diff options
author | brian m. carlson <sandals@crustytoothpaste.net> | 2016-02-15 18:44:46 +0000 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2016-02-15 14:13:37 -0800 |
commit | 121061f67fd47aed5b2f3a7deb82af15215636bd (patch) | |
tree | 62cb917fc8c05a69bd892fc04e87538447760575 | |
parent | Git 2.7.1 (diff) | |
download | tgif-121061f67fd47aed5b2f3a7deb82af15215636bd.tar.xz |
http: add option to try authentication without username
Performing GSS-Negotiate authentication using Kerberos does not require
specifying a username or password, since that information is already
included in the ticket itself. However, libcurl refuses to perform
authentication if it has not been provided with a username and password.
Add an option, http.emptyAuth, that provides libcurl with an empty
username and password to make it attempt authentication anyway.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r-- | Documentation/config.txt | 6 | ||||
-rw-r--r-- | http.c | 13 |
2 files changed, 17 insertions, 2 deletions
diff --git a/Documentation/config.txt b/Documentation/config.txt index f61788668e..d9abfbb427 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -1600,6 +1600,12 @@ http.proxy:: `curl(1)`). This can be overridden on a per-remote basis; see remote.<name>.proxy +http.emptyAuth:: + Attempt authentication without seeking a username or password. This + can be used to attempt GSS-Negotiate authentication without specifying + a username in the URL, as libcurl normally requires a username for + authentication. + http.cookieFile:: File containing previously stored cookie lines which should be used in the Git http session, if they match the server. The file format @@ -67,6 +67,7 @@ static int curl_save_cookies; struct credential http_auth = CREDENTIAL_INIT; static int http_proactive_auth; static const char *user_agent; +static int curl_empty_auth; #if LIBCURL_VERSION_NUM >= 0x071700 /* Use CURLOPT_KEYPASSWD as is */ @@ -273,14 +274,22 @@ static int http_options(const char *var, const char *value, void *cb) if (!strcmp("http.useragent", var)) return git_config_string(&user_agent, var, value); + if (!strcmp("http.emptyauth", var)) { + curl_empty_auth = git_config_bool(var, value); + return 0; + } + /* Fall back on the default ones */ return git_default_config(var, value, cb); } static void init_curl_http_auth(CURL *result) { - if (!http_auth.username) + if (!http_auth.username) { + if (curl_empty_auth) + curl_easy_setopt(result, CURLOPT_USERPWD, ":"); return; + } credential_fill(&http_auth); @@ -695,7 +704,7 @@ struct active_request_slot *get_active_slot(void) #ifdef LIBCURL_CAN_HANDLE_AUTH_ANY curl_easy_setopt(slot->curl, CURLOPT_HTTPAUTH, http_auth_methods); #endif - if (http_auth.password) + if (http_auth.password || curl_empty_auth) init_curl_http_auth(slot->curl); return slot; |