script

Branch


Log

Author Commit Date CI Message
Edward Thomson c9b80c25 2021-08-21T15:28:45 valgrind: suppress leaks in dlopen and newer libraries dlopen sets up some thread-local state that isn't cleaned up by `dlclose`. Additionally, now that we're linking against different versions of libssh2 and OpenSSL, we're seeing different leak signatures.
lhchavez 322c15ee 2020-08-01T18:24:41 Make the pack and mwindow implementations data-race-free This change fixes a packfile heap corruption that can happen when interacting with multiple packfiles concurrently across multiple threads. This is exacerbated by setting a lower mwindow open file limit. This change: * Renames most of the internal methods in pack.c to clearly indicate that they expect to be called with a certain lock held, making reasoning about the state of locks a bit easier. * Splits the `git_pack_file` lock in two: the one in `git_pack_file` only protects the `index_map`. The protection to `git_mwindow_file` is now in that struct. * Explicitly checks for freshness of the `git_pack_file` in `git_packfile_unpack_header`: this allows the mwindow implementation to close files whenever there is enough cache pressure, and `git_packfile_unpack_header` will reopen the packfile if needed. * After a call to `p_munmap()`, the `data` and `len` fields are poisoned with `NULL` to make use-after-frees more evident and crash rather than being open to the possibility of heap corruption. * Adds a test case to prevent this from regressing in the future. Fixes: #5591
lhchavez 4ae41f9c 2020-08-02T16:26:25 Make the odb race-free This change adds all the necessary locking to the odb to avoid races in the backends. Part of: #5592
lhchavez 896b1db4 2020-08-03T07:17:52 Add a ThreadSanitizer build This change adds a ThreadSanitizer CI build rule. It's informative for now because there are still known places where there are races. Part of: #5592
Edward Thomson 11a62973 2020-08-03T10:01:26 Merge pull request #5569 from lhchavez/ci-sanitizers Add CI support for Memory and UndefinedBehavior Sanitizers
Patrick Steinhardt 19eb1e4b 2020-06-05T10:07:33 cmake: specify project version We currently do not set up a project version within CMake, meaning that it can't be use by other projects including libgit2 as a sub-project and also not by other tools like IDEs. This commit changes this to always set up a project version, but instead of extracting it from the "version.h" header we now set it up directly. This is mostly to avoid mis-use of the previous `LIBGIT2_VERSION` variables, as we should now always use the `libgit2_VERSION` ones that are set up by CMake if one provides the "VERSION" keyword to the `project()` call. While this is one more moving target we need to adjust on releases, this commit also adjusts our release script to verify that the project version was incremented as expected.
lhchavez 6a917c04 2020-06-28T15:51:43 Add CI support for Memory and UndefinedBehavior Sanitizers This change adds two new build targets: MSan and UBSan. This is because even though OSS-Fuzz is great and adds a lot of coverage, it only does that for the fuzz targets, so the rest of the codebase is not necessarily run with the Sanitizers ever :( So this change makes sure that MSan/UBSan warnings don't make it into the codebase. As part of this change, the Ubuntu focal container is introduced. It builds mbedTLS and libssh2 as debug libraries into /usr/local and as MSan-enabled libraries into /usr/local/msan. This latter part is needed because MSan requires the binary and all its dependent libraries to be built with MSan support so that memory allocations and deallocations are tracked correctly to avoid false positives.
Edward Thomson b79f7d38 2020-06-04T09:49:38 release script: fix typo
Suhaib Mujahid f1c1458c 2020-05-12T10:55:14 feat: Check the version in package.json
Patrick Steinhardt 2ae45bc3 2020-01-30T11:40:13 scripts: add script to create releases The current release process is not documented in any way. As a result, it's not obvious how releases should be done at all, like e.g. which locations need adjusting. To fix this, let's introduce a new script that shall from now on be used to do all releases. As input it gets the tree that shall be released, the repository in which to do the release, credentials to authenticate against GitHub and the new version. E.g. executing the following will create a new release v0.32: $ ./script/release.py 0.32.0 --user pks-t --password **** While the password may currently be your usual GitLab password, it's recommended to use a personal access token intead. The script will then perform the following steps: 1. Verify that "include/git2/version.h" matches the new version. 2. Verify that "docs/changelog.md" has a section for that new version. 3. Extract the changelog entries for the current release from "docs/changelog.md". 4. Generate two archives in "tar.gz" and "zip" format via "git archive" from the tree passed by the user. If no tree was passed, we will use "HEAD". 5. Create the GitHub release using the extracted changelog entries as well as tag and name information derived from the version passed by the used. 6. Upload both code archives to that release. This should cover all steps required for a new release and thus ensures that nothing is missing that shouldn't be.
