Merge branch 'da/mergetool-xxdiff-hotkey'
[git] / http.c
1 #include "git-compat-util.h"
2 #include "http.h"
3 #include "pack.h"
4 #include "sideband.h"
5 #include "run-command.h"
6 #include "url.h"
7 #include "urlmatch.h"
8 #include "credential.h"
9 #include "version.h"
10 #include "pkt-line.h"
11 #include "gettext.h"
12 #include "transport.h"
13
14 static struct trace_key trace_curl = TRACE_KEY_INIT(CURL);
15 #if LIBCURL_VERSION_NUM >= 0x070a08
16 long int git_curl_ipresolve = CURL_IPRESOLVE_WHATEVER;
17 #else
18 long int git_curl_ipresolve;
19 #endif
20 int active_requests;
21 int http_is_verbose;
22 size_t http_post_buffer = 16 * LARGE_PACKET_MAX;
23
24 #if LIBCURL_VERSION_NUM >= 0x070a06
25 #define LIBCURL_CAN_HANDLE_AUTH_ANY
26 #endif
27
28 static int min_curl_sessions = 1;
29 static int curl_session_count;
30 #ifdef USE_CURL_MULTI
31 static int max_requests = -1;
32 static CURLM *curlm;
33 #endif
34 #ifndef NO_CURL_EASY_DUPHANDLE
35 static CURL *curl_default;
36 #endif
37
38 #define PREV_BUF_SIZE 4096
39
40 char curl_errorstr[CURL_ERROR_SIZE];
41
42 static int curl_ssl_verify = -1;
43 static int curl_ssl_try;
44 static const char *ssl_cert;
45 static const char *ssl_cipherlist;
46 static const char *ssl_version;
47 static struct {
48         const char *name;
49         long ssl_version;
50 } sslversions[] = {
51         { "sslv2", CURL_SSLVERSION_SSLv2 },
52         { "sslv3", CURL_SSLVERSION_SSLv3 },
53         { "tlsv1", CURL_SSLVERSION_TLSv1 },
54 #if LIBCURL_VERSION_NUM >= 0x072200
55         { "tlsv1.0", CURL_SSLVERSION_TLSv1_0 },
56         { "tlsv1.1", CURL_SSLVERSION_TLSv1_1 },
57         { "tlsv1.2", CURL_SSLVERSION_TLSv1_2 },
58 #endif
59 };
60 #if LIBCURL_VERSION_NUM >= 0x070903
61 static const char *ssl_key;
62 #endif
63 #if LIBCURL_VERSION_NUM >= 0x070908
64 static const char *ssl_capath;
65 #endif
66 #if LIBCURL_VERSION_NUM >= 0x072c00
67 static const char *ssl_pinnedkey;
68 #endif
69 static const char *ssl_cainfo;
70 static long curl_low_speed_limit = -1;
71 static long curl_low_speed_time = -1;
72 static int curl_ftp_no_epsv;
73 static const char *curl_http_proxy;
74 static const char *curl_no_proxy;
75 static const char *http_proxy_authmethod;
76 static struct {
77         const char *name;
78         long curlauth_param;
79 } proxy_authmethods[] = {
80         { "basic", CURLAUTH_BASIC },
81         { "digest", CURLAUTH_DIGEST },
82         { "negotiate", CURLAUTH_GSSNEGOTIATE },
83         { "ntlm", CURLAUTH_NTLM },
84 #ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
85         { "anyauth", CURLAUTH_ANY },
86 #endif
87         /*
88          * CURLAUTH_DIGEST_IE has no corresponding command-line option in
89          * curl(1) and is not included in CURLAUTH_ANY, so we leave it out
90          * here, too
91          */
92 };
93 #if LIBCURL_VERSION_NUM >= 0x071600
94 static const char *curl_deleg;
95 static struct {
96         const char *name;
97         long curl_deleg_param;
98 } curl_deleg_levels[] = {
99         { "none", CURLGSSAPI_DELEGATION_NONE },
100         { "policy", CURLGSSAPI_DELEGATION_POLICY_FLAG },
101         { "always", CURLGSSAPI_DELEGATION_FLAG },
102 };
103 #endif
104
105 static struct credential proxy_auth = CREDENTIAL_INIT;
106 static const char *curl_proxyuserpwd;
107 static const char *curl_cookie_file;
108 static int curl_save_cookies;
109 struct credential http_auth = CREDENTIAL_INIT;
110 static int http_proactive_auth;
111 static const char *user_agent;
112 static int curl_empty_auth;
113
114 enum http_follow_config http_follow_config = HTTP_FOLLOW_INITIAL;
115
116 #if LIBCURL_VERSION_NUM >= 0x071700
117 /* Use CURLOPT_KEYPASSWD as is */
118 #elif LIBCURL_VERSION_NUM >= 0x070903
119 #define CURLOPT_KEYPASSWD CURLOPT_SSLKEYPASSWD
120 #else
121 #define CURLOPT_KEYPASSWD CURLOPT_SSLCERTPASSWD
122 #endif
123
124 static struct credential cert_auth = CREDENTIAL_INIT;
125 static int ssl_cert_password_required;
126 #ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
127 static unsigned long http_auth_methods = CURLAUTH_ANY;
128 #endif
129
130 static struct curl_slist *pragma_header;
131 static struct curl_slist *no_pragma_header;
132 static struct curl_slist *extra_http_headers;
133
134 static struct active_request_slot *active_queue_head;
135
136 static char *cached_accept_language;
137
138 size_t fread_buffer(char *ptr, size_t eltsize, size_t nmemb, void *buffer_)
139 {
140         size_t size = eltsize * nmemb;
141         struct buffer *buffer = buffer_;
142
143         if (size > buffer->buf.len - buffer->posn)
144                 size = buffer->buf.len - buffer->posn;
145         memcpy(ptr, buffer->buf.buf + buffer->posn, size);
146         buffer->posn += size;
147
148         return size;
149 }
150
151 #ifndef NO_CURL_IOCTL
152 curlioerr ioctl_buffer(CURL *handle, int cmd, void *clientp)
153 {
154         struct buffer *buffer = clientp;
155
156         switch (cmd) {
157         case CURLIOCMD_NOP:
158                 return CURLIOE_OK;
159
160         case CURLIOCMD_RESTARTREAD:
161                 buffer->posn = 0;
162                 return CURLIOE_OK;
163
164         default:
165                 return CURLIOE_UNKNOWNCMD;
166         }
167 }
168 #endif
169
170 size_t fwrite_buffer(char *ptr, size_t eltsize, size_t nmemb, void *buffer_)
171 {
172         size_t size = eltsize * nmemb;
173         struct strbuf *buffer = buffer_;
174
175         strbuf_add(buffer, ptr, size);
176         return size;
177 }
178
179 size_t fwrite_null(char *ptr, size_t eltsize, size_t nmemb, void *strbuf)
180 {
181         return eltsize * nmemb;
182 }
183
184 static void closedown_active_slot(struct active_request_slot *slot)
185 {
186         active_requests--;
187         slot->in_use = 0;
188 }
189
190 static void finish_active_slot(struct active_request_slot *slot)
191 {
192         closedown_active_slot(slot);
193         curl_easy_getinfo(slot->curl, CURLINFO_HTTP_CODE, &slot->http_code);
194
195         if (slot->finished != NULL)
196                 (*slot->finished) = 1;
197
198         /* Store slot results so they can be read after the slot is reused */
199         if (slot->results != NULL) {
200                 slot->results->curl_result = slot->curl_result;
201                 slot->results->http_code = slot->http_code;
202 #if LIBCURL_VERSION_NUM >= 0x070a08
203                 curl_easy_getinfo(slot->curl, CURLINFO_HTTPAUTH_AVAIL,
204                                   &slot->results->auth_avail);
205 #else
206                 slot->results->auth_avail = 0;
207 #endif
208
209                 curl_easy_getinfo(slot->curl, CURLINFO_HTTP_CONNECTCODE,
210                         &slot->results->http_connectcode);
211         }
212
213         /* Run callback if appropriate */
214         if (slot->callback_func != NULL)
215                 slot->callback_func(slot->callback_data);
216 }
217
218 static void xmulti_remove_handle(struct active_request_slot *slot)
219 {
220 #ifdef USE_CURL_MULTI
221         curl_multi_remove_handle(curlm, slot->curl);
222 #endif
223 }
224
225 #ifdef USE_CURL_MULTI
226 static void process_curl_messages(void)
227 {
228         int num_messages;
229         struct active_request_slot *slot;
230         CURLMsg *curl_message = curl_multi_info_read(curlm, &num_messages);
231
232         while (curl_message != NULL) {
233                 if (curl_message->msg == CURLMSG_DONE) {
234                         int curl_result = curl_message->data.result;
235                         slot = active_queue_head;
236                         while (slot != NULL &&
237                                slot->curl != curl_message->easy_handle)
238                                 slot = slot->next;
239                         if (slot != NULL) {
240                                 xmulti_remove_handle(slot);
241                                 slot->curl_result = curl_result;
242                                 finish_active_slot(slot);
243                         } else {
244                                 fprintf(stderr, "Received DONE message for unknown request!\n");
245                         }
246                 } else {
247                         fprintf(stderr, "Unknown CURL message received: %d\n",
248                                 (int)curl_message->msg);
249                 }
250                 curl_message = curl_multi_info_read(curlm, &num_messages);
251         }
252 }
253 #endif
254
255 static int http_options(const char *var, const char *value, void *cb)
256 {
257         if (!strcmp("http.sslverify", var)) {
258                 curl_ssl_verify = git_config_bool(var, value);
259                 return 0;
260         }
261         if (!strcmp("http.sslcipherlist", var))
262                 return git_config_string(&ssl_cipherlist, var, value);
263         if (!strcmp("http.sslversion", var))
264                 return git_config_string(&ssl_version, var, value);
265         if (!strcmp("http.sslcert", var))
266                 return git_config_string(&ssl_cert, var, value);
267 #if LIBCURL_VERSION_NUM >= 0x070903
268         if (!strcmp("http.sslkey", var))
269                 return git_config_string(&ssl_key, var, value);
270 #endif
271 #if LIBCURL_VERSION_NUM >= 0x070908
272         if (!strcmp("http.sslcapath", var))
273                 return git_config_pathname(&ssl_capath, var, value);
274 #endif
275         if (!strcmp("http.sslcainfo", var))
276                 return git_config_pathname(&ssl_cainfo, var, value);
277         if (!strcmp("http.sslcertpasswordprotected", var)) {
278                 ssl_cert_password_required = git_config_bool(var, value);
279                 return 0;
280         }
281         if (!strcmp("http.ssltry", var)) {
282                 curl_ssl_try = git_config_bool(var, value);
283                 return 0;
284         }
285         if (!strcmp("http.minsessions", var)) {
286                 min_curl_sessions = git_config_int(var, value);
287 #ifndef USE_CURL_MULTI
288                 if (min_curl_sessions > 1)
289                         min_curl_sessions = 1;
