Re: GIT, libcurl and GSS-Negotiate

[Ivo Bellin Salarin]

Well, I'm on Windows.
using `git version 1.9.2.msysgit.0`.

You can find all the exchanges, recorded with wireshark, of the
following usecases:
* git vanilla (not working),
* VisualStudio2013 with libgit (working)
* curl (--ntlm, working)
* curl (--negotiate, not working)

They're available on
[github](https://github.com/nilleb/my-documents/tree/master/msysgit%23git%2C%20issue-171).



On Sat, Apr 26, 2014 at 7:47 PM, brian m. carlson
sand...@crustytoothpaste.net wrote:
 On Thu, Apr 24, 2014 at 07:17:36PM +0200, Ivo Bellin Salarin wrote:
 To shortly resume it, the problem is that:
 * when the authentication method (WWW-Authenticate) is Negotiate AND
 * when the server proposes a NTLMSSP_CHALLENGE in response of the
 client's NTLMSSP_NEGOTIATE,
 = libcurl yields an Authentication problem. Ignoring this.\n
 And the communication is closed.

 At this point, in a normal communication, the client should send a
 NTLMSSP_AUTH containing a Kerberos ticket.

 Having seen the libcurl source code, I think we're passing through the
 lines  from 776 to 780 of
 [http.c](https://github.com/bagder/curl/blob/2e57c7e0fcfb9214b2a9dfa8b3da258ded013b8a/lib/http.c).
 Some guy, on the github issue page, has suggested that this could be
 related to an update of libcurl, when git was at its 1.8.2 version.

 I'm not debugging libcurl, and I can't reproduce this problem @home.
 So, has somebody already experienced the same problem? Is there a
 solution?

 I'm personally using Git with GSS-Negotiate (and MIT Kerberos 5) and it
 does seem to work correctly for me.  For large pushes, your server (and
 any intermediate proxies) will need to support 100 Continue properly, as
 there's simply no other way to make it work.

 What version of curl are you using (and what distro if you didn't
 compile it yourself)?  Also, can you post output of an attempt to push
 with GIT_CURL_VERBOSE=1?

 --
 brian m. carlson / brian with sandals: Houston, Texas, US
 +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
 OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187



-- 
http://www.nilleb.com
--
To unsubscribe from this list: send the line unsubscribe git in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

GIT, libcurl and GSS-Negotiate

[Ivo Bellin Salarin]

Hello,

I'm having problems while trying to authenticate against a TFS hosted
repository.

I experience the same problem in git for windows and in git for linux
(both versions are 1.9.2).

The problem is described on a [github msysgit/git
issue](https://github.com/msysgit/git/issues/171)

To shortly resume it, the problem is that:
* when the authentication method (WWW-Authenticate) is Negotiate AND
* when the server proposes a NTLMSSP_CHALLENGE in response of the
client's NTLMSSP_NEGOTIATE,
= libcurl yields an Authentication problem. Ignoring this.\n
And the communication is closed.

At this point, in a normal communication, the client should send a
NTLMSSP_AUTH containing a Kerberos ticket.

Having seen the libcurl source code, I think we're passing through the
lines  from 776 to 780 of
[http.c](https://github.com/bagder/curl/blob/2e57c7e0fcfb9214b2a9dfa8b3da258ded013b8a/lib/http.c).
Some guy, on the github issue page, has suggested that this could be
related to an update of libcurl, when git was at its 1.8.2 version.

I'm not debugging libcurl, and I can't reproduce this problem @home.
So, has somebody already experienced the same problem? Is there a
solution?

Many thanks in advance,
Ivo
-- 
http://www.nilleb.com
--
To unsubscribe from this list: send the line unsubscribe git in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html