summaryrefslogtreecommitdiff
path: root/http.c
diff options
context:
space:
mode:
Diffstat (limited to 'http.c')
-rw-r--r--http.c102
1 files changed, 77 insertions, 25 deletions
diff --git a/http.c b/http.c
index 90a1c0f113..76ff63c14d 100644
--- a/http.c
+++ b/http.c
@@ -1,5 +1,6 @@
#include "git-compat-util.h"
#include "http.h"
+#include "config.h"
#include "pack.h"
#include "sideband.h"
#include "run-command.h"
@@ -19,7 +20,7 @@ long int git_curl_ipresolve;
#endif
int active_requests;
int http_is_verbose;
-size_t http_post_buffer = 16 * LARGE_PACKET_MAX;
+ssize_t http_post_buffer = 16 * LARGE_PACKET_MAX;
#if LIBCURL_VERSION_NUM >= 0x070a06
#define LIBCURL_CAN_HANDLE_AUTH_ANY
@@ -109,7 +110,7 @@ static int curl_save_cookies;
struct credential http_auth = CREDENTIAL_INIT;
static int http_proactive_auth;
static const char *user_agent;
-static int curl_empty_auth;
+static int curl_empty_auth = -1;
enum http_follow_config http_follow_config = HTTP_FOLLOW_INITIAL;
@@ -125,6 +126,14 @@ static struct credential cert_auth = CREDENTIAL_INIT;
static int ssl_cert_password_required;
#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
static unsigned long http_auth_methods = CURLAUTH_ANY;
+static int http_auth_methods_restricted;
+/* Modes for which empty_auth cannot actually help us. */
+static unsigned long empty_auth_useless =
+ CURLAUTH_BASIC
+#ifdef CURLAUTH_DIGEST_IE
+ | CURLAUTH_DIGEST_IE
+#endif
+ | CURLAUTH_DIGEST;
#endif
static struct curl_slist *pragma_header;
@@ -263,10 +272,10 @@ static int http_options(const char *var, const char *value, void *cb)
if (!strcmp("http.sslversion", var))
return git_config_string(&ssl_version, var, value);
if (!strcmp("http.sslcert", var))
- return git_config_string(&ssl_cert, var, value);
+ return git_config_pathname(&ssl_cert, var, value);
#if LIBCURL_VERSION_NUM >= 0x070903
if (!strcmp("http.sslkey", var))
- return git_config_string(&ssl_key, var, value);
+ return git_config_pathname(&ssl_key, var, value);
#endif
#if LIBCURL_VERSION_NUM >= 0x070908
if (!strcmp("http.sslcapath", var))
@@ -323,7 +332,9 @@ static int http_options(const char *var, const char *value, void *cb)
}
if (!strcmp("http.postbuffer", var)) {
- http_post_buffer = git_config_int(var, value);
+ http_post_buffer = git_config_ssize_t(var, value);
+ if (http_post_buffer < 0)
+ warning(_("negative value for http.postbuffer; defaulting to %d"), LARGE_PACKET_MAX);
if (http_post_buffer < LARGE_PACKET_MAX)
http_post_buffer = LARGE_PACKET_MAX;
return 0;
@@ -333,7 +344,10 @@ static int http_options(const char *var, const char *value, void *cb)
return git_config_string(&user_agent, var, value);
if (!strcmp("http.emptyauth", var)) {
- curl_empty_auth = git_config_bool(var, value);
+ if (value && !strcmp("auto", value))
+ curl_empty_auth = -1;
+ else
+ curl_empty_auth = git_config_bool(var, value);
return 0;
}
@@ -382,10 +396,37 @@ static int http_options(const char *var, const char *value, void *cb)
return git_default_config(var, value, cb);
}
+static int curl_empty_auth_enabled(void)
+{
+ if (curl_empty_auth >= 0)
+ return curl_empty_auth;
+
+#ifndef LIBCURL_CAN_HANDLE_AUTH_ANY
+ /*
+ * Our libcurl is too old to do AUTH_ANY in the first place;
+ * just default to turning the feature off.
+ */
+#else
+ /*
+ * In the automatic case, kick in the empty-auth
+ * hack as long as we would potentially try some
+ * method more exotic than "Basic" or "Digest".
+ *
+ * But only do this when this is our second or
+ * subsequent request, as by then we know what
+ * methods are available.
