Commit 6d931ba717700504fd6725c6f64ce385ac40a1bc

Edward Thomson 2019-03-22T16:35:59

http: don't set the header in the auth token

diff --git a/src/transports/auth.c b/src/transports/auth.c
index 849a6ce..c2e2713 100644
--- a/src/transports/auth.c
+++ b/src/transports/auth.c
@@ -13,7 +13,6 @@
 static int basic_next_token(
 	git_buf *out,
 	git_http_auth_context *ctx,
-	const char *header_name,
 	git_cred *c)
 {
 	git_cred_userpass_plaintext *cred;
@@ -32,9 +31,8 @@ static int basic_next_token(
 	git_buf_printf(&raw, "%s:%s", cred->username, cred->password);
 
 	if (git_buf_oom(&raw) ||
-		git_buf_printf(out, "%s: Basic ", header_name) < 0 ||
-		git_buf_encode_base64(out, git_buf_cstr(&raw), raw.size) < 0 ||
-		git_buf_puts(out, "\r\n") < 0)
+		git_buf_puts(out, "Basic ") < 0 ||
+		git_buf_encode_base64(out, git_buf_cstr(&raw), raw.size) < 0)
 		goto on_error;
 
 	error = 0;
diff --git a/src/transports/auth.h b/src/transports/auth.h
index 396e793..0a80d1c 100644
--- a/src/transports/auth.h
+++ b/src/transports/auth.h
@@ -32,7 +32,7 @@ struct git_http_auth_context {
 	int (*set_challenge)(git_http_auth_context *ctx, const char *challenge);
 
 	/** Gets the next authentication token from the context */
-	int (*next_token)(git_buf *out, git_http_auth_context *ctx, const char *header_name, git_cred *cred);
+	int (*next_token)(git_buf *out, git_http_auth_context *ctx, git_cred *cred);
 
 	/** Examines if all tokens have been presented. */
 	int (*is_complete)(git_http_auth_context *ctx);
diff --git a/src/transports/auth_negotiate.c b/src/transports/auth_negotiate.c
index d5c3d16..0b6f50e 100644
--- a/src/transports/auth_negotiate.c
+++ b/src/transports/auth_negotiate.c
@@ -73,7 +73,6 @@ static int negotiate_set_challenge(
 static int negotiate_next_token(
 	git_buf *buf,
 	git_http_auth_context *c,
-	const char *header_name,
 	git_cred *cred)
 {
 	http_auth_negotiate_context *ctx = (http_auth_negotiate_context *)c;
@@ -156,9 +155,8 @@ static int negotiate_next_token(
 		goto done;
 	}
 
-	git_buf_printf(buf, "%s: Negotiate ", header_name);
+	git_buf_puts(buf, "Negotiate ");
 	git_buf_encode_base64(buf, output_token.value, output_token.length);
-	git_buf_puts(buf, "\r\n");
 
 	if (git_buf_oom(buf))
 		error = -1;
diff --git a/src/transports/auth_ntlm.c b/src/transports/auth_ntlm.c
index 55320e9..9f709e2 100644
--- a/src/transports/auth_ntlm.c
+++ b/src/transports/auth_ntlm.c
@@ -77,7 +77,6 @@ done:
 static int ntlm_next_token(
 	git_buf *buf,
 	git_http_auth_context *c,
-	const char *header_name,
 	git_cred *cred)
 {
 	http_auth_ntlm_context *ctx = (http_auth_ntlm_context *)c;
@@ -145,9 +144,8 @@ static int ntlm_next_token(
 		}
 	}
 
-	git_buf_printf(buf, "%s: NTLM ", header_name);
+	git_buf_puts(buf, "NTLM ");
 	git_buf_encode_base64(buf, (const char *)msg, msg_len);
-	git_buf_puts(buf, "\r\n");
 
 	if (git_buf_oom(buf))
 		goto done;
diff --git a/src/transports/http.c b/src/transports/http.c
index 213c651..be7dee0 100644
--- a/src/transports/http.c
+++ b/src/transports/http.c
@@ -208,37 +208,47 @@ static int apply_credentials(
 	git_cred *cred = server->cred;
 	git_http_auth_context *context;
 	authmatch_data data = {0};
+	git_buf token = GIT_BUF_INIT;
+	int error = 0;
 
 	if (!server->server_types)
-		return 0;
+		goto done;
 
 	/* Get or create a context for the best scheme for this cred type */
-	if (auth_context_match(&context, server,
-	    credtype_match, &cred->credtype) < 0)
-		return -1;
+	if ((error = auth_context_match(&context, server,
+	    credtype_match, &cred->credtype)) < 0)
+		goto done;
 
 	if (!context)
-		return 0;
+		goto done;
 
 	/*
 	 * If we do have creds, find the first mechanism supported by both
 	 * the server and ourselves that supports the credential type.
 	 */
 	if (!cred)
-		return 0;
+		goto done;
 
 	data.server_types = server->server_types;
 	data.credtype = cred->credtype;
 
-	if (auth_context_match(&context, server, auth_match, &data) < 0)
-		return -1;
+	if ((error = auth_context_match(&context, server, auth_match, &data)) < 0)
+		goto done;
 
 	if (!context) {
 		git_error_set(GIT_ERROR_NET, "no suitable mechanism found for authentication");
-		return -1;
+		error = -1;
+		goto done;
 	}
 
-	return context->next_token(buf, context, header_name, cred);
+	if ((error = context->next_token(&token, context, cred)) < 0)
+		goto done;
+
+	error = git_buf_printf(buf, "%s: %s\r\n", header_name, token.ptr);
+
+done:
+	git_buf_dispose(&token);
+	return error;
 }
 
 static int gen_request(