290 #endif
291                 return 0;
292         }
293 #ifdef USE_CURL_MULTI
294         if (!strcmp("http.maxrequests", var)) {
295                 max_requests = git_config_int(var, value);
296                 return 0;
297         }
298 #endif
299         if (!strcmp("http.lowspeedlimit", var)) {
300                 curl_low_speed_limit = (long)git_config_int(var, value);
301                 return 0;
302         }
303         if (!strcmp("http.lowspeedtime", var)) {
304                 curl_low_speed_time = (long)git_config_int(var, value);
305                 return 0;
306         }
307
308         if (!strcmp("http.noepsv", var)) {
309                 curl_ftp_no_epsv = git_config_bool(var, value);
310                 return 0;
311         }
312         if (!strcmp("http.proxy", var))
313                 return git_config_string(&curl_http_proxy, var, value);
314
315         if (!strcmp("http.proxyauthmethod", var))
316                 return git_config_string(&http_proxy_authmethod, var, value);
317
318         if (!strcmp("http.cookiefile", var))
319                 return git_config_pathname(&curl_cookie_file, var, value);
320         if (!strcmp("http.savecookies", var)) {
321                 curl_save_cookies = git_config_bool(var, value);
322                 return 0;
323         }
324
325         if (!strcmp("http.postbuffer", var)) {
326                 http_post_buffer = git_config_int(var, value);
327                 if (http_post_buffer < LARGE_PACKET_MAX)
328                         http_post_buffer = LARGE_PACKET_MAX;
329                 return 0;
330         }
331
332         if (!strcmp("http.useragent", var))
333                 return git_config_string(&user_agent, var, value);
334
335         if (!strcmp("http.emptyauth", var)) {
336                 curl_empty_auth = git_config_bool(var, value);
337                 return 0;
338         }
339
340         if (!strcmp("http.delegation", var)) {
341 #if LIBCURL_VERSION_NUM >= 0x071600
342                 return git_config_string(&curl_deleg, var, value);
343 #else
344                 warning(_("Delegation control is not supported with cURL < 7.22.0"));
345                 return 0;
346 #endif
347         }
348
349         if (!strcmp("http.pinnedpubkey", var)) {
350 #if LIBCURL_VERSION_NUM >= 0x072c00
351                 return git_config_pathname(&ssl_pinnedkey, var, value);
352 #else
353                 warning(_("Public key pinning not supported with cURL < 7.44.0"));
354                 return 0;
355 #endif
356         }
357
358         if (!strcmp("http.extraheader", var)) {
359                 if (!value) {
360                         return config_error_nonbool(var);
361                 } else if (!*value) {
362                         curl_slist_free_all(extra_http_headers);
363                         extra_http_headers = NULL;
364                 } else {
365                         extra_http_headers =
366                                 curl_slist_append(extra_http_headers, value);
367                 }
368                 return 0;
369         }
370
371         if (!strcmp("http.followredirects", var)) {
372                 if (value && !strcmp(value, "initial"))
373                         http_follow_config = HTTP_FOLLOW_INITIAL;
374                 else if (git_config_bool(var, value))
375                         http_follow_config = HTTP_FOLLOW_ALWAYS;
376                 else
377                         http_follow_config = HTTP_FOLLOW_NONE;
378                 return 0;
379         }
380
381         /* Fall back on the default ones */
382         return git_default_config(var, value, cb);
383 }
384
385 static void init_curl_http_auth(CURL *result)
386 {
387         if (!http_auth.username || !*http_auth.username) {
388                 if (curl_empty_auth)
389                         curl_easy_setopt(result, CURLOPT_USERPWD, ":");
390                 return;
391         }
392
393         credential_fill(&http_auth);
394
395 #if LIBCURL_VERSION_NUM >= 0x071301
396         curl_easy_setopt(result, CURLOPT_USERNAME, http_auth.username);
397         curl_easy_setopt(result, CURLOPT_PASSWORD, http_auth.password);
398 #else
399         {
400                 static struct strbuf up = STRBUF_INIT;
401                 /*
402                  * Note that we assume we only ever have a single set of
403                  * credentials in a given program run, so we do not have
404                  * to worry about updating this buffer, only setting its
405                  * initial value.
406                  */
407                 if (!up.len)
408                         strbuf_addf(&up, "%s:%s",
409                                 http_auth.username, http_auth.password);
410                 curl_easy_setopt(result, CURLOPT_USERPWD, up.buf);
411         }
412 #endif
413 }
414
415 /* *var must be free-able */
416 static void var_override(const char **var, char *value)
417 {
418         if (value) {
419                 free((void *)*var);
420                 *var = xstrdup(value);
421         }
422 }
423
424 static void set_proxyauth_name_password(CURL *result)
425 {
426 #if LIBCURL_VERSION_NUM >= 0x071301
427                 curl_easy_setopt(result, CURLOPT_PROXYUSERNAME,
428                         proxy_auth.username);
429                 curl_easy_setopt(result, CURLOPT_PROXYPASSWORD,
430                         proxy_auth.password);
431 #else
432                 struct strbuf s = STRBUF_INIT;
433
434                 strbuf_addstr_urlencode(&s, proxy_auth.username, 1);
435                 strbuf_addch(&s, ':');
436                 strbuf_addstr_urlencode(&s, proxy_auth.password, 1);
437                 curl_proxyuserpwd = strbuf_detach(&s, NULL);
438                 curl_easy_setopt(result, CURLOPT_PROXYUSERPWD, curl_proxyuserpwd);
439 #endif
440 }
441
442 static void init_curl_proxy_auth(CURL *result)
443 {
444         if (proxy_auth.username) {
445                 if (!proxy_auth.password)
446                         credential_fill(&proxy_auth);
447                 set_proxyauth_name_password(result);
448         }
449
450         var_override(&http_proxy_authmethod, getenv("GIT_HTTP_PROXY_AUTHMETHOD"));
451
452 #if LIBCURL_VERSION_NUM >= 0x070a07 /* CURLOPT_PROXYAUTH and CURLAUTH_ANY */
453         if (http_proxy_authmethod) {
454                 int i;
455                 for (i = 0; i < ARRAY_SIZE(proxy_authmethods); i++) {
456                         if (!strcmp(http_proxy_authmethod, proxy_authmethods[i].name)) {
457                                 curl_easy_setopt(result, CURLOPT_PROXYAUTH,
458                                                 proxy_authmethods[i].curlauth_param);
459                                 break;
460                         }
461                 }
462                 if (i == ARRAY_SIZE(proxy_authmethods)) {
463                         warning("unsupported proxy authentication method %s: using anyauth",
464                                         http_proxy_authmethod);
465                         curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
466                 }
467         }
468         else
469                 curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
470 #endif
471 }
472
473 static int has_cert_password(void)
474 {
475         if (ssl_cert == NULL || ssl_cert_password_required != 1)
476                 return 0;
477         if (!cert_auth.password) {
478                 cert_auth.protocol = xstrdup("cert");
479                 cert_auth.username = xstrdup("");
480                 cert_auth.path = xstrdup(ssl_cert);
481                 credential_fill(&cert_auth);
482         }
483         return 1;
484 }
485
486 #if LIBCURL_VERSION_NUM >= 0x071900
487 static void set_curl_keepalive(CURL *c)
488 {
489         curl_easy_setopt(c, CURLOPT_TCP_KEEPALIVE, 1);
490 }
491
492 #elif LIBCURL_VERSION_NUM >= 0x071000
493 static int sockopt_callback(void *client, curl_socket_t fd, curlsocktype type)
494 {
495         int ka = 1;
496         int rc;
497         socklen_t len = (socklen_t)sizeof(ka);
498
499         if (type != CURLSOCKTYPE_IPCXN)
500                 return 0;
501
502         rc = setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&ka, len);
503         if (rc < 0)
504                 warning_errno("unable to set SO_KEEPALIVE on socket");
505
506         return 0; /* CURL_SOCKOPT_OK only exists since curl 7.21.5 */
507 }
508
509 static void set_curl_keepalive(CURL *c)
510 {
511         curl_easy_setopt(c, CURLOPT_SOCKOPTFUNCTION, sockopt_callback);
512 }
513
514 #else
515 static void set_curl_keepalive(CURL *c)
516 {
517         /* not supported on older curl versions */
518 }
519 #endif
520
521 static void redact_sensitive_header(struct strbuf *header)
522 {
523         const char *sensitive_header;
524
525         if (skip_prefix(header->buf, "Authorization:", &sensitive_header) ||
526             skip_prefix(header->buf, "Proxy-Authorization:", &sensitive_header)) {
527                 /* The first token is the type, which is OK to log */
528                 while (isspace(*sensitive_header))
529                         sensitive_header++;
530                 while (*sensitive_header && !isspace(*sensitive_header))
531                         sensitive_header++;
532                 /* Everything else is opaque and possibly sensitive */
533                 strbuf_setlen(header,  sensitive_header - header->buf);
534                 strbuf_addstr(header, " <redacted>");
535         }
536 }
537
538 static void curl_dump_header(const char *text, unsigned char *ptr, size_t size, int hide_sensitive_header)
539 {
540         struct strbuf out = STRBUF_INIT;
541         struct strbuf **headers, **header;
542
543         strbuf_addf(&out, "%s, %10.10ld bytes (0x%8.8lx)\n",
544                 text, (long)size, (long)size);
545         trace_strbuf(&trace_curl, &out);
546         strbuf_reset(&out);
547         strbuf_add(&out, ptr, size);
548         headers = strbuf_split_max(&out, '\n', 0);