+ */
+ if (http_auth_methods_restricted &&
+ (http_auth_methods & ~empty_auth_useless))
+ return 1;
+#endif
+ return 0;
+}
+
static void init_curl_http_auth(CURL *result)
{
if (!http_auth.username || !*http_auth.username) {
- if (curl_empty_auth)
+ if (curl_empty_auth_enabled())
curl_easy_setopt(result, CURLOPT_USERPWD, ":");
return;
}
@@ -798,8 +839,14 @@ static CURL *get_curl_handle(void)
}
}
- if (curl_http_proxy) {
- curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy);
+ if (curl_http_proxy && curl_http_proxy[0] == '\0') {
+ /*
+ * Handle case with the empty http.proxy value here to keep
+ * common code clean.
+ * NB: empty option disables proxying at all.
+ */
+ curl_easy_setopt(result, CURLOPT_PROXY, "");
+ } else if (curl_http_proxy) {
#if LIBCURL_VERSION_NUM >= 0x071800
if (starts_with(curl_http_proxy, "socks5h"))
curl_easy_setopt(result,
@@ -823,6 +870,9 @@ static CURL *get_curl_handle(void)
strbuf_release(&url);
}
+ if (!proxy_auth.host)
+ die("Invalid proxy URL '%s'", curl_http_proxy);
+
curl_easy_setopt(result, CURLOPT_PROXY, proxy_auth.host);
#if LIBCURL_VERSION_NUM >= 0x071304
var_override(&curl_no_proxy, getenv("NO_PROXY"));
@@ -977,8 +1027,7 @@ void http_cleanup(void)
if (proxy_auth.password) {
memset(proxy_auth.password, 0, strlen(proxy_auth.password));
- free(proxy_auth.password);
- proxy_auth.password = NULL;
+ FREE_AND_NULL(proxy_auth.password);
}
free((void *)curl_proxyuserpwd);
@@ -989,13 +1038,11 @@ void http_cleanup(void)
if (cert_auth.password != NULL) {
memset(cert_auth.password, 0, strlen(cert_auth.password));
- free(cert_auth.password);
- cert_auth.password = NULL;
+ FREE_AND_NULL(cert_auth.password);
}
ssl_cert_password_required = 0;
- free(cached_accept_language);
- cached_accept_language = NULL;
+ FREE_AND_NULL(cached_accept_language);
}
struct active_request_slot *get_active_slot(void)
@@ -1079,7 +1126,7 @@ struct active_request_slot *get_active_slot(void)
#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
curl_easy_setopt(slot->curl, CURLOPT_HTTPAUTH, http_auth_methods);
#endif
- if (http_auth.password || curl_empty_auth)
+ if (http_auth.password || curl_empty_auth_enabled())
init_curl_http_auth(slot->curl);
return slot;
@@ -1328,9 +1375,9 @@ static int handle_curl_result(struct slot_results *results)
* FAILONERROR it is lost, so we can give only the numeric
* status code.
*/
- snprintf(curl_errorstr, sizeof(curl_errorstr),
- "The requested URL returned error: %ld",
- results->http_code);
+ xsnprintf(curl_errorstr, sizeof(curl_errorstr),
+ "The requested URL returned error: %ld",
+ results->http_code);
}
if (results->curl_result == CURLE_OK) {
@@ -1347,6 +1394,10 @@ static int handle_curl_result(struct slot_results *results)
} else {
#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE;
+ if (results->auth_avail) {
+ http_auth_methods &= results->auth_avail;
+ http_auth_methods_restricted = 1;
+ }
#endif
return HTTP_REAUTH;
}
@@ -1368,8 +1419,8 @@ int run_one_slot(struct active_request_slot *slot,
{
slot->results = results;
if (!start_active_slot(slot)) {
- snprintf(curl_errorstr, sizeof(curl_errorstr),
- "failed to start HTTP request");
+ xsnprintf(curl_errorstr, sizeof(curl_errorstr),
+ "failed to start HTTP request");
return HTTP_START_FAILED;
}
@@ -1727,6 +1778,9 @@ static int http_request_reauth(const char *url,
{
int ret = http_request(url, result, target, options);
+ if (ret != HTTP_OK && ret != HTTP_REAUTH)
+ return ret;
+
if (options && options->effective_url && options->base_url) {
if (update_url_from_redirect(options->base_url,
url, options->effective_url)) {
@@ -1840,8 +1894,7 @@ static char *fetch_pack_index(unsigned char *sha1, const char *base_url)
if (http_get_file(url, tmp, NULL) != HTTP_OK) {
error("Unable to get pack index %s", url);
- free(tmp);
- tmp = NULL;
+ FREE_AND_NULL(tmp);
}
free(url);
@@ -2272,8 +2325,7 @@ void release_http_object_request(struct http_object_request *freq)
freq->localfile = -1;
}
if (freq->url != NULL) {
- free(freq->url);
- freq->url = NULL;
+ FREE_AND_NULL(freq->url);
}
if (freq->slot != NULL) {
freq->slot->callback_func = NULL;