Re: [PATCH v2] remote-curl: fall back to Basic auth if Negotiate fails

"Dan Langille (dalangil)" <dalangil@xxxxxxxxx> · Tue, 6 Jan 2015 16:07:01 +0000

> On Jan 6, 2015, at 10:31 AM, Dan Langille (dalangil) <dalangil@xxxxxxxxx> wrote:
> 
> On Jan 5, 2015, at 6:53 PM, brian m. carlson <sandals@xxxxxxxxxxxxxxxxxxxx> wrote:
>> 
>> On Mon, Jan 05, 2015 at 09:23:32PM +0000, Dan Langille (dalangil) wrote:
>>> I have tried both patches.  Neither succeeds here.  I patched git version 2.2.1 but I don’t think that affects this.
>> 
>> You are patching the client side, correct?  That's the side that needs patching here.
> 
> Yes, I am.
> 
>> Just so the list knows, I will be sending a reroll to the existing patch, but the patches I've posted do indeed work in my testing.
> 
> I appreciate the patches.  I blame something here.
> 
> The patches don’t t apply cleanly to git-2.2.1 or to the latest git source I just cloned.  I had to copy/paste some two chunks in http.c and everything in remote-curl.c.

I tried again, with a proper copy of your patch. Cleanly patched versions of git 2.2.1 and from
a recent clone of the repo both give 'Authentication failed’ when doing a clone without a ticket.

I’m sure there’s something here which is at fault.

Here is the client side debugging.  Is this what is expected?  Tested with a clone of git from this morning.

[dan@porter93 ~/tmp/tmp]$ ~/src/git/git clone https://us.example.org/git/clamav-bytecode-compiler
Cloning into 'clamav-bytecode-compiler'...
warning: templates not found /usr/home/dan/share/git-core/templates
* Couldn't find host us.example.org in the .netrc file; using defaults
* Hostname was NOT found in DNS cache
*   Trying 10.0.0.1...
* Connected to us.example.org (10.0.0.1) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /usr/local/share/certs/ca-root-nss.crt
  CApath: none
* SSL connection using TLSv1.0 / DHE-RSA-CAMELLIA256-SHA
* Server certificate:
* 	 subject: REDACTED
* 	 start date: REDACTED
* 	 expire date: REDACTED
* 	 issuer: REDACTED
* 	 SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> GET /git/clamav-bytecode-compiler/info/refs?service=git-upload-pack HTTP/1.1
User-Agent: git/2.2.1.212.gc5b9256.dirty
Host: us.example.org
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 401 Authorization Required
< Date: Tue, 06 Jan 2015 16:02:38 GMT
< Server: Apache
< WWW-Authenticate: Negotiate
< Content-Length: 401
< Content-Type: text/html; charset=iso-8859-1
< 
* Connection #0 to host us.example.org left intact
Username for 'https://us.example.org': 
Password for 'https://dan@xxxxxxxxxxxxxx': 
* Couldn't find host us.example.org in the .netrc file; using defaults
* Connection 0 seems to be dead!
* Closing connection 0
* Hostname was found in DNS cache
*   Trying 10.0.0.1...
* Connected to us.example.org (10.0.0.1) port 443 (#1)
* successfully set certificate verify locations:
*   CAfile: /usr/local/share/certs/ca-root-nss.crt
  CApath: none
* SSL re-using session ID
* SSL connection using TLSv1.0 / DHE-RSA-CAMELLIA256-SHA
* Server certificate:
* 	 subject: REDACTED
* 	 start date: REDACTED
* 	 expire date: REDACTED
* 	 issuer: REDACTED
* 	 SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> GET /git/clamav-bytecode-compiler/info/refs?service=git-upload-pack HTTP/1.1
User-Agent: git/2.2.1.212.gc5b9256.dirty
Host: us.example.org
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 401 Authorization Required
< Date: Tue, 06 Jan 2015 16:02:48 GMT
< Server: Apache
< WWW-Authenticate: Negotiate
< Content-Length: 401
< Content-Type: text/html; charset=iso-8859-1
< 
* Connection #1 to host us.example.org left intact
fatal: Authentication failed for 'https://us.example.org/git/clamav-bytecode-compiler/'
[dan@porter93 ~/tmp/tmp]$ 

��.n��������+%������w��{.n��������n�r������&��z�ޗ�zf���h���~����������_��+v���)ߣ