Edward Thomson 2ad3eb3e 2019-11-24T15:59:26 valgrind: add suppressions for undefined use valgrind will warn that OpenSSL will use undefined data in connect/read when talking to certain other TLS stacks. Thankfully, this only seems to occur when gcc is the compiler, so hopefully valgrind is just misunderstanding an optimization. Regardless, suppress this warning.
Edward Thomson 6df3ec4a 2019-11-23T21:14:32 valgrind: suppress libssh2_rsa_sha1_sign leaks
Edward Thomson 7adc32d5 2019-11-23T13:02:29 valgrind: suppress kexinit leaks
Edward Thomson 5dc1be8d 2019-11-23T11:25:56 valgrind: suppress uninitialized reads in libcrypto libcrypto will read uninitialized memory as entropy. Suppress warnings from this behavior.
Patrick Steinhardt 56d5b443 2019-09-21T17:55:54 valgrind: suppress memory leaks in libssh2_session_handshake On Ubuntu, the combination of libgcrypt and libssh2 is quite old and known to contain memory leaks. We thus have several functions listed in our suppressions file that are known to leak. Due to a recent update of libssh2 or libgcrypt, there now are new memory leaks caused by libssh2_session_handshake and libssh2_init that cause the CI to fail. Add a new suppression to fix the issue.
Patrick Steinhardt d827b11b 2019-06-28T13:20:54 tests: execute leak checker via CTest directly Right now, we have an awful hack in our test CI setup that extracts the test command from CTest's output and then prepends the leak checker. This is dependent on non-machine-parseable output from CMake and also breaks on various ocassions, like for example when we have spaces in the current path or when the path contains backslashes. Both conditions may easily be triggered on Win32 systems, and in fact they do break our Azure Pipelines builds. Remove the awful hack in favour of a new CMake build option "USE_LEAK_CHECKER". If specifying e.g. "-DUSE_LEAK_CHECKER=valgrind", then we will set up all tests to be run under valgrind. Like this, we can again simply execute ctest without needing to rely on evil sourcery.
Edward Thomson 00c66dfd 2019-01-10T22:43:59 errors: update static analysis tools for giterr Update GITERR and giterr usages in the static code analysis tools to use the new names.
Etienne Samson a74f4fb9 2019-01-04T14:04:48 coverity: attempt to model clar's assertions Coverity considers that anything that looks like assert() behaves like it (ie. side-effects would be skipped on a NDEBUG build). As we have a bunch of those in the test suite (128), this would ensure Coverity isn't confused.
Edward Thomson 24d17562 2018-07-27T16:40:44 ci: remove unused old ci scripts
Edward Thomson 24b8dd82 2018-07-27T12:31:32 ci: move travis to the new scripts
Edward Thomson 465f8b51 2018-07-26T15:14:37 ci: move appveyor to new scripts
Edward Thomson b00672b9 2018-07-20T19:47:40 ci: enable leak checking on osx
Edward Thomson ce798b25 2018-07-04T10:56:56 tests: simplify cmake test configuration Simplify the names for the tests, removing the unnecessary "libgit2-clar" prefix. Make "all" the new default test run, and include the online tests by default (since HTTPS should always be enabled). For the CI tests, create an offline-only test, then the various online tests.