549
550         for (header = headers; *header; header++) {
551                 if (hide_sensitive_header)
552                         redact_sensitive_header(*header);
553                 strbuf_insert((*header), 0, text, strlen(text));
554                 strbuf_insert((*header), strlen(text), ": ", 2);
555                 strbuf_rtrim((*header));
556                 strbuf_addch((*header), '\n');
557                 trace_strbuf(&trace_curl, (*header));
558         }
559         strbuf_list_free(headers);
560         strbuf_release(&out);
561 }
562
563 static void curl_dump_data(const char *text, unsigned char *ptr, size_t size)
564 {
565         size_t i;
566         struct strbuf out = STRBUF_INIT;
567         unsigned int width = 60;
568
569         strbuf_addf(&out, "%s, %10.10ld bytes (0x%8.8lx)\n",
570                 text, (long)size, (long)size);
571         trace_strbuf(&trace_curl, &out);
572
573         for (i = 0; i < size; i += width) {
574                 size_t w;
575
576                 strbuf_reset(&out);
577                 strbuf_addf(&out, "%s: ", text);
578                 for (w = 0; (w < width) && (i + w < size); w++) {
579                         unsigned char ch = ptr[i + w];
580
581                         strbuf_addch(&out,
582                                        (ch >= 0x20) && (ch < 0x80)
583                                        ? ch : '.');
584                 }
585                 strbuf_addch(&out, '\n');
586                 trace_strbuf(&trace_curl, &out);
587         }
588         strbuf_release(&out);
589 }
590
591 static int curl_trace(CURL *handle, curl_infotype type, char *data, size_t size, void *userp)
592 {
593         const char *text;
594         enum { NO_FILTER = 0, DO_FILTER = 1 };
595
596         switch (type) {
597         case CURLINFO_TEXT:
598                 trace_printf_key(&trace_curl, "== Info: %s", data);
599         default:                /* we ignore unknown types by default */
600                 return 0;
601
602         case CURLINFO_HEADER_OUT:
603                 text = "=> Send header";
604                 curl_dump_header(text, (unsigned char *)data, size, DO_FILTER);
605                 break;
606         case CURLINFO_DATA_OUT:
607                 text = "=> Send data";
608                 curl_dump_data(text, (unsigned char *)data, size);
609                 break;
610         case CURLINFO_SSL_DATA_OUT:
611                 text = "=> Send SSL data";
612                 curl_dump_data(text, (unsigned char *)data, size);
613                 break;
614         case CURLINFO_HEADER_IN:
615                 text = "<= Recv header";
616                 curl_dump_header(text, (unsigned char *)data, size, NO_FILTER);
617                 break;
618         case CURLINFO_DATA_IN:
619                 text = "<= Recv data";
620                 curl_dump_data(text, (unsigned char *)data, size);
621                 break;
622         case CURLINFO_SSL_DATA_IN:
623                 text = "<= Recv SSL data";
624                 curl_dump_data(text, (unsigned char *)data, size);
625                 break;
626         }
627         return 0;
628 }
629
630 void setup_curl_trace(CURL *handle)
631 {
632         if (!trace_want(&trace_curl))
633                 return;
634         curl_easy_setopt(handle, CURLOPT_VERBOSE, 1L);
635         curl_easy_setopt(handle, CURLOPT_DEBUGFUNCTION, curl_trace);
636         curl_easy_setopt(handle, CURLOPT_DEBUGDATA, NULL);
637 }
638
639
640 static CURL *get_curl_handle(void)
641 {
642         CURL *result = curl_easy_init();
643         long allowed_protocols = 0;
644
645         if (!result)
646                 die("curl_easy_init failed");
647
648         if (!curl_ssl_verify) {
649                 curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
650                 curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0);
651         } else {
652                 /* Verify authenticity of the peer's certificate */
653                 curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1);
654                 /* The name in the cert must match whom we tried to connect */
655                 curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2);
656         }
657
658 #if LIBCURL_VERSION_NUM >= 0x070907
659         curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
660 #endif
661 #ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
662         curl_easy_setopt(result, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
663 #endif
664
665 #if LIBCURL_VERSION_NUM >= 0x071600
666         if (curl_deleg) {
667                 int i;
668                 for (i = 0; i < ARRAY_SIZE(curl_deleg_levels); i++) {
669                         if (!strcmp(curl_deleg, curl_deleg_levels[i].name)) {
670                                 curl_easy_setopt(result, CURLOPT_GSSAPI_DELEGATION,
671                                                 curl_deleg_levels[i].curl_deleg_param);
672                                 break;
673                         }
674                 }
675                 if (i == ARRAY_SIZE(curl_deleg_levels))
676                         warning("Unknown delegation method '%s': using default",
677                                 curl_deleg);
678         }
679 #endif
680
681         if (http_proactive_auth)
682                 init_curl_http_auth(result);
683
684         if (getenv("GIT_SSL_VERSION"))
685                 ssl_version = getenv("GIT_SSL_VERSION");
686         if (ssl_version && *ssl_version) {
687                 int i;
688                 for (i = 0; i < ARRAY_SIZE(sslversions); i++) {
689                         if (!strcmp(ssl_version, sslversions[i].name)) {
690                                 curl_easy_setopt(result, CURLOPT_SSLVERSION,
691                                                  sslversions[i].ssl_version);
692                                 break;
693                         }
694                 }
695                 if (i == ARRAY_SIZE(sslversions))
696                         warning("unsupported ssl version %s: using default",
697                                 ssl_version);
698         }
699
700         if (getenv("GIT_SSL_CIPHER_LIST"))
701                 ssl_cipherlist = getenv("GIT_SSL_CIPHER_LIST");
702         if (ssl_cipherlist != NULL && *ssl_cipherlist)
703                 curl_easy_setopt(result, CURLOPT_SSL_CIPHER_LIST,
704                                 ssl_cipherlist);
705
706         if (ssl_cert != NULL)
707                 curl_easy_setopt(result, CURLOPT_SSLCERT, ssl_cert);
708         if (has_cert_password())
709                 curl_easy_setopt(result, CURLOPT_KEYPASSWD, cert_auth.password);
710 #if LIBCURL_VERSION_NUM >= 0x070903
711         if (ssl_key != NULL)
712                 curl_easy_setopt(result, CURLOPT_SSLKEY, ssl_key);
713 #endif
714 #if LIBCURL_VERSION_NUM >= 0x070908
715         if (ssl_capath != NULL)
716                 curl_easy_setopt(result, CURLOPT_CAPATH, ssl_capath);
717 #endif
718 #if LIBCURL_VERSION_NUM >= 0x072c00
719         if (ssl_pinnedkey != NULL)
720                 curl_easy_setopt(result, CURLOPT_PINNEDPUBLICKEY, ssl_pinnedkey);
721 #endif
722         if (ssl_cainfo != NULL)
723                 curl_easy_setopt(result, CURLOPT_CAINFO, ssl_cainfo);
724
725         if (curl_low_speed_limit > 0 && curl_low_speed_time > 0) {
726                 curl_easy_setopt(result, CURLOPT_LOW_SPEED_LIMIT,
727                                  curl_low_speed_limit);
728                 curl_easy_setopt(result, CURLOPT_LOW_SPEED_TIME,
729                                  curl_low_speed_time);
730         }
731
732         curl_easy_setopt(result, CURLOPT_MAXREDIRS, 20);
733 #if LIBCURL_VERSION_NUM >= 0x071301
734         curl_easy_setopt(result, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL);
735 #elif LIBCURL_VERSION_NUM >= 0x071101
736         curl_easy_setopt(result, CURLOPT_POST301, 1);
737 #endif
738 #if LIBCURL_VERSION_NUM >= 0x071304
739         if (is_transport_allowed("http"))
740                 allowed_protocols |= CURLPROTO_HTTP;
741         if (is_transport_allowed("https"))
742                 allowed_protocols |= CURLPROTO_HTTPS;
743         if (is_transport_allowed("ftp"))
744                 allowed_protocols |= CURLPROTO_FTP;
745         if (is_transport_allowed("ftps"))
746                 allowed_protocols |= CURLPROTO_FTPS;
747         curl_easy_setopt(result, CURLOPT_REDIR_PROTOCOLS, allowed_protocols);
748         curl_easy_setopt(result, CURLOPT_PROTOCOLS, allowed_protocols);
749 #else
750         if (transport_restrict_protocols())
751                 warning("protocol restrictions not applied to curl redirects because\n"
752                         "your curl version is too old (>= 7.19.4)");
753 #endif
754         if (getenv("GIT_CURL_VERBOSE"))
755                 curl_easy_setopt(result, CURLOPT_VERBOSE, 1L);
756         setup_curl_trace(result);
757
758         curl_easy_setopt(result, CURLOPT_USERAGENT,
759                 user_agent ? user_agent : git_user_agent());
760
761         if (curl_ftp_no_epsv)
762                 curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0);
763
764 #ifdef CURLOPT_USE_SSL
765         if (curl_ssl_try)
766                 curl_easy_setopt(result, CURLOPT_USE_SSL, CURLUSESSL_TRY);
767 #endif
768
769         /*
770          * CURL also examines these variables as a fallback; but we need to query
771          * them here in order to decide whether to prompt for missing password (cf.
772          * init_curl_proxy_auth()).
773          *
774          * Unlike many other common environment variables, these are historically
775          * lowercase only. It appears that CURL did not know this and implemented
776          * only uppercase variants, which was later corrected to take both - with
777          * the exception of http_proxy, which is lowercase only also in CURL. As
778          * the lowercase versions are the historical quasi-standard, they take
779          * precedence here, as in CURL.
