Skip to content

Commit fa2dfcf

Browse files
cbargrencbargren
committed
Fix digest credentials for proxy in windows
1 parent dad3c31 commit fa2dfcf

File tree

1 file changed

+18
-7
lines changed

1 file changed

+18
-7
lines changed

src/transports/winhttp.c

Lines changed: 18 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,7 @@ typedef enum {
7070
GIT_WINHTTP_AUTH_BASIC = 1,
7171
GIT_WINHTTP_AUTH_NTLM = 2,
7272
GIT_WINHTTP_AUTH_NEGOTIATE = 4,
73+
GIT_WINHTTP_AUTH_DIGEST = 8,
7374
} winhttp_authmechanism_t;
7475

7576
typedef struct {
@@ -131,8 +132,13 @@ static int _apply_userpass_credential(HINTERNET request, DWORD target, DWORD sch
131132
return error;
132133
}
133134

134-
static int apply_userpass_credential_proxy(HINTERNET request, git_cred *cred)
135+
static int apply_userpass_credential_proxy(HINTERNET request, git_cred *cred, int mechanisms)
135136
{
137+
if (GIT_WINHTTP_AUTH_DIGEST & mechanisms) {
138+
return _apply_userpass_credential(request, WINHTTP_AUTH_TARGET_PROXY,
139+
WINHTTP_AUTH_SCHEME_DIGEST, cred);
140+
}
141+
136142
return _apply_userpass_credential(request, WINHTTP_AUTH_TARGET_PROXY,
137143
WINHTTP_AUTH_SCHEME_BASIC, cred);
138144
}
@@ -451,7 +457,7 @@ static int winhttp_stream_connect(winhttp_stream *s)
451457

452458
if (t->proxy_cred) {
453459
if (t->proxy_cred->credtype == GIT_CREDTYPE_USERPASS_PLAINTEXT) {
454-
if ((error = apply_userpass_credential_proxy(s->request, t->proxy_cred)) < 0)
460+
if ((error = apply_userpass_credential_proxy(s->request, t->proxy_cred, t->auth_mechanisms)) < 0)
455461
goto on_error;
456462
}
457463
}
@@ -588,11 +594,11 @@ static int parse_unauthorized_response(
588594
*allowed_types = 0;
589595
*allowed_mechanisms = 0;
590596

591-
/* WinHttpQueryHeaders() must be called before WinHttpQueryAuthSchemes().
592-
* We can assume this was already done, since we know we are unauthorized.
597+
/* WinHttpQueryHeaders() must be called before WinHttpQueryAuthSchemes().
598+
* We can assume this was already done, since we know we are unauthorized.
593599
*/
594600
if (!WinHttpQueryAuthSchemes(request, &supported, &first, &target)) {
595-
giterr_set(GITERR_OS, "failed to parse supported auth schemes");
601+
giterr_set(GITERR_OS, "failed to parse supported auth schemes");
596602
return -1;
597603
}
598604

@@ -612,6 +618,11 @@ static int parse_unauthorized_response(
612618
*allowed_mechanisms |= GIT_WINHTTP_AUTH_BASIC;
613619
}
614620

621+
if (WINHTTP_AUTH_SCHEME_DIGEST & supported) {
622+
*allowed_types |= GIT_CREDTYPE_USERPASS_PLAINTEXT;
623+
*allowed_mechanisms |= GIT_WINHTTP_AUTH_DIGEST;
624+
}
625+
615626
return 0;
616627
}
617628

@@ -783,7 +794,7 @@ static int winhttp_connect(
783794
goto on_error;
784795
}
785796

786-
797+
787798
/* Establish connection */
788799
t->connection = WinHttpConnect(
789800
t->session,
@@ -863,7 +874,7 @@ static int send_request(winhttp_stream *s, size_t len, int ignore_length)
863874
return 0;
864875

865876
ignore_flags = no_check_cert_flags;
866-
877+
867878
if (!WinHttpSetOption(s->request, WINHTTP_OPTION_SECURITY_FLAGS, &ignore_flags, sizeof(ignore_flags))) {
868879
giterr_set(GITERR_OS, "failed to set security options");
869880
return -1;

0 commit comments

Comments
 (0)