Merge branch 'jk/maint-http-half-auth-fetch'

Fixes fetch from servers that ask for auth only during the actual
packing phase. This is not really a recommended configuration, but it
cleans up the code at the same time.

* jk/maint-http-half-auth-fetch:
remote-curl: retry failed requests for auth even with gzip
remote-curl: hoist gzip buffer size to top of post_rpc

diff --git a/remote-curl.c b/remote-curl.c
index 278fecdd9bd00bf0df0a3d1f35777546794bc92f..d8b3600bdd0b96e364775113c63957a2936a3324 100644 (file)
--- a/remote-curl.c
+++ b/remote-curl.c
@@ -400,6 +400,7 @@ static int post_rpc(struct rpc_state *rpc)
        struct curl_slist *headers = NULL;
        int use_gzip = rpc->gzip_request;
        char *gzip_body = NULL;
+       size_t gzip_size;
        int err, large_request = 0;
 
        /* Try to load the entire request, if we can fit it into the
@@ -460,24 +461,32 @@ static int post_rpc(struct rpc_state *rpc)
                        fflush(stderr);
                }
 
+       } else if (gzip_body) {
+               /*
+                * If we are looping to retry authentication, then the previous
+                * run will have set up the headers and gzip buffer already,
+                * and we just need to send it.
+                */
+               curl_easy_setopt(slot->curl, CURLOPT_POSTFIELDS, gzip_body);
+               curl_easy_setopt(slot->curl, CURLOPT_POSTFIELDSIZE, gzip_size);
+
        } else if (use_gzip && 1024 < rpc->len) {
                /* The client backend isn't giving us compressed data so
                 * we can try to deflate it ourselves, this may save on.
                 * the transfer time.
                 */
-               size_t size;
                git_zstream stream;
                int ret;
 
                memset(&stream, 0, sizeof(stream));
                git_deflate_init_gzip(&stream, Z_BEST_COMPRESSION);
-               size = git_deflate_bound(&stream, rpc->len);
-               gzip_body = xmalloc(size);
+               gzip_size = git_deflate_bound(&stream, rpc->len);
+               gzip_body = xmalloc(gzip_size);
 
                stream.next_in = (unsigned char *)rpc->buf;
                stream.avail_in = rpc->len;
                stream.next_out = (unsigned char *)gzip_body;
-               stream.avail_out = size;
+               stream.avail_out = gzip_size;
 
                ret = git_deflate(&stream, Z_FINISH);
                if (ret != Z_STREAM_END)
@@ -487,16 +496,16 @@ static int post_rpc(struct rpc_state *rpc)
                if (ret != Z_OK)
                        die("cannot deflate request; zlib end error %d", ret);
 
-               size = stream.total_out;
+               gzip_size = stream.total_out;
 
                headers = curl_slist_append(headers, "Content-Encoding: gzip");
                curl_easy_setopt(slot->curl, CURLOPT_POSTFIELDS, gzip_body);
-               curl_easy_setopt(slot->curl, CURLOPT_POSTFIELDSIZE, size);
+               curl_easy_setopt(slot->curl, CURLOPT_POSTFIELDSIZE, gzip_size);
 
                if (options.verbosity > 1) {
                        fprintf(stderr, "POST %s (gzip %lu to %lu bytes)\n",
                                rpc->service_name,
-                               (unsigned long)rpc->len, (unsigned long)size);
+                               (unsigned long)rpc->len, (unsigned long)gzip_size);
                        fflush(stderr);
                }
        } else {
@@ -517,7 +526,7 @@ static int post_rpc(struct rpc_state *rpc)
        curl_easy_setopt(slot->curl, CURLOPT_FILE, rpc);
 
        err = run_slot(slot);
-       if (err == HTTP_REAUTH && !large_request && !use_gzip)
+       if (err == HTTP_REAUTH && !large_request)
                goto retry;
        if (err != HTTP_OK)
                err = -1;

diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf
index 49d5d877ceeeba3738b0939f14d059c2a75ff3ae..fe76e84b74472a431eef59a1f4936cfc69367003 100644 (file)
--- a/t/lib-httpd/apache.conf
+++ b/t/lib-httpd/apache.conf
@@ -99,6 +99,13 @@ SSLEngine On
        Require valid-user
 </LocationMatch>
 
+<LocationMatch "^/auth-fetch/.*/git-upload-pack$">
+       AuthType Basic
+       AuthName "git-auth"
+       AuthUserFile passwd
+       Require valid-user
+</LocationMatch>
+
 <IfDefine DAV>
        LoadModule dav_module modules/mod_dav.so
        LoadModule dav_fs_module modules/mod_dav_fs.so

diff --git a/t/t5551-http-fetch.sh b/t/t5551-http-fetch.sh
index 5060879d6d93d1f10a1db690bd42c19ee5ec1ae4..c5cd2e348c6fe47af7d94ef6852757c301f8097a 100755 (executable)
--- a/t/t5551-http-fetch.sh
+++ b/t/t5551-http-fetch.sh
@@ -130,6 +130,21 @@ test_expect_success 'clone from auth-only-for-push repository' '
        test_cmp expect actual
 '
 
+test_expect_success 'clone from auth-only-for-objects repository' '
+       echo two >expect &&
+       set_askpass user@host &&
+       git clone --bare "$HTTPD_URL/auth-fetch/smart/repo.git" half-auth &&
+       expect_askpass both user@host &&
+       git --git-dir=half-auth log -1 --format=%s >actual &&
+       test_cmp expect actual
+'
+
+test_expect_success 'no-op half-auth fetch does not require a password' '
+       set_askpass wrong &&
+       git --git-dir=half-auth fetch &&
+       expect_askpass none
+'
+
 test_expect_success 'disable dumb http on server' '
        git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/repo.git" \
                config http.getanyfile false