780          */
781         if (!curl_http_proxy) {
782                 if (http_auth.protocol && !strcmp(http_auth.protocol, "https")) {
783                         var_override(&curl_http_proxy, getenv("HTTPS_PROXY"));
784                         var_override(&curl_http_proxy, getenv("https_proxy"));
785                 } else {
786                         var_override(&curl_http_proxy, getenv("http_proxy"));
787                 }
788                 if (!curl_http_proxy) {
789                         var_override(&curl_http_proxy, getenv("ALL_PROXY"));
790                         var_override(&curl_http_proxy, getenv("all_proxy"));
791                 }
792         }
793
794         if (curl_http_proxy) {
795                 curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy);
796 #if LIBCURL_VERSION_NUM >= 0x071800
797                 if (starts_with(curl_http_proxy, "socks5h"))
798                         curl_easy_setopt(result,
799                                 CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5_HOSTNAME);
800                 else if (starts_with(curl_http_proxy, "socks5"))
801                         curl_easy_setopt(result,
802                                 CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
803                 else if (starts_with(curl_http_proxy, "socks4a"))
804                         curl_easy_setopt(result,
805                                 CURLOPT_PROXYTYPE, CURLPROXY_SOCKS4A);
806                 else if (starts_with(curl_http_proxy, "socks"))
807                         curl_easy_setopt(result,
808                                 CURLOPT_PROXYTYPE, CURLPROXY_SOCKS4);
809 #endif
810                 if (strstr(curl_http_proxy, "://"))
811                         credential_from_url(&proxy_auth, curl_http_proxy);
812                 else {
813                         struct strbuf url = STRBUF_INIT;
814                         strbuf_addf(&url, "http://%s", curl_http_proxy);
815                         credential_from_url(&proxy_auth, url.buf);
816                         strbuf_release(&url);
817                 }
818
819                 curl_easy_setopt(result, CURLOPT_PROXY, proxy_auth.host);
820 #if LIBCURL_VERSION_NUM >= 0x071304
821                 var_override(&curl_no_proxy, getenv("NO_PROXY"));
822                 var_override(&curl_no_proxy, getenv("no_proxy"));
823                 curl_easy_setopt(result, CURLOPT_NOPROXY, curl_no_proxy);
824 #endif
825         }
826         init_curl_proxy_auth(result);
827
828         set_curl_keepalive(result);
829
830         return result;
831 }
832
833 static void set_from_env(const char **var, const char *envname)
834 {
835         const char *val = getenv(envname);
836         if (val)
837                 *var = val;
838 }
839
840 void http_init(struct remote *remote, const char *url, int proactive_auth)
841 {
842         char *low_speed_limit;
843         char *low_speed_time;
844         char *normalized_url;
845         struct urlmatch_config config = { STRING_LIST_INIT_DUP };
846
847         config.section = "http";
848         config.key = NULL;
849         config.collect_fn = http_options;
850         config.cascade_fn = git_default_config;
851         config.cb = NULL;
852
853         http_is_verbose = 0;
854         normalized_url = url_normalize(url, &config.url);
855
856         git_config(urlmatch_config_entry, &config);
857         free(normalized_url);
858
859         if (curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK)
860                 die("curl_global_init failed");
861
862         http_proactive_auth = proactive_auth;
863
864         if (remote && remote->http_proxy)
865                 curl_http_proxy = xstrdup(remote->http_proxy);
866
867         if (remote)
868                 var_override(&http_proxy_authmethod, remote->http_proxy_authmethod);
869
870         pragma_header = curl_slist_append(http_copy_default_headers(),
871                 "Pragma: no-cache");
872         no_pragma_header = curl_slist_append(http_copy_default_headers(),
873                 "Pragma:");
874
875 #ifdef USE_CURL_MULTI
876         {
877                 char *http_max_requests = getenv("GIT_HTTP_MAX_REQUESTS");
878                 if (http_max_requests != NULL)
879                         max_requests = atoi(http_max_requests);
880         }
881
882         curlm = curl_multi_init();
883         if (!curlm)
884                 die("curl_multi_init failed");
885 #endif
886
887         if (getenv("GIT_SSL_NO_VERIFY"))
888                 curl_ssl_verify = 0;
889
890         set_from_env(&ssl_cert, "GIT_SSL_CERT");
891 #if LIBCURL_VERSION_NUM >= 0x070903
892         set_from_env(&ssl_key, "GIT_SSL_KEY");
893 #endif
894 #if LIBCURL_VERSION_NUM >= 0x070908
895         set_from_env(&ssl_capath, "GIT_SSL_CAPATH");
896 #endif
897         set_from_env(&ssl_cainfo, "GIT_SSL_CAINFO");
898
899         set_from_env(&user_agent, "GIT_HTTP_USER_AGENT");
900
901         low_speed_limit = getenv("GIT_HTTP_LOW_SPEED_LIMIT");
902         if (low_speed_limit != NULL)
903                 curl_low_speed_limit = strtol(low_speed_limit, NULL, 10);
904         low_speed_time = getenv("GIT_HTTP_LOW_SPEED_TIME");
905         if (low_speed_time != NULL)
906                 curl_low_speed_time = strtol(low_speed_time, NULL, 10);
907
908         if (curl_ssl_verify == -1)
909                 curl_ssl_verify = 1;
910
911         curl_session_count = 0;
912 #ifdef USE_CURL_MULTI
913         if (max_requests < 1)
914                 max_requests = DEFAULT_MAX_REQUESTS;
915 #endif
916
917         if (getenv("GIT_CURL_FTP_NO_EPSV"))
918                 curl_ftp_no_epsv = 1;
919
920         if (url) {
921                 credential_from_url(&http_auth, url);
922                 if (!ssl_cert_password_required &&
923                     getenv("GIT_SSL_CERT_PASSWORD_PROTECTED") &&
924                     starts_with(url, "https://"))
925                         ssl_cert_password_required = 1;
926         }
927
928 #ifndef NO_CURL_EASY_DUPHANDLE
929         curl_default = get_curl_handle();
930 #endif
931 }
932
933 void http_cleanup(void)
934 {
935         struct active_request_slot *slot = active_queue_head;
936
937         while (slot != NULL) {
938                 struct active_request_slot *next = slot->next;
939                 if (slot->curl != NULL) {
940                         xmulti_remove_handle(slot);
941                         curl_easy_cleanup(slot->curl);
942                 }
943                 free(slot);
944                 slot = next;
945         }
946         active_queue_head = NULL;
947
948 #ifndef NO_CURL_EASY_DUPHANDLE
949         curl_easy_cleanup(curl_default);
950 #endif
951
952 #ifdef USE_CURL_MULTI
953         curl_multi_cleanup(curlm);
954 #endif
955         curl_global_cleanup();
956
957         curl_slist_free_all(extra_http_headers);
958         extra_http_headers = NULL;
959
960         curl_slist_free_all(pragma_header);
961         pragma_header = NULL;
962
963         curl_slist_free_all(no_pragma_header);
964         no_pragma_header = NULL;
965
966         if (curl_http_proxy) {
967                 free((void *)curl_http_proxy);
968                 curl_http_proxy = NULL;
969         }
970
971         if (proxy_auth.password) {
972                 memset(proxy_auth.password, 0, strlen(proxy_auth.password));
973                 free(proxy_auth.password);
974                 proxy_auth.password = NULL;
975         }
976
977         free((void *)curl_proxyuserpwd);
978         curl_proxyuserpwd = NULL;
979
980         free((void *)http_proxy_authmethod);
981         http_proxy_authmethod = NULL;
982
983         if (cert_auth.password != NULL) {
984                 memset(cert_auth.password, 0, strlen(cert_auth.password));
985                 free(cert_auth.password);
986                 cert_auth.password = NULL;
987         }
988         ssl_cert_password_required = 0;
989
990         free(cached_accept_language);
991         cached_accept_language = NULL;
992 }
993
994 struct active_request_slot *get_active_slot(void)
995 {
996         struct active_request_slot *slot = active_queue_head;
997         struct active_request_slot *newslot;
998
999 #ifdef USE_CURL_MULTI
1000         int num_transfers;
1001
1002         /* Wait for a slot to open up if the queue is full */
1003         while (active_requests >= max_requests) {
1004                 curl_multi_perform(curlm, &num_transfers);
1005                 if (num_transfers < active_requests)
1006                         process_curl_messages();
1007         }
1008 #endif
1009
1010         while (slot != NULL && slot->in_use)
1011                 slot = slot->next;
1012
1013         if (slot == NULL) {
1014                 newslot = xmalloc(sizeof(*newslot));
1015                 newslot->curl = NULL;
1016                 newslot->in_use = 0;
1017                 newslot->next = NULL;
1018
1019                 slot = active_queue_head;
1020                 if (slot == NULL) {
1021                         active_queue_head = newslot;
1022                 } else {
1023                         while (slot->next != NULL)
1024                                 slot = slot->next;
1025                         slot->next = newslot;
1026                 }
1027                 slot = newslot;
1028         }
1029
1030         if (slot->curl == NULL) {
1031 #ifdef NO_CURL_EASY_DUPHANDLE
1032                 slot->curl = get_curl_handle();
1033 #else
1034                 slot->curl = curl_easy_duphandle(curl_default);
1035 #endif
1036                 curl_session_count++;
1037         }
1038
1039         active_requests++;
1040         slot->in_use = 1;
1041         slot->results = NULL;
1042         slot->finished = NULL;
1043         slot->callback_data = NULL;
1044         slot->callback_func = NULL;
1045         curl_easy_setopt(slot->curl, CURLOPT_COOKIEFILE, curl_cookie_file);
1046         if (curl_save_cookies)
1047                 curl_easy_setopt(slot->curl, CURLOPT_COOKIEJAR, curl_cookie_file);
1048         curl_easy_setopt(slot->curl, CURLOPT_HTTPHEADER, pragma_header);
1049         curl_easy_setopt(slot->curl, CURLOPT_ERRORBUFFER, curl_errorstr);
1050         curl_easy_setopt(slot->curl, CURLOPT_CUSTOMREQUEST, NULL);
1051         curl_easy_setopt(slot->curl, CURLOPT_READFUNCTION, NULL);
1052         curl_easy_setopt(slot->curl, CURLOPT_WRITEFUNCTION, NULL);
1053         curl_easy_setopt(slot->curl, CURLOPT_POSTFIELDS, NULL);
1054         curl_easy_setopt(slot->curl, CURLOPT_UPLOAD, 0);
1055         curl_easy_setopt(slot->curl, CURLOPT_HTTPGET, 1);
1056         curl_easy_setopt(slot->curl, CURLOPT_FAILONERROR, 1);
1057         curl_easy_setopt(slot->curl, CURLOPT_RANGE, NULL);
1058
1059         /*
1060          * Default following to off unless "ALWAYS" is configured; this gives
1061          * callers a sane starting point, and they can tweak for individual
1062          * HTTP_FOLLOW_* cases themselves.
1063          */
1064         if (http_follow_config == HTTP_FOLLOW_ALWAYS)
1065                 curl_easy_setopt(slot->curl, CURLOPT_FOLLOWLOCATION, 1);
1066         else
1067                 curl_easy_setopt(slot->curl, CURLOPT_FOLLOWLOCATION, 0);
1068
1069 #if LIBCURL_VERSION_NUM >= 0x070a08
1070         curl_easy_setopt(slot->curl, CURLOPT_IPRESOLVE, git_curl_ipresolve);
1071 #endif
1072 #ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
1073         curl_easy_setopt(slot->curl, CURLOPT_HTTPAUTH, http_auth_methods);
1074 #endif
1075         if (http_auth.password || curl_empty_auth)
1076                 init_curl_http_auth(slot->curl);
1077
1078         return slot;
1079 }
1080
1081 int start_active_slot(struct active_request_slot *slot)
1082 {
1083 #ifdef USE_CURL_MULTI
1084         CURLMcode curlm_result = curl_multi_add_handle(curlm, slot->curl);
1085         int num_transfers;
1086
1087         if (curlm_result != CURLM_OK &&
1088             curlm_result != CURLM_CALL_MULTI_PERFORM) {
1089                 warning("curl_multi_add_handle failed: %s",
1090                         curl_multi_strerror(curlm_result));
1091                 active_requests--;
1092                 slot->in_use = 0;
1093                 return 0;
1094         }
1095
1096         /*
1097          * We know there must be something to do, since we just added
1098          * something.
