3

curl seems to work fine, but git does not. git asks for a password, but then doesn't send any credentials.

Works: curl --netrc http://test.git.unsw.edu.au/ and curl -u username:password http://test.git.unsw.edu.au/

Doesn't work: git remote update

Password for 'http://username@test.git.unsw.edu.au': 
* Couldn't find host test.git.unsw.edu.au in the .netrc file; using defaults
User-Agent: git/1.7.9.5
Host: test.git.unsw.edu.au
Accept: */*
Pragma: no-cache

Why isn't git sending credentials?

From an strace, I see:

  1. Read .netrc
  2. GET /repo/info/refs?service=git-receive-pack HTTP/1.1 - no credentials
  3. HTTP/1.0 401 Unauthorized
  4. Read .netrc
  5. GET /repo/info/refs?service=git-receive-pack HTTP/1.0 - no credentials
  6. HTTP/1.0 401 Unauthorized
  7. Prompt for password
  8. Read .netrc
  9. * Couldn't find host test.git.unsw.edu.au in the .netrc file; using defaults
  10. GET /repo/info/refs?service=git-receive-pack HTTP/1.1 - no credentials
  11. HTTP/1.0 401 Unauthorized
Jayen
  • 1,827
  • 3
  • 16
  • 27
  • I see this too. `curl -n …` works: sends `Authorization: Basic …` on the first try (does not even need a 401 first). But `git push … master` does not send authorization, and when given a 401 and the user enters a password, still does not send authorization. (Git 1.8.1.2 on Linux, connecting to a port on localhost for testing) – Jesse Glick Jul 30 '13 at 05:47
  • does your server support `Negotiate` instead of just `Basic`? – Jayen Jul 30 '13 at 06:59
  • I am trying to _write_ the server. First I wanted to use `nc -l -p 8000` or similar to see how Git would send credentials (with the remote being defined as `http://localhost:8080/` or `http://bob:secret@localhost:8080/` etc.), but it sent nothing, and I have not managed to convince it to send anything. – Jesse Glick Aug 16 '13 at 15:56
  • I would recommend you use `socat` or `stunnel` to decrypt an https connection to `github`, then use `wireshark` to monitor what `git` is doing. – Jayen Aug 16 '13 at 23:19
  • 1
    with the 401 response, what are you sending in the `WWW-Authenticate` header? – Jayen Aug 16 '13 at 23:22

2 Answers2

1

Git seems to only use CURLAUTH_ANY which does not work with my particular web server. My web server supports Negotiate and Basic, so Git does not fallback to Basic when Negotiate is not available on the client.

Further, there seems to be no option to Git to use anything other than CURLAUTH_ANY.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
Jayen
  • 1,827
  • 3
  • 16
  • 27
0

Looking at the manpage, it seems git doesn't take the username option when used with http. But if you put it in your .netrc file, curl should use it. The format for .netrc is

machine hostname login yourusername password yourpassword
Jenny D
  • 27,358
  • 21
  • 74
  • 110
  • As I said, `curl --netrc http://test.git.unsw.edu.au/` works. This is because I have my `.netrc` setup and I have tested with curl that the `.netrc` works correctly. I agree git doesn't take the username option when used with http, but as you may note, I have not used the username option and the username is set in the url. – Jayen Jul 21 '12 at 01:36
  • Sorry, I read too quickly and missed that. – Jenny D Jul 21 '12 at 07:17
  • I'm very confused that it claims not to find the machine in .netrc... is it being run as a different user? Can you truss it and see which file it actually looks for? – Jenny D Jul 21 '12 at 11:01
  • strace shows it successfully reading `.netrc` 3 times. I've even tried adding a `default` entry. It reads `.netrc`, contacts the server and gets a `401`, reads `.netrc`, gets another `401`, prompts for a password, reads `.netrc`, complains about `.netrc`, and gets another `401`. – Jayen Jul 21 '12 at 23:52