From: Christopher Schenk <christopher@xxxxxxxxxxx> When the username and password are supplied in a url like this https://myuser:secret@git.exampe/myrepo.git and the server supports the negotiate authenticaten method, git does not fall back to basic auth and libcurl hardly tries to authenticate with the negotiate method. Stop using the Negotiate authentication method after the first failure because if it fails on the first try it will never succeed. Signed-off-by: Christopher Schenk <christopher@xxxxxxxxxxx> --- remote-curl: fall back to basic auth if Negotiate fails When the username and password are supplied in a url like this https://myuser:secret@git.exampe/myrepo.git and the server supports the negotiate authenticaten method git does not fall back to basic auth and libcurl hardly tries to authenticate with the negotiate method. Stop using the Negotiate authentication method after the first failure because if it fails on the first try it will never succeed. Signed-off-by: Christopher Schenk christopher@xxxxxxxxxxx Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-849%2Fchschenk%2Fkerberos-basic-fallback-v3 Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-849/chschenk/kerberos-basic-fallback-v3 Pull-Request: https://github.com/gitgitgadget/git/pull/849 Range-diff vs v2: 1: 7bfc0b431910 ! 1: 52de7fa42f88 remote-curl: fall back to basic auth if Negotiate fails @@ Commit message When the username and password are supplied in a url like this https://myuser:secret@git.exampe/myrepo.git and the server supports the - negotiate authenticaten method git does not fall back to basic auth and + negotiate authenticaten method, git does not fall back to basic auth and libcurl hardly tries to authenticate with the negotiate method. Stop using the Negotiate authentication method after the first failure because if it fails on the first try it will never succeed. - V1 of this patch somehow did not make it to the mailing list so i will - try to send this patch again - Signed-off-by: Christopher Schenk <christopher@xxxxxxxxxxx> ## http.c ## @@ http.c: static int handle_curl_result(struct slot_results *results) + } else if (missing_target(results)) return HTTP_MISSING_TARGET; else if (results->http_code == 401) { - if (http_auth.username && http_auth.password) { +#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY -+ if (results->auth_avail & CURLAUTH_GSSNEGOTIATE) { -+ http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE; -+ http_auth_methods &= results->auth_avail; -+ http_auth_methods_restricted = 1; -+ return HTTP_REAUTH; -+ } ++ http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE; ++ if (results->auth_avail) { ++ http_auth_methods &= results->auth_avail; ++ http_auth_methods_restricted = 1; ++ return HTTP_REAUTH; ++ } +#endif + if (http_auth.username && http_auth.password) { credential_reject(&http_auth); return HTTP_NOAUTH; } else { +-#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY +- http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE; +- if (results->auth_avail) { +- http_auth_methods &= results->auth_avail; +- http_auth_methods_restricted = 1; +- } +-#endif + return HTTP_REAUTH; + } + } else { http.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/http.c b/http.c index 8b23a546afdf..4b4cfee8185c 100644 --- a/http.c +++ b/http.c @@ -1641,17 +1641,18 @@ static int handle_curl_result(struct slot_results *results) } else if (missing_target(results)) return HTTP_MISSING_TARGET; else if (results->http_code == 401) { +#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY + http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE; + if (results->auth_avail) { + http_auth_methods &= results->auth_avail; + http_auth_methods_restricted = 1; + return HTTP_REAUTH; + } +#endif if (http_auth.username && http_auth.password) { credential_reject(&http_auth); return HTTP_NOAUTH; } else { -#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY - http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE; - if (results->auth_avail) { - http_auth_methods &= results->auth_avail; - http_auth_methods_restricted = 1; - } -#endif return HTTP_REAUTH; } } else { base-commit: 71ca53e8125e36efbda17293c50027d31681a41f -- gitgitgadget
