Merge branch 'ab/man-sec-list'
[git] / http.c
1 #include "git-compat-util.h"
2 #include "http.h"
3 #include "config.h"
4 #include "pack.h"
5 #include "sideband.h"
6 #include "run-command.h"
7 #include "url.h"
8 #include "urlmatch.h"
9 #include "credential.h"
10 #include "version.h"
11 #include "pkt-line.h"
12 #include "gettext.h"
13 #include "transport.h"
14 #include "packfile.h"
15 #include "protocol.h"
16 #include "string-list.h"
17
18 static struct trace_key trace_curl = TRACE_KEY_INIT(CURL);
19 static int trace_curl_data = 1;
20 static struct string_list cookies_to_redact = STRING_LIST_INIT_DUP;
21 #if LIBCURL_VERSION_NUM >= 0x070a08
22 long int git_curl_ipresolve = CURL_IPRESOLVE_WHATEVER;
23 #else
24 long int git_curl_ipresolve;
25 #endif
26 int active_requests;
27 int http_is_verbose;
28 ssize_t http_post_buffer = 16 * LARGE_PACKET_MAX;
29
30 #if LIBCURL_VERSION_NUM >= 0x070a06
31 #define LIBCURL_CAN_HANDLE_AUTH_ANY
32 #endif
33
34 static int min_curl_sessions = 1;
35 static int curl_session_count;
36 #ifdef USE_CURL_MULTI
37 static int max_requests = -1;
38 static CURLM *curlm;
39 #endif
40 #ifndef NO_CURL_EASY_DUPHANDLE
41 static CURL *curl_default;
42 #endif
43
44 #define PREV_BUF_SIZE 4096
45
46 char curl_errorstr[CURL_ERROR_SIZE];
47
48 static int curl_ssl_verify = -1;
49 static int curl_ssl_try;
50 static const char *ssl_cert;
51 static const char *ssl_cipherlist;
52 static const char *ssl_version;
53 static struct {
54         const char *name;
55         long ssl_version;
56 } sslversions[] = {
57         { "sslv2", CURL_SSLVERSION_SSLv2 },
58         { "sslv3", CURL_SSLVERSION_SSLv3 },
59         { "tlsv1", CURL_SSLVERSION_TLSv1 },
60 #if LIBCURL_VERSION_NUM >= 0x072200
61         { "tlsv1.0", CURL_SSLVERSION_TLSv1_0 },
62         { "tlsv1.1", CURL_SSLVERSION_TLSv1_1 },
63         { "tlsv1.2", CURL_SSLVERSION_TLSv1_2 },
64 #endif
65 };
66 #if LIBCURL_VERSION_NUM >= 0x070903
67 static const char *ssl_key;
68 #endif
69 #if LIBCURL_VERSION_NUM >= 0x070908
70 static const char *ssl_capath;
71 #endif
72 #if LIBCURL_VERSION_NUM >= 0x072c00
73 static const char *ssl_pinnedkey;
74 #endif
75 static const char *ssl_cainfo;
76 static long curl_low_speed_limit = -1;
77 static long curl_low_speed_time = -1;
78 static int curl_ftp_no_epsv;
79 static const char *curl_http_proxy;
80 static const char *curl_no_proxy;
81 static const char *http_proxy_authmethod;
82 static struct {
83         const char *name;
84         long curlauth_param;
85 } proxy_authmethods[] = {
86         { "basic", CURLAUTH_BASIC },
87         { "digest", CURLAUTH_DIGEST },
88         { "negotiate", CURLAUTH_GSSNEGOTIATE },
89         { "ntlm", CURLAUTH_NTLM },
90 #ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
91         { "anyauth", CURLAUTH_ANY },
92 #endif
93         /*
94          * CURLAUTH_DIGEST_IE has no corresponding command-line option in
95          * curl(1) and is not included in CURLAUTH_ANY, so we leave it out
96          * here, too
97          */
98 };
99 #ifdef CURLGSSAPI_DELEGATION_FLAG
100 static const char *curl_deleg;
101 static struct {
102         const char *name;
103         long curl_deleg_param;
104 } curl_deleg_levels[] = {
105         { "none", CURLGSSAPI_DELEGATION_NONE },
106         { "policy", CURLGSSAPI_DELEGATION_POLICY_FLAG },
107         { "always", CURLGSSAPI_DELEGATION_FLAG },
108 };
109 #endif
110
111 static struct credential proxy_auth = CREDENTIAL_INIT;
112 static const char *curl_proxyuserpwd;
113 static const char *curl_cookie_file;
114 static int curl_save_cookies;
115 struct credential http_auth = CREDENTIAL_INIT;
116 static int http_proactive_auth;
117 static const char *user_agent;
118 static int curl_empty_auth = -1;
119
120 enum http_follow_config http_follow_config = HTTP_FOLLOW_INITIAL;
121
122 #if LIBCURL_VERSION_NUM >= 0x071700
123 /* Use CURLOPT_KEYPASSWD as is */
124 #elif LIBCURL_VERSION_NUM >= 0x070903
125 #define CURLOPT_KEYPASSWD CURLOPT_SSLKEYPASSWD
126 #else
127 #define CURLOPT_KEYPASSWD CURLOPT_SSLCERTPASSWD
128 #endif
129
130 static struct credential cert_auth = CREDENTIAL_INIT;
131 static int ssl_cert_password_required;
132 #ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
133 static unsigned long http_auth_methods = CURLAUTH_ANY;
134 static int http_auth_methods_restricted;
135 /* Modes for which empty_auth cannot actually help us. */
136 static unsigned long empty_auth_useless =
137         CURLAUTH_BASIC
138 #ifdef CURLAUTH_DIGEST_IE
139         | CURLAUTH_DIGEST_IE
140 #endif
141         | CURLAUTH_DIGEST;
142 #endif
143
144 static struct curl_slist *pragma_header;
145 static struct curl_slist *no_pragma_header;
146 static struct curl_slist *extra_http_headers;
147
148 static struct active_request_slot *active_queue_head;
149
150 static char *cached_accept_language;
151
152 size_t fread_buffer(char *ptr, size_t eltsize, size_t nmemb, void *buffer_)
153 {
154         size_t size = eltsize * nmemb;
155         struct buffer *buffer = buffer_;
156
157         if (size > buffer->buf.len - buffer->posn)
158                 size = buffer->buf.len - buffer->posn;
159         memcpy(ptr, buffer->buf.buf + buffer->posn, size);
160         buffer->posn += size;
161
162         return size;
163 }
164
165 #ifndef NO_CURL_IOCTL
166 curlioerr ioctl_buffer(CURL *handle, int cmd, void *clientp)
167 {
168         struct buffer *buffer = clientp;
169
170         switch (cmd) {
171         case CURLIOCMD_NOP:
172                 return CURLIOE_OK;
173
174         case CURLIOCMD_RESTARTREAD:
175                 buffer->posn = 0;
176                 return CURLIOE_OK;
177
178         default:
179                 return CURLIOE_UNKNOWNCMD;
180         }
181 }
182 #endif
183
184 size_t fwrite_buffer(char *ptr, size_t eltsize, size_t nmemb, void *buffer_)
185 {
186         size_t size = eltsize * nmemb;
187         struct strbuf *buffer = buffer_;
188
189         strbuf_add(buffer, ptr, size);
190         return size;
191 }
192
193 size_t fwrite_null(char *ptr, size_t eltsize, size_t nmemb, void *strbuf)
194 {
195         return eltsize * nmemb;
196 }
197
198 static void closedown_active_slot(struct active_request_slot *slot)
199 {
200         active_requests--;
201         slot->in_use = 0;
202 }
203
204 static void finish_active_slot(struct active_request_slot *slot)
205 {
206         closedown_active_slot(slot);
207         curl_easy_getinfo(slot->curl, CURLINFO_HTTP_CODE, &slot->http_code);
208
209         if (slot->finished != NULL)
210                 (*slot->finished) = 1;
211
212         /* Store slot results so they can be read after the slot is reused */
213         if (slot->results != NULL) {
214                 slot->results->curl_result = slot->curl_result;
215                 slot->results->http_code = slot->http_code;
216 #if LIBCURL_VERSION_NUM >= 0x070a08
217                 curl_easy_getinfo(slot->curl, CURLINFO_HTTPAUTH_AVAIL,
218                                   &slot->results->auth_avail);
219 #else
220                 slot->results->auth_avail = 0;
221 #endif
222
223                 curl_easy_getinfo(slot->curl, CURLINFO_HTTP_CONNECTCODE,
224                         &slot->results->http_connectcode);
225         }
226
227         /* Run callback if appropriate */
228         if (slot->callback_func != NULL)
229                 slot->callback_func(slot->callback_data);
230 }
231
232 static void xmulti_remove_handle(struct active_request_slot *slot)
233 {
234 #ifdef USE_CURL_MULTI
235         curl_multi_remove_handle(curlm, slot->curl);
236 #endif
237 }
238
239 #ifdef USE_CURL_MULTI
240 static void process_curl_messages(void)
241 {
242         int num_messages;
243         struct active_request_slot *slot;
244         CURLMsg *curl_message = curl_multi_info_read(curlm, &num_messages);
245
246         while (curl_message != NULL) {
247                 if (curl_message->msg == CURLMSG_DONE) {
248                         int curl_result = curl_message->data.result;
249                         slot = active_queue_head;
250                         while (slot != NULL &&
251                                slot->curl != curl_message->easy_handle)
252                                 slot = slot->next;
253                         if (slot != NULL) {
254                                 xmulti_remove_handle(slot);
255                                 slot->curl_result = curl_result;
256                                 finish_active_slot(slot);
257                         } else {
258                                 fprintf(stderr, "Received DONE message for unknown request!\n");
259                         }
260                 } else {
261                         fprintf(stderr, "Unknown CURL message received: %d\n",
262                                 (int)curl_message->msg);
263                 }
264                 curl_message = curl_multi_info_read(curlm, &num_messages);
265         }
266 }
267 #endif
268
269 static int http_options(const char *var, const char *value, void *cb)
270 {
271         if (!strcmp("http.sslverify", var)) {
272                 curl_ssl_verify = git_config_bool(var, value);
273                 return 0;
274         }
275         if (!strcmp("http.sslcipherlist", var))
276                 return git_config_string(&ssl_cipherlist, var, value);
277         if (!strcmp("http.sslversion", var))
278                 return git_config_string(&ssl_version, var, value);
279         if (!strcmp("http.sslcert", var))
280                 return git_config_pathname(&ssl_cert, var, value);
281 #if LIBCURL_VERSION_NUM >= 0x070903
282         if (!strcmp("http.sslkey", var))
283                 return git_config_pathname(&ssl_key, var, value);
284 #endif
285 #if LIBCURL_VERSION_NUM >= 0x070908
286         if (!strcmp("http.sslcapath", var))
287                 return git_config_pathname(&ssl_capath, var, value);
288 #endif
289         if (!strcmp("http.sslcainfo", var))
290                 return git_config_pathname(&ssl_cainfo, var, value);
291         if (!strcmp("http.sslcertpasswordprotected", var)) {
292                 ssl_cert_password_required = git_config_bool(var, value);
293                 return 0;
294         }
295         if (!strcmp("http.ssltry", var)) {
296                 curl_ssl_try = git_config_bool(var, value);
297                 return 0;
298         }
299         if (!strcmp("http.minsessions", var)) {
300                 min_curl_sessions = git_config_int(var, value);
301 #ifndef USE_CURL_MULTI
302                 if (min_curl_sessions > 1)
303                         min_curl_sessions = 1;
304 #endif
305                 return 0;
306         }
307 #ifdef USE_CURL_MULTI
308         if (!strcmp("http.maxrequests", var)) {
309                 max_requests = git_config_int(var, value);
310                 return 0;
311         }
312 #endif
313         if (!strcmp("http.lowspeedlimit", var)) {
314                 curl_low_speed_limit = (long)git_config_int(var, value);
315                 return 0;
316         }
317         if (!strcmp("http.lowspeedtime", var)) {
318                 curl_low_speed_time = (long)git_config_int(var, value);
319                 return 0;
320         }
321
322         if (!strcmp("http.noepsv", var)) {
323                 curl_ftp_no_epsv = git_config_bool(var, value);
324                 return 0;
325         }
326         if (!strcmp("http.proxy", var))
327                 return git_config_string(&curl_http_proxy, var, value);
328
329         if (!strcmp("http.proxyauthmethod", var))
330                 return git_config_string(&http_proxy_authmethod, var, value);
331
332         if (!strcmp("http.cookiefile", var))
