gvfs-helper: fix support for NTLM #265
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Jeff Hostetler <jeffhost@microsoft.com>
jeffhostetler
requested review from
derrickstolee,
dscho,
jrbriggs and
mjcheetham
gvfs-helper.c
Outdated
| * (because the cache-server doesn't support it). | ||
| */ | ||
| curl_easy_setopt(slot->curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY); | ||
| curl_easy_setopt(slot->curl, CURLOPT_USERPWD, ":"); |
There was a problem hiding this comment.
We'll want to verify that this doesn't make the cache server OR cloud situation break. I wonder if there is anything we can do to tell if we are against the on-prem server or not.
An installer is sent to the customer, which should help.
Author
There was a problem hiding this comment.
Yeah, however, the cache server never sends back 401s,
only a generic 400 Bad Request (with a human-readable
"creds required" message in the html body (sigh)). So the
cache server will never trigger the 401 logic inside libcurl.
So I think this change is net-neutral WRT the cache servers.
But now that you say that, I am tempted to move the cache
server case into its own branch (and kill the TODO comment).
A larger take-away here is that cache servers (that require
auth) won't work with origin servers that use NTLM.
I'll fix this up and submit another version shortly.
mjcheetham
reviewed
Apr 30, 2020
gvfs-helper.c
Outdated
| * | ||
| * TODO Think about if we really need to handle this case. | ||
| * TODO Guard with "if (params->sever_type == __MAIN)" | ||
| * Set an empty u/p to get CURL to automatically negotiate |
Member
There was a problem hiding this comment.
Source context (because GitHub doesn't let you comment on lines outside the default context): this change is in the else part of the if (creds && creds->username) control flow statement.
What happens if creds->username is NULL and creds->password != NULL?
We'll fall into this CURLAUTH_ANY flow.. what if users have manually specified a PAT as the password without a username? I.e., ":password123"
Author
There was a problem hiding this comment.
Good question. I was modeling this on how they set this up in [1].
But, you're right, PATs work with an empty username [2].
I should update this to allow either to be set and route us into
Basic auth. (The assumption is that if GCM chooses NTLM,
it'll send back empty strings for both. (I also wonder how all
of this works with Kerberos/GSSNegotiate, but that's for another
day.))
[1] https://github.com/microsoft/git/blob/vfs-2.26.1/http.c#L485
Signed-off-by: Jeff Hostetler <jeffhost@microsoft.com>
Author
|
Version 2 moves most of the server-specific code into helper functions and |
Author
|
I'm tempted to leave this as 2 commits. 1 to show the actual functional fix to make NTLM work. And the second to better explain why. But I'm open to suggestion. |
derrickstolee
approved these changes
May 1, 2020
derrickstolee
left a comment
derrickstolee
left a comment
There was a problem hiding this comment.
Customer reports this does solve their issue. Thanks!
Author
|
Great! Thanks! |
dscho
pushed a commit
that referenced
this pull request
May 20, 2020
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
dscho
pushed a commit
that referenced
this pull request
May 20, 2020
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
derrickstolee
added a commit
that referenced
this pull request
Jun 1, 2020
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
derrickstolee
added a commit
that referenced
this pull request
Jul 20, 2020
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
derrickstolee
added a commit
that referenced
this pull request
Jul 27, 2020
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
derrickstolee
added a commit
that referenced
this pull request
Jul 28, 2020
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
derrickstolee
added a commit
that referenced
this pull request
Oct 6, 2020
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
derrickstolee
added a commit
that referenced
this pull request
Oct 6, 2020
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
dscho
pushed a commit
that referenced
this pull request
Oct 6, 2020
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
derrickstolee
added a commit
that referenced
this pull request
Oct 9, 2020
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
derrickstolee
added a commit
that referenced
this pull request
Oct 9, 2020
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
derrickstolee
added a commit
that referenced
this pull request
Oct 16, 2020
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
derrickstolee
added a commit
that referenced
this pull request
Oct 19, 2020
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
mjcheetham
pushed a commit
that referenced
this pull request
Dec 15, 2020
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
mjcheetham
pushed a commit
that referenced
this pull request
Dec 15, 2020
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
dscho
pushed a commit
that referenced
this pull request
Dec 18, 2020
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
dscho
pushed a commit
that referenced
this pull request
Dec 24, 2020
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
dscho
pushed a commit
that referenced
this pull request
Dec 28, 2020
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
dscho
pushed a commit
that referenced
this pull request
Mar 4, 2021
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
dscho
pushed a commit
that referenced
this pull request
Mar 4, 2021
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
dscho
pushed a commit
that referenced
this pull request
Mar 4, 2021
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
dscho
pushed a commit
that referenced
this pull request
Mar 5, 2021
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
dscho
pushed a commit
that referenced
this pull request
Mar 8, 2021
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
jeffhostetler
pushed a commit
that referenced
this pull request
Mar 15, 2021
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
jeffhostetler
pushed a commit
that referenced
this pull request
Mar 16, 2021
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
derrickstolee
added a commit
that referenced
this pull request
May 17, 2021
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
derrickstolee
added a commit
that referenced
this pull request
May 17, 2021
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
derrickstolee
added a commit
that referenced
this pull request
May 17, 2021
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
dscho
pushed a commit
that referenced
this pull request
May 21, 2021
Fix NTLM support in gvfs-helper. NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND we passed empty username/password. This lets it negotiate with the server and choose the best authentication scheme.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix NTLM support in
gvfs-helper.NTLM is handled magically by libcurl when we CURLAUTH_ANY is enabled AND
we passed empty username/password. This lets it negotiate with the server and
choose the best authentication scheme.
Signed-off-by: Jeff Hostetler jeffhost@microsoft.com