summaryrefslogtreecommitdiff
path: root/http.c
diff options
context:
space:
mode:
authorJunio C Hamano <gitster@pobox.com>2016-12-27 08:11:41 (GMT)
committerJunio C Hamano <gitster@pobox.com>2016-12-27 08:11:41 (GMT)
commit9d540e97267fa94d9701d3e1aa5cdf2926858472 (patch)
tree692790eca6a1f1ed5dd56a0f336bf910e76d15e5 /http.c
parent05f6e1be8cdae1ebedf3cf7b7a072a3b35f945b5 (diff)
parentabcbdc03895ff3f00280e54af11fee92d6877044 (diff)
downloadgit-9d540e97267fa94d9701d3e1aa5cdf2926858472.zip
git-9d540e97267fa94d9701d3e1aa5cdf2926858472.tar.gz
git-9d540e97267fa94d9701d3e1aa5cdf2926858472.tar.bz2
Merge branch 'bw/transport-protocol-policy'
Finer-grained control of what protocols are allowed for transports during clone/fetch/push have been enabled via a new configuration mechanism. * bw/transport-protocol-policy: http: respect protocol.*.allow=user for http-alternates transport: add from_user parameter to is_transport_allowed http: create function to get curl allowed protocols transport: add protocol policy config option http: always warn if libcurl version is too old lib-proto-disable: variable name fix
Diffstat (limited to 'http.c')
-rw-r--r--http.c35
1 files changed, 21 insertions, 14 deletions
diff --git a/http.c b/http.c
index 051fe6e..90a1c0f 100644
--- a/http.c
+++ b/http.c
@@ -636,11 +636,25 @@ void setup_curl_trace(CURL *handle)
curl_easy_setopt(handle, CURLOPT_DEBUGDATA, NULL);
}
+static long get_curl_allowed_protocols(int from_user)
+{
+ long allowed_protocols = 0;
+
+ if (is_transport_allowed("http", from_user))
+ allowed_protocols |= CURLPROTO_HTTP;
+ if (is_transport_allowed("https", from_user))
+ allowed_protocols |= CURLPROTO_HTTPS;
+ if (is_transport_allowed("ftp", from_user))
+ allowed_protocols |= CURLPROTO_FTP;
+ if (is_transport_allowed("ftps", from_user))
+ allowed_protocols |= CURLPROTO_FTPS;
+
+ return allowed_protocols;
+}
static CURL *get_curl_handle(void)
{
CURL *result = curl_easy_init();
- long allowed_protocols = 0;
if (!result)
die("curl_easy_init failed");
@@ -736,20 +750,13 @@ static CURL *get_curl_handle(void)
curl_easy_setopt(result, CURLOPT_POST301, 1);
#endif
#if LIBCURL_VERSION_NUM >= 0x071304
- if (is_transport_allowed("http"))
- allowed_protocols |= CURLPROTO_HTTP;
- if (is_transport_allowed("https"))
- allowed_protocols |= CURLPROTO_HTTPS;
- if (is_transport_allowed("ftp"))
- allowed_protocols |= CURLPROTO_FTP;
- if (is_transport_allowed("ftps"))
- allowed_protocols |= CURLPROTO_FTPS;
- curl_easy_setopt(result, CURLOPT_REDIR_PROTOCOLS, allowed_protocols);
- curl_easy_setopt(result, CURLOPT_PROTOCOLS, allowed_protocols);
+ curl_easy_setopt(result, CURLOPT_REDIR_PROTOCOLS,
+ get_curl_allowed_protocols(0));
+ curl_easy_setopt(result, CURLOPT_PROTOCOLS,
+ get_curl_allowed_protocols(-1));
#else
- if (transport_restrict_protocols())
- warning("protocol restrictions not applied to curl redirects because\n"
- "your curl version is too old (>= 7.19.4)");
+ warning("protocol restrictions not applied to curl redirects because\n"
+ "your curl version is too old (>= 7.19.4)");
#endif
if (getenv("GIT_CURL_VERBOSE"))
curl_easy_setopt(result, CURLOPT_VERBOSE, 1L);