333                 return git_config_pathname(&curl_cookie_file, var, value);
334         if (!strcmp("http.savecookies", var)) {
335                 curl_save_cookies = git_config_bool(var, value);
336                 return 0;
337         }
338
339         if (!strcmp("http.postbuffer", var)) {
340                 http_post_buffer = git_config_ssize_t(var, value);
341                 if (http_post_buffer < 0)
342                         warning(_("negative value for http.postbuffer; defaulting to %d"), LARGE_PACKET_MAX);
343                 if (http_post_buffer < LARGE_PACKET_MAX)
344                         http_post_buffer = LARGE_PACKET_MAX;
345                 return 0;
346         }
347
348         if (!strcmp("http.useragent", var))
349                 return git_config_string(&user_agent, var, value);
350
351         if (!strcmp("http.emptyauth", var)) {
352                 if (value && !strcmp("auto", value))
353                         curl_empty_auth = -1;
354                 else
355                         curl_empty_auth = git_config_bool(var, value);
356                 return 0;
357         }
358
359         if (!strcmp("http.delegation", var)) {
360 #ifdef CURLGSSAPI_DELEGATION_FLAG
361                 return git_config_string(&curl_deleg, var, value);
362 #else
363                 warning(_("Delegation control is not supported with cURL < 7.22.0"));
364                 return 0;
365 #endif
366         }
367
368         if (!strcmp("http.pinnedpubkey", var)) {
369 #if LIBCURL_VERSION_NUM >= 0x072c00
370                 return git_config_pathname(&ssl_pinnedkey, var, value);
371 #else
372                 warning(_("Public key pinning not supported with cURL < 7.44.0"));
373                 return 0;
374 #endif
375         }
376
377         if (!strcmp("http.extraheader", var)) {
378                 if (!value) {
379                         return config_error_nonbool(var);
380                 } else if (!*value) {
381                         curl_slist_free_all(extra_http_headers);
382                         extra_http_headers = NULL;
383                 } else {
384                         extra_http_headers =
385                                 curl_slist_append(extra_http_headers, value);
386                 }
387                 return 0;
388         }
389
390         if (!strcmp("http.followredirects", var)) {
391                 if (value && !strcmp(value, "initial"))
392                         http_follow_config = HTTP_FOLLOW_INITIAL;
393                 else if (git_config_bool(var, value))
394                         http_follow_config = HTTP_FOLLOW_ALWAYS;
395                 else
396                         http_follow_config = HTTP_FOLLOW_NONE;
397                 return 0;
398         }
399
400         /* Fall back on the default ones */
401         return git_default_config(var, value, cb);
402 }
403
404 static int curl_empty_auth_enabled(void)
405 {
406         if (curl_empty_auth >= 0)
407                 return curl_empty_auth;
408
409 #ifndef LIBCURL_CAN_HANDLE_AUTH_ANY
410         /*
411          * Our libcurl is too old to do AUTH_ANY in the first place;
412          * just default to turning the feature off.
413          */
414 #else
415         /*
416          * In the automatic case, kick in the empty-auth
417          * hack as long as we would potentially try some
418          * method more exotic than "Basic" or "Digest".
419          *
420          * But only do this when this is our second or
421          * subsequent request, as by then we know what
422          * methods are available.
423          */
424         if (http_auth_methods_restricted &&
425             (http_auth_methods & ~empty_auth_useless))
426                 return 1;
427 #endif
428         return 0;
429 }
430
431 static void init_curl_http_auth(CURL *result)
432 {
433         if (!http_auth.username || !*http_auth.username) {
434                 if (curl_empty_auth_enabled())
435                         curl_easy_setopt(result, CURLOPT_USERPWD, ":");
436                 return;
437         }
438
439         credential_fill(&http_auth);
440
441 #if LIBCURL_VERSION_NUM >= 0x071301
442         curl_easy_setopt(result, CURLOPT_USERNAME, http_auth.username);
443         curl_easy_setopt(result, CURLOPT_PASSWORD, http_auth.password);
444 #else
445         {
446                 static struct strbuf up = STRBUF_INIT;
447                 /*
448                  * Note that we assume we only ever have a single set of
449                  * credentials in a given program run, so we do not have
450                  * to worry about updating this buffer, only setting its
451                  * initial value.
452                  */
453                 if (!up.len)
454                         strbuf_addf(&up, "%s:%s",
455                                 http_auth.username, http_auth.password);
456                 curl_easy_setopt(result, CURLOPT_USERPWD, up.buf);
457         }
458 #endif
459 }
460
461 /* *var must be free-able */
462 static void var_override(const char **var, char *value)
463 {
464         if (value) {
465                 free((void *)*var);
466                 *var = xstrdup(value);
467         }
468 }
469
470 static void set_proxyauth_name_password(CURL *result)
471 {
472 #if LIBCURL_VERSION_NUM >= 0x071301
473                 curl_easy_setopt(result, CURLOPT_PROXYUSERNAME,
474                         proxy_auth.username);
475                 curl_easy_setopt(result, CURLOPT_PROXYPASSWORD,
476                         proxy_auth.password);
477 #else
478                 struct strbuf s = STRBUF_INIT;
479
480                 strbuf_addstr_urlencode(&s, proxy_auth.username, 1);
481                 strbuf_addch(&s, ':');
482                 strbuf_addstr_urlencode(&s, proxy_auth.password, 1);
483                 curl_proxyuserpwd = strbuf_detach(&s, NULL);
484                 curl_easy_setopt(result, CURLOPT_PROXYUSERPWD, curl_proxyuserpwd);
485 #endif
486 }
487
488 static void init_curl_proxy_auth(CURL *result)
489 {
490         if (proxy_auth.username) {
491                 if (!proxy_auth.password)
492                         credential_fill(&proxy_auth);
493                 set_proxyauth_name_password(result);
494         }
495
496         var_override(&http_proxy_authmethod, getenv("GIT_HTTP_PROXY_AUTHMETHOD"));
497
498 #if LIBCURL_VERSION_NUM >= 0x070a07 /* CURLOPT_PROXYAUTH and CURLAUTH_ANY */
499         if (http_proxy_authmethod) {
500                 int i;
501                 for (i = 0; i < ARRAY_SIZE(proxy_authmethods); i++) {
502                         if (!strcmp(http_proxy_authmethod, proxy_authmethods[i].name)) {
503                                 curl_easy_setopt(result, CURLOPT_PROXYAUTH,
504                                                 proxy_authmethods[i].curlauth_param);
505                                 break;
506                         }
507                 }
508                 if (i == ARRAY_SIZE(proxy_authmethods)) {
509                         warning("unsupported proxy authentication method %s: using anyauth",
510                                         http_proxy_authmethod);
511                         curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
512                 }
513         }
514         else
515                 curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
516 #endif
517 }
518
519 static int has_cert_password(void)
520 {
521         if (ssl_cert == NULL || ssl_cert_password_required != 1)
522                 return 0;
523         if (!cert_auth.password) {
524                 cert_auth.protocol = xstrdup("cert");
525                 cert_auth.username = xstrdup("");
526                 cert_auth.path = xstrdup(ssl_cert);
527                 credential_fill(&cert_auth);
528         }
529         return 1;
530 }
531
532 #if LIBCURL_VERSION_NUM >= 0x071900
533 static void set_curl_keepalive(CURL *c)
534 {
535         curl_easy_setopt(c, CURLOPT_TCP_KEEPALIVE, 1);
536 }
537
538 #elif LIBCURL_VERSION_NUM >= 0x071000
539 static int sockopt_callback(void *client, curl_socket_t fd, curlsocktype type)
540 {
541         int ka = 1;
542         int rc;
543         socklen_t len = (socklen_t)sizeof(ka);
544
545         if (type != CURLSOCKTYPE_IPCXN)
546                 return 0;
547
548         rc = setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&ka, len);
549         if (rc < 0)
550                 warning_errno("unable to set SO_KEEPALIVE on socket");
551
552         return 0; /* CURL_SOCKOPT_OK only exists since curl 7.21.5 */
553 }
554
555 static void set_curl_keepalive(CURL *c)
556 {
557         curl_easy_setopt(c, CURLOPT_SOCKOPTFUNCTION, sockopt_callback);
558 }
559
560 #else
561 static void set_curl_keepalive(CURL *c)
562 {
563         /* not supported on older curl versions */
564 }
565 #endif
566
567 static void redact_sensitive_header(struct strbuf *header)
568 {
569         const char *sensitive_header;
570
571         if (skip_prefix(header->buf, "Authorization:", &sensitive_header) ||
572             skip_prefix(header->buf, "Proxy-Authorization:", &sensitive_header)) {
573                 /* The first token is the type, which is OK to log */
574                 while (isspace(*sensitive_header))
575                         sensitive_header++;
576                 while (*sensitive_header && !isspace(*sensitive_header))
577                         sensitive_header++;
578                 /* Everything else is opaque and possibly sensitive */
579                 strbuf_setlen(header,  sensitive_header - header->buf);
580                 strbuf_addstr(header, " <redacted>");
581         } else if (cookies_to_redact.nr &&
582                    skip_prefix(header->buf, "Cookie:", &sensitive_header)) {
583                 struct strbuf redacted_header = STRBUF_INIT;
584                 char *cookie;
585
586                 while (isspace(*sensitive_header))
587                         sensitive_header++;
588
589                 /*
590                  * The contents of header starting from sensitive_header will
591                  * subsequently be overridden, so it is fine to mutate this
592                  * string (hence the assignment to "char *").
593                  */
594                 cookie = (char *) sensitive_header;
595
596                 while (cookie) {
597                         char *equals;
598                         char *semicolon = strstr(cookie, "; ");
599                         if (semicolon)
600                                 *semicolon = 0;
601                         equals = strchrnul(cookie, '=');
602                         if (!equals) {
603                                 /* invalid cookie, just append and continue */
604                                 strbuf_addstr(&redacted_header, cookie);
605                                 continue;
606                         }
607                         *equals = 0; /* temporarily set to NUL for lookup */
608                         if (string_list_lookup(&cookies_to_redact, cookie)) {
609                                 strbuf_addstr(&redacted_header, cookie);
610                                 strbuf_addstr(&redacted_header, "=<redacted>");
611                         } else {
612                                 *equals = '=';
613                                 strbuf_addstr(&redacted_header, cookie);
614                         }
615                         if (semicolon) {
616                                 /*
617                                  * There are more cookies. (Or, for some
618                                  * reason, the input string ends in "; ".)
