Commit 4de51f9e65cb97812429f3d5a34666645a9991dc
2019-08-23T16:05:28
http: ensure the scheme supports the credentials When a server responds with multiple scheme support - for example, Negotiate and NTLM are commonly used together - we need to ensure that we choose a scheme that supports the credentials.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
diff --git a/src/transports/http.c b/src/transports/http.c
index 7ec681c..a5b40ce 100644
--- a/src/transports/http.c
+++ b/src/transports/http.c
@@ -129,17 +129,22 @@ typedef struct {
size_t *bytes_read;
} parser_context;
-static git_http_auth_scheme *scheme_for_challenge(const char *challenge)
+static git_http_auth_scheme *scheme_for_challenge(
+ const char *challenge,
+ git_cred *cred)
{
git_http_auth_scheme *scheme = NULL;
size_t i;
for (i = 0; i < ARRAY_SIZE(auth_schemes); i++) {
const char *scheme_name = auth_schemes[i].name;
+ const git_credtype_t scheme_types = auth_schemes[i].credtypes;
size_t scheme_len;
scheme_len = strlen(scheme_name);
- if (strncasecmp(challenge, scheme_name, scheme_len) == 0 &&
+
+ if ((!cred || (cred->credtype & scheme_types)) &&
+ strncasecmp(challenge, scheme_name, scheme_len) == 0 &&
(challenge[scheme_len] == '\0' || challenge[scheme_len] == ' ')) {
scheme = &auth_schemes[i];
break;
@@ -256,7 +261,7 @@ static int set_authentication_types(http_server *server)
size_t i;
git_vector_foreach(&server->auth_challenges, i, challenge) {
- if ((scheme = scheme_for_challenge(challenge)) != NULL) {
+ if ((scheme = scheme_for_challenge(challenge, NULL)) != NULL) {
server->authtypes |= scheme->type;
server->credtypes |= scheme->credtypes;
}
@@ -433,7 +438,7 @@ static int init_auth(http_server *server)
int error;
git_vector_foreach(&server->auth_challenges, i, c) {
- s = scheme_for_challenge(c);
+ s = scheme_for_challenge(c, server->cred);
if (s && !!(s->credtypes & server->credtypes)) {
scheme = s;