From: Quentin Bouget <ypsah@devyard.org>
To: git@vger.kernel.org
Cc: Quentin Bouget <ypsah@devyard.org>
Subject: [PATCH 2/2] http: prevent redirect from dropping credentials during reauth
Date: Sun, 4 Feb 2024 19:54:27 +0100 [thread overview]
Message-ID: <20240204185427.39664-3-ypsah@devyard.org> (raw)
In-Reply-To: <20240204185427.39664-1-ypsah@devyard.org>
During a re-authentication (second attempt at authenticating with a
remote, e.g. after a failed GSSAPI attempt), git allows the remote to
provide credential overrides in the redirect URL and unconditionnaly
drops the current HTTP credentials in favors of those, even when there
aren't any.
This commit makes it so HTTP credentials are only overridden when the
redirect URL actually contains credentials itself.
Signed-off-by: Quentin Bouget <ypsah@devyard.org>
---
http.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/http.c b/http.c
index ccea19ac47..caba9cac1e 100644
--- a/http.c
+++ b/http.c
@@ -2160,7 +2160,25 @@ static int http_request_reauth(const char *url,
if (options && options->effective_url && options->base_url) {
if (update_url_from_redirect(options->base_url,
url, options->effective_url)) {
+ char *username = NULL, *password = NULL;
+
+ if (http_auth.username)
+ username = xstrdup(http_auth.username);
+ if (http_auth.password)
+ password = xstrdup(http_auth.password);
+
credential_from_url(&http_auth, options->base_url->buf);
+
+ if (http_auth.username)
+ free(username);
+ else if (username)
+ http_auth.username = username;
+
+ if (http_auth.password)
+ free(password);
+ else if (password)
+ http_auth.password = password;
+
url = options->effective_url->buf;
}
}
--
2.43.0
next prev parent reply other threads:[~2024-02-04 21:59 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-04 18:54 [PATCH 0/2] Fix gitlab's token-based authentication w/ kerberos Quentin Bouget
2024-02-04 18:54 ` [PATCH 1/2] http: only reject basic auth credentials once they have been tried Quentin Bouget
2024-02-04 22:47 ` Junio C Hamano
2024-02-05 3:03 ` Quentin Bouget
2024-02-05 5:47 ` Patrick Steinhardt
2024-02-04 18:54 ` Quentin Bouget [this message]
2024-02-04 22:36 ` [PATCH 2/2] http: prevent redirect from dropping credentials during reauth brian m. carlson
2024-02-05 3:01 ` Quentin Bouget
2024-02-05 22:18 ` brian m. carlson
2024-02-05 22:52 ` rsbecker
2024-02-04 22:51 ` Junio C Hamano
2024-02-05 3:06 ` Quentin Bouget
2024-02-04 23:01 ` rsbecker
2024-02-05 3:12 ` Quentin Bouget
2024-02-05 9:22 ` Robert Coup
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240204185427.39664-3-ypsah@devyard.org \
--to=ypsah@devyard.org \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.