619                                  */
620                                 strbuf_addstr(&redacted_header, "; ");
621                                 cookie = semicolon + strlen("; ");
622                         } else {
623                                 cookie = NULL;
624                         }
625                 }
626
627                 strbuf_setlen(header, sensitive_header - header->buf);
628                 strbuf_addbuf(header, &redacted_header);
629         }
630 }
631
632 static void curl_dump_header(const char *text, unsigned char *ptr, size_t size, int hide_sensitive_header)
633 {
634         struct strbuf out = STRBUF_INIT;
635         struct strbuf **headers, **header;
636
637         strbuf_addf(&out, "%s, %10.10ld bytes (0x%8.8lx)\n",
638                 text, (long)size, (long)size);
639         trace_strbuf(&trace_curl, &out);
640         strbuf_reset(&out);
641         strbuf_add(&out, ptr, size);
642         headers = strbuf_split_max(&out, '\n', 0);
643
644         for (header = headers; *header; header++) {
645                 if (hide_sensitive_header)
646                         redact_sensitive_header(*header);
647                 strbuf_insert((*header), 0, text, strlen(text));
648                 strbuf_insert((*header), strlen(text), ": ", 2);
649                 strbuf_rtrim((*header));
650                 strbuf_addch((*header), '\n');
651                 trace_strbuf(&trace_curl, (*header));
652         }
653         strbuf_list_free(headers);
654         strbuf_release(&out);
655 }
656
657 static void curl_dump_data(const char *text, unsigned char *ptr, size_t size)
658 {
659         size_t i;
660         struct strbuf out = STRBUF_INIT;
661         unsigned int width = 60;
662
663         strbuf_addf(&out, "%s, %10.10ld bytes (0x%8.8lx)\n",
664                 text, (long)size, (long)size);
665         trace_strbuf(&trace_curl, &out);
666
667         for (i = 0; i < size; i += width) {
668                 size_t w;
669
670                 strbuf_reset(&out);
671                 strbuf_addf(&out, "%s: ", text);
672                 for (w = 0; (w < width) && (i + w < size); w++) {
673                         unsigned char ch = ptr[i + w];
674
675                         strbuf_addch(&out,
676                                        (ch >= 0x20) && (ch < 0x80)
677                                        ? ch : '.');
678                 }
679                 strbuf_addch(&out, '\n');
680                 trace_strbuf(&trace_curl, &out);
681         }
682         strbuf_release(&out);
683 }
684
685 static int curl_trace(CURL *handle, curl_infotype type, char *data, size_t size, void *userp)
686 {
687         const char *text;
688         enum { NO_FILTER = 0, DO_FILTER = 1 };
689
690         switch (type) {
691         case CURLINFO_TEXT:
692                 trace_printf_key(&trace_curl, "== Info: %s", data);
693                 break;
694         case CURLINFO_HEADER_OUT:
695                 text = "=> Send header";
696                 curl_dump_header(text, (unsigned char *)data, size, DO_FILTER);
697                 break;
698         case CURLINFO_DATA_OUT:
699                 if (trace_curl_data) {
700                         text = "=> Send data";
701                         curl_dump_data(text, (unsigned char *)data, size);
702                 }
703                 break;
704         case CURLINFO_SSL_DATA_OUT:
705                 if (trace_curl_data) {
706                         text = "=> Send SSL data";
707                         curl_dump_data(text, (unsigned char *)data, size);
708                 }
709                 break;
710         case CURLINFO_HEADER_IN:
711                 text = "<= Recv header";
712                 curl_dump_header(text, (unsigned char *)data, size, NO_FILTER);
713                 break;
714         case CURLINFO_DATA_IN:
715                 if (trace_curl_data) {
716                         text = "<= Recv data";
717                         curl_dump_data(text, (unsigned char *)data, size);
718                 }
719                 break;
720         case CURLINFO_SSL_DATA_IN:
721                 if (trace_curl_data) {
722                         text = "<= Recv SSL data";
723                         curl_dump_data(text, (unsigned char *)data, size);
724                 }
725                 break;
726
727         default:                /* we ignore unknown types by default */
728                 return 0;
729         }
730         return 0;
731 }
732
733 void setup_curl_trace(CURL *handle)
734 {
735         if (!trace_want(&trace_curl))
736                 return;
737         curl_easy_setopt(handle, CURLOPT_VERBOSE, 1L);
738         curl_easy_setopt(handle, CURLOPT_DEBUGFUNCTION, curl_trace);
739         curl_easy_setopt(handle, CURLOPT_DEBUGDATA, NULL);
740 }
741
742 #ifdef CURLPROTO_HTTP
743 static long get_curl_allowed_protocols(int from_user)
744 {
745         long allowed_protocols = 0;
746
747         if (is_transport_allowed("http", from_user))
748                 allowed_protocols |= CURLPROTO_HTTP;
749         if (is_transport_allowed("https", from_user))
750                 allowed_protocols |= CURLPROTO_HTTPS;
751         if (is_transport_allowed("ftp", from_user))
752                 allowed_protocols |= CURLPROTO_FTP;
753         if (is_transport_allowed("ftps", from_user))
754                 allowed_protocols |= CURLPROTO_FTPS;
755
756         return allowed_protocols;
757 }
758 #endif
759
760 static CURL *get_curl_handle(void)
761 {
762         CURL *result = curl_easy_init();
763
764         if (!result)
765                 die("curl_easy_init failed");
766
767         if (!curl_ssl_verify) {
768                 curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
769                 curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0);
770         } else {
771                 /* Verify authenticity of the peer's certificate */
772                 curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1);
773                 /* The name in the cert must match whom we tried to connect */
774                 curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2);
775         }
776
777 #if LIBCURL_VERSION_NUM >= 0x070907
778         curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
779 #endif
780 #ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
781         curl_easy_setopt(result, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
782 #endif
783
784 #ifdef CURLGSSAPI_DELEGATION_FLAG
785         if (curl_deleg) {
786                 int i;
787                 for (i = 0; i < ARRAY_SIZE(curl_deleg_levels); i++) {
788                         if (!strcmp(curl_deleg, curl_deleg_levels[i].name)) {
789                                 curl_easy_setopt(result, CURLOPT_GSSAPI_DELEGATION,
790                                                 curl_deleg_levels[i].curl_deleg_param);
791                                 break;
792                         }
793                 }
794                 if (i == ARRAY_SIZE(curl_deleg_levels))
795                         warning("Unknown delegation method '%s': using default",
796                                 curl_deleg);
797         }
798 #endif
799
800         if (http_proactive_auth)
801                 init_curl_http_auth(result);
802
803         if (getenv("GIT_SSL_VERSION"))
804                 ssl_version = getenv("GIT_SSL_VERSION");
805         if (ssl_version && *ssl_version) {
806                 int i;
807                 for (i = 0; i < ARRAY_SIZE(sslversions); i++) {
808                         if (!strcmp(ssl_version, sslversions[i].name)) {
809                                 curl_easy_setopt(result, CURLOPT_SSLVERSION,
810                                                  sslversions[i].ssl_version);
811                                 break;
812                         }
813                 }
814                 if (i == ARRAY_SIZE(sslversions))
815                         warning("unsupported ssl version %s: using default",
816                                 ssl_version);
817         }
818
819         if (getenv("GIT_SSL_CIPHER_LIST"))
820                 ssl_cipherlist = getenv("GIT_SSL_CIPHER_LIST");
821         if (ssl_cipherlist != NULL && *ssl_cipherlist)
822                 curl_easy_setopt(result, CURLOPT_SSL_CIPHER_LIST,
823                                 ssl_cipherlist);
824
825         if (ssl_cert != NULL)
826                 curl_easy_setopt(result, CURLOPT_SSLCERT, ssl_cert);
827         if (has_cert_password())
828                 curl_easy_setopt(result, CURLOPT_KEYPASSWD, cert_auth.password);
829 #if LIBCURL_VERSION_NUM >= 0x070903
830         if (ssl_key != NULL)
831                 curl_easy_setopt(result, CURLOPT_SSLKEY, ssl_key);
832 #endif
833 #if LIBCURL_VERSION_NUM >= 0x070908
834         if (ssl_capath != NULL)
835                 curl_easy_setopt(result, CURLOPT_CAPATH, ssl_capath);
836 #endif
837 #if LIBCURL_VERSION_NUM >= 0x072c00
838         if (ssl_pinnedkey != NULL)
839                 curl_easy_setopt(result, CURLOPT_PINNEDPUBLICKEY, ssl_pinnedkey);
840 #endif
841         if (ssl_cainfo != NULL)
842                 curl_easy_setopt(result, CURLOPT_CAINFO, ssl_cainfo);
843
844         if (curl_low_speed_limit > 0 && curl_low_speed_time > 0) {
845                 curl_easy_setopt(result, CURLOPT_LOW_SPEED_LIMIT,
846                                  curl_low_speed_limit);
847                 curl_easy_setopt(result, CURLOPT_LOW_SPEED_TIME,
848                                  curl_low_speed_time);
849         }
850
851         curl_easy_setopt(result, CURLOPT_MAXREDIRS, 20);
852 #if LIBCURL_VERSION_NUM >= 0x071301
853         curl_easy_setopt(result, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL);
854 #elif LIBCURL_VERSION_NUM >= 0x071101
855         curl_easy_setopt(result, CURLOPT_POST301, 1);
856 #endif
857 #ifdef CURLPROTO_HTTP
858         curl_easy_setopt(result, CURLOPT_REDIR_PROTOCOLS,
859                          get_curl_allowed_protocols(0));
860         curl_easy_setopt(result, CURLOPT_PROTOCOLS,
861                          get_curl_allowed_protocols(-1));
862 #else
863         warning("protocol restrictions not applied to curl redirects because\n"
864                 "your curl version is too old (>= 7.19.4)");
865 #endif
866         if (getenv("GIT_CURL_VERBOSE"))
867                 curl_easy_setopt(result, CURLOPT_VERBOSE, 1L);
868         setup_curl_trace(result);
869         if (getenv("GIT_TRACE_CURL_NO_DATA"))
870                 trace_curl_data = 0;
871         if (getenv("GIT_REDACT_COOKIES")) {
872                 string_list_split(&cookies_to_redact,
873                                   getenv("GIT_REDACT_COOKIES"), ',', -1);
874                 string_list_sort(&cookies_to_redact);
875         }
876
877         curl_easy_setopt(result, CURLOPT_USERAGENT,
878                 user_agent ? user_agent : git_user_agent());
879
880         if (curl_ftp_no_epsv)
881                 curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0);
882
883 #ifdef CURLOPT_USE_SSL
884         if (curl_ssl_try)
885                 curl_easy_setopt(result, CURLOPT_USE_SSL, CURLUSESSL_TRY);
886 #endif
887
888         /*
889          * CURL also examines these variables as a fallback; but we need to query
890          * them here in order to decide whether to prompt for missing password (cf.
891          * init_curl_proxy_auth()).
892          *
893          * Unlike many other common environment variables, these are historically
894          * lowercase only. It appears that CURL did not know this and implemented
895          * only uppercase variants, which was later corrected to take both - with
896          * the exception of http_proxy, which is lowercase only also in CURL. As
897          * the lowercase versions are the historical quasi-standard, they take
898          * precedence here, as in CURL.
