All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Christopher via GitGitGadget" <gitgitgadget@gmail.com>
To: git@vger.kernel.org
Cc: Eric Wong <e@80x24.org>, Christopher <christopher@cschenk.net>,
	Christopher Schenk <christopher@cschenk.net>
Subject: [PATCH v3] remote-curl: fall back to basic auth if Negotiate fails
Date: Mon, 22 Mar 2021 11:51:16 +0000	[thread overview]
Message-ID: <pull.849.v3.git.1616413876663.gitgitgadget@gmail.com> (raw)
In-Reply-To: <pull.849.v2.git.1613494656636.gitgitgadget@gmail.com>

From: Christopher Schenk <christopher@cschenk.net>

When the username and password are supplied in a url like this
https://myuser:secret@git.exampe/myrepo.git and the server supports the
negotiate authenticaten method, git does not fall back to basic auth and
libcurl hardly tries to authenticate with the negotiate method.

Stop using the Negotiate authentication method after the first failure
because if it fails on the first try it will never succeed.

Signed-off-by: Christopher Schenk <christopher@cschenk.net>
---
    remote-curl: fall back to basic auth if Negotiate fails
    
    When the username and password are supplied in a url like this
    https://myuser:secret@git.exampe/myrepo.git and the server supports the
    negotiate authenticaten method git does not fall back to basic auth and
    libcurl hardly tries to authenticate with the negotiate method.
    
    Stop using the Negotiate authentication method after the first failure
    because if it fails on the first try it will never succeed.
    
    Signed-off-by: Christopher Schenk christopher@cschenk.net

Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-849%2Fchschenk%2Fkerberos-basic-fallback-v3
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-849/chschenk/kerberos-basic-fallback-v3
Pull-Request: https://github.com/gitgitgadget/git/pull/849

Range-diff vs v2:

 1:  7bfc0b431910 ! 1:  52de7fa42f88 remote-curl: fall back to basic auth if Negotiate fails
     @@ Commit message
      
          When the username and password are supplied in a url like this
          https://myuser:secret@git.exampe/myrepo.git and the server supports the
     -    negotiate authenticaten method git does not fall back to basic auth and
     +    negotiate authenticaten method, git does not fall back to basic auth and
          libcurl hardly tries to authenticate with the negotiate method.
      
          Stop using the Negotiate authentication method after the first failure
          because if it fails on the first try it will never succeed.
      
     -    V1 of this patch somehow did not make it to the mailing list so i will
     -    try to send this patch again
     -
          Signed-off-by: Christopher Schenk <christopher@cschenk.net>
      
       ## http.c ##
      @@ http.c: static int handle_curl_result(struct slot_results *results)
     + 	} else if (missing_target(results))
       		return HTTP_MISSING_TARGET;
       	else if (results->http_code == 401) {
     - 		if (http_auth.username && http_auth.password) {
      +#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
     -+			if (results->auth_avail & CURLAUTH_GSSNEGOTIATE) {
     -+				http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE;
     -+				http_auth_methods &= results->auth_avail;
     -+				http_auth_methods_restricted = 1;
     -+				return HTTP_REAUTH;
     -+			}
     ++		http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE;
     ++		if (results->auth_avail) {
     ++			http_auth_methods &= results->auth_avail;
     ++			http_auth_methods_restricted = 1;
     ++			return HTTP_REAUTH;
     ++		}
      +#endif
     + 		if (http_auth.username && http_auth.password) {
       			credential_reject(&http_auth);
       			return HTTP_NOAUTH;
       		} else {
     +-#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
     +-			http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE;
     +-			if (results->auth_avail) {
     +-				http_auth_methods &= results->auth_avail;
     +-				http_auth_methods_restricted = 1;
     +-			}
     +-#endif
     + 			return HTTP_REAUTH;
     + 		}
     + 	} else {


 http.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/http.c b/http.c
index 8b23a546afdf..4b4cfee8185c 100644
--- a/http.c
+++ b/http.c
@@ -1641,17 +1641,18 @@ static int handle_curl_result(struct slot_results *results)
 	} else if (missing_target(results))
 		return HTTP_MISSING_TARGET;
 	else if (results->http_code == 401) {
+#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
+		http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE;
+		if (results->auth_avail) {
+			http_auth_methods &= results->auth_avail;
+			http_auth_methods_restricted = 1;
+			return HTTP_REAUTH;
+		}
+#endif
 		if (http_auth.username && http_auth.password) {
 			credential_reject(&http_auth);
 			return HTTP_NOAUTH;
 		} else {
-#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
-			http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE;
-			if (results->auth_avail) {
-				http_auth_methods &= results->auth_avail;
-				http_auth_methods_restricted = 1;
-			}
-#endif
 			return HTTP_REAUTH;
 		}
 	} else {

base-commit: 71ca53e8125e36efbda17293c50027d31681a41f
-- 
gitgitgadget

  reply	other threads:[~2021-03-22 11:52 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <pull.849.git.1611921008282.gitgitgadget@gmail.com>
2021-02-16 16:57 ` [PATCH v2] remote-curl: fall back to basic auth if Negotiate fails Christopher via GitGitGadget
2021-03-22 11:51   ` Christopher via GitGitGadget [this message]
     [not found]   ` <xmqq35xvpr8q.fsf@gitster.c.googlers.com>
2021-03-22 16:08     ` Christopher Schenk
2015-01-01 19:56 [PATCH v2] remote-curl: fall back to Basic " brian m. carlson
2015-01-08  0:29 ` [PATCH v3] " brian m. carlson
2015-01-20 16:40   ` Dan Langille (dalangil)
2015-01-21  0:22     ` Junio C Hamano
2015-01-22 14:47       ` Dan Langille (dalangil)
2015-02-17 23:05       ` Dan Langille (dalangil)
2015-02-17 23:36         ` Junio C Hamano
2015-02-18 16:17           ` Dan Langille (dalangil)
2015-02-19 20:35             ` brian m. carlson
2015-02-24 21:03               ` Dan Langille (dalangil)
2015-02-25 20:59                 ` Dan Langille (dalangil)
2015-03-10 18:05                   ` Dan Langille (dalangil)
2015-03-10 22:29                     ` brian m. carlson
2015-03-11 19:33                       ` Dan Langille (dalangil)
2015-03-11 21:59                         ` brian m. carlson
2015-03-12 13:09                           ` Dan Langille (dalangil)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=pull.849.v3.git.1616413876663.gitgitgadget@gmail.com \
    --to=gitgitgadget@gmail.com \
    --cc=christopher@cschenk.net \
    --cc=e@80x24.org \
    --cc=git@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.