1099          */
1100         curl_multi_perform(curlm, &num_transfers);
1101 #endif
1102         return 1;
1103 }
1104
1105 #ifdef USE_CURL_MULTI
1106 struct fill_chain {
1107         void *data;
1108         int (*fill)(void *);
1109         struct fill_chain *next;
1110 };
1111
1112 static struct fill_chain *fill_cfg;
1113
1114 void add_fill_function(void *data, int (*fill)(void *))
1115 {
1116         struct fill_chain *new = xmalloc(sizeof(*new));
1117         struct fill_chain **linkp = &fill_cfg;
1118         new->data = data;
1119         new->fill = fill;
1120         new->next = NULL;
1121         while (*linkp)
1122                 linkp = &(*linkp)->next;
1123         *linkp = new;
1124 }
1125
1126 void fill_active_slots(void)
1127 {
1128         struct active_request_slot *slot = active_queue_head;
1129
1130         while (active_requests < max_requests) {
1131                 struct fill_chain *fill;
1132                 for (fill = fill_cfg; fill; fill = fill->next)
1133                         if (fill->fill(fill->data))
1134                                 break;
1135
1136                 if (!fill)
1137                         break;
1138         }
1139
1140         while (slot != NULL) {
1141                 if (!slot->in_use && slot->curl != NULL
1142                         && curl_session_count > min_curl_sessions) {
1143                         curl_easy_cleanup(slot->curl);
1144                         slot->curl = NULL;
1145                         curl_session_count--;
1146                 }
1147                 slot = slot->next;
1148         }
1149 }
1150
1151 void step_active_slots(void)
1152 {
1153         int num_transfers;
1154         CURLMcode curlm_result;
1155
1156         do {
1157                 curlm_result = curl_multi_perform(curlm, &num_transfers);
1158         } while (curlm_result == CURLM_CALL_MULTI_PERFORM);
1159         if (num_transfers < active_requests) {
1160                 process_curl_messages();
1161                 fill_active_slots();
1162         }
1163 }
1164 #endif
1165
1166 void run_active_slot(struct active_request_slot *slot)
1167 {
1168 #ifdef USE_CURL_MULTI
1169         fd_set readfds;
1170         fd_set writefds;
1171         fd_set excfds;
1172         int max_fd;
1173         struct timeval select_timeout;
1174         int finished = 0;
1175
1176         slot->finished = &finished;
1177         while (!finished) {
1178                 step_active_slots();
1179
1180                 if (slot->in_use) {
1181 #if LIBCURL_VERSION_NUM >= 0x070f04
1182                         long curl_timeout;
1183                         curl_multi_timeout(curlm, &curl_timeout);
1184                         if (curl_timeout == 0) {
1185                                 continue;
1186                         } else if (curl_timeout == -1) {
1187                                 select_timeout.tv_sec  = 0;
1188                                 select_timeout.tv_usec = 50000;
1189                         } else {
1190                                 select_timeout.tv_sec  =  curl_timeout / 1000;
1191                                 select_timeout.tv_usec = (curl_timeout % 1000) * 1000;
1192                         }
1193 #else
1194                         select_timeout.tv_sec  = 0;
1195                         select_timeout.tv_usec = 50000;
1196 #endif
1197
1198                         max_fd = -1;
1199                         FD_ZERO(&readfds);
1200                         FD_ZERO(&writefds);
1201                         FD_ZERO(&excfds);
1202                         curl_multi_fdset(curlm, &readfds, &writefds, &excfds, &max_fd);
1203
1204                         /*
1205                          * It can happen that curl_multi_timeout returns a pathologically
1206                          * long timeout when curl_multi_fdset returns no file descriptors
1207                          * to read.  See commit message for more details.
1208                          */
1209                         if (max_fd < 0 &&
1210                             (select_timeout.tv_sec > 0 ||
1211                              select_timeout.tv_usec > 50000)) {
1212                                 select_timeout.tv_sec  = 0;
1213                                 select_timeout.tv_usec = 50000;
1214                         }
1215
1216                         select(max_fd+1, &readfds, &writefds, &excfds, &select_timeout);
1217                 }
1218         }
1219 #else
1220         while (slot->in_use) {
1221                 slot->curl_result = curl_easy_perform(slot->curl);
1222                 finish_active_slot(slot);
1223         }
1224 #endif
1225 }
1226
1227 static void release_active_slot(struct active_request_slot *slot)
1228 {
1229         closedown_active_slot(slot);
1230         if (slot->curl) {
1231                 xmulti_remove_handle(slot);
1232                 if (curl_session_count > min_curl_sessions) {
1233                         curl_easy_cleanup(slot->curl);
1234                         slot->curl = NULL;
1235                         curl_session_count--;
1236                 }
1237         }
1238 #ifdef USE_CURL_MULTI
1239         fill_active_slots();
1240 #endif
1241 }
1242
1243 void finish_all_active_slots(void)
1244 {
1245         struct active_request_slot *slot = active_queue_head;
1246
1247         while (slot != NULL)
1248                 if (slot->in_use) {
1249                         run_active_slot(slot);
1250                         slot = active_queue_head;
1251                 } else {
1252                         slot = slot->next;
1253                 }
1254 }
1255
1256 /* Helpers for modifying and creating URLs */
1257 static inline int needs_quote(int ch)
1258 {
1259         if (((ch >= 'A') && (ch <= 'Z'))
1260                         || ((ch >= 'a') && (ch <= 'z'))
1261                         || ((ch >= '0') && (ch <= '9'))
1262                         || (ch == '/')
1263                         || (ch == '-')
1264                         || (ch == '.'))
1265                 return 0;
1266         return 1;
1267 }
1268
1269 static char *quote_ref_url(const char *base, const char *ref)
1270 {
1271         struct strbuf buf = STRBUF_INIT;
1272         const char *cp;
1273         int ch;
1274
1275         end_url_with_slash(&buf, base);
1276
1277         for (cp = ref; (ch = *cp) != 0; cp++)
1278                 if (needs_quote(ch))
1279                         strbuf_addf(&buf, "%%%02x", ch);
1280                 else
1281                         strbuf_addch(&buf, *cp);
1282
1283         return strbuf_detach(&buf, NULL);
1284 }
1285
1286 void append_remote_object_url(struct strbuf *buf, const char *url,
1287                               const char *hex,
1288                               int only_two_digit_prefix)
1289 {
1290         end_url_with_slash(buf, url);
1291
1292         strbuf_addf(buf, "objects/%.*s/", 2, hex);
1293         if (!only_two_digit_prefix)
1294                 strbuf_addstr(buf, hex + 2);
1295 }
1296
1297 char *get_remote_object_url(const char *url, const char *hex,
1298                             int only_two_digit_prefix)
1299 {
1300         struct strbuf buf = STRBUF_INIT;
1301         append_remote_object_url(&buf, url, hex, only_two_digit_prefix);
1302         return strbuf_detach(&buf, NULL);
1303 }
1304
1305 static int handle_curl_result(struct slot_results *results)
1306 {
1307         /*
1308          * If we see a failing http code with CURLE_OK, we have turned off
1309          * FAILONERROR (to keep the server's custom error response), and should
1310          * translate the code into failure here.
1311          *
1312          * Likewise, if we see a redirect (30x code), that means we turned off
1313          * redirect-following, and we should treat the result as an error.
1314          */
1315         if (results->curl_result == CURLE_OK &&
1316             results->http_code >= 300) {
1317                 results->curl_result = CURLE_HTTP_RETURNED_ERROR;
1318                 /*
1319                  * Normally curl will already have put the "reason phrase"
1320                  * from the server into curl_errorstr; unfortunately without
1321                  * FAILONERROR it is lost, so we can give only the numeric
1322                  * status code.
1323                  */
1324                 snprintf(curl_errorstr, sizeof(curl_errorstr),
1325                          "The requested URL returned error: %ld",
1326                          results->http_code);
1327         }
1328
1329         if (results->curl_result == CURLE_OK) {
1330                 credential_approve(&http_auth);
1331                 if (proxy_auth.password)
1332                         credential_approve(&proxy_auth);
1333                 return HTTP_OK;
1334         } else if (missing_target(results))
1335                 return HTTP_MISSING_TARGET;
1336         else if (results->http_code == 401) {
1337                 if (http_auth.username && http_auth.password) {
1338                         credential_reject(&http_auth);
1339                         return HTTP_NOAUTH;
1340                 } else {
1341 #ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
1342                         http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE;
1343 #endif
1344                         return HTTP_REAUTH;
1345                 }
1346         } else {
1347                 if (results->http_connectcode == 407)
1348                         credential_reject(&proxy_auth);
1349 #if LIBCURL_VERSION_NUM >= 0x070c00
1350                 if (!curl_errorstr[0])
1351                         strlcpy(curl_errorstr,
1352                                 curl_easy_strerror(results->curl_result),
1353                                 sizeof(curl_errorstr));
1354 #endif
1355                 return HTTP_ERROR;
1356         }
1357 }
1358
1359 int run_one_slot(struct active_request_slot *slot,
1360                  struct slot_results *results)
1361 {
1362         slot->results = results;
1363         if (!start_active_slot(slot)) {
1364                 snprintf(curl_errorstr, sizeof(curl_errorstr),
1365                          "failed to start HTTP request");
1366                 return HTTP_START_FAILED;
1367         }
1368
1369         run_active_slot(slot);
1370         return handle_curl_result(results);
1371 }
1372
1373 struct curl_slist *http_copy_default_headers(void)
1374 {
1375         struct curl_slist *headers = NULL, *h;
1376
1377         for (h = extra_http_headers; h; h = h->next)
1378                 headers = curl_slist_append(headers, h->data);
1379
1380         return headers;
1381 }
1382
1383 static CURLcode curlinfo_strbuf(CURL *curl, CURLINFO info, struct strbuf *buf)
1384 {
1385         char *ptr;
1386         CURLcode ret;
1387
1388         strbuf_reset(buf);
1389         ret = curl_easy_getinfo(curl, info, &ptr);
1390         if (!ret && ptr)
1391                 strbuf_addstr(buf, ptr);
1392         return ret;
1393 }
1394
1395 /*
1396  * Check for and extract a content-type parameter. "raw"
1397  * should be positioned at the start of the potential
1398  * parameter, with any whitespace already removed.
1399  *
1400  * "name" is the name of the parameter. The value is appended
1401  * to "out".
1402  */
1403 static int extract_param(const char *raw, const char *name,
1404                          struct strbuf *out)
1405 {
1406         size_t len = strlen(name);
1407
1408         if (strncasecmp(raw, name, len))
1409                 return -1;
1410         raw += len;
1411
1412         if (*raw != '=')
1413                 return -1;
1414         raw++;
1415
1416         while (*raw && !isspace(*raw) && *raw != ';')
1417                 strbuf_addch(out, *raw++);
1418         return 0;
1419 }
1420
1421 /*
1422  * Extract a normalized version of the content type, with any
1423  * spaces suppressed, all letters lowercased, and no trailing ";"
1424  * or parameters.