899          */
900         if (!curl_http_proxy) {
901                 if (http_auth.protocol && !strcmp(http_auth.protocol, "https")) {
902                         var_override(&curl_http_proxy, getenv("HTTPS_PROXY"));
903                         var_override(&curl_http_proxy, getenv("https_proxy"));
904                 } else {
905                         var_override(&curl_http_proxy, getenv("http_proxy"));
906                 }
907                 if (!curl_http_proxy) {
908                         var_override(&curl_http_proxy, getenv("ALL_PROXY"));
909                         var_override(&curl_http_proxy, getenv("all_proxy"));
910                 }
911         }
912
913         if (curl_http_proxy && curl_http_proxy[0] == '\0') {
914                 /*
915                  * Handle case with the empty http.proxy value here to keep
916                  * common code clean.
917                  * NB: empty option disables proxying at all.
918                  */
919                 curl_easy_setopt(result, CURLOPT_PROXY, "");
920         } else if (curl_http_proxy) {
921 #if LIBCURL_VERSION_NUM >= 0x071800
922                 if (starts_with(curl_http_proxy, "socks5h"))
923                         curl_easy_setopt(result,
924                                 CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5_HOSTNAME);
925                 else if (starts_with(curl_http_proxy, "socks5"))
926                         curl_easy_setopt(result,
927                                 CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
928                 else if (starts_with(curl_http_proxy, "socks4a"))
929                         curl_easy_setopt(result,
930                                 CURLOPT_PROXYTYPE, CURLPROXY_SOCKS4A);
931                 else if (starts_with(curl_http_proxy, "socks"))
932                         curl_easy_setopt(result,
933                                 CURLOPT_PROXYTYPE, CURLPROXY_SOCKS4);
934 #endif
935 #if LIBCURL_VERSION_NUM >= 0x073400
936                 else if (starts_with(curl_http_proxy, "https"))
937                         curl_easy_setopt(result,
938                                 CURLOPT_PROXYTYPE, CURLPROXY_HTTPS);
939 #endif
940                 if (strstr(curl_http_proxy, "://"))
941                         credential_from_url(&proxy_auth, curl_http_proxy);
942                 else {
943                         struct strbuf url = STRBUF_INIT;
944                         strbuf_addf(&url, "http://%s", curl_http_proxy);
945                         credential_from_url(&proxy_auth, url.buf);
946                         strbuf_release(&url);
947                 }
948
949                 if (!proxy_auth.host)
950                         die("Invalid proxy URL '%s'", curl_http_proxy);
951
952                 curl_easy_setopt(result, CURLOPT_PROXY, proxy_auth.host);
953 #if LIBCURL_VERSION_NUM >= 0x071304
954                 var_override(&curl_no_proxy, getenv("NO_PROXY"));
955                 var_override(&curl_no_proxy, getenv("no_proxy"));
956                 curl_easy_setopt(result, CURLOPT_NOPROXY, curl_no_proxy);
957 #endif
958         }
959         init_curl_proxy_auth(result);
960
961         set_curl_keepalive(result);
962
963         return result;
964 }
965
966 static void set_from_env(const char **var, const char *envname)
967 {
968         const char *val = getenv(envname);
969         if (val)
970                 *var = val;
971 }
972
973 static void protocol_http_header(void)
974 {
975         if (get_protocol_version_config() > 0) {
976                 struct strbuf protocol_header = STRBUF_INIT;
977
978                 strbuf_addf(&protocol_header, GIT_PROTOCOL_HEADER ": version=%d",
979                             get_protocol_version_config());
980
981
982                 extra_http_headers = curl_slist_append(extra_http_headers,
983                                                        protocol_header.buf);
984                 strbuf_release(&protocol_header);
985         }
986 }
987
988 void http_init(struct remote *remote, const char *url, int proactive_auth)
989 {
990         char *low_speed_limit;
991         char *low_speed_time;
992         char *normalized_url;
993         struct urlmatch_config config = { STRING_LIST_INIT_DUP };
994
995         config.section = "http";
996         config.key = NULL;
997         config.collect_fn = http_options;
998         config.cascade_fn = git_default_config;
999         config.cb = NULL;
1000
1001         http_is_verbose = 0;
1002         normalized_url = url_normalize(url, &config.url);
1003
1004         git_config(urlmatch_config_entry, &config);
1005         free(normalized_url);
1006
1007         if (curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK)
1008                 die("curl_global_init failed");
1009
1010         http_proactive_auth = proactive_auth;
1011
1012         if (remote && remote->http_proxy)
1013                 curl_http_proxy = xstrdup(remote->http_proxy);
1014
1015         if (remote)
1016                 var_override(&http_proxy_authmethod, remote->http_proxy_authmethod);
1017
1018         protocol_http_header();
1019
1020         pragma_header = curl_slist_append(http_copy_default_headers(),
1021                 "Pragma: no-cache");
1022         no_pragma_header = curl_slist_append(http_copy_default_headers(),
1023                 "Pragma:");
1024
1025 #ifdef USE_CURL_MULTI
1026         {
1027                 char *http_max_requests = getenv("GIT_HTTP_MAX_REQUESTS");
1028                 if (http_max_requests != NULL)
1029                         max_requests = atoi(http_max_requests);
1030         }
1031
1032         curlm = curl_multi_init();
1033         if (!curlm)
1034                 die("curl_multi_init failed");
1035 #endif
1036
1037         if (getenv("GIT_SSL_NO_VERIFY"))
1038                 curl_ssl_verify = 0;
1039
1040         set_from_env(&ssl_cert, "GIT_SSL_CERT");
1041 #if LIBCURL_VERSION_NUM >= 0x070903
1042         set_from_env(&ssl_key, "GIT_SSL_KEY");
1043 #endif
1044 #if LIBCURL_VERSION_NUM >= 0x070908
1045         set_from_env(&ssl_capath, "GIT_SSL_CAPATH");
1046 #endif
1047         set_from_env(&ssl_cainfo, "GIT_SSL_CAINFO");
1048
1049         set_from_env(&user_agent, "GIT_HTTP_USER_AGENT");
1050
1051         low_speed_limit = getenv("GIT_HTTP_LOW_SPEED_LIMIT");
1052         if (low_speed_limit != NULL)
1053                 curl_low_speed_limit = strtol(low_speed_limit, NULL, 10);
1054         low_speed_time = getenv("GIT_HTTP_LOW_SPEED_TIME");
1055         if (low_speed_time != NULL)
1056                 curl_low_speed_time = strtol(low_speed_time, NULL, 10);
1057
1058         if (curl_ssl_verify == -1)
1059                 curl_ssl_verify = 1;
1060
1061         curl_session_count = 0;
1062 #ifdef USE_CURL_MULTI
1063         if (max_requests < 1)
1064                 max_requests = DEFAULT_MAX_REQUESTS;
1065 #endif
1066
1067         if (getenv("GIT_CURL_FTP_NO_EPSV"))
1068                 curl_ftp_no_epsv = 1;
1069
1070         if (url) {
1071                 credential_from_url(&http_auth, url);
1072                 if (!ssl_cert_password_required &&
1073                     getenv("GIT_SSL_CERT_PASSWORD_PROTECTED") &&
1074                     starts_with(url, "https://"))
1075                         ssl_cert_password_required = 1;
1076         }
1077
1078 #ifndef NO_CURL_EASY_DUPHANDLE
1079         curl_default = get_curl_handle();
1080 #endif
1081 }
1082
1083 void http_cleanup(void)
1084 {
1085         struct active_request_slot *slot = active_queue_head;
1086
1087         while (slot != NULL) {
1088                 struct active_request_slot *next = slot->next;
1089                 if (slot->curl != NULL) {
1090                         xmulti_remove_handle(slot);
1091                         curl_easy_cleanup(slot->curl);
1092                 }
1093                 free(slot);
1094                 slot = next;
1095         }
1096         active_queue_head = NULL;
1097
1098 #ifndef NO_CURL_EASY_DUPHANDLE
1099         curl_easy_cleanup(curl_default);
1100 #endif
1101
1102 #ifdef USE_CURL_MULTI
1103         curl_multi_cleanup(curlm);
1104 #endif
1105         curl_global_cleanup();
1106
1107         curl_slist_free_all(extra_http_headers);
1108         extra_http_headers = NULL;
1109
1110         curl_slist_free_all(pragma_header);
1111         pragma_header = NULL;
1112
1113         curl_slist_free_all(no_pragma_header);
1114         no_pragma_header = NULL;
1115
1116         if (curl_http_proxy) {
1117                 free((void *)curl_http_proxy);
1118                 curl_http_proxy = NULL;
1119         }
1120
1121         if (proxy_auth.password) {
1122                 memset(proxy_auth.password, 0, strlen(proxy_auth.password));
1123                 FREE_AND_NULL(proxy_auth.password);
1124         }
1125
1126         free((void *)curl_proxyuserpwd);
1127         curl_proxyuserpwd = NULL;
1128
1129         free((void *)http_proxy_authmethod);
1130         http_proxy_authmethod = NULL;
1131
1132         if (cert_auth.password != NULL) {
1133                 memset(cert_auth.password, 0, strlen(cert_auth.password));
1134                 FREE_AND_NULL(cert_auth.password);
1135         }
1136         ssl_cert_password_required = 0;
1137
1138         FREE_AND_NULL(cached_accept_language);
1139 }
1140
1141 struct active_request_slot *get_active_slot(void)
1142 {
1143         struct active_request_slot *slot = active_queue_head;
1144         struct active_request_slot *newslot;
1145
1146 #ifdef USE_CURL_MULTI
1147         int num_transfers;
1148
1149         /* Wait for a slot to open up if the queue is full */
1150         while (active_requests >= max_requests) {
1151                 curl_multi_perform(curlm, &num_transfers);
1152                 if (num_transfers < active_requests)
1153                         process_curl_messages();
1154         }
1155 #endif
1156
1157         while (slot != NULL && slot->in_use)
1158                 slot = slot->next;
1159
1160         if (slot == NULL) {
1161                 newslot = xmalloc(sizeof(*newslot));
1162                 newslot->curl = NULL;
1163                 newslot->in_use = 0;
1164                 newslot->next = NULL;
1165
1166                 slot = active_queue_head;
1167                 if (slot == NULL) {
1168                         active_queue_head = newslot;
1169                 } else {
1170                         while (slot->next != NULL)
1171                                 slot = slot->next;
1172                         slot->next = newslot;
1173                 }
1174                 slot = newslot;
1175         }
1176
1177         if (slot->curl == NULL) {
1178 #ifdef NO_CURL_EASY_DUPHANDLE
1179                 slot->curl = get_curl_handle();
1180 #else
1181                 slot->curl = curl_easy_duphandle(curl_default);
1182 #endif
1183                 curl_session_count++;
1184         }
1185
1186         active_requests++;
1187         slot->in_use = 1;
1188         slot->results = NULL;
1189         slot->finished = NULL;
1190         slot->callback_data = NULL;
1191         slot->callback_func = NULL;
1192         curl_easy_setopt(slot->curl, CURLOPT_COOKIEFILE, curl_cookie_file);
1193         if (curl_save_cookies)
1194                 curl_easy_setopt(slot->curl, CURLOPT_COOKIEJAR, curl_cookie_file);
1195         curl_easy_setopt(slot->curl, CURLOPT_HTTPHEADER, pragma_header);
1196         curl_easy_setopt(slot->curl, CURLOPT_ERRORBUFFER, curl_errorstr);
1197         curl_easy_setopt(slot->curl, CURLOPT_CUSTOMREQUEST, NULL);
1198         curl_easy_setopt(slot->curl, CURLOPT_READFUNCTION, NULL);
1199         curl_easy_setopt(slot->curl, CURLOPT_WRITEFUNCTION, NULL);
1200         curl_easy_setopt(slot->curl, CURLOPT_POSTFIELDS, NULL);
1201         curl_easy_setopt(slot->curl, CURLOPT_UPLOAD, 0);
1202         curl_easy_setopt(slot->curl, CURLOPT_HTTPGET, 1);
1203         curl_easy_setopt(slot->curl, CURLOPT_FAILONERROR, 1);
1204         curl_easy_setopt(slot->curl, CURLOPT_RANGE, NULL);
1205
1206         /*
1207          * Default following to off unless "ALWAYS" is configured; this gives
1208          * callers a sane starting point, and they can tweak for individual
1209          * HTTP_FOLLOW_* cases themselves.
