From 0972ccd97cc8f913ea828a1e03ef3652fc1ff514 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Thu, 31 Oct 2013 02:35:31 -0400 Subject: [PATCH 1/3] http: return curl's AUTHAVAIL via slot_results Callers of the http code may want to know which auth types were available for the previous request. But after finishing with the curl slot, they are not supposed to look at the curl handle again. We already handle returning other information via the slot_results struct; let's add a flag to check the available auth. Note that older versions of curl did not support this, so we simply return 0 (something like "-1" would be worse, as the value is a bitflag and we might accidentally set a flag). This is sufficient for the callers planned in this series, who only trigger some optional behavior if particular bits are set, and can live with a fake "no bits" answer. Signed-off-by: Jeff King --- http.c | 6 ++++++ http.h | 1 + 2 files changed, 7 insertions(+) diff --git a/http.c b/http.c index 2d086aedf..1ea62fad4 100644 --- a/http.c +++ b/http.c @@ -706,6 +706,12 @@ void finish_active_slot(struct active_request_slot *slot) if (slot->results != NULL) { slot->results->curl_result = slot->curl_result; slot->results->http_code = slot->http_code; +#if LIBCURL_VERSION_NUM >= 0x070a08 + curl_easy_getinfo(slot->curl, CURLINFO_HTTPAUTH_AVAIL, + &slot->results->auth_avail); +#else + slot->results->auth_avail = 0; +#endif } /* Run callback if appropriate */ diff --git a/http.h b/http.h index d77c1b54f..81d484329 100644 --- a/http.h +++ b/http.h @@ -54,6 +54,7 @@ struct slot_results { CURLcode curl_result; long http_code; + long auth_avail; }; struct active_request_slot { From 3a347ed70727cdcb447040705b4128304c0244e3 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Thu, 31 Oct 2013 02:36:26 -0400 Subject: [PATCH 2/3] remote-curl: pass curl slot_results back through run_slot Some callers may want to know more than just the integer error code we return. Let them optionally pass a slot_results struct to fill in (or NULL if they do not care). In either case we continue to return the integer code. We can also give probe_rpc the same treatment (since it builds directly on run_slot). Signed-off-by: Jeff King --- remote-curl.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/remote-curl.c b/remote-curl.c index 5b3ce9eed..9ad347159 100644 --- a/remote-curl.c +++ b/remote-curl.c @@ -364,25 +364,29 @@ static size_t rpc_in(char *ptr, size_t eltsize, return size; } -static int run_slot(struct active_request_slot *slot) +static int run_slot(struct active_request_slot *slot, + struct slot_results *results) { int err; - struct slot_results results; + struct slot_results results_buf; - slot->results = &results; + if (!results) + results = &results_buf; + + slot->results = results; slot->curl_result = curl_easy_perform(slot->curl); finish_active_slot(slot); - err = handle_curl_result(&results); + err = handle_curl_result(results); if (err != HTTP_OK && err != HTTP_REAUTH) { error("RPC failed; result=%d, HTTP code = %ld", - results.curl_result, results.http_code); + results->curl_result, results->http_code); } return err; } -static int probe_rpc(struct rpc_state *rpc) +static int probe_rpc(struct rpc_state *rpc, struct slot_results *results) { struct active_request_slot *slot; struct curl_slist *headers = NULL; @@ -404,7 +408,7 @@ static int probe_rpc(struct rpc_state *rpc) curl_easy_setopt(slot->curl, CURLOPT_WRITEFUNCTION, fwrite_buffer); curl_easy_setopt(slot->curl, CURLOPT_FILE, &buf); - err = run_slot(slot); + err = run_slot(slot, results); curl_slist_free_all(headers); strbuf_release(&buf); @@ -443,7 +447,7 @@ static int post_rpc(struct rpc_state *rpc) if (large_request) { do { - err = probe_rpc(rpc); + err = probe_rpc(rpc, NULL); } while (err == HTTP_REAUTH); if (err != HTTP_OK) return -1; @@ -542,7 +546,7 @@ static int post_rpc(struct rpc_state *rpc) curl_easy_setopt(slot->curl, CURLOPT_WRITEFUNCTION, rpc_in); curl_easy_setopt(slot->curl, CURLOPT_FILE, rpc); - err = run_slot(slot); + err = run_slot(slot, NULL); if (err == HTTP_REAUTH && !large_request) goto retry; if (err != HTTP_OK) From c80d96ca0c3cf948c5062bf6591a46c625620b6d Mon Sep 17 00:00:00 2001 From: "Brian M. Carlson" Date: Thu, 31 Oct 2013 02:36:51 -0400 Subject: [PATCH 3/3] remote-curl: fix large pushes with GSSAPI Due to an interaction between the way libcurl handles GSSAPI authentication over HTTP and the way git uses libcurl, large pushes (those over http.postBuffer bytes) would fail due to an authentication failure requiring a rewind of the curl buffer. Such a rewind was not possible because the data did not fit into the entire buffer. Enable the use of the Expect: 100-continue header for large requests where the server offers GSSAPI authentication to avoid this issue, since the request would otherwise fail. This allows git to get the authentication data right before sending the pack contents. Existing cases where pushes would succeed, including small requests using GSSAPI, still disable the use of 100 Continue, as it causes problems for some remote HTTP implementations (servers and proxies). Signed-off-by: Brian M. Carlson Signed-off-by: Jeff King --- remote-curl.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/remote-curl.c b/remote-curl.c index 9ad347159..427d50f8d 100644 --- a/remote-curl.c +++ b/remote-curl.c @@ -423,6 +423,7 @@ static int post_rpc(struct rpc_state *rpc) char *gzip_body = NULL; size_t gzip_size = 0; int err, large_request = 0; + int needs_100_continue = 0; /* Try to load the entire request, if we can fit it into the * allocated buffer space we can use HTTP/1.0 and avoid the @@ -446,16 +447,22 @@ static int post_rpc(struct rpc_state *rpc) } if (large_request) { + struct slot_results results; + do { - err = probe_rpc(rpc, NULL); + err = probe_rpc(rpc, &results); } while (err == HTTP_REAUTH); if (err != HTTP_OK) return -1; + + if (results.auth_avail & CURLAUTH_GSSNEGOTIATE) + needs_100_continue = 1; } headers = curl_slist_append(headers, rpc->hdr_content_type); headers = curl_slist_append(headers, rpc->hdr_accept); - headers = curl_slist_append(headers, "Expect:"); + headers = curl_slist_append(headers, needs_100_continue ? + "Expect: 100-continue" : "Expect:"); retry: slot = get_active_slot();