Skip to content

Commit

Permalink
libstore: Add the ability to use different auth methods with Http Bin…
Browse files Browse the repository at this point in the history
…ary Caches
  • Loading branch information
georgyo committed Apr 21, 2024
1 parent 8c4c215 commit 157149f
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 3 deletions.
23 changes: 22 additions & 1 deletion src/libstore/filetransfer.cc
Original file line number Diff line number Diff line change
Expand Up @@ -316,7 +316,9 @@ struct curlFileTransfer : public FileTransfer
curl_easy_setopt(req, CURLOPT_PIPEWAIT, 1);
#endif
#if LIBCURL_VERSION_NUM >= 0x072f00
if (fileTransferSettings.enableHttp2)
// Our writeCallbackWrapper does not support rewinding which breaks
// negotiate/kerberos over http/2 auth when posting data.
if (fileTransferSettings.enableHttp2 && !(request.authmethod == "negotiate" && request.data))
curl_easy_setopt(req, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS);
else
curl_easy_setopt(req, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
Expand Down Expand Up @@ -353,6 +355,25 @@ struct curlFileTransfer : public FileTransfer
curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0);
}

if (request.authmethod == "basic") {
curl_easy_setopt(req, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
} else if (request.authmethod == "bearer") {
curl_easy_setopt(req, CURLOPT_HTTPAUTH, CURLAUTH_BEARER);
curl_easy_setopt(req, CURLOPT_XOAUTH2_BEARER, request.bearer_token.c_str());
} else if (request.authmethod == "digest") {
curl_easy_setopt(req, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
} else if (request.authmethod == "negotiate") {
curl_easy_setopt(req, CURLOPT_HTTPAUTH, CURLAUTH_NEGOTIATE);
curl_easy_setopt(req, CURLOPT_USERNAME, "");
curl_easy_setopt(req, CURLOPT_PASSWORD, "");
} else if (request.authmethod == "ntlm") {
curl_easy_setopt(req, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
} else if (request.authmethod == "any") {
curl_easy_setopt(req, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
} else if (request.authmethod == "anysafe") {
curl_easy_setopt(req, CURLOPT_HTTPAUTH, CURLAUTH_ANYSAFE);
}

curl_easy_setopt(req, CURLOPT_CONNECTTIMEOUT, fileTransferSettings.connectTimeout.get());

curl_easy_setopt(req, CURLOPT_LOW_SPEED_LIMIT, 1L);
Expand Down
2 changes: 2 additions & 0 deletions src/libstore/filetransfer.hh
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,8 @@ struct FileTransferRequest
std::string expectedETag;
bool verifyTLS = true;
bool head = false;
std::string authmethod;
std::string bearer_token;
size_t tries = fileTransferSettings.tries;
unsigned int baseRetryTimeMs = 250;
ActivityId parentAct;
Expand Down
16 changes: 14 additions & 2 deletions src/libstore/http-binary-cache-store.cc
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,16 @@ struct HttpBinaryCacheStoreConfig : virtual BinaryCacheStoreConfig

const std::string name() override { return "HTTP Binary Cache Store"; }

const Setting<std::string> authmethod{this, "", "authmethod",
R"(
libcurl auth method to use (`basic`, `digest`, `bearer`, `negotiate`, `ntlm`, `any`, or `anysafe`).
Any other value will be silently ignored.
See https://curl.se/libcurl/c/CURLOPT_HTTPAUTH.html for more info.
)"};

const Setting<std::string> bearer_token{this, "", "bearer-token",
"Bearer token to use for authentication. Requires `authmethod` to be set to `bearer`."};

std::string doc() override
{
return
Expand Down Expand Up @@ -144,11 +154,13 @@ class HttpBinaryCacheStore : public virtual HttpBinaryCacheStoreConfig, public v

FileTransferRequest makeRequest(const std::string & path)
{
return FileTransferRequest(
auto request = FileTransferRequest(
hasPrefix(path, "https://") || hasPrefix(path, "http://") || hasPrefix(path, "file://")
? path
: cacheUri + "/" + path);

request.authmethod = authmethod;
request.bearer_token = bearer_token;
return request;
}

void getFile(const std::string & path, Sink & sink) override
Expand Down

0 comments on commit 157149f

Please sign in to comment.