1210          */
1211         if (http_follow_config == HTTP_FOLLOW_ALWAYS)
1212                 curl_easy_setopt(slot->curl, CURLOPT_FOLLOWLOCATION, 1);
1213         else
1214                 curl_easy_setopt(slot->curl, CURLOPT_FOLLOWLOCATION, 0);
1215
1216 #if LIBCURL_VERSION_NUM >= 0x070a08
1217         curl_easy_setopt(slot->curl, CURLOPT_IPRESOLVE, git_curl_ipresolve);
1218 #endif
1219 #ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
1220         curl_easy_setopt(slot->curl, CURLOPT_HTTPAUTH, http_auth_methods);
1221 #endif
1222         if (http_auth.password || curl_empty_auth_enabled())
1223                 init_curl_http_auth(slot->curl);
1224
1225         return slot;
1226 }
1227
1228 int start_active_slot(struct active_request_slot *slot)
1229 {
1230 #ifdef USE_CURL_MULTI
1231         CURLMcode curlm_result = curl_multi_add_handle(curlm, slot->curl);
1232         int num_transfers;
1233
1234         if (curlm_result != CURLM_OK &&
1235             curlm_result != CURLM_CALL_MULTI_PERFORM) {
1236                 warning("curl_multi_add_handle failed: %s",
1237                         curl_multi_strerror(curlm_result));
1238                 active_requests--;
1239                 slot->in_use = 0;
1240                 return 0;
1241         }
1242
1243         /*
1244          * We know there must be something to do, since we just added
1245          * something.
1246          */
1247         curl_multi_perform(curlm, &num_transfers);
1248 #endif
1249         return 1;
1250 }
1251
1252 #ifdef USE_CURL_MULTI
1253 struct fill_chain {
1254         void *data;
1255         int (*fill)(void *);
1256         struct fill_chain *next;
1257 };
1258
1259 static struct fill_chain *fill_cfg;
1260
1261 void add_fill_function(void *data, int (*fill)(void *))
1262 {
1263         struct fill_chain *new_fill = xmalloc(sizeof(*new_fill));
1264         struct fill_chain **linkp = &fill_cfg;
1265         new_fill->data = data;
1266         new_fill->fill = fill;
1267         new_fill->next = NULL;
1268         while (*linkp)
1269                 linkp = &(*linkp)->next;
1270         *linkp = new_fill;
1271 }
1272
1273 void fill_active_slots(void)
1274 {
1275         struct active_request_slot *slot = active_queue_head;
1276
1277         while (active_requests < max_requests) {
1278                 struct fill_chain *fill;
1279                 for (fill = fill_cfg; fill; fill = fill->next)
1280                         if (fill->fill(fill->data))
1281                                 break;
1282
1283                 if (!fill)
1284                         break;
1285         }
1286
1287         while (slot != NULL) {
1288                 if (!slot->in_use && slot->curl != NULL
1289                         && curl_session_count > min_curl_sessions) {
1290                         curl_easy_cleanup(slot->curl);
1291                         slot->curl = NULL;
1292                         curl_session_count--;
1293                 }
1294                 slot = slot->next;
1295         }
1296 }
1297
1298 void step_active_slots(void)
1299 {
1300         int num_transfers;
1301         CURLMcode curlm_result;
1302
1303         do {
1304                 curlm_result = curl_multi_perform(curlm, &num_transfers);
1305         } while (curlm_result == CURLM_CALL_MULTI_PERFORM);
1306         if (num_transfers < active_requests) {
1307                 process_curl_messages();
1308                 fill_active_slots();
1309         }
1310 }
1311 #endif
1312
1313 void run_active_slot(struct active_request_slot *slot)
1314 {
1315 #ifdef USE_CURL_MULTI
1316         fd_set readfds;
1317         fd_set writefds;
1318         fd_set excfds;
1319         int max_fd;
1320         struct timeval select_timeout;
1321         int finished = 0;
1322
1323         slot->finished = &finished;
1324         while (!finished) {
1325                 step_active_slots();
1326
1327                 if (slot->in_use) {
1328 #if LIBCURL_VERSION_NUM >= 0x070f04
1329                         long curl_timeout;
1330                         curl_multi_timeout(curlm, &curl_timeout);
1331                         if (curl_timeout == 0) {
1332                                 continue;
1333                         } else if (curl_timeout == -1) {
1334                                 select_timeout.tv_sec  = 0;
1335                                 select_timeout.tv_usec = 50000;
1336                         } else {
1337                                 select_timeout.tv_sec  =  curl_timeout / 1000;
1338                                 select_timeout.tv_usec = (curl_timeout % 1000) * 1000;
1339                         }
1340 #else
1341                         select_timeout.tv_sec  = 0;
1342                         select_timeout.tv_usec = 50000;
1343 #endif
1344
1345                         max_fd = -1;
1346                         FD_ZERO(&readfds);
1347                         FD_ZERO(&writefds);
1348                         FD_ZERO(&excfds);
1349                         curl_multi_fdset(curlm, &readfds, &writefds, &excfds, &max_fd);
1350
1351                         /*
1352                          * It can happen that curl_multi_timeout returns a pathologically
1353                          * long timeout when curl_multi_fdset returns no file descriptors
1354                          * to read.  See commit message for more details.
1355                          */
1356                         if (max_fd < 0 &&
1357                             (select_timeout.tv_sec > 0 ||
1358                              select_timeout.tv_usec > 50000)) {
1359                                 select_timeout.tv_sec  = 0;
1360                                 select_timeout.tv_usec = 50000;
1361                         }
1362
1363                         select(max_fd+1, &readfds, &writefds, &excfds, &select_timeout);
1364                 }
1365         }
1366 #else
1367         while (slot->in_use) {
1368                 slot->curl_result = curl_easy_perform(slot->curl);
1369                 finish_active_slot(slot);
1370         }
1371 #endif
1372 }
1373
1374 static void release_active_slot(struct active_request_slot *slot)
1375 {
1376         closedown_active_slot(slot);
1377         if (slot->curl) {
1378                 xmulti_remove_handle(slot);
1379                 if (curl_session_count > min_curl_sessions) {
1380                         curl_easy_cleanup(slot->curl);
1381                         slot->curl = NULL;
1382                         curl_session_count--;
1383                 }
1384         }
1385 #ifdef USE_CURL_MULTI
1386         fill_active_slots();
1387 #endif
1388 }
1389
1390 void finish_all_active_slots(void)
1391 {
1392         struct active_request_slot *slot = active_queue_head;
1393
1394         while (slot != NULL)
1395                 if (slot->in_use) {
1396                         run_active_slot(slot);
1397                         slot = active_queue_head;
1398                 } else {
1399                         slot = slot->next;
1400                 }
1401 }
1402
1403 /* Helpers for modifying and creating URLs */
1404 static inline int needs_quote(int ch)
1405 {
1406         if (((ch >= 'A') && (ch <= 'Z'))
1407                         || ((ch >= 'a') && (ch <= 'z'))
1408                         || ((ch >= '0') && (ch <= '9'))
1409                         || (ch == '/')
1410                         || (ch == '-')
1411                         || (ch == '.'))
1412                 return 0;
1413         return 1;
1414 }
1415
1416 static char *quote_ref_url(const char *base, const char *ref)
1417 {
1418         struct strbuf buf = STRBUF_INIT;
1419         const char *cp;
1420         int ch;
1421
1422         end_url_with_slash(&buf, base);
1423
1424         for (cp = ref; (ch = *cp) != 0; cp++)
1425                 if (needs_quote(ch))
1426                         strbuf_addf(&buf, "%%%02x", ch);
1427                 else
1428                         strbuf_addch(&buf, *cp);
1429
1430         return strbuf_detach(&buf, NULL);
1431 }
1432
1433 void append_remote_object_url(struct strbuf *buf, const char *url,
1434                               const char *hex,
1435                               int only_two_digit_prefix)
1436 {
1437         end_url_with_slash(buf, url);
1438
1439         strbuf_addf(buf, "objects/%.*s/", 2, hex);
1440         if (!only_two_digit_prefix)
1441                 strbuf_addstr(buf, hex + 2);
1442 }
1443
1444 char *get_remote_object_url(const char *url, const char *hex,
1445                             int only_two_digit_prefix)
1446 {
1447         struct strbuf buf = STRBUF_INIT;
1448         append_remote_object_url(&buf, url, hex, only_two_digit_prefix);
1449         return strbuf_detach(&buf, NULL);
1450 }
1451
1452 static int handle_curl_result(struct slot_results *results)
1453 {
1454         /*
1455          * If we see a failing http code with CURLE_OK, we have turned off
1456          * FAILONERROR (to keep the server's custom error response), and should
1457          * translate the code into failure here.
1458          *
1459          * Likewise, if we see a redirect (30x code), that means we turned off
1460          * redirect-following, and we should treat the result as an error.
1461          */
1462         if (results->curl_result == CURLE_OK &&
1463             results->http_code >= 300) {
1464                 results->curl_result = CURLE_HTTP_RETURNED_ERROR;
1465                 /*
1466                  * Normally curl will already have put the "reason phrase"
1467                  * from the server into curl_errorstr; unfortunately without
1468                  * FAILONERROR it is lost, so we can give only the numeric
1469                  * status code.
1470                  */
1471                 xsnprintf(curl_errorstr, sizeof(curl_errorstr),
1472                           "The requested URL returned error: %ld",
1473                           results->http_code);
1474         }
1475
1476         if (results->curl_result == CURLE_OK) {
1477                 credential_approve(&http_auth);
1478                 if (proxy_auth.password)
1479                         credential_approve(&proxy_auth);
1480                 return HTTP_OK;
1481         } else if (missing_target(results))
1482                 return HTTP_MISSING_TARGET;
1483         else if (results->http_code == 401) {
1484                 if (http_auth.username && http_auth.password) {
1485                         credential_reject(&http_auth);
1486                         return HTTP_NOAUTH;
1487                 } else {
1488 #ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
1489                         http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE;
1490                         if (results->auth_avail) {
1491                                 http_auth_methods &= results->auth_avail;
1492                                 http_auth_methods_restricted = 1;
1493                         }
1494 #endif
1495                         return HTTP_REAUTH;
1496                 }
1497         } else {
1498                 if (results->http_connectcode == 407)
1499                         credential_reject(&proxy_auth);
1500 #if LIBCURL_VERSION_NUM >= 0x070c00
1501                 if (!curl_errorstr[0])
1502                         strlcpy(curl_errorstr,
1503                                 curl_easy_strerror(results->curl_result),
1504                                 sizeof(curl_errorstr));
1505 #endif
1506                 return HTTP_ERROR;
1507         }
1508 }
1509
1510 int run_one_slot(struct active_request_slot *slot,
1511                  struct slot_results *results)
1512 {
1513         slot->results = results;
1514         if (!start_active_slot(slot)) {
1515                 xsnprintf(curl_errorstr, sizeof(curl_errorstr),
1516                           "failed to start HTTP request");
1517                 return HTTP_START_FAILED;
1518         }
1519
1520         run_active_slot(slot);
1521         return handle_curl_result(results);
1522 }
1523
1524 struct curl_slist *http_copy_default_headers(void)
1525 {
1526         struct curl_slist *headers = NULL, *h;
1527
1528         for (h = extra_http_headers; h; h = h->next)
1529                 headers = curl_slist_append(headers, h->data);
1530
1531         return headers;
1532 }
1533
1534 static CURLcode curlinfo_strbuf(CURL *curl, CURLINFO info, struct strbuf *buf)
1535 {
1536         char *ptr;
1537         CURLcode ret;
1538
1539         strbuf_reset(buf);
1540         ret = curl_easy_getinfo(curl, info, &ptr);
1541         if (!ret && ptr)
1542                 strbuf_addstr(buf, ptr);
1543         return ret;
1544 }
1545
1546 /*
1547  * Check for and extract a content-type parameter. "raw"
1548  * should be positioned at the start of the potential
1549  * parameter, with any whitespace already removed.