Etienne Samson 61eaaadf 2018-04-20T23:11:30 travis: enable -Werror in the script instead of using the matrix
Etienne Samson 149790b9 2018-04-20T23:11:28 scripts: remove extraneous semicolons
Etienne Samson 4c969618 2018-04-20T23:11:27 scripts: use leaks on macOS
Etienne Samson 0fb8c1d0 2018-04-20T23:11:25 valgrind: bump num-callers to 50 for fuller stack traces
Etienne Samson 1f4ada2a 2018-04-20T23:11:23 travis: let cmake perform the build & install step The goal is to let cmake manage the parallelism
Etienne Samson 573c4089 2018-04-20T23:11:19 valgrind: skip buf::oom test
Etienne Samson 74b0a432 2018-04-20T23:11:16 travis: split valgrind check in its own script
Etienne Samson 2f4e7cb0 2018-04-20T23:11:14 travis: split testing from building
Edward Thomson 86353a72 2018-04-22T14:57:02 Merge pull request #4173 from tiennou/mbedtls mbedTLS support
Edward Thomson d906a879 2018-04-17T23:39:54 Merge pull request #4476 from pks-t/pks/backport-script scripts: add backporting script
Etienne Samson cb2da47e 2018-03-29T22:14:17 travis: pass -fPIC when configuring mbedtls
Etienne Samson 10aff3d5 2018-03-29T22:14:15 travis: just grab what we need from mbedtls
Etienne Samson 262dfcf0 2018-03-29T22:14:05 mbedtls: enable Travis CI tests
Patrick Steinhardt 0b3d8592 2018-01-12T11:02:19 scripts: add backporting script This adds a simple script for backporting pull requests to older branches. It accepts as parameters a list of pull request numbers which whose commits are to be cherry-picked. The identification of PRs currently happens by using the commit message of the merge of the PR, which should conform to the message "Merge pull request #<PR>". While the heuristic works in practice, we could instead also use the direct references from GitHub via "pull/#<PR>/head". This requires the user to have all these references fetched, though, so we can just use the current heuristic until we experience any issues with that.
Patrick Steinhardt 5874e151 2017-11-20T13:26:33 tests: create new test target for all SSH-based tests Some tests shall be run against our own SSH server we spin up in Travis. As those need to be run separate from our previous tests which run against git-daemon, we have to do this in a separate step. Instead of bundling all that knowledge in the CI script, move it into the test build instructions by creating a new test target.
Patrick Steinhardt 54a1bf05 2017-06-07T13:06:53 tests: online::clone: inline creds-test with nonexistent URL Right now, we test our credential callback code twice, once via SSH on localhost and once via a non-existent GitHub repository. While the first URL makes sense to be configurable, it does not make sense to hard-code the non-existing repository, which requires us to call tests multiple times. Instead, we can just inline the URL into another set of tests.
Patrick Steinhardt fea60920 2017-06-07T12:48:48 tests: online::clone: construct credential-URL from environment We support two types of passing credentials to the proxy, either via the URL or explicitly by specifying user and password. We test these types by modifying the proxy URL and executing the tests twice, which is in fact unnecessary and requires us to maintain the list of environment variables and test executions across multiple CI infrastructures. To fix the situation, we can just always pass the host, port, user and password to the tests. The tests can then assemble the complete URL either with or without included credentials, allowing us to test both cases in-process.
Edward Thomson 28c89507 2017-11-06T11:49:46 Merge pull request #4394 from libgit2/cmn/macos-ramdisk travis: put clar's sandbox in a ramdisk on macOS
Patrick Steinhardt 0b98a66b 2017-11-06T11:16:02 appveyor: build examples By default, CMake will not build our examples directory. As we do not instruct either the MinGW or MSVC builds on AppVeyor to enable building these examples, we cannot verify that those examples at least build on Windows systems. Fix that by passing `-DBUILD_EXAMPLES=ON` to AppVeyor's CMake invocation.
Carlos Martín Nieto 71ba4644 2017-10-31T14:43:28 travis: let's try a 5GB ramdisk
Carlos Martín Nieto 37bb1512 2017-10-31T10:40:24 travis: put clar's sandbox in a ramdisk on macOS The macOS tests are by far the slowest right now. This attempts to remedy the situation somewhat by asking clar to put its test data on a ramdisk.
Edward Thomson 9dc21efd 2017-10-07T00:10:06 travis: add custom apt sources Move back to Travis's VM infrastructure for efficiency.
Carlos Martín Nieto 366f4136 2017-09-28T17:19:56 travis: keep installing our custom libcurl build The block in the script installs the packages if we're _not_ on Precise. This was dropped in c17c3f8a ("travis: drop support for Ubuntu Precise") in error.
