Re: [PATCH 0/2] http: allow multi-pass authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 27 Nov 2009, Tay Ray Chuan wrote:

> This patch series applies on top of master. It enables fetching and
> pushing over http with the most suitable authentication scheme chosen
> by curl when the http.authAny or GIT_HTTP_AUTH_ANY is set.

I also tested this, and things generally seem to work fine.

Thanks to the "maintain curl sessions" patch, only the first request needs 
to be redone after getting the 401 error containing the authentication 
challenge, the later ones work fine on the first try. However, 
theoretically, I guess we can't be certain that the curl session really is 
initialized for the later requests (we could be given a new fresh curl 
session for some reason), or the first request could perhaps be a large, 
(currently) non-rewindable POST.


Avoiding redoing large POST requests is generally accomplished by adding a 
Expect: 100-continue header, and then waiting for a reply (either 100 
continue or 401 unauthorized) to that header before actually sending the 
POST body data. If the server doesn't support the Expect header (e.g. 
Lighttpd doesn't support it), the client starts sending the POST body 
after a timeout (1 second in libcurl).

(As a side note, chunked POST requests without a content-length header 
isn't supported by lighttpd at all at the moment, neither in the stable 
1.4 version nor in the new upcoming 1.5 branch.)


Normally, libcurl should add the Expect: 100-continue header 
automatically, but for some reason 
(http://article.gmane.org/gmane.comp.web.curl.library/25992) it doesn't, 
so that's probably why we're manually adding that header in 
remote-curl.c:371 at the moment. libcurl doesn't detect this at the moment 
(http://article.gmane.org/gmane.comp.web.curl.library/25991) so it won't 
wait for the 100 continue response before starting to send the body data. 

So, with a server supporting Expect, the 401 error response may come after 
sending a few KB of POST data (corresponding to the roundtrip delay for 
the server to respond to the header) - if the server doesn't support 
Expect at all, the whole request will be sent and may need to be rewound.

To clarify - this only happens if the curl authentication isn't 
initialized yet, for the first request of every curl session. The 
"maintain curl sessions" patch makes sure this isn't needed in the normal 
case.

I've experimented with two solutions to this, which add partial and full 
rewind solutions to the chunked POST requests - I'll send them as 
follow-ups to this mail.

// Martin
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]