Unverified Commit 18293385 by Edward Thomson Committed by GitHub

Merge pull request #5395 from josharian/http-use-eauth

Use error code GIT_EAUTH for authentication failures
parents 78cd7624 9937967e
...@@ -509,6 +509,9 @@ with v0.28.0. ...@@ -509,6 +509,9 @@ with v0.28.0.
The breaking change is that the `username` member of the underlying struct The breaking change is that the `username` member of the underlying struct
is now hidden, and a new `git_cred_get_username` function has been provided. is now hidden, and a new `git_cred_get_username` function has been provided.
* Some errors of class `GIT_ERROR_NET` now have class `GIT_ERROR_HTTP`.
Most authentication failures now have error code `GIT_EAUTH` instead of `GIT_ERROR`.
### Breaking CMake configuration changes ### Breaking CMake configuration changes
* The CMake option to use a system http-parser library, instead of the * The CMake option to use a system http-parser library, instead of the
......
...@@ -18,7 +18,7 @@ static int basic_next_token( ...@@ -18,7 +18,7 @@ static int basic_next_token(
{ {
git_credential_userpass_plaintext *cred; git_credential_userpass_plaintext *cred;
git_buf raw = GIT_BUF_INIT; git_buf raw = GIT_BUF_INIT;
int error = -1; int error = GIT_EAUTH;
GIT_UNUSED(ctx); GIT_UNUSED(ctx);
......
...@@ -267,7 +267,7 @@ static int negotiate_init_context( ...@@ -267,7 +267,7 @@ static int negotiate_init_context(
if (!ctx->oid) { if (!ctx->oid) {
git_error_set(GIT_ERROR_NET, "negotiate authentication is not supported"); git_error_set(GIT_ERROR_NET, "negotiate authentication is not supported");
return -1; return GIT_EAUTH;
} }
git_buf_puts(&ctx->target, "HTTP@"); git_buf_puts(&ctx->target, "HTTP@");
......
...@@ -85,7 +85,7 @@ static int ntlm_next_token( ...@@ -85,7 +85,7 @@ static int ntlm_next_token(
git_buf input_buf = GIT_BUF_INIT; git_buf input_buf = GIT_BUF_INIT;
const unsigned char *msg; const unsigned char *msg;
size_t challenge_len, msg_len; size_t challenge_len, msg_len;
int error = -1; int error = GIT_EAUTH;
GIT_ASSERT_ARG(buf); GIT_ASSERT_ARG(buf);
GIT_ASSERT_ARG(ctx); GIT_ASSERT_ARG(ctx);
......
...@@ -162,7 +162,7 @@ static int handle_auth( ...@@ -162,7 +162,7 @@ static int handle_auth(
if (error > 0) { if (error > 0) {
git_error_set(GIT_ERROR_HTTP, "%s authentication required but no callback set", server_type); git_error_set(GIT_ERROR_HTTP, "%s authentication required but no callback set", server_type);
error = -1; error = GIT_EAUTH;
} }
if (!error) if (!error)
...@@ -179,7 +179,7 @@ GIT_INLINE(int) handle_remote_auth( ...@@ -179,7 +179,7 @@ GIT_INLINE(int) handle_remote_auth(
if (response->server_auth_credtypes == 0) { if (response->server_auth_credtypes == 0) {
git_error_set(GIT_ERROR_HTTP, "server requires authentication that we do not support"); git_error_set(GIT_ERROR_HTTP, "server requires authentication that we do not support");
return -1; return GIT_EAUTH;
} }
/* Otherwise, prompt for credentials. */ /* Otherwise, prompt for credentials. */
...@@ -201,7 +201,7 @@ GIT_INLINE(int) handle_proxy_auth( ...@@ -201,7 +201,7 @@ GIT_INLINE(int) handle_proxy_auth(
if (response->proxy_auth_credtypes == 0) { if (response->proxy_auth_credtypes == 0) {
git_error_set(GIT_ERROR_HTTP, "proxy requires authentication that we do not support"); git_error_set(GIT_ERROR_HTTP, "proxy requires authentication that we do not support");
return -1; return GIT_EAUTH;
} }
/* Otherwise, prompt for credentials. */ /* Otherwise, prompt for credentials. */
...@@ -259,7 +259,7 @@ static int handle_response( ...@@ -259,7 +259,7 @@ static int handle_response(
} else if (response->status == GIT_HTTP_STATUS_UNAUTHORIZED || } else if (response->status == GIT_HTTP_STATUS_UNAUTHORIZED ||
response->status == GIT_HTTP_STATUS_PROXY_AUTHENTICATION_REQUIRED) { response->status == GIT_HTTP_STATUS_PROXY_AUTHENTICATION_REQUIRED) {
git_error_set(GIT_ERROR_HTTP, "unexpected authentication failure"); git_error_set(GIT_ERROR_HTTP, "unexpected authentication failure");
return -1; return GIT_EAUTH;
} }
if (response->status != GIT_HTTP_STATUS_OK) { if (response->status != GIT_HTTP_STATUS_OK) {
...@@ -416,7 +416,7 @@ static int http_stream_read( ...@@ -416,7 +416,7 @@ static int http_stream_read(
if (stream->state == HTTP_STATE_SENDING_REQUEST) { if (stream->state == HTTP_STATE_SENDING_REQUEST) {
git_error_set(GIT_ERROR_HTTP, "too many redirects or authentication replays"); git_error_set(GIT_ERROR_HTTP, "too many redirects or authentication replays");
error = -1; error = GIT_ERROR; /* not GIT_EAUTH, because the exact cause is unclear */
goto done; goto done;
} }
...@@ -554,7 +554,7 @@ static int http_stream_write( ...@@ -554,7 +554,7 @@ static int http_stream_write(
if (stream->state == HTTP_STATE_NONE) { if (stream->state == HTTP_STATE_NONE) {
git_error_set(GIT_ERROR_HTTP, git_error_set(GIT_ERROR_HTTP,
"too many redirects or authentication replays"); "too many redirects or authentication replays");
error = -1; error = GIT_ERROR; /* not GIT_EAUTH because the exact cause is unclear */
goto done; goto done;
} }
......
