summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLibravatar brian m. carlson <sandals@crustytoothpaste.net>2016-02-15 18:44:46 +0000
committerLibravatar Junio C Hamano <gitster@pobox.com>2016-02-15 14:13:37 -0800
commit121061f67fd47aed5b2f3a7deb82af15215636bd (patch)
tree62cb917fc8c05a69bd892fc04e87538447760575
parentGit 2.7.1 (diff)
downloadtgif-121061f67fd47aed5b2f3a7deb82af15215636bd.tar.xz
http: add option to try authentication without username
Performing GSS-Negotiate authentication using Kerberos does not require specifying a username or password, since that information is already included in the ticket itself. However, libcurl refuses to perform authentication if it has not been provided with a username and password. Add an option, http.emptyAuth, that provides libcurl with an empty username and password to make it attempt authentication anyway. Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--Documentation/config.txt6
-rw-r--r--http.c13
2 files changed, 17 insertions, 2 deletions
diff --git a/Documentation/config.txt b/Documentation/config.txt
index f61788668e..d9abfbb427 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -1600,6 +1600,12 @@ http.proxy::
`curl(1)`). This can be overridden on a per-remote basis; see
remote.<name>.proxy
+http.emptyAuth::
+ Attempt authentication without seeking a username or password. This
+ can be used to attempt GSS-Negotiate authentication without specifying
+ a username in the URL, as libcurl normally requires a username for
+ authentication.
+
http.cookieFile::
File containing previously stored cookie lines which should be used
in the Git http session, if they match the server. The file format
diff --git a/http.c b/http.c
index 0da9e66398..fe494ab36c 100644
--- a/http.c
+++ b/http.c
@@ -67,6 +67,7 @@ static int curl_save_cookies;
struct credential http_auth = CREDENTIAL_INIT;
static int http_proactive_auth;
static const char *user_agent;
+static int curl_empty_auth;
#if LIBCURL_VERSION_NUM >= 0x071700
/* Use CURLOPT_KEYPASSWD as is */
@@ -273,14 +274,22 @@ static int http_options(const char *var, const char *value, void *cb)
if (!strcmp("http.useragent", var))
return git_config_string(&user_agent, var, value);
+ if (!strcmp("http.emptyauth", var)) {
+ curl_empty_auth = git_config_bool(var, value);
+ return 0;
+ }
+
/* Fall back on the default ones */
return git_default_config(var, value, cb);
}
static void init_curl_http_auth(CURL *result)
{
- if (!http_auth.username)
+ if (!http_auth.username) {
+ if (curl_empty_auth)
+ curl_easy_setopt(result, CURLOPT_USERPWD, ":");
return;
+ }
credential_fill(&http_auth);
@@ -695,7 +704,7 @@ struct active_request_slot *get_active_slot(void)
#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
curl_easy_setopt(slot->curl, CURLOPT_HTTPAUTH, http_auth_methods);
#endif
- if (http_auth.password)
+ if (http_auth.password || curl_empty_auth)
init_curl_http_auth(slot->curl);
return slot;