Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
libstore: Add the ability to use different auth methods with Http Bin…
Browse files Browse the repository at this point in the history
…ary Caches
georgyo committed Jun 9, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent 2bd6692 commit 8c2b15c
Showing 4 changed files with 58 additions and 3 deletions.
6 changes: 5 additions & 1 deletion src/libstore/filetransfer.cc
Original file line number Diff line number Diff line change
@@ -316,7 +316,9 @@ struct curlFileTransfer : public FileTransfer
curl_easy_setopt(req, CURLOPT_PIPEWAIT, 1);
#endif
#if LIBCURL_VERSION_NUM >= 0x072f00
if (fileTransferSettings.enableHttp2)
// Our writeCallbackWrapper does not support rewinding which breaks
// negotiate/kerberos auth over http/2.
if (fileTransferSettings.enableHttp2 && request.authmethod != HttpAuthMethod::NEGOTIATE)
curl_easy_setopt(req, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS);
else
curl_easy_setopt(req, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
@@ -353,6 +355,8 @@ struct curlFileTransfer : public FileTransfer
curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0);
}

curl_easy_setopt(req, CURLOPT_HTTPAUTH, request.authmethod);

curl_easy_setopt(req, CURLOPT_CONNECTTIMEOUT, fileTransferSettings.connectTimeout.get());

curl_easy_setopt(req, CURLOPT_LOW_SPEED_LIMIT, 1L);
3 changes: 3 additions & 0 deletions src/libstore/filetransfer.hh
Original file line number Diff line number Diff line change
@@ -4,6 +4,7 @@
#include "types.hh"
#include "hash.hh"
#include "config.hh"
#include "http-binary-cache-store.hh"

#include <string>
#include <future>
@@ -56,6 +57,8 @@ struct FileTransferRequest
std::string expectedETag;
bool verifyTLS = true;
bool head = false;
HttpAuthMethod authmethod = HttpAuthMethod::BASIC;
std::string bearer_token;
size_t tries = fileTransferSettings.tries;
unsigned int baseRetryTimeMs = 250;
ActivityId parentAct;
33 changes: 31 additions & 2 deletions src/libstore/http-binary-cache-store.cc
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
#include "binary-cache-store.hh"
#include "http-binary-cache-store.hh"
#include "filetransfer.hh"
#include "globals.hh"
#include "nar-info-disk-cache.hh"
@@ -8,12 +9,38 @@ namespace nix {

MakeError(UploadToHTTP, Error);

HttpAuthMethod parseHttpAuthMethod(const std::string &str) {
static const std::map<std::string, HttpAuthMethod> map = {
{"none", HttpAuthMethod::NONE},
{"basic", HttpAuthMethod::BASIC},
{"digest", HttpAuthMethod::DIGEST},
{"negotiate", HttpAuthMethod::NEGOTIATE},
{"ntlm", HttpAuthMethod::NTLM},
{"bearer", HttpAuthMethod::BEARER},
{"any", HttpAuthMethod::ANY},
{"anysafe", HttpAuthMethod::ANYSAFE}};
auto it = map.find(str);
if (it == map.end()) {
throw UsageError("option authmethod has invalid value '%s'", str);
}
return it->second;
}

struct HttpBinaryCacheStoreConfig : virtual BinaryCacheStoreConfig
{
using BinaryCacheStoreConfig::BinaryCacheStoreConfig;

const std::string name() override { return "HTTP Binary Cache Store"; }

const Setting<std::string> authmethod{this, "basic", "authmethod",
R"(
libcurl auth method to use (`none`, `basic`, `digest`, `bearer`, `negotiate`, `ntlm`, `any`, or `anysafe`).
See https://curl.se/libcurl/c/CURLOPT_HTTPAUTH.html for more info.
)"};

const Setting<std::string> bearer_token{this, "", "bearer-token",
"Bearer token to use for authentication. Requires `authmethod` to be set to `bearer`."};

std::string doc() override
{
return
@@ -149,11 +176,13 @@ class HttpBinaryCacheStore : public virtual HttpBinaryCacheStoreConfig, public v

FileTransferRequest makeRequest(const std::string & path)
{
return FileTransferRequest(
auto request = FileTransferRequest(
hasPrefix(path, "https://") || hasPrefix(path, "http://") || hasPrefix(path, "file://")
? path
: cacheUri + "/" + path);

request.authmethod = parseHttpAuthMethod(authmethod);
request.bearer_token = bearer_token;
return request;
}

void getFile(const std::string & path, Sink & sink) override
19 changes: 19 additions & 0 deletions src/libstore/http-binary-cache-store.hh
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
#pragma once
///@file

#include "types.hh"

#include "curl/curl.h"

namespace nix {
enum struct HttpAuthMethod : unsigned long {
NONE = CURLAUTH_NONE,
BASIC = CURLAUTH_BASIC,
DIGEST = CURLAUTH_DIGEST,
NEGOTIATE = CURLAUTH_NEGOTIATE,
NTLM = CURLAUTH_NTLM,
BEARER = CURLAUTH_BEARER,
ANY = CURLAUTH_ANY,
ANYSAFE = CURLAUTH_ANYSAFE
};
}

0 comments on commit 8c2b15c

Please sign in to comment.