CE-EE parity for shared config files

This copies over EE-specific changes to shared configuration files in CE.
2019-07-09 12:13:21 -05:00 · 2019-07-09 12:13:21 -05:00 · db04a18d7d
parent 6d3fede0af
commit db04a18d7d
3 changed files with 30 additions and 1 deletions
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@ -664,6 +664,9 @@ production: &base
    # Port where the client side certificate is requested by the webserver (NGINX/Apache)
    # client_certificate_required_port: 3444

+    # Browser session with smartcard sign-in is required for Git access
+    # required_for_git_access: false
+
  ## Kerberos settings
  kerberos:
    # Allow the HTTP Negotiate authentication method for Git clients
--- a/config/initializers/ar_speed_up_migration_checking.rb
+++ b/config/initializers/ar_speed_up_migration_checking.rb
@ -10,7 +10,8 @@ if Rails.env.test?
        # it reads + parses `db/migrate/*` each time. Memoizing it can save 0.5
        # seconds per spec.
        def migrations(paths)
-          (@migrations ||= migrations_unmemoized(paths)).dup
+          @migrations ||= {}
+          (@migrations[paths] ||= migrations_unmemoized(paths)).dup
        end
      end
    end
--- a/config/settings.rb
+++ b/config/settings.rb
@ -62,6 +62,31 @@ class Settings < Settingslogic
      (base_url(gitlab) + [gitlab.relative_url_root]).join('')
    end

+    def kerberos_protocol
+      kerberos.https ? "https" : "http"
+    end
+
+    def kerberos_port
+      kerberos.use_dedicated_port ? kerberos.port : gitlab.port
+    end
+
+    # Curl expects username/password for authentication. However when using GSS-Negotiate not credentials should be needed.
+    # By inserting in the Kerberos dedicated URL ":@", we give to curl an empty username and password and GSS auth goes ahead
+    # Known bug reported in http://sourceforge.net/p/curl/bugs/440/ and http://curl.haxx.se/docs/knownbugs.html
+    def build_gitlab_kerberos_url
+      [
+        kerberos_protocol,
+        "://:@",
+        gitlab.host,
+        ":#{kerberos_port}",
+        gitlab.relative_url_root
+      ].join('')
+    end
+
+    def alternative_gitlab_kerberos_url?
+      kerberos.enabled && (build_gitlab_kerberos_url != build_gitlab_url)
+    end
+
    # check that values in `current` (string or integer) is a contant in `modul`.
    def verify_constant_array(modul, current, default)
      values = default || []