|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
The problem is that the Team Foundation server uses Microsoft's NTLM authentication rather than Basic HTTP Authentication or digest. The UsernamePasswordCredentials object that the git-client plugin produces for the HTTP request is incompatible with NTLM, which is why an exception is thrown.
To fix this issue an NTCredentials object should be generated instead.
I've hacked together a quick fix that temporarily solves the problem, at least for me. It basically checks if the URI path starts with "/tfs". If it does, it replaces the defaultcreds variable with the corresponding NTCredentials object.
A proper fix would obviously rather query the HTTP server and ask what type of authentication it uses, and use that information to generate the proper credentials object.
In the meantime, this fix might help some people so I'm including it.
DISCLAIMER: I've only tested this with .netrc credentials, in Linux, against a Team Foundation Server 2013. For me, it worked even though I left the domain blank, but perhaps it's needed in other cases. (It's the last parameter for the NTCredentials constructor if someone needs to add it).
— a/src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
+++ b/src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
@@ -29,6 +29,7 @@ import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory;
import org.apache.commons.httpclient.methods.GetMethod;
+import org.apache.commons.httpclient.NTCredentials;
import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
@@ -1576,6 +1577,15 @@ public class CliGitAPIImpl extends LegacyCompatibleGitAPIImpl { defaultcreds = Netrc.getInstance().getCredentials(u.getHost()); }
if (defaultcreds != null) {
+ // Use NT credentials with team foundation addresses
+ if(u.getPath().startsWith("/tfs")) { + listener.getLogger().println("using NT credentials with repository: " + url); + + org.apache.commons.httpclient.UsernamePasswordCredentials up = + (org.apache.commons.httpclient.UsernamePasswordCredentials) defaultcreds; + + defaultcreds = new NTCredentials(up.getUserName(), up.getPassword(), u.getHost(), ""); + }
client.getParams().setAuthenticationPreemptive(true);
client.getState().setCredentials(AuthScope.ANY, defaultcreds);
}
The actual source code being patched is from the master branch of the git-client-plugin:
https://github.com/jenkinsci/git-client-plugin