1425  *
1426  * Note that we will silently remove even invalid whitespace. For
1427  * example, "text / plain" is specifically forbidden by RFC 2616,
1428  * but "text/plain" is the only reasonable output, and this keeps
1429  * our code simple.
1430  *
1431  * If the "charset" argument is not NULL, store the value of any
1432  * charset parameter there.
1433  *
1434  * Example:
1435  *   "TEXT/PLAIN; charset=utf-8" -> "text/plain", "utf-8"
1436  *   "text / plain" -> "text/plain"
1437  */
1438 static void extract_content_type(struct strbuf *raw, struct strbuf *type,
1439                                  struct strbuf *charset)
1440 {
1441         const char *p;
1442
1443         strbuf_reset(type);
1444         strbuf_grow(type, raw->len);
1445         for (p = raw->buf; *p; p++) {
1446                 if (isspace(*p))
1447                         continue;
1448                 if (*p == ';') {
1449                         p++;
1450                         break;
1451                 }
1452                 strbuf_addch(type, tolower(*p));
1453         }
1454
1455         if (!charset)
1456                 return;
1457
1458         strbuf_reset(charset);
1459         while (*p) {
1460                 while (isspace(*p) || *p == ';')
1461                         p++;
1462                 if (!extract_param(p, "charset", charset))
1463                         return;
1464                 while (*p && !isspace(*p))
1465                         p++;
1466         }
1467
1468         if (!charset->len && starts_with(type->buf, "text/"))
1469                 strbuf_addstr(charset, "ISO-8859-1");
1470 }
1471
1472 static void write_accept_language(struct strbuf *buf)
1473 {
1474         /*
1475          * MAX_DECIMAL_PLACES must not be larger than 3. If it is larger than
1476          * that, q-value will be smaller than 0.001, the minimum q-value the
1477          * HTTP specification allows. See
1478          * http://tools.ietf.org/html/rfc7231#section-5.3.1 for q-value.
1479          */
1480         const int MAX_DECIMAL_PLACES = 3;
1481         const int MAX_LANGUAGE_TAGS = 1000;
1482         const int MAX_ACCEPT_LANGUAGE_HEADER_SIZE = 4000;
1483         char **language_tags = NULL;
1484         int num_langs = 0;
1485         const char *s = get_preferred_languages();
1486         int i;
1487         struct strbuf tag = STRBUF_INIT;
1488
1489         /* Don't add Accept-Language header if no language is preferred. */
1490         if (!s)
1491                 return;
1492
1493         /*
1494          * Split the colon-separated string of preferred languages into
1495          * language_tags array.
1496          */
1497         do {
1498                 /* collect language tag */
1499                 for (; *s && (isalnum(*s) || *s == '_'); s++)
1500                         strbuf_addch(&tag, *s == '_' ? '-' : *s);
1501
1502                 /* skip .codeset, @modifier and any other unnecessary parts */
1503                 while (*s && *s != ':')
1504                         s++;
1505
1506                 if (tag.len) {
1507                         num_langs++;
1508                         REALLOC_ARRAY(language_tags, num_langs);
1509                         language_tags[num_langs - 1] = strbuf_detach(&tag, NULL);
1510                         if (num_langs >= MAX_LANGUAGE_TAGS - 1) /* -1 for '*' */
1511                                 break;
1512                 }
1513         } while (*s++);
1514
1515         /* write Accept-Language header into buf */
1516         if (num_langs) {
1517                 int last_buf_len = 0;
1518                 int max_q;
1519                 int decimal_places;
1520                 char q_format[32];
1521
1522                 /* add '*' */
1523                 REALLOC_ARRAY(language_tags, num_langs + 1);
1524                 language_tags[num_langs++] = "*"; /* it's OK; this won't be freed */
1525
1526                 /* compute decimal_places */
1527                 for (max_q = 1, decimal_places = 0;
1528                      max_q < num_langs && decimal_places <= MAX_DECIMAL_PLACES;
1529                      decimal_places++, max_q *= 10)
1530                         ;
1531
1532                 xsnprintf(q_format, sizeof(q_format), ";q=0.%%0%dd", decimal_places);
1533
1534                 strbuf_addstr(buf, "Accept-Language: ");
1535
1536                 for (i = 0; i < num_langs; i++) {
1537                         if (i > 0)
1538                                 strbuf_addstr(buf, ", ");
1539
1540                         strbuf_addstr(buf, language_tags[i]);
1541
1542                         if (i > 0)
1543                                 strbuf_addf(buf, q_format, max_q - i);
1544
1545                         if (buf->len > MAX_ACCEPT_LANGUAGE_HEADER_SIZE) {
1546                                 strbuf_remove(buf, last_buf_len, buf->len - last_buf_len);
1547                                 break;
1548                         }
1549
1550                         last_buf_len = buf->len;
1551                 }
1552         }
1553
1554         /* free language tags -- last one is a static '*' */
1555         for (i = 0; i < num_langs - 1; i++)
1556                 free(language_tags[i]);
1557         free(language_tags);
1558 }
1559
1560 /*
1561  * Get an Accept-Language header which indicates user's preferred languages.
1562  *
1563  * Examples:
1564  *   LANGUAGE= -> ""
1565  *   LANGUAGE=ko:en -> "Accept-Language: ko, en; q=0.9, *; q=0.1"
1566  *   LANGUAGE=ko_KR.UTF-8:sr@latin -> "Accept-Language: ko-KR, sr; q=0.9, *; q=0.1"
1567  *   LANGUAGE=ko LANG=en_US.UTF-8 -> "Accept-Language: ko, *; q=0.1"
1568  *   LANGUAGE= LANG=en_US.UTF-8 -> "Accept-Language: en-US, *; q=0.1"
1569  *   LANGUAGE= LANG=C -> ""
1570  */
1571 static const char *get_accept_language(void)
1572 {
1573         if (!cached_accept_language) {
1574                 struct strbuf buf = STRBUF_INIT;
1575                 write_accept_language(&buf);
1576                 if (buf.len > 0)
1577                         cached_accept_language = strbuf_detach(&buf, NULL);
1578         }
1579
1580         return cached_accept_language;
1581 }
1582
1583 static void http_opt_request_remainder(CURL *curl, off_t pos)
1584 {
1585         char buf[128];
1586         xsnprintf(buf, sizeof(buf), "%"PRIuMAX"-", (uintmax_t)pos);
1587         curl_easy_setopt(curl, CURLOPT_RANGE, buf);
1588 }
1589
1590 /* http_request() targets */
1591 #define HTTP_REQUEST_STRBUF     0
1592 #define HTTP_REQUEST_FILE       1
1593
1594 static int http_request(const char *url,
1595                         void *result, int target,
1596                         const struct http_get_options *options)
1597 {
1598         struct active_request_slot *slot;
1599         struct slot_results results;
1600         struct curl_slist *headers = http_copy_default_headers();
1601         struct strbuf buf = STRBUF_INIT;
1602         const char *accept_language;
1603         int ret;
1604
1605         slot = get_active_slot();
1606         curl_easy_setopt(slot->curl, CURLOPT_HTTPGET, 1);
1607
1608         if (result == NULL) {
1609                 curl_easy_setopt(slot->curl, CURLOPT_NOBODY, 1);
1610         } else {
1611                 curl_easy_setopt(slot->curl, CURLOPT_NOBODY, 0);
1612                 curl_easy_setopt(slot->curl, CURLOPT_FILE, result);
1613
1614                 if (target == HTTP_REQUEST_FILE) {
1615                         off_t posn = ftello(result);
1616                         curl_easy_setopt(slot->curl, CURLOPT_WRITEFUNCTION,
1617                                          fwrite);
1618                         if (posn > 0)
1619                                 http_opt_request_remainder(slot->curl, posn);
1620                 } else
1621                         curl_easy_setopt(slot->curl, CURLOPT_WRITEFUNCTION,
1622                                          fwrite_buffer);
1623         }
1624
1625         accept_language = get_accept_language();
1626
1627         if (accept_language)
1628                 headers = curl_slist_append(headers, accept_language);
1629
1630         strbuf_addstr(&buf, "Pragma:");
1631         if (options && options->no_cache)
1632                 strbuf_addstr(&buf, " no-cache");
1633         if (options && options->keep_error)
1634                 curl_easy_setopt(slot->curl, CURLOPT_FAILONERROR, 0);
1635         if (options && options->initial_request &&
1636             http_follow_config == HTTP_FOLLOW_INITIAL)
1637                 curl_easy_setopt(slot->curl, CURLOPT_FOLLOWLOCATION, 1);
1638
1639         headers = curl_slist_append(headers, buf.buf);
1640
1641         curl_easy_setopt(slot->curl, CURLOPT_URL, url);
1642         curl_easy_setopt(slot->curl, CURLOPT_HTTPHEADER, headers);
1643         curl_easy_setopt(slot->curl, CURLOPT_ENCODING, "gzip");
1644
1645         ret = run_one_slot(slot, &results);
1646
1647         if (options && options->content_type) {
1648                 struct strbuf raw = STRBUF_INIT;
1649                 curlinfo_strbuf(slot->curl, CURLINFO_CONTENT_TYPE, &raw);
1650                 extract_content_type(&raw, options->content_type,
1651                                      options->charset);
1652                 strbuf_release(&raw);
1653         }
1654
1655         if (options && options->effective_url)
1656                 curlinfo_strbuf(slot->curl, CURLINFO_EFFECTIVE_URL,
1657                                 options->effective_url);
1658
1659         curl_slist_free_all(headers);
1660         strbuf_release(&buf);
1661
1662         return ret;
1663 }
1664
1665 /*
1666  * Update the "base" url to a more appropriate value, as deduced by
1667  * redirects seen when requesting a URL starting with "url".
1668  *
1669  * The "asked" parameter is a URL that we asked curl to access, and must begin
1670  * with "base".
1671  *
1672  * The "got" parameter is the URL that curl reported to us as where we ended
1673  * up.
1674  *
1675  * Returns 1 if we updated the base url, 0 otherwise.
1676  *
1677  * Our basic strategy is to compare "base" and "asked" to find the bits
1678  * specific to our request. We then strip those bits off of "got" to yield the
1679  * new base. So for example, if our base is "http://example.com/foo.git",
1680  * and we ask for "http://example.com/foo.git/info/refs", we might end up
1681  * with "https://other.example.com/foo.git/info/refs". We would want the
1682  * new URL to become "https://other.example.com/foo.git".
1683  *
1684  * Note that this assumes a sane redirect scheme. It's entirely possible
1685  * in the example above to end up at a URL that does not even end in
1686  * "info/refs".  In such a case we die. There's not much we can do, such a
1687  * scheme is unlikely to represent a real git repository, and failing to
1688  * rewrite the base opens options for malicious redirects to do funny things.