1550  *
1551  * "name" is the name of the parameter. The value is appended
1552  * to "out".
1553  */
1554 static int extract_param(const char *raw, const char *name,
1555                          struct strbuf *out)
1556 {
1557         size_t len = strlen(name);
1558
1559         if (strncasecmp(raw, name, len))
1560                 return -1;
1561         raw += len;
1562
1563         if (*raw != '=')
1564                 return -1;
1565         raw++;
1566
1567         while (*raw && !isspace(*raw) && *raw != ';')
1568                 strbuf_addch(out, *raw++);
1569         return 0;
1570 }
1571
1572 /*
1573  * Extract a normalized version of the content type, with any
1574  * spaces suppressed, all letters lowercased, and no trailing ";"
1575  * or parameters.
1576  *
1577  * Note that we will silently remove even invalid whitespace. For
1578  * example, "text / plain" is specifically forbidden by RFC 2616,
1579  * but "text/plain" is the only reasonable output, and this keeps
1580  * our code simple.
1581  *
1582  * If the "charset" argument is not NULL, store the value of any
1583  * charset parameter there.
1584  *
1585  * Example:
1586  *   "TEXT/PLAIN; charset=utf-8" -> "text/plain", "utf-8"
1587  *   "text / plain" -> "text/plain"
1588  */
1589 static void extract_content_type(struct strbuf *raw, struct strbuf *type,
1590                                  struct strbuf *charset)
1591 {
1592         const char *p;
1593
1594         strbuf_reset(type);
1595         strbuf_grow(type, raw->len);
1596         for (p = raw->buf; *p; p++) {
1597                 if (isspace(*p))
1598                         continue;
1599                 if (*p == ';') {
1600                         p++;
1601                         break;
1602                 }
1603                 strbuf_addch(type, tolower(*p));
1604         }
1605
1606         if (!charset)
1607                 return;
1608
1609         strbuf_reset(charset);
1610         while (*p) {
1611                 while (isspace(*p) || *p == ';')
1612                         p++;
1613                 if (!extract_param(p, "charset", charset))
1614                         return;
1615                 while (*p && !isspace(*p))
1616                         p++;
1617         }
1618
1619         if (!charset->len && starts_with(type->buf, "text/"))
1620                 strbuf_addstr(charset, "ISO-8859-1");
1621 }
1622
1623 static void write_accept_language(struct strbuf *buf)
1624 {
1625         /*
1626          * MAX_DECIMAL_PLACES must not be larger than 3. If it is larger than
1627          * that, q-value will be smaller than 0.001, the minimum q-value the
1628          * HTTP specification allows. See
1629          * http://tools.ietf.org/html/rfc7231#section-5.3.1 for q-value.
1630          */
1631         const int MAX_DECIMAL_PLACES = 3;
1632         const int MAX_LANGUAGE_TAGS = 1000;
1633         const int MAX_ACCEPT_LANGUAGE_HEADER_SIZE = 4000;
1634         char **language_tags = NULL;
1635         int num_langs = 0;
1636         const char *s = get_preferred_languages();
1637         int i;
1638         struct strbuf tag = STRBUF_INIT;
1639
1640         /* Don't add Accept-Language header if no language is preferred. */
1641         if (!s)
1642                 return;
1643
1644         /*
1645          * Split the colon-separated string of preferred languages into
1646          * language_tags array.
1647          */
1648         do {
1649                 /* collect language tag */
1650                 for (; *s && (isalnum(*s) || *s == '_'); s++)
1651                         strbuf_addch(&tag, *s == '_' ? '-' : *s);
1652
1653                 /* skip .codeset, @modifier and any other unnecessary parts */
1654                 while (*s && *s != ':')
1655                         s++;
1656
1657                 if (tag.len) {
1658                         num_langs++;
1659                         REALLOC_ARRAY(language_tags, num_langs);
1660                         language_tags[num_langs - 1] = strbuf_detach(&tag, NULL);
1661                         if (num_langs >= MAX_LANGUAGE_TAGS - 1) /* -1 for '*' */
1662                                 break;
1663                 }
1664         } while (*s++);
1665
1666         /* write Accept-Language header into buf */
1667         if (num_langs) {
1668                 int last_buf_len = 0;
1669                 int max_q;
1670                 int decimal_places;
1671                 char q_format[32];
1672
1673                 /* add '*' */
1674                 REALLOC_ARRAY(language_tags, num_langs + 1);
1675                 language_tags[num_langs++] = "*"; /* it's OK; this won't be freed */
1676
1677                 /* compute decimal_places */
1678                 for (max_q = 1, decimal_places = 0;
1679                      max_q < num_langs && decimal_places <= MAX_DECIMAL_PLACES;
1680                      decimal_places++, max_q *= 10)
1681                         ;
1682
1683                 xsnprintf(q_format, sizeof(q_format), ";q=0.%%0%dd", decimal_places);
1684
1685                 strbuf_addstr(buf, "Accept-Language: ");
1686
1687                 for (i = 0; i < num_langs; i++) {
1688                         if (i > 0)
1689                                 strbuf_addstr(buf, ", ");
1690
1691                         strbuf_addstr(buf, language_tags[i]);
1692
1693                         if (i > 0)
1694                                 strbuf_addf(buf, q_format, max_q - i);
1695
1696                         if (buf->len > MAX_ACCEPT_LANGUAGE_HEADER_SIZE) {
1697                                 strbuf_remove(buf, last_buf_len, buf->len - last_buf_len);
1698                                 break;
1699                         }
1700
1701                         last_buf_len = buf->len;
1702                 }
1703         }
1704
1705         /* free language tags -- last one is a static '*' */
1706         for (i = 0; i < num_langs - 1; i++)
1707                 free(language_tags[i]);
1708         free(language_tags);
1709 }
1710
1711 /*
1712  * Get an Accept-Language header which indicates user's preferred languages.
1713  *
1714  * Examples:
1715  *   LANGUAGE= -> ""
1716  *   LANGUAGE=ko:en -> "Accept-Language: ko, en; q=0.9, *; q=0.1"
1717  *   LANGUAGE=ko_KR.UTF-8:sr@latin -> "Accept-Language: ko-KR, sr; q=0.9, *; q=0.1"
1718  *   LANGUAGE=ko LANG=en_US.UTF-8 -> "Accept-Language: ko, *; q=0.1"
1719  *   LANGUAGE= LANG=en_US.UTF-8 -> "Accept-Language: en-US, *; q=0.1"
1720  *   LANGUAGE= LANG=C -> ""
1721  */
1722 static const char *get_accept_language(void)
1723 {
1724         if (!cached_accept_language) {
1725                 struct strbuf buf = STRBUF_INIT;
1726                 write_accept_language(&buf);
1727                 if (buf.len > 0)
1728                         cached_accept_language = strbuf_detach(&buf, NULL);
1729         }
1730
1731         return cached_accept_language;
1732 }
1733
1734 static void http_opt_request_remainder(CURL *curl, off_t pos)
1735 {
1736         char buf[128];
1737         xsnprintf(buf, sizeof(buf), "%"PRIuMAX"-", (uintmax_t)pos);
1738         curl_easy_setopt(curl, CURLOPT_RANGE, buf);
1739 }
1740
1741 /* http_request() targets */
1742 #define HTTP_REQUEST_STRBUF     0
1743 #define HTTP_REQUEST_FILE       1
1744
1745 static int http_request(const char *url,
1746                         void *result, int target,
1747                         const struct http_get_options *options)
1748 {
1749         struct active_request_slot *slot;
1750         struct slot_results results;
1751         struct curl_slist *headers = http_copy_default_headers();
1752         struct strbuf buf = STRBUF_INIT;
1753         const char *accept_language;
1754         int ret;
1755
1756         slot = get_active_slot();
1757         curl_easy_setopt(slot->curl, CURLOPT_HTTPGET, 1);
1758
1759         if (result == NULL) {
1760                 curl_easy_setopt(slot->curl, CURLOPT_NOBODY, 1);
1761         } else {
1762                 curl_easy_setopt(slot->curl, CURLOPT_NOBODY, 0);
1763                 curl_easy_setopt(slot->curl, CURLOPT_FILE, result);
1764
1765                 if (target == HTTP_REQUEST_FILE) {
1766                         off_t posn = ftello(result);
1767                         curl_easy_setopt(slot->curl, CURLOPT_WRITEFUNCTION,
1768                                          fwrite);
1769                         if (posn > 0)
1770                                 http_opt_request_remainder(slot->curl, posn);
1771                 } else
1772                         curl_easy_setopt(slot->curl, CURLOPT_WRITEFUNCTION,
1773                                          fwrite_buffer);
1774         }
1775
1776         accept_language = get_accept_language();
1777
1778         if (accept_language)
1779                 headers = curl_slist_append(headers, accept_language);
1780
1781         strbuf_addstr(&buf, "Pragma:");
1782         if (options && options->no_cache)
1783                 strbuf_addstr(&buf, " no-cache");
1784         if (options && options->keep_error)
1785                 curl_easy_setopt(slot->curl, CURLOPT_FAILONERROR, 0);
1786         if (options && options->initial_request &&
1787             http_follow_config == HTTP_FOLLOW_INITIAL)
1788                 curl_easy_setopt(slot->curl, CURLOPT_FOLLOWLOCATION, 1);
1789
1790         headers = curl_slist_append(headers, buf.buf);
1791
1792         curl_easy_setopt(slot->curl, CURLOPT_URL, url);
1793         curl_easy_setopt(slot->curl, CURLOPT_HTTPHEADER, headers);
1794         curl_easy_setopt(slot->curl, CURLOPT_ENCODING, "gzip");
1795
1796         ret = run_one_slot(slot, &results);
1797
1798         if (options && options->content_type) {
1799                 struct strbuf raw = STRBUF_INIT;
1800                 curlinfo_strbuf(slot->curl, CURLINFO_CONTENT_TYPE, &raw);
1801                 extract_content_type(&raw, options->content_type,
1802                                      options->charset);
1803                 strbuf_release(&raw);
1804         }
1805
1806         if (options && options->effective_url)
1807                 curlinfo_strbuf(slot->curl, CURLINFO_EFFECTIVE_URL,
1808                                 options->effective_url);
1809
1810         curl_slist_free_all(headers);
1811         strbuf_release(&buf);
1812
1813         return ret;
1814 }
1815
1816 /*
1817  * Update the "base" url to a more appropriate value, as deduced by
1818  * redirects seen when requesting a URL starting with "url".
