Skip to content

Commit

Permalink
http: add option to try authentication without username
Browse files Browse the repository at this point in the history
Performing GSS-Negotiate authentication using Kerberos does not require
specifying a username or password, since that information is already
included in the ticket itself.  However, libcurl refuses to perform
authentication if it has not been provided with a username and password.
Add an option, http.emptyAuth, that provides libcurl with an empty
username and password to make it attempt authentication anyway.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
  • Loading branch information
brian m. carlson authored and Junio C Hamano committed Feb 15, 2016
1 parent a08595f commit 121061f
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 2 deletions.
6 changes: 6 additions & 0 deletions Documentation/config.txt
Original file line number Diff line number Diff line change
Expand Up @@ -1600,6 +1600,12 @@ http.proxy::
`curl(1)`). This can be overridden on a per-remote basis; see
remote.<name>.proxy

http.emptyAuth::
Attempt authentication without seeking a username or password. This
can be used to attempt GSS-Negotiate authentication without specifying
a username in the URL, as libcurl normally requires a username for
authentication.

http.cookieFile::
File containing previously stored cookie lines which should be used
in the Git http session, if they match the server. The file format
Expand Down
13 changes: 11 additions & 2 deletions http.c
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ static int curl_save_cookies;
struct credential http_auth = CREDENTIAL_INIT;
static int http_proactive_auth;
static const char *user_agent;
static int curl_empty_auth;

#if LIBCURL_VERSION_NUM >= 0x071700
/* Use CURLOPT_KEYPASSWD as is */
Expand Down Expand Up @@ -273,14 +274,22 @@ static int http_options(const char *var, const char *value, void *cb)
if (!strcmp("http.useragent", var))
return git_config_string(&user_agent, var, value);

if (!strcmp("http.emptyauth", var)) {
curl_empty_auth = git_config_bool(var, value);
return 0;
}

/* Fall back on the default ones */
return git_default_config(var, value, cb);
}

static void init_curl_http_auth(CURL *result)
{
if (!http_auth.username)
if (!http_auth.username) {
if (curl_empty_auth)
curl_easy_setopt(result, CURLOPT_USERPWD, ":");
return;
}

credential_fill(&http_auth);

Expand Down Expand Up @@ -695,7 +704,7 @@ struct active_request_slot *get_active_slot(void)
#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
curl_easy_setopt(slot->curl, CURLOPT_HTTPAUTH, http_auth_methods);
#endif
if (http_auth.password)
if (http_auth.password || curl_empty_auth)
init_curl_http_auth(slot->curl);

return slot;
Expand Down

0 comments on commit 121061f

Please sign in to comment.