Revision 2501aff8b7516115c409cb34cc50305cdde40a47 authored by Jeff King on 28 September 2013, 08:31:45 UTC, committed by Jonathan Nieder on 14 October 2013, 23:55:13 UTC
When we are handling a curl response code in http_request or
in the remote-curl RPC code, we use the handle_curl_result
helper to translate curl's response into an easy-to-use
code. When we see an HTTP 401, we do one of two things:
1. If we already had a filled-in credential, we mark it as
rejected, and then return HTTP_NOAUTH to indicate to
the caller that we failed.
2. If we didn't, then we ask for a new credential and tell
the caller HTTP_REAUTH to indicate that they may want
to try again.
Rejecting in the first case makes sense; it is the natural
result of the request we just made. However, prompting for
more credentials in the second step does not always make
sense. We do not know for sure that the caller is going to
make a second request, and nor are we sure that it will be
to the same URL. Logically, the prompt belongs not to the
request we just finished, but to the request we are (maybe)
about to make.
In practice, it is very hard to trigger any bad behavior.
Currently, if we make a second request, it will always be to
the same URL (even in the face of redirects, because curl
handles the redirects internally). And we almost always
retry on HTTP_REAUTH these days. The one exception is if we
are streaming a large RPC request to the server (e.g., a
pushed packfile), in which case we cannot restart. It's
extremely unlikely to see a 401 response at this stage,
though, as we would typically have seen it when we sent a
probe request, before streaming the data.
This patch drops the automatic prompt out of case 2, and
instead requires the caller to do it. This is a few extra
lines of code, and the bug it fixes is unlikely to come up
in practice. But it is conceptually cleaner, and paves the
way for better handling of credentials across redirects.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
1 parent 1bbcc22
git-remote-ext.txt
git-remote-ext(1)
=================
NAME
----
git-remote-ext - Bridge smart transport to external command.
SYNOPSIS
--------
[verse]
git remote add <nick> "ext::<command>[ <arguments>...]"
DESCRIPTION
-----------
This remote helper uses the specified '<command>' to connect
to a remote Git server.
Data written to stdin of the specified '<command>' is assumed
to be sent to a git:// server, git-upload-pack, git-receive-pack
or git-upload-archive (depending on situation), and data read
from stdout of <command> is assumed to be received from
the same service.
Command and arguments are separated by an unescaped space.
The following sequences have a special meaning:
'% '::
Literal space in command or argument.
'%%'::
Literal percent sign.
'%s'::
Replaced with name (receive-pack, upload-pack, or
upload-archive) of the service Git wants to invoke.
'%S'::
Replaced with long name (git-receive-pack,
git-upload-pack, or git-upload-archive) of the service
Git wants to invoke.
'%G' (must be the first characters in an argument)::
This argument will not be passed to '<command>'. Instead, it
will cause the helper to start by sending git:// service requests to
the remote side with the service field set to an appropriate value and
the repository field set to rest of the argument. Default is not to send
such a request.
+
This is useful if remote side is git:// server accessed over
some tunnel.
'%V' (must be first characters in argument)::
This argument will not be passed to '<command>'. Instead it sets
the vhost field in the git:// service request (to rest of the argument).
Default is not to send vhost in such request (if sent).
ENVIRONMENT VARIABLES:
----------------------
GIT_TRANSLOOP_DEBUG::
If set, prints debugging information about various reads/writes.
ENVIRONMENT VARIABLES PASSED TO COMMAND:
----------------------------------------
GIT_EXT_SERVICE::
Set to long name (git-upload-pack, etc...) of service helper needs
to invoke.
GIT_EXT_SERVICE_NOPREFIX::
Set to long name (upload-pack, etc...) of service helper needs
to invoke.
EXAMPLES:
---------
This remote helper is transparently used by Git when
you use commands such as "git fetch <URL>", "git clone <URL>",
, "git push <URL>" or "git remote add <nick> <URL>", where <URL>
begins with `ext::`. Examples:
"ext::ssh -i /home/foo/.ssh/somekey user@host.example %S 'foo/repo'"::
Like host.example:foo/repo, but use /home/foo/.ssh/somekey as
keypair and user as user on remote side. This avoids needing to
edit .ssh/config.
"ext::socat -t3600 - ABSTRACT-CONNECT:/git-server %G/somerepo"::
Represents repository with path /somerepo accessible over
git protocol at abstract namespace address /git-server.
"ext::git-server-alias foo %G/repo"::
Represents a repository with path /repo accessed using the
helper program "git-server-alias foo". The path to the
repository and type of request are not passed on the command
line but as part of the protocol stream, as usual with git://
protocol.
"ext::git-server-alias foo %G/repo %Vfoo"::
Represents a repository with path /repo accessed using the
helper program "git-server-alias foo". The hostname for the
remote server passed in the protocol stream will be "foo"
(this allows multiple virtual Git servers to share a
link-level address).
"ext::git-server-alias foo %G/repo% with% spaces %Vfoo"::
Represents a repository with path '/repo with spaces' accessed
using the helper program "git-server-alias foo". The hostname for
the remote server passed in the protocol stream will be "foo"
(this allows multiple virtual Git servers to share a
link-level address).
"ext::git-ssl foo.example /bar"::
Represents a repository accessed using the helper program
"git-ssl foo.example /bar". The type of request can be
determined by the helper using environment variables (see
above).
Documentation
--------------
Documentation by Ilari Liusvaara, Jonathan Nieder and the Git list
<git@vger.kernel.org>
GIT
---
Part of the linkgit:git[1] suite
Computing file changes ...
