kmx git

thodg/libgit2/src/transports/auth_ntlm.h

Commit

Hash : 76fd406a
Author :
Date : 2019-12-26T16:37:01

http: send probe packets

When we're authenticating with a connection-based authentication scheme
(NTLM, Negotiate), we need to make sure that we're still connected
between the initial GET where we did the authentication and the POST
that we're about to send.  Our keep-alive session may have not kept
alive, but more likely, some servers do not authenticate the entire
keep-alive connection and may have "forgotten" that we were
authenticated, namely Apache and nginx.

Send a "probe" packet, that is an HTTP POST request to the upload-pack
or receive-pack endpoint, that consists of an empty git pkt ("0000").
If we're authenticated, we'll get a 200 back.  If we're not, we'll get a
401 back, and then we'll resend that probe packet with the first step of
our authentication (asking to start authentication with the given
scheme).  We expect _yet another_ 401 back, with the authentication
challenge.

Finally, we will send our authentication response with the actual POST
data.  This will allow us to authenticate without draining the POST data
in the initial request that gets us a 401.

src/transports/auth_ntlm.h

/*
 * Copyright (C) the libgit2 contributors. All rights reserved.
 *
 * This file is part of libgit2, distributed under the GNU GPL v2 with
 * a Linking Exception. For full terms see the included COPYING file.
 */

#ifndef INCLUDE_transports_auth_ntlm_h__
#define INCLUDE_transports_auth_ntlm_h__

#include "git2.h"
#include "auth.h"

/* NTLM requires a full request/challenge/response */
#define GIT_AUTH_STEPS_NTLM 2

#ifdef GIT_NTLM

#if defined(GIT_OPENSSL)
# define CRYPT_OPENSSL
#elif defined(GIT_MBEDTLS)
# define CRYPT_MBEDTLS
#elif defined(GIT_SECURE_TRANSPORT)
# define CRYPT_COMMONCRYPTO
#endif

extern int git_http_auth_ntlm(
	git_http_auth_context **out,
	const git_net_url *url);

#else

#define git_http_auth_ntlm git_http_auth_dummy

#endif /* GIT_NTLM */

#endif