1819  *
1820  * The "asked" parameter is a URL that we asked curl to access, and must begin
1821  * with "base".
1822  *
1823  * The "got" parameter is the URL that curl reported to us as where we ended
1824  * up.
1825  *
1826  * Returns 1 if we updated the base url, 0 otherwise.
1827  *
1828  * Our basic strategy is to compare "base" and "asked" to find the bits
1829  * specific to our request. We then strip those bits off of "got" to yield the
1830  * new base. So for example, if our base is "http://example.com/foo.git",
1831  * and we ask for "http://example.com/foo.git/info/refs", we might end up
1832  * with "https://other.example.com/foo.git/info/refs". We would want the
1833  * new URL to become "https://other.example.com/foo.git".
1834  *
1835  * Note that this assumes a sane redirect scheme. It's entirely possible
1836  * in the example above to end up at a URL that does not even end in
1837  * "info/refs".  In such a case we die. There's not much we can do, such a
1838  * scheme is unlikely to represent a real git repository, and failing to
1839  * rewrite the base opens options for malicious redirects to do funny things.
1840  */
1841 static int update_url_from_redirect(struct strbuf *base,
1842                                     const char *asked,
1843                                     const struct strbuf *got)
1844 {
1845         const char *tail;
1846         size_t new_len;
1847
1848         if (!strcmp(asked, got->buf))
1849                 return 0;
1850
1851         if (!skip_prefix(asked, base->buf, &tail))
1852                 die("BUG: update_url_from_redirect: %s is not a superset of %s",
1853                     asked, base->buf);
1854
1855         new_len = got->len;
1856         if (!strip_suffix_mem(got->buf, &new_len, tail))
1857                 die(_("unable to update url base from redirection:\n"
1858                       "  asked for: %s\n"
1859                       "   redirect: %s"),
1860                     asked, got->buf);
1861
1862         strbuf_reset(base);
1863         strbuf_add(base, got->buf, new_len);
1864
1865         return 1;
1866 }
1867
1868 static int http_request_reauth(const char *url,
1869                                void *result, int target,
1870                                struct http_get_options *options)
1871 {
1872         int ret = http_request(url, result, target, options);
1873
1874         if (ret != HTTP_OK && ret != HTTP_REAUTH)
1875                 return ret;
1876
1877         if (options && options->effective_url && options->base_url) {
1878                 if (update_url_from_redirect(options->base_url,
1879                                              url, options->effective_url)) {
1880                         credential_from_url(&http_auth, options->base_url->buf);
1881                         url = options->effective_url->buf;
1882                 }
1883         }
1884
1885         if (ret != HTTP_REAUTH)
1886                 return ret;
1887
1888         /*
1889          * If we are using KEEP_ERROR, the previous request may have
1890          * put cruft into our output stream; we should clear it out before
1891          * making our next request. We only know how to do this for
1892          * the strbuf case, but that is enough to satisfy current callers.
1893          */
1894         if (options && options->keep_error) {
1895                 switch (target) {
1896                 case HTTP_REQUEST_STRBUF:
1897                         strbuf_reset(result);
1898                         break;
1899                 default:
1900                         die("BUG: HTTP_KEEP_ERROR is only supported with strbufs");
1901                 }
1902         }
1903
1904         credential_fill(&http_auth);
1905
1906         return http_request(url, result, target, options);
1907 }
1908
1909 int http_get_strbuf(const char *url,
1910                     struct strbuf *result,
1911                     struct http_get_options *options)
1912 {
1913         return http_request_reauth(url, result, HTTP_REQUEST_STRBUF, options);
1914 }
1915
1916 /*
1917  * Downloads a URL and stores the result in the given file.
1918  *
1919  * If a previous interrupted download is detected (i.e. a previous temporary
1920  * file is still around) the download is resumed.
1921  */
1922 static int http_get_file(const char *url, const char *filename,
1923                          struct http_get_options *options)
1924 {
1925         int ret;
1926         struct strbuf tmpfile = STRBUF_INIT;
1927         FILE *result;
1928
1929         strbuf_addf(&tmpfile, "%s.temp", filename);
1930         result = fopen(tmpfile.buf, "a");
1931         if (!result) {
1932                 error("Unable to open local file %s", tmpfile.buf);
1933                 ret = HTTP_ERROR;
1934                 goto cleanup;
1935         }
1936
1937         ret = http_request_reauth(url, result, HTTP_REQUEST_FILE, options);
1938         fclose(result);
1939
1940         if (ret == HTTP_OK && finalize_object_file(tmpfile.buf, filename))
1941                 ret = HTTP_ERROR;
1942 cleanup:
1943         strbuf_release(&tmpfile);
1944         return ret;
1945 }
1946
1947 int http_fetch_ref(const char *base, struct ref *ref)
1948 {
1949         struct http_get_options options = {0};
1950         char *url;
1951         struct strbuf buffer = STRBUF_INIT;
1952         int ret = -1;
1953
1954         options.no_cache = 1;
1955
1956         url = quote_ref_url(base, ref->name);
1957         if (http_get_strbuf(url, &buffer, &options) == HTTP_OK) {
1958                 strbuf_rtrim(&buffer);
1959                 if (buffer.len == 40)
1960                         ret = get_oid_hex(buffer.buf, &ref->old_oid);
1961                 else if (starts_with(buffer.buf, "ref: ")) {
1962                         ref->symref = xstrdup(buffer.buf + 5);
1963                         ret = 0;
1964                 }
1965         }
1966
1967         strbuf_release(&buffer);
1968         free(url);
1969         return ret;
1970 }
1971
1972 /* Helpers for fetching packs */
1973 static char *fetch_pack_index(unsigned char *sha1, const char *base_url)
1974 {
1975         char *url, *tmp;
1976         struct strbuf buf = STRBUF_INIT;
1977
1978         if (http_is_verbose)
1979                 fprintf(stderr, "Getting index for pack %s\n", sha1_to_hex(sha1));
1980
1981         end_url_with_slash(&buf, base_url);
1982         strbuf_addf(&buf, "objects/pack/pack-%s.idx", sha1_to_hex(sha1));
1983         url = strbuf_detach(&buf, NULL);
1984
1985         strbuf_addf(&buf, "%s.temp", sha1_pack_index_name(sha1));
1986         tmp = strbuf_detach(&buf, NULL);
1987
1988         if (http_get_file(url, tmp, NULL) != HTTP_OK) {
1989                 error("Unable to get pack index %s", url);
1990                 FREE_AND_NULL(tmp);
1991         }
1992
1993         free(url);
1994         return tmp;
1995 }
1996
1997 static int fetch_and_setup_pack_index(struct packed_git **packs_head,
1998         unsigned char *sha1, const char *base_url)
1999 {
2000         struct packed_git *new_pack;
2001         char *tmp_idx = NULL;
2002         int ret;
2003
2004         if (has_pack_index(sha1)) {
2005                 new_pack = parse_pack_index(sha1, sha1_pack_index_name(sha1));
2006                 if (!new_pack)
2007                         return -1; /* parse_pack_index() already issued error message */
2008                 goto add_pack;
2009         }
2010
2011         tmp_idx = fetch_pack_index(sha1, base_url);
2012         if (!tmp_idx)
2013                 return -1;
2014
2015         new_pack = parse_pack_index(sha1, tmp_idx);
2016         if (!new_pack) {
2017                 unlink(tmp_idx);
2018                 free(tmp_idx);
2019
2020                 return -1; /* parse_pack_index() already issued error message */
2021         }
2022
2023         ret = verify_pack_index(new_pack);
2024         if (!ret) {
2025                 close_pack_index(new_pack);
2026                 ret = finalize_object_file(tmp_idx, sha1_pack_index_name(sha1));
2027         }
2028         free(tmp_idx);
2029         if (ret)
2030                 return -1;
2031
2032 add_pack:
2033         new_pack->next = *packs_head;
2034         *packs_head = new_pack;
2035         return 0;
2036 }
2037
2038 int http_get_info_packs(const char *base_url, struct packed_git **packs_head)
2039 {
2040         struct http_get_options options = {0};
2041         int ret = 0, i = 0;
2042         char *url, *data;
2043         struct strbuf buf = STRBUF_INIT;
2044         unsigned char sha1[20];
2045
2046         end_url_with_slash(&buf, base_url);
2047         strbuf_addstr(&buf, "objects/info/packs");
2048         url = strbuf_detach(&buf, NULL);
2049
2050         options.no_cache = 1;
2051         ret = http_get_strbuf(url, &buf, &options);
2052         if (ret != HTTP_OK)
2053                 goto cleanup;
2054
2055         data = buf.buf;
2056         while (i < buf.len) {
2057                 switch (data[i]) {
2058                 case 'P':
2059                         i++;
2060                         if (i + 52 <= buf.len &&
2061                             starts_with(data + i, " pack-") &&
2062                             starts_with(data + i + 46, ".pack\n")) {
2063                                 get_sha1_hex(data + i + 6, sha1);
2064                                 fetch_and_setup_pack_index(packs_head, sha1,
2065                                                       base_url);
2066                                 i += 51;
2067                                 break;
2068                         }
2069                 default:
2070                         while (i < buf.len && data[i] != '\n')
2071                                 i++;
2072                 }
2073                 i++;
2074         }
2075
2076 cleanup:
2077         free(url);
2078         return ret;
2079 }
2080
2081 void release_http_pack_request(struct http_pack_request *preq)
2082 {
2083         if (preq->packfile != NULL) {
2084                 fclose(preq->packfile);
2085                 preq->packfile = NULL;
2086         }
2087         preq->slot = NULL;
2088         free(preq->url);
2089         free(preq);
2090 }
2091
2092 int finish_http_pack_request(struct http_pack_request *preq)
2093 {
2094         struct packed_git **lst;
2095         struct packed_git *p = preq->target;
2096         char *tmp_idx;
2097         size_t len;
2098         struct child_process ip = CHILD_PROCESS_INIT;
2099
2100         close_pack_index(p);
2101
2102         fclose(preq->packfile);
2103         preq->packfile = NULL;
2104
2105         lst = preq->lst;
2106         while (*lst != p)
2107                 lst = &((*lst)->next);
2108         *lst = (*lst)->next;
2109
2110         if (!strip_suffix(preq->tmpfile, ".pack.temp", &len))
2111                 die("BUG: pack tmpfile does not end in .pack.temp?");
2112         tmp_idx = xstrfmt("%.*s.idx.temp", (int)len, preq->tmpfile);
2113
2114         argv_array_push(&ip.args, "index-pack");
2115         argv_array_pushl(&ip.args, "-o", tmp_idx, NULL);
2116         argv_array_push(&ip.args, preq->tmpfile);
2117         ip.git_cmd = 1;
2118         ip.no_stdin = 1;
2119         ip.no_stdout = 1;
2120
2121         if (run_command(&ip)) {
2122                 unlink(preq->tmpfile);
2123                 unlink(tmp_idx);
2124                 free(tmp_idx);
2125                 return -1;
2126         }
2127
2128         unlink(sha1_pack_index_name(p->sha1));
2129
2130         if (finalize_object_file(preq->tmpfile, sha1_pack_name(p->sha1))
2131          || finalize_object_file(tmp_idx, sha1_pack_index_name(p->sha1))) {
2132                 free(tmp_idx);