1689  */
1690 static int update_url_from_redirect(struct strbuf *base,
1691                                     const char *asked,
1692                                     const struct strbuf *got)
1693 {
1694         const char *tail;
1695         size_t new_len;
1696
1697         if (!strcmp(asked, got->buf))
1698                 return 0;
1699
1700         if (!skip_prefix(asked, base->buf, &tail))
1701                 die("BUG: update_url_from_redirect: %s is not a superset of %s",
1702                     asked, base->buf);
1703
1704         new_len = got->len;
1705         if (!strip_suffix_mem(got->buf, &new_len, tail))
1706                 die(_("unable to update url base from redirection:\n"
1707                       "  asked for: %s\n"
1708                       "   redirect: %s"),
1709                     asked, got->buf);
1710
1711         strbuf_reset(base);
1712         strbuf_add(base, got->buf, new_len);
1713
1714         return 1;
1715 }
1716
1717 static int http_request_reauth(const char *url,
1718                                void *result, int target,
1719                                struct http_get_options *options)
1720 {
1721         int ret = http_request(url, result, target, options);
1722
1723         if (options && options->effective_url && options->base_url) {
1724                 if (update_url_from_redirect(options->base_url,
1725                                              url, options->effective_url)) {
1726                         credential_from_url(&http_auth, options->base_url->buf);
1727                         url = options->effective_url->buf;
1728                 }
1729         }
1730
1731         if (ret != HTTP_REAUTH)
1732                 return ret;
1733
1734         /*
1735          * If we are using KEEP_ERROR, the previous request may have
1736          * put cruft into our output stream; we should clear it out before
1737          * making our next request. We only know how to do this for
1738          * the strbuf case, but that is enough to satisfy current callers.
1739          */
1740         if (options && options->keep_error) {
1741                 switch (target) {
1742                 case HTTP_REQUEST_STRBUF:
1743                         strbuf_reset(result);
1744                         break;
1745                 default:
1746                         die("BUG: HTTP_KEEP_ERROR is only supported with strbufs");
1747                 }
1748         }
1749
1750         credential_fill(&http_auth);
1751
1752         return http_request(url, result, target, options);
1753 }
1754
1755 int http_get_strbuf(const char *url,
1756                     struct strbuf *result,
1757                     struct http_get_options *options)
1758 {
1759         return http_request_reauth(url, result, HTTP_REQUEST_STRBUF, options);
1760 }
1761
1762 /*
1763  * Downloads a URL and stores the result in the given file.
1764  *
1765  * If a previous interrupted download is detected (i.e. a previous temporary
1766  * file is still around) the download is resumed.
1767  */
1768 static int http_get_file(const char *url, const char *filename,
1769                          struct http_get_options *options)
1770 {
1771         int ret;
1772         struct strbuf tmpfile = STRBUF_INIT;
1773         FILE *result;
1774
1775         strbuf_addf(&tmpfile, "%s.temp", filename);
1776         result = fopen(tmpfile.buf, "a");
1777         if (!result) {
1778                 error("Unable to open local file %s", tmpfile.buf);
1779                 ret = HTTP_ERROR;
1780                 goto cleanup;
1781         }
1782
1783         ret = http_request_reauth(url, result, HTTP_REQUEST_FILE, options);
1784         fclose(result);
1785
1786         if (ret == HTTP_OK && finalize_object_file(tmpfile.buf, filename))
1787                 ret = HTTP_ERROR;
1788 cleanup:
1789         strbuf_release(&tmpfile);
1790         return ret;
1791 }
1792
1793 int http_fetch_ref(const char *base, struct ref *ref)
1794 {
1795         struct http_get_options options = {0};
1796         char *url;
1797         struct strbuf buffer = STRBUF_INIT;
1798         int ret = -1;
1799
1800         options.no_cache = 1;
1801
1802         url = quote_ref_url(base, ref->name);
1803         if (http_get_strbuf(url, &buffer, &options) == HTTP_OK) {
1804                 strbuf_rtrim(&buffer);
1805                 if (buffer.len == 40)
1806                         ret = get_oid_hex(buffer.buf, &ref->old_oid);
1807                 else if (starts_with(buffer.buf, "ref: ")) {
1808                         ref->symref = xstrdup(buffer.buf + 5);
1809                         ret = 0;
1810                 }
1811         }
1812
1813         strbuf_release(&buffer);
1814         free(url);
1815         return ret;
1816 }
1817
1818 /* Helpers for fetching packs */
1819 static char *fetch_pack_index(unsigned char *sha1, const char *base_url)
1820 {
1821         char *url, *tmp;
1822         struct strbuf buf = STRBUF_INIT;
1823
1824         if (http_is_verbose)
1825                 fprintf(stderr, "Getting index for pack %s\n", sha1_to_hex(sha1));
1826
1827         end_url_with_slash(&buf, base_url);
1828         strbuf_addf(&buf, "objects/pack/pack-%s.idx", sha1_to_hex(sha1));
1829         url = strbuf_detach(&buf, NULL);
1830
1831         strbuf_addf(&buf, "%s.temp", sha1_pack_index_name(sha1));
1832         tmp = strbuf_detach(&buf, NULL);
1833
1834         if (http_get_file(url, tmp, NULL) != HTTP_OK) {
1835                 error("Unable to get pack index %s", url);
1836                 free(tmp);
1837                 tmp = NULL;
1838         }
1839
1840         free(url);
1841         return tmp;
1842 }
1843
1844 static int fetch_and_setup_pack_index(struct packed_git **packs_head,
1845         unsigned char *sha1, const char *base_url)
1846 {
1847         struct packed_git *new_pack;
1848         char *tmp_idx = NULL;
1849         int ret;
1850
1851         if (has_pack_index(sha1)) {
1852                 new_pack = parse_pack_index(sha1, sha1_pack_index_name(sha1));
1853                 if (!new_pack)
1854                         return -1; /* parse_pack_index() already issued error message */
1855                 goto add_pack;
1856         }
1857
1858         tmp_idx = fetch_pack_index(sha1, base_url);
1859         if (!tmp_idx)
1860                 return -1;
1861
1862         new_pack = parse_pack_index(sha1, tmp_idx);
1863         if (!new_pack) {
1864                 unlink(tmp_idx);
1865                 free(tmp_idx);
1866
1867                 return -1; /* parse_pack_index() already issued error message */
1868         }
1869
1870         ret = verify_pack_index(new_pack);
1871         if (!ret) {
1872                 close_pack_index(new_pack);
1873                 ret = finalize_object_file(tmp_idx, sha1_pack_index_name(sha1));
1874         }
1875         free(tmp_idx);
1876         if (ret)
1877                 return -1;
1878
1879 add_pack:
1880         new_pack->next = *packs_head;
1881         *packs_head = new_pack;
1882         return 0;
1883 }
1884
1885 int http_get_info_packs(const char *base_url, struct packed_git **packs_head)
1886 {
1887         struct http_get_options options = {0};
1888         int ret = 0, i = 0;
1889         char *url, *data;
1890         struct strbuf buf = STRBUF_INIT;
1891         unsigned char sha1[20];
1892
1893         end_url_with_slash(&buf, base_url);
1894         strbuf_addstr(&buf, "objects/info/packs");
1895         url = strbuf_detach(&buf, NULL);
1896
1897         options.no_cache = 1;
1898         ret = http_get_strbuf(url, &buf, &options);
1899         if (ret != HTTP_OK)
1900                 goto cleanup;
1901
1902         data = buf.buf;
1903         while (i < buf.len) {
1904                 switch (data[i]) {
1905                 case 'P':
1906                         i++;
1907                         if (i + 52 <= buf.len &&
1908                             starts_with(data + i, " pack-") &&
1909                             starts_with(data + i + 46, ".pack\n")) {
1910                                 get_sha1_hex(data + i + 6, sha1);
1911                                 fetch_and_setup_pack_index(packs_head, sha1,
1912                                                       base_url);
1913                                 i += 51;
1914                                 break;
1915                         }
1916                 default:
1917                         while (i < buf.len && data[i] != '\n')
1918                                 i++;
1919                 }
1920                 i++;
1921         }
1922
1923 cleanup:
1924         free(url);
1925         return ret;
1926 }
1927
1928 void release_http_pack_request(struct http_pack_request *preq)
1929 {
1930         if (preq->packfile != NULL) {
1931                 fclose(preq->packfile);
1932                 preq->packfile = NULL;
1933         }
1934         preq->slot = NULL;
1935         free(preq->url);
1936         free(preq);
1937 }
1938
1939 int finish_http_pack_request(struct http_pack_request *preq)
1940 {
1941         struct packed_git **lst;
1942         struct packed_git *p = preq->target;
1943         char *tmp_idx;
1944         size_t len;
1945         struct child_process ip = CHILD_PROCESS_INIT;
1946         const char *ip_argv[8];
1947
1948         close_pack_index(p);
1949
1950         fclose(preq->packfile);
1951         preq->packfile = NULL;
1952
1953         lst = preq->lst;
1954         while (*lst != p)
1955                 lst = &((*lst)->next);
1956         *lst = (*lst)->next;
1957
1958         if (!strip_suffix(preq->tmpfile, ".pack.temp", &len))
1959                 die("BUG: pack tmpfile does not end in .pack.temp?");
1960         tmp_idx = xstrfmt("%.*s.idx.temp", (int)len, preq->tmpfile);
1961
1962         ip_argv[0] = "index-pack";
1963         ip_argv[1] = "-o";
1964         ip_argv[2] = tmp_idx;
1965         ip_argv[3] = preq->tmpfile;
1966         ip_argv[4] = NULL;
1967
1968         ip.argv = ip_argv;
1969         ip.git_cmd = 1;
1970         ip.no_stdin = 1;
1971         ip.no_stdout = 1;
1972
1973         if (run_command(&ip)) {
1974                 unlink(preq->tmpfile);
1975                 unlink(tmp_idx);
1976                 free(tmp_idx);
1977                 return -1;
1978         }
1979
1980         unlink(sha1_pack_index_name(p->sha1));
1981
1982         if (finalize_object_file(preq->tmpfile, sha1_pack_name(p->sha1))
1983          || finalize_object_file(tmp_idx, sha1_pack_index_name(p->sha1))) {
1984                 free(tmp_idx);
1985                 return -1;
1986         }
1987
1988         install_packed_git(p);
1989         free(tmp_idx);
1990         return 0;
1991 }
1992
1993 struct http_pack_request *new_http_pack_request(
1994         struct packed_git *target, const char *base_url)
1995 {
1996         off_t prev_posn = 0;
1997         struct strbuf buf = STRBUF_INIT;
1998         struct http_pack_request *preq;
1999
2000         preq = xcalloc(1, sizeof(*preq));
2001         preq->target = target;
2002
