Google Git
Sign in
googlers / jrn / git / 121061f67fd47aed5b2f3a7deb82af15215636bd^! / .
commit121061f67fd47aed5b2f3a7deb82af15215636bd[log] [tgz]
authorbrian m. carlson <sandals@crustytoothpaste.net>Mon Feb 15 18:44:46 2016 +0000
committerJunio C Hamano <gitster@pobox.com>Mon Feb 15 14:13:37 2016 -0800
tree62cb917fc8c05a69bd892fc04e87538447760575
parenta08595f76159b09d57553e37a5123f1091bb13e7 [diff]
http: add option to try authentication without username

Performing GSS-Negotiate authentication using Kerberos does not require
specifying a username or password, since that information is already
included in the ticket itself.  However, libcurl refuses to perform
authentication if it has not been provided with a username and password.
Add an option, http.emptyAuth, that provides libcurl with an empty
username and password to make it attempt authentication anyway.

Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/Documentation/config.txt b/Documentation/config.txt
index f617886..d9abfbb 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt

@@ -1600,6 +1600,12 @@
 	`curl(1)`).  This can be overridden on a per-remote basis; see
 	remote.<name>.proxy
 
+http.emptyAuth::
+	Attempt authentication without seeking a username or password.  This
+	can be used to attempt GSS-Negotiate authentication without specifying
+	a username in the URL, as libcurl normally requires a username for
+	authentication.
+
 http.cookieFile::
 	File containing previously stored cookie lines which should be used
 	in the Git http session, if they match the server. The file format

diff --git a/http.c b/http.c
index 0da9e66..fe494ab 100644
--- a/http.c
+++ b/http.c

@@ -67,6 +67,7 @@
 struct credential http_auth = CREDENTIAL_INIT;
 static int http_proactive_auth;
 static const char *user_agent;
+static int curl_empty_auth;
 
 #if LIBCURL_VERSION_NUM >= 0x071700
 /* Use CURLOPT_KEYPASSWD as is */
@@ -273,14 +274,22 @@
 	if (!strcmp("http.useragent", var))
 		return git_config_string(&user_agent, var, value);
 
+	if (!strcmp("http.emptyauth", var)) {
+		curl_empty_auth = git_config_bool(var, value);
+		return 0;
+	}
+
 	/* Fall back on the default ones */
 	return git_default_config(var, value, cb);
 }
 
 static void init_curl_http_auth(CURL *result)
 {
-	if (!http_auth.username)
+	if (!http_auth.username) {
+		if (curl_empty_auth)
+			curl_easy_setopt(result, CURLOPT_USERPWD, ":");
 		return;
+	}
 
 	credential_fill(&http_auth);
 
@@ -695,7 +704,7 @@
 #ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
 	curl_easy_setopt(slot->curl, CURLOPT_HTTPAUTH, http_auth_methods);
 #endif
-	if (http_auth.password)
+	if (http_auth.password || curl_empty_auth)
 		init_curl_http_auth(slot->curl);
 
 	return slot;