *)data, size);
+               break;
+       case CURLINFO_SSL_DATA_IN:
+               text = "<= Recv SSL data";
+               curl_dump_data(text, (unsigned char *)data, size);
+               break;
+       }
+       return 0;
+}
+
+void setup_curl_trace(CURL *handle)
+{
+       if (!trace_want(&trace_curl))
+               return;
+       curl_easy_setopt(handle, CURLOPT_VERBOSE, 1L);
+       curl_easy_setopt(handle, CURLOPT_DEBUGFUNCTION, curl_trace);
+       curl_easy_setopt(handle, CURLOPT_DEBUGDATA, NULL);
+}
+
+
 static CURL *get_curl_handle(void)
 {
        CURL *result = curl_easy_init();
@@ -489,6 +650,22 @@ static CURL *get_curl_handle(void)
        curl_easy_setopt(result, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
 #endif
 
+#if LIBCURL_VERSION_NUM >= 0x071600
+       if (curl_deleg) {
+               int i;
+               for (i = 0; i < ARRAY_SIZE(curl_deleg_levels); i++) {
+                       if (!strcmp(curl_deleg, curl_deleg_levels[i].name)) {
+                               curl_easy_setopt(result, CURLOPT_GSSAPI_DELEGATION,
+                                               curl_deleg_levels[i].curl_deleg_param);
+                               break;
+                       }
+               }
+               if (i == ARRAY_SIZE(curl_deleg_levels))
+                       warning("Unknown delegation method '%s': using default",
+                               curl_deleg);
+       }
+#endif
+
        if (http_proactive_auth)
                init_curl_http_auth(result);
 
@@ -562,9 +739,9 @@ static CURL *get_curl_handle(void)
                warning("protocol restrictions not applied to curl redirects because\n"
                        "your curl version is too old (>= 7.19.4)");
 #endif
-
        if (getenv("GIT_CURL_VERBOSE"))
-               curl_easy_setopt(result, CURLOPT_VERBOSE, 1);
+               curl_easy_setopt(result, CURLOPT_VERBOSE, 1L);
+       setup_curl_trace(result);
 
        curl_easy_setopt(result, CURLOPT_USERAGENT,
                user_agent ? user_agent : git_user_agent());
@@ -590,7 +767,7 @@ static CURL *get_curl_handle(void)
         * precedence here, as in CURL.
         */
        if (!curl_http_proxy) {
-               if (!strcmp(http_auth.protocol, "https")) {
+               if (http_auth.protocol && !strcmp(http_auth.protocol, "https")) {
                        var_override(&curl_http_proxy, getenv("HTTPS_PROXY"));
                        var_override(&curl_http_proxy, getenv("https_proxy"));
                } else {
@@ -678,8 +855,10 @@ void http_init(struct remote *remote, const char *url, int proactive_auth)
        if (remote)
                var_override(&http_proxy_authmethod, remote->http_proxy_authmethod);
 
-       pragma_header = curl_slist_append(pragma_header, "Pragma: no-cache");
-       no_pragma_header = curl_slist_append(no_pragma_header, "Pragma:");
+       pragma_header = curl_slist_append(http_copy_default_headers(),
+               "Pragma: no-cache");
+       no_pragma_header = curl_slist_append(http_copy_default_headers(),
+               "Pragma:");
 
 #ifdef USE_CURL_MULTI
        {
@@ -746,9 +925,7 @@ void http_cleanup(void)
        while (slot != NULL) {
                struct active_request_slot *next = slot->next;
                if (slot->curl != NULL) {
-#ifdef USE_CURL_MULTI
-                       curl_multi_remove_handle(curlm, slot->curl);
-#endif
+                       xmulti_remove_handle(slot);
                        curl_easy_cleanup(slot->curl);
                }
                free(slot);
@@ -765,6 +942,9 @@ void http_cleanup(void)
 #endif
        curl_global_cleanup();
 
+       curl_slist_free_all(extra_http_headers);
+       extra_http_headers = NULL;
+
        curl_slist_free_all(pragma_header);
        pragma_header = NULL;
 