...@@ -597,6 +597,7 @@ static int apply_credentials( ...@@ -597,6 +597,7 @@ static int apply_credentials(
free_auth_context(server); free_auth_context(server);
} else if (!token.size) { } else if (!token.size) {
git_error_set(GIT_ERROR_HTTP, "failed to respond to authentication challenge"); git_error_set(GIT_ERROR_HTTP, "failed to respond to authentication challenge");
error = GIT_EAUTH;
error = -1; error = -1;
goto done; goto done;
} }
......
...@@ -461,13 +461,13 @@ static int request_creds(git_credential **out, ssh_subtransport *t, const char * ...@@ -461,13 +461,13 @@ static int request_creds(git_credential **out, ssh_subtransport *t, const char *
if (no_callback) { if (no_callback) {
git_error_set(GIT_ERROR_SSH, "authentication required but no callback set"); git_error_set(GIT_ERROR_SSH, "authentication required but no callback set");
return -1; return GIT_EAUTH;
} }
if (!(cred->credtype & auth_methods)) { if (!(cred->credtype & auth_methods)) {
cred->free(cred); cred->free(cred);
git_error_set(GIT_ERROR_SSH, "callback returned unsupported credentials type"); git_error_set(GIT_ERROR_SSH, "authentication callback returned unsupported credentials type");
return -1; return GIT_EAUTH;
} }
*out = cred; *out = cred;
...@@ -840,7 +840,7 @@ static int list_auth_methods(int *out, LIBSSH2_SESSION *session, const char *use ...@@ -840,7 +840,7 @@ static int list_auth_methods(int *out, LIBSSH2_SESSION *session, const char *use
/* either error, or the remote accepts NONE auth, which is bizarre, let's punt */ /* either error, or the remote accepts NONE auth, which is bizarre, let's punt */
if (list == NULL && !libssh2_userauth_authenticated(session)) { if (list == NULL && !libssh2_userauth_authenticated(session)) {
ssh_error(session, "Failed to retrieve list of SSH authentication methods"); ssh_error(session, "Failed to retrieve list of SSH authentication methods");
return -1; return GIT_EAUTH;
} }
ptr = list; ptr = list;
......
...@@ -154,7 +154,7 @@ static int apply_userpass_credentials(HINTERNET request, DWORD target, int mecha ...@@ -154,7 +154,7 @@ static int apply_userpass_credentials(HINTERNET request, DWORD target, int mecha
native_scheme = WINHTTP_AUTH_SCHEME_BASIC; native_scheme = WINHTTP_AUTH_SCHEME_BASIC;
} else { } else {
git_error_set(GIT_ERROR_HTTP, "invalid authentication scheme"); git_error_set(GIT_ERROR_HTTP, "invalid authentication scheme");
error = -1; error = GIT_EAUTH;
goto done; goto done;
} }
...@@ -193,7 +193,7 @@ static int apply_default_credentials(HINTERNET request, DWORD target, int mechan ...@@ -193,7 +193,7 @@ static int apply_default_credentials(HINTERNET request, DWORD target, int mechan
native_scheme = WINHTTP_AUTH_SCHEME_NTLM; native_scheme = WINHTTP_AUTH_SCHEME_NTLM;
} else { } else {
git_error_set(GIT_ERROR_HTTP, "invalid authentication scheme"); git_error_set(GIT_ERROR_HTTP, "invalid authentication scheme");
return -1; return GIT_EAUTH;
} }
/* /*
...@@ -616,7 +616,7 @@ static int parse_unauthorized_response( ...@@ -616,7 +616,7 @@ static int parse_unauthorized_response(
*/ */
if (!WinHttpQueryAuthSchemes(request, &supported, &first, &target)) { if (!WinHttpQueryAuthSchemes(request, &supported, &first, &target)) {
git_error_set(GIT_ERROR_OS, "failed to parse supported auth schemes"); git_error_set(GIT_ERROR_OS, "failed to parse supported auth schemes");
return -1; return GIT_EAUTH;
} }
if (WINHTTP_AUTH_SCHEME_NTLM & supported) { if (WINHTTP_AUTH_SCHEME_NTLM & supported) {
...@@ -1040,7 +1040,7 @@ replay: ...@@ -1040,7 +1040,7 @@ replay:
/* Enforce a reasonable cap on the number of replays */ /* Enforce a reasonable cap on the number of replays */
if (replay_count++ >= GIT_HTTP_REPLAY_MAX) { if (replay_count++ >= GIT_HTTP_REPLAY_MAX) {
git_error_set(GIT_ERROR_HTTP, "too many redirects or authentication replays"); git_error_set(GIT_ERROR_HTTP, "too many redirects or authentication replays");
return -1; return GIT_ERROR; /* not GIT_EAUTH because the exact cause is not clear */
} }
/* Connect if necessary */ /* Connect if necessary */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment