From: Junio C Hamano Date: Mon, 17 Oct 2016 20:25:18 +0000 (-0700) Subject: Merge branch 'dt/http-empty-auth' X-Git-Tag: v2.11.0-rc0~64 X-Git-Url: https://git.lorimer.id.au/gitweb.git/diff_plain/c6400bf8d5437e7614c86e6b027761e11ed7a1be?ds=inline;hp=-c Merge branch 'dt/http-empty-auth' http.emptyauth configuration is a way to allow an empty username to pass when attempting to authenticate using mechanisms like Kerberos. We took an unspecified (NULL) username and sent ":" (i.e. no username, no password) to CURLOPT_USERPWD, but did not do the same when the username is explicitly set to an empty string. * dt/http-empty-auth: http: http.emptyauth should allow empty (not just NULL) usernames --- c6400bf8d5437e7614c86e6b027761e11ed7a1be diff --combined http.c index 0c65639881,bd0dba23a0..4c4a812fcc --- a/http.c +++ b/http.c @@@ -90,18 -90,6 +90,18 @@@ static struct * here, too */ }; +#if LIBCURL_VERSION_NUM >= 0x071600 +static const char *curl_deleg; +static struct { + const char *name; + long curl_deleg_param; +} curl_deleg_levels[] = { + { "none", CURLGSSAPI_DELEGATION_NONE }, + { "policy", CURLGSSAPI_DELEGATION_POLICY_FLAG }, + { "always", CURLGSSAPI_DELEGATION_FLAG }, +}; +#endif + static struct credential proxy_auth = CREDENTIAL_INIT; static const char *curl_proxyuserpwd; static const char *curl_cookie_file; @@@ -335,15 -323,6 +335,15 @@@ static int http_options(const char *var return 0; } + if (!strcmp("http.delegation", var)) { +#if LIBCURL_VERSION_NUM >= 0x071600 + return git_config_string(&curl_deleg, var, value); +#else + warning(_("Delegation control is not supported with cURL < 7.22.0")); + return 0; +#endif + } + if (!strcmp("http.pinnedpubkey", var)) { #if LIBCURL_VERSION_NUM >= 0x072c00 return git_config_pathname(&ssl_pinnedkey, var, value); @@@ -372,7 -351,7 +372,7 @@@ static void init_curl_http_auth(CURL *result) { - if (!http_auth.username) { + if (!http_auth.username || !*http_auth.username) { if (curl_empty_auth) curl_easy_setopt(result, CURLOPT_USERPWD, ":"); return; @@@ -650,22 -629,6 +650,22 @@@ static CURL *get_curl_handle(void curl_easy_setopt(result, CURLOPT_HTTPAUTH, CURLAUTH_ANY); #endif +#if LIBCURL_VERSION_NUM >= 0x071600 + if (curl_deleg) { + int i; + for (i = 0; i < ARRAY_SIZE(curl_deleg_levels); i++) { + if (!strcmp(curl_deleg, curl_deleg_levels[i].name)) { + curl_easy_setopt(result, CURLOPT_GSSAPI_DELEGATION, + curl_deleg_levels[i].curl_deleg_param); + break; + } + } + if (i == ARRAY_SIZE(curl_deleg_levels)) + warning("Unknown delegation method '%s': using default", + curl_deleg); + } +#endif + if (http_proactive_auth) init_curl_http_auth(result);