summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDuncan Brown <dabrown@physics.syr.edu>2011-06-02 16:31:25 -0400
committerJunio C Hamano <gitster@pobox.com>2011-06-03 09:29:19 -0700
commitbcfb95dde46bd7cf2c6673ab8a3e6f0c0429906e (patch)
tree02711596321041e65170468fe58a0abdcd7fcf9d
parenta6605d76cdad37ed3c55a7be4d2e0af0f4721bb2 (diff)
downloadgit-bcfb95dde46bd7cf2c6673ab8a3e6f0c0429906e.tar.gz
http: pass http.cookiefile using CURLOPT_COOKIEFILE
If the config option http.cookiefile is set, pass this file to libCURL using the CURLOPT_COOKIEFILE option. This is similar to calling curl with the -b option. This allows git http authorization with authentication mechanisms that use cookies, such as SAML Enhanced Client or Proxy (ECP) used by Shibboleth. To use SAML/ECP, the user needs to request a session cookie with their own ECP code. See for example: <https://wiki.shibboleth.net/confluence/display/SHIB2/ECP> Once the cookie file has been created, it can be passed to git with, e.g. git config --global http.cookiefile "/home/dbrown/.curlcookies" libCURL will then pass the appropriate session cookies to the git http server. Signed-off-by: Duncan Brown <duncan.brown@ligo.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--Documentation/config.txt8
-rw-r--r--http.c5
2 files changed, 13 insertions, 0 deletions
diff --git a/Documentation/config.txt b/Documentation/config.txt
index 6b93777199..c631d1cbf9 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -1196,6 +1196,14 @@ http.proxy::
environment variable (see linkgit:curl[1]). This can be overridden
on a per-remote basis; see remote.<name>.proxy
+http.cookiefile::
+ File containing previously stored cookie lines which should be used
+ in the git http session, if they match the server. The file format
+ of the file to read cookies from should be plain HTTP headers or
+ the Netscape/Mozilla cookie file format (see linkgit:curl[1]).
+ NOTE that the file specified with http.cookiefile is only used as
+ input. No cookies will be stored in the file.
+
http.sslVerify::
Whether to verify the SSL certificate when fetching or pushing
over HTTPS. Can be overridden by the 'GIT_SSL_NO_VERIFY' environment
diff --git a/http.c b/http.c
index b2ae8de16d..a1ea3db499 100644
--- a/http.c
+++ b/http.c
@@ -41,6 +41,7 @@ static long curl_low_speed_limit = -1;
static long curl_low_speed_time = -1;
static int curl_ftp_no_epsv;
static const char *curl_http_proxy;
+static const char *curl_cookie_file;
static char *user_name, *user_pass;
static const char *user_agent;
@@ -191,6 +192,9 @@ static int http_options(const char *var, const char *value, void *cb)
if (!strcmp("http.proxy", var))
return git_config_string(&curl_http_proxy, var, value);
+ if (!strcmp("http.cookiefile", var))
+ return git_config_string(&curl_cookie_file, var, value);
+
if (!strcmp("http.postbuffer", var)) {
http_post_buffer = git_config_int(var, value);
if (http_post_buffer < LARGE_PACKET_MAX)
@@ -531,6 +535,7 @@ struct active_request_slot *get_active_slot(void)
slot->finished = NULL;
slot->callback_data = NULL;
slot->callback_func = NULL;
+ curl_easy_setopt(slot->curl, CURLOPT_COOKIEFILE, curl_cookie_file);
curl_easy_setopt(slot->curl, CURLOPT_HTTPHEADER, pragma_header);
curl_easy_setopt(slot->curl, CURLOPT_ERRORBUFFER, curl_errorstr);
curl_easy_setopt(slot->curl, CURLOPT_CUSTOMREQUEST, NULL);