Patrick Steinhardt c17c3f8a 2017-09-06T08:04:19 travis: drop support for Ubuntu Precise Ubuntu Precise is end of life since April 2017. At that point in time, Precise was still the main distro on which Travis CI built upon, with the Trusty-based images still being in a beta state. But since June 21st, Trusty has officially moved out of beta and is now the default image for all new builds. Right now, we build on both old and new images to assure we support both. Unfortunately, this leaves us with the highest minimum version for CMake being 2.8.7, as Precise has no greater version in its repositories. And because of this limitation, we cannot actually use object libraries in our build instructions. But considering Precise is end of life and Trusty is now the new default for Travis, we can and should drop support for this old and unmaintained distribution. And so we do.
Edward Thomson c582fa4e 2017-07-24T17:53:32 travis: only install custom libcurl on trusty
Edward Thomson 697583ea 2017-07-24T16:48:04 travis: only kill our own sshd
Edward Thomson f031e20b 2017-07-23T03:41:52 travis: build with patched libcurl Ubuntu trusty has a bug in curl when using NTLM credentials in a proxy, dereferencing a null pointer and causing segmentation faults. Use a custom-patched version of libcurl that avoids this issue.
Patrick Steinhardt 06619904 2017-04-26T13:04:23 travis: cibuild: set up our own sshd server Some tests of ours require to be running against an SSH server. Currently, we simply run against the SSH server provided and started by Travis itself. As our Linux tests run in a sudo-less environment, we have no control over its configuration and startup/shutdown procedure. While this has been no problem until now, it will become a problem as soon as we migrate over to newer Precise images, as the SSH server does not have any host keys set up. Luckily, we can simply set up our own unpriviledged SSH server. This has the benefit of us being able to modify its configuration even in a sudo-less environment. This commit sets up the unpriviledged SSH server on port 2222.
Patrick Steinhardt 96d02989 2017-06-13T08:09:38 travis: replace use of deprecated homebrew/dupes tap The formulae provided by the homebrew/dupes tap are deprecated since at least April 4, 2017, with formulae having been migrated to homebrew/core. Replace the deprecated reference to "homebrew/dupes/zlib" with only "zlib".
Edward Thomson 844e85f2 2017-06-12T20:00:21 travis: install openssl explicitly
Edward Thomson 408a7b77 2017-02-24T17:37:00 appveyor: don't rewrite system mingw Download mingw-w64 into our build directory and execute it there, don't try to overwrite the system's mingw.
Patrick Steinhardt 18c18e3d 2016-10-31T15:55:46 coverity: check for Coverity token only if necessary When running a Coverity build, we have to provide an authentication token in order to proof that we are actually allowed to run analysis in the name of a certain project. As this token should be secret, it is only set on the main repository, so when we were requested to run the Coverity script on another repository we do error out. But in fact we do also error out if the Coverity analysis should _not_ be run if there is no authentication token provided. Fix the issue by only checking for the authentication token after determining if analysis is indeed requested.
Patrick Steinhardt 561276ee 2016-10-28T14:48:30 coverity: only analyze the master branch of the main repository We used to only execute Coverity analysis on the 'development' branch before commit 998f001 (Refine build limitation, 2014-01-15), which refined Coverity build limitations. While we do not really use the 'development' branch anymore, it does still make sense to only analyze a single branch, as otherwise Coverity might get confused. Re-establish the restriction such that we only analyze libgit2's 'master' branch. Also fix the message announcing why we do not actually analyze a certain build.
Patrick Steinhardt 6c4d2d3e 2016-10-28T14:45:55 coverity: fix download URL
Patrick Steinhardt ec3f5a9c 2016-08-16T11:02:47 script: cibuild: build examples
Carlos Martín Nieto db357667 2016-10-05T20:17:06 travis: take the newer ssh-keygen format into account The Mac machines have updated their SSH version and so the ssh-keygen format has changed. Ask it for MD5, which is the one that is output as hex.
Carlos Martín Nieto 94d565b9 2016-10-05T18:52:43 cibuild: set -x This lets us see the details of what we're doing instead of just seeing the output of unknown commands in the build output.
Edward Thomson a37624ec 2016-07-24T16:05:17 Merge pull request #3815 from pks-t/pks/coverity-model Coverity user model
Edward Thomson 0239eff3 2016-07-24T14:51:28 ci: install homebrew's curl on mac
Edward Thomson 08556e6d 2016-07-22T17:45:03 ci: install homebrew's zlib on mac
Patrick Steinhardt 4d8fe1cd 2016-06-07T09:20:35 coverity: model functions printing into git_buf The `git_buf` structure seems to be too complicated to correctly grasp for Coverity. As such, add simpler models trying to guide Coverity and remove false positives related to these functions.