2003         end_url_with_slash(&buf, base_url);
2004         strbuf_addf(&buf, "objects/pack/pack-%s.pack",
2005                 sha1_to_hex(target->sha1));
2006         preq->url = strbuf_detach(&buf, NULL);
2007
2008         snprintf(preq->tmpfile, sizeof(preq->tmpfile), "%s.temp",
2009                 sha1_pack_name(target->sha1));
2010         preq->packfile = fopen(preq->tmpfile, "a");
2011         if (!preq->packfile) {
2012                 error("Unable to open local file %s for pack",
2013                       preq->tmpfile);
2014                 goto abort;
2015         }
2016
2017         preq->slot = get_active_slot();
2018         curl_easy_setopt(preq->slot->curl, CURLOPT_FILE, preq->packfile);
2019         curl_easy_setopt(preq->slot->curl, CURLOPT_WRITEFUNCTION, fwrite);
2020         curl_easy_setopt(preq->slot->curl, CURLOPT_URL, preq->url);
2021         curl_easy_setopt(preq->slot->curl, CURLOPT_HTTPHEADER,
2022                 no_pragma_header);
2023
2024         /*
2025          * If there is data present from a previous transfer attempt,
2026          * resume where it left off
2027          */
2028         prev_posn = ftello(preq->packfile);
2029         if (prev_posn>0) {
2030                 if (http_is_verbose)
2031                         fprintf(stderr,
2032                                 "Resuming fetch of pack %s at byte %"PRIuMAX"\n",
2033                                 sha1_to_hex(target->sha1), (uintmax_t)prev_posn);
2034                 http_opt_request_remainder(preq->slot->curl, prev_posn);
2035         }
2036
2037         return preq;
2038
2039 abort:
2040         free(preq->url);
2041         free(preq);
2042         return NULL;
2043 }
2044
2045 /* Helpers for fetching objects (loose) */
2046 static size_t fwrite_sha1_file(char *ptr, size_t eltsize, size_t nmemb,
2047                                void *data)
2048 {
2049         unsigned char expn[4096];
2050         size_t size = eltsize * nmemb;
2051         int posn = 0;
2052         struct http_object_request *freq = data;
2053         struct active_request_slot *slot = freq->slot;
2054
2055         if (slot) {
2056                 CURLcode c = curl_easy_getinfo(slot->curl, CURLINFO_HTTP_CODE,
2057                                                 &slot->http_code);
2058                 if (c != CURLE_OK)
2059                         die("BUG: curl_easy_getinfo for HTTP code failed: %s",
2060                                 curl_easy_strerror(c));
2061                 if (slot->http_code >= 300)
2062                         return size;
2063         }
2064
2065         do {
2066                 ssize_t retval = xwrite(freq->localfile,
2067                                         (char *) ptr + posn, size - posn);
2068                 if (retval < 0)
2069                         return posn;
2070                 posn += retval;
2071         } while (posn < size);
2072
2073         freq->stream.avail_in = size;
2074         freq->stream.next_in = (void *)ptr;
2075         do {
2076                 freq->stream.next_out = expn;
2077                 freq->stream.avail_out = sizeof(expn);
2078                 freq->zret = git_inflate(&freq->stream, Z_SYNC_FLUSH);
2079                 git_SHA1_Update(&freq->c, expn,
2080                                 sizeof(expn) - freq->stream.avail_out);
2081         } while (freq->stream.avail_in && freq->zret == Z_OK);
2082         return size;
2083 }
2084
2085 struct http_object_request *new_http_object_request(const char *base_url,
2086         unsigned char *sha1)
2087 {
2088         char *hex = sha1_to_hex(sha1);
2089         const char *filename;
2090         char prevfile[PATH_MAX];
2091         int prevlocal;
2092         char prev_buf[PREV_BUF_SIZE];
2093         ssize_t prev_read = 0;
2094         off_t prev_posn = 0;
2095         struct http_object_request *freq;
2096
2097         freq = xcalloc(1, sizeof(*freq));
2098         hashcpy(freq->sha1, sha1);
2099         freq->localfile = -1;
2100
2101         filename = sha1_file_name(sha1);
2102         snprintf(freq->tmpfile, sizeof(freq->tmpfile),
2103                  "%s.temp", filename);
2104
2105         snprintf(prevfile, sizeof(prevfile), "%s.prev", filename);
2106         unlink_or_warn(prevfile);
2107         rename(freq->tmpfile, prevfile);
2108         unlink_or_warn(freq->tmpfile);
2109
2110         if (freq->localfile != -1)
2111                 error("fd leakage in start: %d", freq->localfile);
2112         freq->localfile = open(freq->tmpfile,
2113                                O_WRONLY | O_CREAT | O_EXCL, 0666);
2114         /*
2115          * This could have failed due to the "lazy directory creation";
2116          * try to mkdir the last path component.
2117          */
2118         if (freq->localfile < 0 && errno == ENOENT) {
2119                 char *dir = strrchr(freq->tmpfile, '/');
2120                 if (dir) {
2121                         *dir = 0;
2122                         mkdir(freq->tmpfile, 0777);
2123                         *dir = '/';
2124                 }
2125                 freq->localfile = open(freq->tmpfile,
2126                                        O_WRONLY | O_CREAT | O_EXCL, 0666);
2127         }
2128
2129         if (freq->localfile < 0) {
2130                 error_errno("Couldn't create temporary file %s", freq->tmpfile);
2131                 goto abort;
2132         }
2133
2134         git_inflate_init(&freq->stream);
2135
2136         git_SHA1_Init(&freq->c);
2137
2138         freq->url = get_remote_object_url(base_url, hex, 0);
2139
2140         /*
2141          * If a previous temp file is present, process what was already
2142          * fetched.
2143          */
2144         prevlocal = open(prevfile, O_RDONLY);
2145         if (prevlocal != -1) {
2146                 do {
2147                         prev_read = xread(prevlocal, prev_buf, PREV_BUF_SIZE);
2148                         if (prev_read>0) {
2149                                 if (fwrite_sha1_file(prev_buf,
2150                                                      1,
2151                                                      prev_read,
2152                                                      freq) == prev_read) {
2153                                         prev_posn += prev_read;
2154                                 } else {
2155                                         prev_read = -1;
2156                                 }
2157                         }
2158                 } while (prev_read > 0);
2159                 close(prevlocal);
2160         }
2161         unlink_or_warn(prevfile);
2162
2163         /*
2164          * Reset inflate/SHA1 if there was an error reading the previous temp
2165          * file; also rewind to the beginning of the local file.
2166          */
2167         if (prev_read == -1) {
2168                 memset(&freq->stream, 0, sizeof(freq->stream));
2169                 git_inflate_init(&freq->stream);
2170                 git_SHA1_Init(&freq->c);
2171                 if (prev_posn>0) {
2172                         prev_posn = 0;
2173                         lseek(freq->localfile, 0, SEEK_SET);
2174                         if (ftruncate(freq->localfile, 0) < 0) {
2175                                 error_errno("Couldn't truncate temporary file %s",
2176                                             freq->tmpfile);
2177                                 goto abort;
2178                         }
2179                 }
2180         }
2181
2182         freq->slot = get_active_slot();
2183
2184         curl_easy_setopt(freq->slot->curl, CURLOPT_FILE, freq);
2185         curl_easy_setopt(freq->slot->curl, CURLOPT_FAILONERROR, 0);
2186         curl_easy_setopt(freq->slot->curl, CURLOPT_WRITEFUNCTION, fwrite_sha1_file);
2187         curl_easy_setopt(freq->slot->curl, CURLOPT_ERRORBUFFER, freq->errorstr);
2188         curl_easy_setopt(freq->slot->curl, CURLOPT_URL, freq->url);
2189         curl_easy_setopt(freq->slot->curl, CURLOPT_HTTPHEADER, no_pragma_header);
2190
2191         /*
2192          * If we have successfully processed data from a previous fetch
2193          * attempt, only fetch the data we don't already have.
2194          */
2195         if (prev_posn>0) {
2196                 if (http_is_verbose)
2197                         fprintf(stderr,
2198                                 "Resuming fetch of object %s at byte %"PRIuMAX"\n",
2199                                 hex, (uintmax_t)prev_posn);
2200                 http_opt_request_remainder(freq->slot->curl, prev_posn);
2201         }
2202
2203         return freq;
2204
2205 abort:
2206         free(freq->url);
2207         free(freq);
2208         return NULL;
2209 }
2210
2211 void process_http_object_request(struct http_object_request *freq)
2212 {
2213         if (freq->slot == NULL)
2214                 return;
2215         freq->curl_result = freq->slot->curl_result;
2216         freq->http_code = freq->slot->http_code;
2217         freq->slot = NULL;
2218 }
2219
2220 int finish_http_object_request(struct http_object_request *freq)
2221 {
2222         struct stat st;
2223
2224         close(freq->localfile);
2225         freq->localfile = -1;
2226
2227         process_http_object_request(freq);
2228
2229         if (freq->http_code == 416) {
2230                 warning("requested range invalid; we may already have all the data.");
2231         } else if (freq->curl_result != CURLE_OK) {
2232                 if (stat(freq->tmpfile, &st) == 0)
2233                         if (st.st_size == 0)
2234                                 unlink_or_warn(freq->tmpfile);
2235                 return -1;
2236         }
2237
2238         git_inflate_end(&freq->stream);
2239         git_SHA1_Final(freq->real_sha1, &freq->c);
2240         if (freq->zret != Z_STREAM_END) {
2241                 unlink_or_warn(freq->tmpfile);
2242                 return -1;
2243         }
2244         if (hashcmp(freq->sha1, freq->real_sha1)) {
2245                 unlink_or_warn(freq->tmpfile);
2246                 return -1;
2247         }
2248         freq->rename =
2249                 finalize_object_file(freq->tmpfile, sha1_file_name(freq->sha1));
2250
2251         return freq->rename;
2252 }
2253
2254 void abort_http_object_request(struct http_object_request *freq)
2255 {
2256         unlink_or_warn(freq->tmpfile);
2257
2258         release_http_object_request(freq);
2259 }
2260
2261 void release_http_object_request(struct http_object_request *freq)
2262 {
2263         if (freq->localfile != -1) {
2264                 close(freq->localfile);
2265                 freq->localfile = -1;
2266         }
2267         if (freq->url != NULL) {
2268                 free(freq->url);
2269                 freq->url = NULL;
2270         }
2271         if (freq->slot != NULL) {
2272                 freq->slot->callback_func = NULL;
2273                 freq->slot->callback_data = NULL;
2274                 release_active_slot(freq->slot);
2275                 freq->slot = NULL;
2276         }
2277 }