@@ -884,6 +1064,8 @@ int start_active_slot(struct active_request_slot *slot)
 
        if (curlm_result != CURLM_OK &&
            curlm_result != CURLM_CALL_MULTI_PERFORM) {
+               warning("curl_multi_add_handle failed: %s",
+                       curl_multi_strerror(curlm_result));
                active_requests--;
                slot->in_use = 0;
                return 0;
@@ -1023,13 +1205,13 @@ void run_active_slot(struct active_request_slot *slot)
 static void release_active_slot(struct active_request_slot *slot)
 {
        closedown_active_slot(slot);
-       if (slot->curl && curl_session_count > min_curl_sessions) {
-#ifdef USE_CURL_MULTI
-               curl_multi_remove_handle(curlm, slot->curl);
-#endif
-               curl_easy_cleanup(slot->curl);
-               slot->curl = NULL;
-               curl_session_count--;
+       if (slot->curl) {
+               xmulti_remove_handle(slot);
+               if (curl_session_count > min_curl_sessions) {
+                       curl_easy_cleanup(slot->curl);
+                       slot->curl = NULL;
+                       curl_session_count--;
+               }
        }
 #ifdef USE_CURL_MULTI
        fill_active_slots();
@@ -1087,7 +1269,7 @@ void append_remote_object_url(struct strbuf *buf, const char *url,
 
        strbuf_addf(buf, "objects/%.*s/", 2, hex);
        if (!only_two_digit_prefix)
-               strbuf_addf(buf, "%s", hex+2);
+               strbuf_addstr(buf, hex + 2);
 }
 
 char *get_remote_object_url(const char *url, const char *hex,
@@ -1163,6 +1345,16 @@ int run_one_slot(struct active_request_slot *slot,
        return handle_curl_result(results);
 }
 
+struct curl_slist *http_copy_default_headers(void)
+{
+       struct curl_slist *headers = NULL, *h;
+
+       for (h = extra_http_headers; h; h = h->next)
+               headers = curl_slist_append(headers, h->data);
+
+       return headers;
+}
+
 static CURLcode curlinfo_strbuf(CURL *curl, CURLINFO info, struct strbuf *buf)
 {
        char *ptr;
@@ -1380,7 +1572,7 @@ static int http_request(const char *url,
 {
        struct active_request_slot *slot;
        struct slot_results results;
-       struct curl_slist *headers = NULL;
+       struct curl_slist *headers = http_copy_default_headers();
        struct strbuf buf = STRBUF_INIT;
        const char *accept_language;
        int ret;
@@ -1827,8 +2019,19 @@ static size_t fwrite_sha1_file(char *ptr, size_t eltsize, size_t nmemb,
        unsigned char expn[4096];
        size_t size = eltsize * nmemb;
        int posn = 0;
-       struct http_object_request *freq =
-               (struct http_object_request *)data;
+       struct http_object_request *freq = data;
+       struct active_request_slot *slot = freq->slot;
+
+       if (slot) {
+               CURLcode c = curl_easy_getinfo(slot->curl, CURLINFO_HTTP_CODE,
+                                               &slot->http_code);
+               if (c != CURLE_OK)
+                       die("BUG: curl_easy_getinfo for HTTP code failed: %s",
+                               curl_easy_strerror(c));
+               if (slot->http_code >= 400)
+                       return size;
+       }
+
        do {
                ssize_t retval = xwrite(freq->localfile,
                                        (char *) ptr + posn, size - posn);
@@ -1894,8 +2097,7 @@ struct http_object_request *new_http_object_request(const char *base_url,
        }
 
        if (freq->localfile < 0) {
-               error("Couldn't create temporary file %s: %s",
-                     freq->tmpfile, strerror(errno));
+               error_errno("Couldn't create temporary file %s", freq->tmpfile);
                goto abort;
        }
 
@@ -1940,8 +2142,8 @@ struct http_object_request *new_http_object_request(const char *base_url,
                        prev_posn = 0;
                        lseek(freq->localfile, 0, SEEK_SET);
                        if (ftruncate(freq->localfile, 0) < 0) {
-                               error("Couldn't truncate temporary file %s: %s",
-                                         freq->tmpfile, strerror(errno));
+                               error_errno("Couldn't truncate temporary file %s",
+                                           freq->tmpfile);
                                goto abort;
                        }
                }
@@ -1950,6 +2152,7 @@ struct http_object_request *new_http_object_request(const char *base_url,
        freq->slot = get_active_slot();
 
        curl_easy_setopt(freq->slot->curl, CURLOPT_FILE, freq);
+       curl_easy_setopt(freq->slot->curl, CURLOPT_FAILONERROR, 0);
        curl_easy_setopt(freq->slot->curl, CURLOPT_WRITEFUNCTION, fwrite_sha1_file);
        curl_easy_setopt(freq->slot->curl, CURLOPT_ERRORBUFFER, freq->errorstr);
        curl_easy_setopt(freq->slot->curl, CURLOPT_URL, freq->url);