This adds the configuration option http.authAny (overridable with
the environment variable GIT_HTTP_AUTH_ANY), for instructing curl
to allow any HTTP authentication scheme, not only basic (which
sends the password in plaintext).
When this is enabled, curl has to do double requests most of the time,
in order to discover which HTTP authentication method to use, which
lowers the performance slightly. Therefore this isn't enabled by default.
One example of another authentication scheme to use is digest, which
doesn't send the password in plaintext, but uses a challenge-response
mechanism instead. Using digest authentication in practice requires
at least curl 7.18.1, due to bugs in the digest handling in earlier
versions of curl.
Signed-off-by: Martin Storsjo <martin@xxxxxxxxx>
---
Repost with the curl version checked in only one place.
Documentation/config.txt | 7 +++++++
http.c | 22 ++++++++++++++++++++++
2 files changed, 29 insertions(+), 0 deletions(-)
diff --git a/Documentation/config.txt b/Documentation/config.txt
index f3ebd2f..1515d77 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -1011,6 +1011,13 @@ http.noEPSV::
support EPSV mode. Can be overridden by the 'GIT_CURL_FTP_NO_EPSV'
environment variable. Default is false (curl will use EPSV).
+http.authAny::
+ Allow any HTTP authentication method, not only basic. Enabling
+ this lowers the performance slightly, by having to do requests
+ without any authentication to discover the authentication method
+ to use. Can be overridden by the 'GIT_HTTP_AUTH_ANY'
+ environment variable. Default is false.
+
i18n.commitEncoding::
Character encoding the commit messages are stored in; git itself
does not care per se, but this information is necessary e.g. when
diff --git a/http.c b/http.c
index 2e3d649..49b8441 100644
--- a/http.c
+++ b/http.c
@@ -3,6 +3,10 @@
int data_received;
int active_requests;
+#if LIBCURL_VERSION_NUM >= 0x070a06
+#define LIBCURL_CAN_HANDLE_AUTH_ANY
+#endif
+
#ifdef USE_CURL_MULTI
static int max_requests = -1;
static CURLM *curlm;
@@ -26,6 +30,9 @@ static long curl_low_speed_time = -1;
static int curl_ftp_no_epsv;
static const char *curl_http_proxy;
static char *user_name, *user_pass;
+#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
+static int curl_http_auth_any = 0;
+#endif
static struct curl_slist *pragma_header;
@@ -150,6 +157,12 @@ static int http_options(const char *var, const char *value, void *cb)
}
if (!strcmp("http.proxy", var))
return git_config_string(&curl_http_proxy, var, value);
+#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
+ if (!strcmp("http.authany", var)) {
+ curl_http_auth_any = git_config_bool(var, value);
+ return 0;
+ }
+#endif
/* Fall back on the default ones */
return git_default_config(var, value, cb);
@@ -184,6 +197,10 @@ static CURL *get_curl_handle(void)
#if LIBCURL_VERSION_NUM >= 0x070907
curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
#endif
+#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
+ if (curl_http_auth_any)
+ curl_easy_setopt(result, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
+#endif
init_curl_http_auth(result);
@@ -329,6 +346,11 @@ void http_init(struct remote *remote)
if (getenv("GIT_CURL_FTP_NO_EPSV"))
curl_ftp_no_epsv = 1;
+#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
+ if (getenv("GIT_HTTP_AUTH_ANY"))
+ curl_http_auth_any = 1;
+#endif
+
if (remote && remote->url && remote->url[0])
http_auth_init(remote->url[0]);
--
1.6.0.2
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html