Patrick Steinhardt 956f1e23 2016-06-07T09:17:52 coverity: add user model The static analysis engine coverity allows for user models overriding how it treats functions when analyzing code. Like this, one can greatly reduce the rate of false positives and thus make it easier to spot actual errors. Add a user model that overrides function models for `git_buf_len` and `git_vector_insert`, which together amount for a majority of false positives.
Carlos Martín Nieto db01724f 2016-03-14T13:42:10 CI: start the proxy before the build so it's ready It takes a bit for the propxy to get ready to accept connections, so start it before the build so we can be reasonably sure that it's going to be ready in time.
Carlos Martín Nieto 2f3f1ee0 2015-09-21T21:40:37 proxy: test proxy support on Travis
Carlos Martín Nieto 4848dd32 2016-03-14T17:45:15 Merge pull request #3647 from pks-t/pks/coverity-fixes-round6 Coverity fixes round 6
Carlos Martín Nieto b1093e62 2016-03-09T19:01:33 Remove CI support for mingw32 The tests have never run successfully and we do have successful builds of mingw-w64, so remove these CI builds which do not add value.
Patrick Steinhardt 2615d0d6 2016-03-02T01:50:34 coverity: report errors when uploading tarball Curl by default does not report errors by setting the error code. As the upload can fail through several conditions (e.g. the rate limit, leading to unauthorized access) we should indicate this information in Travis CI. To improve upon the behavior, use `--write-out=%{http_code}` to write out the HTTP code in addition to the received body and return an error if the code does not equal 201.
Carlos Martín Nieto ba9bb664 2016-03-03T19:21:07 tests: create a ctest target for cred_callback
Carlos Martín Nieto 25205737 2016-03-03T10:08:00 test: make sure we retry the auth callback on all platforms We were missing this test on Windows, which meant we didn't notice that we never fixed the single authentication attempt it tries, nor its wrong return code. Enable this for the unix platforms as well over HTTP. We previously were doing it locally but disabled it on OS X due to issues with its sshd not accepting password authentication.
Patrick Steinhardt 859ed5dd 2016-02-23T09:54:26 common: introduce GITERR_CHECK_ALLOC_BUF We commonly have to check if a git_buf has been allocated correctly or if we ran out of memory. Introduce a new macro similar to `GITERR_CHECK_ALLOC` which checks if we ran OOM and if so returns an error. Provide a `#nodef` for Coverity to mark the error case as an abort path.
Patrick Steinhardt f2a554b4 2016-02-22T14:43:28 coverity: hint git_vector_foreach does not deref NULL contents Coverity does not comprehend the connection between a vector's size and the contents pointer, that is that the vector's pointer is non-NULL when its size is positive. As the vector code should be reasonably well tested and users are expected to not manually modify a vector's contents it seems save to assume that the macros will never dereference a NULL pointer. Fix Coverity warnings by overriding the foreach macros with macros that explicitly aborting when (v)->contents is NULL.
Patrick Steinhardt 40f6f225 2016-02-15T10:58:52 coverity: hint that string length is at least 2 When checking if a string is prefixed by a drive letter (e.g. "C:") we verify this by inspecting the first and second character of the string. Coverity thinks this is a defect as we do not check the string's length first, but in fact we only check the second character if the first character is part of the alphabet, that is it cannot be '\0'. Fix this by overriding the macro and explicitly checking the string's length.
Patrick Steinhardt 5981ab1d 2016-02-15T09:41:08 coverity: add nodefs for abort macros Add nodefs for macros that abort the current flow due to errors. This includes macros that trigger on integer overflows and for the version check macro. This aids Coverity as we point out that these paths will cause a fatal error.
Patrick Steinhardt 50174ab4 2016-02-10T11:06:23 coverity: use https URL for posting build When posting our instrumented build results to Coverity we have to include sensitive information, in particular our authorization token. Currently we use an unencrypted channel to post this information, leading to the token being transferred in plain. Fix this by using a secured connection instead.