2133                 return -1;
2134         }
2135
2136         install_packed_git(p);
2137         free(tmp_idx);
2138         return 0;
2139 }
2140
2141 struct http_pack_request *new_http_pack_request(
2142         struct packed_git *target, const char *base_url)
2143 {
2144         off_t prev_posn = 0;
2145         struct strbuf buf = STRBUF_INIT;
2146         struct http_pack_request *preq;
2147
2148         preq = xcalloc(1, sizeof(*preq));
2149         preq->target = target;
2150
2151         end_url_with_slash(&buf, base_url);
2152         strbuf_addf(&buf, "objects/pack/pack-%s.pack",
2153                 sha1_to_hex(target->sha1));
2154         preq->url = strbuf_detach(&buf, NULL);
2155
2156         snprintf(preq->tmpfile, sizeof(preq->tmpfile), "%s.temp",
2157                 sha1_pack_name(target->sha1));
2158         preq->packfile = fopen(preq->tmpfile, "a");
2159         if (!preq->packfile) {
2160                 error("Unable to open local file %s for pack",
2161                       preq->tmpfile);
2162                 goto abort;
2163         }
2164
2165         preq->slot = get_active_slot();
2166         curl_easy_setopt(preq->slot->curl, CURLOPT_FILE, preq->packfile);
2167         curl_easy_setopt(preq->slot->curl, CURLOPT_WRITEFUNCTION, fwrite);
2168         curl_easy_setopt(preq->slot->curl, CURLOPT_URL, preq->url);
2169         curl_easy_setopt(preq->slot->curl, CURLOPT_HTTPHEADER,
2170                 no_pragma_header);
2171
2172         /*
2173          * If there is data present from a previous transfer attempt,
2174          * resume where it left off
2175          */
2176         prev_posn = ftello(preq->packfile);
2177         if (prev_posn>0) {
2178                 if (http_is_verbose)
2179                         fprintf(stderr,
2180                                 "Resuming fetch of pack %s at byte %"PRIuMAX"\n",
2181                                 sha1_to_hex(target->sha1), (uintmax_t)prev_posn);
2182                 http_opt_request_remainder(preq->slot->curl, prev_posn);
2183         }
2184
2185         return preq;
2186
2187 abort:
2188         free(preq->url);
2189         free(preq);
2190         return NULL;
2191 }
2192
2193 /* Helpers for fetching objects (loose) */
2194 static size_t fwrite_sha1_file(char *ptr, size_t eltsize, size_t nmemb,
2195                                void *data)
2196 {
2197         unsigned char expn[4096];
2198         size_t size = eltsize * nmemb;
2199         int posn = 0;
2200         struct http_object_request *freq = data;
2201         struct active_request_slot *slot = freq->slot;
2202
2203         if (slot) {
2204                 CURLcode c = curl_easy_getinfo(slot->curl, CURLINFO_HTTP_CODE,
2205                                                 &slot->http_code);
2206                 if (c != CURLE_OK)
2207                         die("BUG: curl_easy_getinfo for HTTP code failed: %s",
2208                                 curl_easy_strerror(c));
2209                 if (slot->http_code >= 300)
2210                         return size;
2211         }
2212
2213         do {
2214                 ssize_t retval = xwrite(freq->localfile,
2215                                         (char *) ptr + posn, size - posn);
2216                 if (retval < 0)
2217                         return posn;
2218                 posn += retval;
2219         } while (posn < size);
2220
2221         freq->stream.avail_in = size;
2222         freq->stream.next_in = (void *)ptr;
2223         do {
2224                 freq->stream.next_out = expn;
2225                 freq->stream.avail_out = sizeof(expn);
2226                 freq->zret = git_inflate(&freq->stream, Z_SYNC_FLUSH);
2227                 git_SHA1_Update(&freq->c, expn,
2228                                 sizeof(expn) - freq->stream.avail_out);
2229         } while (freq->stream.avail_in && freq->zret == Z_OK);
2230         return size;
2231 }
2232
2233 struct http_object_request *new_http_object_request(const char *base_url,
2234         unsigned char *sha1)
2235 {
2236         char *hex = sha1_to_hex(sha1);
2237         struct strbuf filename = STRBUF_INIT;
2238         char prevfile[PATH_MAX];
2239         int prevlocal;
2240         char prev_buf[PREV_BUF_SIZE];
2241         ssize_t prev_read = 0;
2242         off_t prev_posn = 0;
2243         struct http_object_request *freq;
2244
2245         freq = xcalloc(1, sizeof(*freq));
2246         hashcpy(freq->sha1, sha1);
2247         freq->localfile = -1;
2248
2249         sha1_file_name(&filename, sha1);
2250         snprintf(freq->tmpfile, sizeof(freq->tmpfile),
2251                  "%s.temp", filename.buf);
2252
2253         snprintf(prevfile, sizeof(prevfile), "%s.prev", filename.buf);
2254         unlink_or_warn(prevfile);
2255         rename(freq->tmpfile, prevfile);
2256         unlink_or_warn(freq->tmpfile);
2257         strbuf_release(&filename);
2258
2259         if (freq->localfile != -1)
2260                 error("fd leakage in start: %d", freq->localfile);
2261         freq->localfile = open(freq->tmpfile,
2262                                O_WRONLY | O_CREAT | O_EXCL, 0666);
2263         /*
2264          * This could have failed due to the "lazy directory creation";
2265          * try to mkdir the last path component.
2266          */
2267         if (freq->localfile < 0 && errno == ENOENT) {
2268                 char *dir = strrchr(freq->tmpfile, '/');
2269                 if (dir) {
2270                         *dir = 0;
2271                         mkdir(freq->tmpfile, 0777);
2272                         *dir = '/';
2273                 }
2274                 freq->localfile = open(freq->tmpfile,
2275                                        O_WRONLY | O_CREAT | O_EXCL, 0666);
2276         }
2277
2278         if (freq->localfile < 0) {
2279                 error_errno("Couldn't create temporary file %s", freq->tmpfile);
2280                 goto abort;
2281         }
2282
2283         git_inflate_init(&freq->stream);
2284
2285         git_SHA1_Init(&freq->c);
2286
2287         freq->url = get_remote_object_url(base_url, hex, 0);
2288
2289         /*
2290          * If a previous temp file is present, process what was already
2291          * fetched.
2292          */
2293         prevlocal = open(prevfile, O_RDONLY);
2294         if (prevlocal != -1) {
2295                 do {
2296                         prev_read = xread(prevlocal, prev_buf, PREV_BUF_SIZE);
2297                         if (prev_read>0) {
2298                                 if (fwrite_sha1_file(prev_buf,
2299                                                      1,
2300                                                      prev_read,
2301                                                      freq) == prev_read) {
2302                                         prev_posn += prev_read;
2303                                 } else {
2304                                         prev_read = -1;
2305                                 }
2306                         }
2307                 } while (prev_read > 0);
2308                 close(prevlocal);
2309         }
2310         unlink_or_warn(prevfile);
2311
2312         /*
2313          * Reset inflate/SHA1 if there was an error reading the previous temp
2314          * file; also rewind to the beginning of the local file.
2315          */
2316         if (prev_read == -1) {
2317                 memset(&freq->stream, 0, sizeof(freq->stream));
2318                 git_inflate_init(&freq->stream);
2319                 git_SHA1_Init(&freq->c);
2320                 if (prev_posn>0) {
2321                         prev_posn = 0;
2322                         lseek(freq->localfile, 0, SEEK_SET);
2323                         if (ftruncate(freq->localfile, 0) < 0) {
2324                                 error_errno("Couldn't truncate temporary file %s",
2325                                             freq->tmpfile);
2326                                 goto abort;
2327                         }
2328                 }
2329         }
2330
2331         freq->slot = get_active_slot();
2332
2333         curl_easy_setopt(freq->slot->curl, CURLOPT_FILE, freq);
2334         curl_easy_setopt(freq->slot->curl, CURLOPT_FAILONERROR, 0);
2335         curl_easy_setopt(freq->slot->curl, CURLOPT_WRITEFUNCTION, fwrite_sha1_file);
2336         curl_easy_setopt(freq->slot->curl, CURLOPT_ERRORBUFFER, freq->errorstr);
2337         curl_easy_setopt(freq->slot->curl, CURLOPT_URL, freq->url);
2338         curl_easy_setopt(freq->slot->curl, CURLOPT_HTTPHEADER, no_pragma_header);
2339
2340         /*
2341          * If we have successfully processed data from a previous fetch
2342          * attempt, only fetch the data we don't already have.
2343          */
2344         if (prev_posn>0) {
2345                 if (http_is_verbose)
2346                         fprintf(stderr,
2347                                 "Resuming fetch of object %s at byte %"PRIuMAX"\n",
2348                                 hex, (uintmax_t)prev_posn);
2349                 http_opt_request_remainder(freq->slot->curl, prev_posn);
2350         }
2351
2352         return freq;
2353
2354 abort:
2355         free(freq->url);
2356         free(freq);
2357         return NULL;
2358 }
2359
2360 void process_http_object_request(struct http_object_request *freq)
2361 {
2362         if (freq->slot == NULL)
2363                 return;
2364         freq->curl_result = freq->slot->curl_result;
2365         freq->http_code = freq->slot->http_code;
2366         freq->slot = NULL;
2367 }
2368
2369 int finish_http_object_request(struct http_object_request *freq)
2370 {
2371         struct stat st;
2372         struct strbuf filename = STRBUF_INIT;
2373
2374         close(freq->localfile);
2375         freq->localfile = -1;
2376
2377         process_http_object_request(freq);
2378
2379         if (freq->http_code == 416) {
2380                 warning("requested range invalid; we may already have all the data.");
2381         } else if (freq->curl_result != CURLE_OK) {
2382                 if (stat(freq->tmpfile, &st) == 0)
2383                         if (st.st_size == 0)
2384                                 unlink_or_warn(freq->tmpfile);
2385                 return -1;
2386         }
2387
2388         git_inflate_end(&freq->stream);
2389         git_SHA1_Final(freq->real_sha1, &freq->c);
2390         if (freq->zret != Z_STREAM_END) {
2391                 unlink_or_warn(freq->tmpfile);
2392                 return -1;
2393         }
2394         if (hashcmp(freq->sha1, freq->real_sha1)) {
2395                 unlink_or_warn(freq->tmpfile);
2396                 return -1;
2397         }
2398
2399         sha1_file_name(&filename, freq->sha1);
2400         freq->rename = finalize_object_file(freq->tmpfile, filename.buf);
2401         strbuf_release(&filename);
2402
2403         return freq->rename;
2404 }
2405
2406 void abort_http_object_request(struct http_object_request *freq)
2407 {
2408         unlink_or_warn(freq->tmpfile);
2409
2410         release_http_object_request(freq);
2411 }
2412
2413 void release_http_object_request(struct http_object_request *freq)
2414 {
2415         if (freq->localfile != -1) {
2416                 close(freq->localfile);
2417                 freq->localfile = -1;
2418         }
2419         if (freq->url != NULL) {
2420                 FREE_AND_NULL(freq->url);
2421         }
2422         if (freq->slot != NULL) {
2423                 freq->slot->callback_func = NULL;
2424                 freq->slot->callback_data = NULL;
2425                 release_active_slot(freq->slot);
2426                 freq->slot = NULL;
2427         }
2428 }