[v2,4/6] http: move proactive auth to first slot creation

Message ID	a790c01f9f279bba227a8a27077e54b95fb991f7.1666372083.git.gitgitgadget@gmail.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <git-owner@kernel.org> Message-Id: <a790c01f9f279bba227a8a27077e54b95fb991f7.1666372083.git.gitgitgadget@gmail.com> In-Reply-To: <pull.1352.v2.git.1666372083.gitgitgadget@gmail.com> References: <pull.1352.git.1663097156.gitgitgadget@gmail.com> <pull.1352.v2.git.1666372083.gitgitgadget@gmail.com> Date: Fri, 21 Oct 2022 17:08:01 +0000 Subject: [PATCH v2 4/6] http: move proactive auth to first slot creation Fcc: Sent Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit MIME-Version: 1.0 To: git@vger.kernel.org Cc: Derrick Stolee <derrickstolee@github.com>, Lessley Dennington <lessleydennington@gmail.com>, Matthew John Cheetham <mjcheetham@outlook.com>, Matthew John Cheetham <mjcheetham@github.com>, Matthew John Cheetham <mjcheetham@outlook.com> Precedence: bulk From: Matthew John Cheetham <mjcheetham@outlook.com>
Series	Enhance credential helper protocol to include auth headers \| expand [v2,0/6] Enhance credential helper protocol to include auth headers [v2,1/6] http: read HTTP WWW-Authenticate response headers [v2,2/6] credential: add WWW-Authenticate header to cred requests [v2,3/6] http: store all request headers on active_request_slot [v2,4/6] http: move proactive auth to first slot creation [v2,5/6] http: set specific auth scheme depending on credential [v2,6/6] t5556-http-auth: add test for HTTP auth hdr logic

Message ID

a790c01f9f279bba227a8a27077e54b95fb991f7.1666372083.git.gitgitgadget@gmail.com (mailing list archive)

State

New, archived

Headers

Message-Id: 
 <a790c01f9f279bba227a8a27077e54b95fb991f7.1666372083.git.gitgitgadget@gmail.com>
In-Reply-To: <pull.1352.v2.git.1666372083.gitgitgadget@gmail.com>
References: <pull.1352.git.1663097156.gitgitgadget@gmail.com>
        <pull.1352.v2.git.1666372083.gitgitgadget@gmail.com>
Date: Fri, 21 Oct 2022 17:08:01 +0000
Subject: [PATCH v2 4/6] http: move proactive auth to first slot creation
Fcc: Sent
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
To: git@vger.kernel.org
Cc: Derrick Stolee <derrickstolee@github.com>,
        Lessley Dennington <lessleydennington@gmail.com>,
        Matthew John Cheetham <mjcheetham@outlook.com>,
        Matthew John Cheetham <mjcheetham@github.com>,
        Matthew John Cheetham <mjcheetham@outlook.com>
Precedence: bulk
From: Matthew John Cheetham <mjcheetham@outlook.com>

Series

Enhance credential helper protocol to include auth headers | expand

Commit Message

Matthew John Cheetham Oct. 21, 2022, 5:08 p.m. UTC

From: Matthew John Cheetham <mjcheetham@outlook.com>

Rather than proactively seek credentials to authenticate a request at
`http_init()` time, do it when the first `active_request_slot` is
created.

Because credential helpers may modify the headers used for a request we
can only auth when a slot is created (when we can first start to gather
request headers).

Signed-off-by: Matthew John Cheetham <mjcheetham@outlook.com>
---
 http.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/http.c b/http.c
index f2ebb17c8c4..17b47195d22 100644
--- a/http.c
+++ b/http.c
@@ -515,18 +515,18 @@  static int curl_empty_auth_enabled(void)
 	return 0;
 }
 
-static void init_curl_http_auth(CURL *result)
+static void init_curl_http_auth(struct active_request_slot *slot)
 {
 	if (!http_auth.username || !*http_auth.username) {
 		if (curl_empty_auth_enabled())
-			curl_easy_setopt(result, CURLOPT_USERPWD, ":");
+			curl_easy_setopt(slot->curl, CURLOPT_USERPWD, ":");
 		return;
 	}
 
 	credential_fill(&http_auth);
 
-	curl_easy_setopt(result, CURLOPT_USERNAME, http_auth.username);
-	curl_easy_setopt(result, CURLOPT_PASSWORD, http_auth.password);
+	curl_easy_setopt(slot->curl, CURLOPT_USERNAME, http_auth.username);
+	curl_easy_setopt(slot->curl, CURLOPT_PASSWORD, http_auth.password);
 }
 
 /* *var must be free-able */
@@ -901,9 +901,6 @@  static CURL *get_curl_handle(void)
 #endif
 	}
 
-	if (http_proactive_auth)
-		init_curl_http_auth(result);
-
 	if (getenv("GIT_SSL_VERSION"))
 		ssl_version = getenv("GIT_SSL_VERSION");
 	if (ssl_version && *ssl_version) {
@@ -1260,6 +1257,7 @@  struct active_request_slot *get_active_slot(int no_pragma_header)
 	struct active_request_slot *slot = active_queue_head;
 	struct active_request_slot *newslot;
 
+	int proactive_auth = 0;
 	int num_transfers;
 
 	/* Wait for a slot to open up if the queue is full */
@@ -1282,6 +1280,9 @@  struct active_request_slot *get_active_slot(int no_pragma_header)
 		slot = active_queue_head;
 		if (!slot) {
 			active_queue_head = newslot;
+
+			/* Auth first slot if asked for proactive auth */
+			proactive_auth = http_proactive_auth;
 		} else {
 			while (slot->next != NULL)
 				slot = slot->next;
@@ -1336,8 +1337,9 @@  struct active_request_slot *get_active_slot(int no_pragma_header)
 
 	curl_easy_setopt(slot->curl, CURLOPT_IPRESOLVE, git_curl_ipresolve);
 	curl_easy_setopt(slot->curl, CURLOPT_HTTPAUTH, http_auth_methods);
-	if (http_auth.password || curl_empty_auth_enabled())
-		init_curl_http_auth(slot->curl);
+
+	if (http_auth.password || curl_empty_auth_enabled() || proactive_auth)
+		init_curl_http_auth(slot);
 
 	return slot;
 }

[v2,4/6] http: move proactive auth to first slot creation

Commit Message

Patch