Patrick Steinhardt 8dddea42 2016-02-10T10:59:14 coverity: provide nodef for GITERR_CHECK_ALLOC Coverity currently lists a lot of errors with regard to GITERR_CHECK_ALLOC causing resource leaks. We know this macro is only invoked when we want to abort because we are out of memory. Coverity allows for overriding the default model where we know that certain functions guarantee a desired behavior. The user_nodefs.h is used to override the behavior of macros. Re-define GITERR_CHECK_ALLOC inside of it to specify its abort nature.
Carlos Martín Nieto a0bdfe32 2015-07-06T18:42:39 travis: don't install CMake on OS X Homebrew will error out because it's already installed.
Carlos Martín Nieto d41b8ed0 2015-07-06T18:32:31 travis: update the homebrew db We need to make sure we are asking for the current version of packages, or we might get 404s from the download service.
Arthur Schreiber 32f538ae 2015-06-27T15:02:53 Remove dependency installation file for travis builds. We're installing dependencies via the APT addon now.
Arthur Schreiber 51f87999 2015-06-26T18:05:17 Don't try to start ssh.
Carlos Martín Nieto 6042a050 2015-06-12T12:17:03 travis: fail if we fail the push tests These tests were not being taken into consideration for the failure of the test. They've been failing for a while now, but we hadn't noticed as Travis was reporting the builds successful.
Tony Kelman 7aa96593 2015-03-17T12:05:07 set PKG_CONFIG_LIBDIR in toolchain-mingw32.cmake
Philip Kelley 8f426d7d 2014-06-09T11:43:25 Win32: Enable WinHTTP for MinGW
Edward Thomson 3e329861 2015-03-10T16:08:34 Revert "Implement fail-fast for Travis as well" This reverts commit ba6c53b91b1d9c9dc49b7c0d8e8efbd9842c31dc.
Tony Kelman 4c88fd7c 2015-03-04T11:31:24 Add MinGW-w64 to matrix cache mingw-w64 downloads quiet curl and 7zip run appveyor steps in cmd for mingw
Tony Kelman ba6c53b9 2015-03-03T21:07:12 Implement fail-fast for Travis as well
Tony Kelman ac5fad27 2015-03-03T10:53:26 add mingw to appveyor matrix use MSYS makefiles generator add bash script for running mingw on appveyor add --login and fix run paths use msys style path to appveyor-mingw.sh add mingw path to /etc/fstab
Edward Thomson 6f446176 2014-11-21T10:59:20 Merge pull request #2710 from Therzok/shellcheckScripts Run shell scripts through shellcheck
Ungureanu Marius a4fccbbf 2014-11-17T07:01:40 Run shell scripts through shellcheck
Carlos Martín Nieto aa5a06c3 2014-11-20T00:52:52 travis: disable the cert callback on OSX The sshd on OSX has stopped responding to the setting which this test assumes is there, so let's disable it until we can figure out what's happening.
Carlos Martín Nieto ebda0970 2014-09-16T02:07:39 script: use a parallel build on Travis
Carlos Martín Nieto 0fef3899 2014-09-16T01:25:53 Merge remote-tracking branch 'upstream/master' into cmn/host-cert-info
Carlos Martín Nieto bf8756d6 2014-09-15T21:51:42 ssh: add test for host key Test that the certificate check callback gets the right fingerprint from the host we're connecting to.
Carlos Martín Nieto 26bf3a53 2014-08-10T17:13:00 travis: no need to clean out the test repository This was added to avoid the remote's default branch to be considered to the be notes one which the first network test leaves behind.
Carlos Martín Nieto 6a0d2b43 2014-08-27T15:09:07 Merge remote-tracking branch 'upstream/master' into cmn/ssh-retry
Carlos Martín Nieto d4256ed5 2014-07-04T10:00:39 ssh: provide a factory function for setting ssh paths git allows you to set which paths to use for the git server programs when connecting over ssh; and we want to provide something similar. We do this by providing a factory function which can be set as the remote's transport callback which will set the given paths upon creation.
Carlos Martín Nieto 87339935 2014-06-26T22:38:54 travis: enable password authentication on OSX Our ssh tests assume that the server supports password authentication in a few places. This is convenient as we're not testing authentication methods, but what happens around them. Tell sshd on OSX to accept this form of authentication.
Carlos Martín Nieto d7f962f4 2014-06-16T19:30:06 ssh: request credentials again on authentication failure Instead of completely giving up on the first failure, ask for credentials as long as we fail to authenticate.