summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorRobert Speicher <rspeicher@gmail.com>2019-07-09 12:13:21 -0500
committerRobert Speicher <rspeicher@gmail.com>2019-07-09 12:13:21 -0500
commitdb04a18d7d8e77d52924e769044011824f7c6e3c (patch)
treeac7b61bfa9dfab614c363488a0d877ca761899d5 /config
parent6d3fede0af1de2106ec5779e33f0571f3e4261d2 (diff)
downloadgitlab-ce-db04a18d7d8e77d52924e769044011824f7c6e3c.tar.gz
CE-EE parity for shared config files
This copies over EE-specific changes to shared configuration files in CE.
Diffstat (limited to 'config')
-rw-r--r--config/gitlab.yml.example3
-rw-r--r--config/initializers/ar_speed_up_migration_checking.rb3
-rw-r--r--config/settings.rb25
3 files changed, 30 insertions, 1 deletions
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index c82d9b5ceef..334c241bcaa 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -664,6 +664,9 @@ production: &base
# Port where the client side certificate is requested by the webserver (NGINX/Apache)
# client_certificate_required_port: 3444
+ # Browser session with smartcard sign-in is required for Git access
+ # required_for_git_access: false
+
## Kerberos settings
kerberos:
# Allow the HTTP Negotiate authentication method for Git clients
diff --git a/config/initializers/ar_speed_up_migration_checking.rb b/config/initializers/ar_speed_up_migration_checking.rb
index aae774daa35..f98b246db0b 100644
--- a/config/initializers/ar_speed_up_migration_checking.rb
+++ b/config/initializers/ar_speed_up_migration_checking.rb
@@ -10,7 +10,8 @@ if Rails.env.test?
# it reads + parses `db/migrate/*` each time. Memoizing it can save 0.5
# seconds per spec.
def migrations(paths)
- (@migrations ||= migrations_unmemoized(paths)).dup
+ @migrations ||= {}
+ (@migrations[paths] ||= migrations_unmemoized(paths)).dup
end
end
end
diff --git a/config/settings.rb b/config/settings.rb
index 6df2132332c..da459afcce2 100644
--- a/config/settings.rb
+++ b/config/settings.rb
@@ -62,6 +62,31 @@ class Settings < Settingslogic
(base_url(gitlab) + [gitlab.relative_url_root]).join('')
end
+ def kerberos_protocol
+ kerberos.https ? "https" : "http"
+ end
+
+ def kerberos_port
+ kerberos.use_dedicated_port ? kerberos.port : gitlab.port
+ end
+
+ # Curl expects username/password for authentication. However when using GSS-Negotiate not credentials should be needed.
+ # By inserting in the Kerberos dedicated URL ":@", we give to curl an empty username and password and GSS auth goes ahead
+ # Known bug reported in http://sourceforge.net/p/curl/bugs/440/ and http://curl.haxx.se/docs/knownbugs.html
+ def build_gitlab_kerberos_url
+ [
+ kerberos_protocol,
+ "://:@",
+ gitlab.host,
+ ":#{kerberos_port}",
+ gitlab.relative_url_root
+ ].join('')
+ end
+
+ def alternative_gitlab_kerberos_url?
+ kerberos.enabled && (build_gitlab_kerberos_url != build_gitlab_url)
+ end
+
# check that values in `current` (string or integer) is a contant in `modul`.
def verify_constant_array(modul, current, default)
values = default || []