@@ -1,3 +1,22 @@
+http.authMethod::
+ Set the method with which to authenticate to the HTTP server, if
+ required. This can be overridden on a per-remote basis; see
+ `remote.<name>.authMethod`. Both can be overridden by the
+ `GIT_HTTP_AUTHMETHOD` environment variable. Possible values are:
++
+--
+* `anyauth` - Automatically pick a suitable authentication method. It is
+ assumed that the server answers an unauthenticated request with a 401
+ status code and one or more WWW-Authenticate headers with supported
+ authentication methods. This is the default.
+* `basic` - HTTP Basic authentication
+* `digest` - HTTP Digest authentication; this prevents the password from being
+ transmitted to the server in clear text
+* `negotiate` - GSS-Negotiate authentication (compare the --negotiate option
+ of `curl(1)`)
+* `ntlm` - NTLM authentication (compare the --ntlm option of `curl(1)`)
+--
+
http.proxy::
Override the HTTP proxy, normally configured using the 'http_proxy',
'https_proxy', and 'all_proxy' environment variables (see `curl(1)`). In
@@ -10,6 +10,10 @@ remote.<name>.url::
remote.<name>.pushurl::
The push URL of a remote repository. See linkgit:git-push[1].
+remote.<name>.authMethod::
+ For http and https remotes, the method to use for
+ authenticating against the server. See `http.authMethod`.
+
remote.<name>.proxy::
For remotes that require curl (http, https and ftp), the URL to
the proxy to use for that remote. Set to the empty string to
@@ -108,6 +108,7 @@ static const char *curl_proxyuserpwd;
static const char *curl_cookie_file;
static int curl_save_cookies;
struct credential http_auth = CREDENTIAL_INIT;
+static const char *http_authmethod;
static int http_proactive_auth;
static const char *user_agent;
static int curl_empty_auth = -1;
@@ -356,6 +357,9 @@ static int http_options(const char *var, const char *value, void *cb)
if (!strcmp("http.useragent", var))
return git_config_string(&user_agent, var, value);
+ if (!strcmp("http.authmethod", var))
+ return git_config_string(&http_authmethod, var, value);
+
if (!strcmp("http.emptyauth", var)) {
if (value && !strcmp("auto", value))
curl_empty_auth = -1;
@@ -450,6 +454,27 @@ static void var_override(const char **var, char *value)
}
}
+static void init_curl_http_auth_method(CURL *result)
+{
+ var_override(&http_authmethod, getenv("GIT_HTTP_AUTHMETHOD"));
+
+ if (http_authmethod) {
+ int i;
+ for (i = 0; i < ARRAY_SIZE(authmethods); i++) {
+ if (!strcmp(http_authmethod, authmethods[i].name)) {
+ http_auth_methods = authmethods[i].curlauth_param;
+ break;
+ }
+ }
+ if (i == ARRAY_SIZE(authmethods)) {
+ warning("unsupported authentication method %s: using anyauth",
+ http_authmethod);
+ http_auth_methods = CURLAUTH_ANY;
+ }
+ }
+ curl_easy_setopt(result, CURLOPT_HTTPAUTH, http_auth_methods);
+}
+
static void set_proxyauth_name_password(CURL *result)
{
curl_easy_setopt(result, CURLOPT_PROXYUSERNAME,
@@ -786,7 +811,7 @@ static CURL *get_curl_handle(void)
#endif
curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
- curl_easy_setopt(result, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
+ init_curl_http_auth_method(result);
#ifdef CURLGSSAPI_DELEGATION_FLAG
if (curl_deleg) {
@@ -1040,6 +1065,9 @@ void http_init(struct remote *remote, const char *url, int proactive_auth)
if (remote && remote->http_proxy)
curl_http_proxy = xstrdup(remote->http_proxy);
+ if (remote)
+ var_override(&http_authmethod, remote->http_authmethod);
+
if (remote)
var_override(&http_proxy_authmethod, remote->http_proxy_authmethod);
@@ -1504,6 +1532,9 @@ static int handle_curl_result(struct slot_results *results)
if (results->auth_avail) {
http_auth_methods &= results->auth_avail;
http_auth_methods_restricted = 1;
+ /* fail if no methods left */
+ if(http_auth_methods == 0)
+ return HTTP_NOAUTH;
}
return HTTP_REAUTH;
}
@@ -155,6 +155,7 @@ static void remote_clear(struct remote *remote)
FREE_AND_NULL(remote->pushurl);
free((char *)remote->receivepack);
free((char *)remote->uploadpack);
+ FREE_AND_NULL(remote->http_authmethod);
FREE_AND_NULL(remote->http_proxy);
FREE_AND_NULL(remote->http_proxy_authmethod);
}
@@ -461,6 +462,9 @@ static int handle_config(const char *key, const char *value, void *cb)
remote->fetch_tags = -1;
else if (!strcmp(value, "--tags"))
remote->fetch_tags = 2;
+ } else if (!strcmp(subkey, "authmethod")) {
+ return git_config_string((const char **)&remote->http_authmethod,
+ key, value);
} else if (!strcmp(subkey, "proxy")) {
return git_config_string((const char **)&remote->http_proxy,
key, value);
@@ -105,6 +105,9 @@ struct remote {
const char *receivepack;
const char *uploadpack;
+ /* The method for authenticating against the (HTTP) server */
+ char *http_authmethod;
+
/* The proxy to use for curl (http, https, ftp, etc.) URLs. */
char *http_proxy;