From db04a18d7d8e77d52924e769044011824f7c6e3c Mon Sep 17 00:00:00 2001
From: Robert Speicher <rspeicher@gmail.com>
Date: Tue, 9 Jul 2019 12:13:21 -0500
Subject: [PATCH] CE-EE parity for shared config files

This copies over EE-specific changes to shared configuration files in
CE.
---
 config/gitlab.yml.example                     |  3 +++
 .../ar_speed_up_migration_checking.rb         |  3 ++-
 config/settings.rb                            | 25 +++++++++++++++++++
 3 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index c82d9b5ceef..334c241bcaa 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -664,6 +664,9 @@ production: &base
     # Port where the client side certificate is requested by the webserver (NGINX/Apache)
     # client_certificate_required_port: 3444
 
+    # Browser session with smartcard sign-in is required for Git access
+    # required_for_git_access: false
+
   ## Kerberos settings
   kerberos:
     # Allow the HTTP Negotiate authentication method for Git clients
diff --git a/config/initializers/ar_speed_up_migration_checking.rb b/config/initializers/ar_speed_up_migration_checking.rb
index aae774daa35..f98b246db0b 100644
--- a/config/initializers/ar_speed_up_migration_checking.rb
+++ b/config/initializers/ar_speed_up_migration_checking.rb
@@ -10,7 +10,8 @@ if Rails.env.test?
         # it reads + parses `db/migrate/*` each time. Memoizing it can save 0.5
         # seconds per spec.
         def migrations(paths)
-          (@migrations ||= migrations_unmemoized(paths)).dup
+          @migrations ||= {}
+          (@migrations[paths] ||= migrations_unmemoized(paths)).dup
         end
       end
     end
diff --git a/config/settings.rb b/config/settings.rb
index 6df2132332c..da459afcce2 100644
--- a/config/settings.rb
+++ b/config/settings.rb
@@ -62,6 +62,31 @@ class Settings < Settingslogic
       (base_url(gitlab) + [gitlab.relative_url_root]).join('')
     end
 
+    def kerberos_protocol
+      kerberos.https ? "https" : "http"
+    end
+
+    def kerberos_port
+      kerberos.use_dedicated_port ? kerberos.port : gitlab.port
+    end
+
+    # Curl expects username/password for authentication. However when using GSS-Negotiate not credentials should be needed.
+    # By inserting in the Kerberos dedicated URL ":@", we give to curl an empty username and password and GSS auth goes ahead
+    # Known bug reported in http://sourceforge.net/p/curl/bugs/440/ and http://curl.haxx.se/docs/knownbugs.html
+    def build_gitlab_kerberos_url
+      [
+        kerberos_protocol,
+        "://:@",
+        gitlab.host,
+        ":#{kerberos_port}",
+        gitlab.relative_url_root
+      ].join('')
+    end
+
+    def alternative_gitlab_kerberos_url?
+      kerberos.enabled && (build_gitlab_kerberos_url != build_gitlab_url)
+    end
+
     # check that values in `current` (string or integer) is a contant in `modul`.
     def verify_constant_array(modul, current, default)
       values = default || []