Commit 2f5864c50c3c82d01837570cb0b7e629295c65cf
2014-08-29T21:15:36
ssh: do ssh cert info before asking for credentials We know the host's key as soon as we connect, so we should perform the check as soon as we can, before we bother with the user's credentials.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142
diff --git a/src/transports/ssh.c b/src/transports/ssh.c
index 8344714..a25ab63 100644
--- a/src/transports/ssh.c
+++ b/src/transports/ssh.c
@@ -467,6 +467,49 @@ static int _git_ssh_setup_conn(
GITERR_CHECK_ALLOC(port);
}
+ if ((error = gitno_connect(&s->socket, host, port, 0)) < 0)
+ goto on_error;
+
+ if ((error = _git_ssh_session_create(&session, s->socket)) < 0)
+ goto on_error;
+
+ if (t->owner->certificate_check_cb != NULL) {
+ git_cert_hostkey cert;
+ const char *key;
+ int allow;
+ size_t certlen;
+
+ cert.type = LIBSSH2_HOSTKEY_HASH_SHA1;
+ key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
+ if (key != NULL) {
+ certlen = 20;
+ memcpy(&cert.hash, key, certlen);
+ } else {
+ cert.type = LIBSSH2_HOSTKEY_HASH_MD5;
+ key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
+ certlen = 16;
+ if (key != NULL)
+ memcpy(&cert.hash, key, certlen);
+ }
+
+ if (key == NULL) {
+ giterr_set(GITERR_SSH, "unable to get the host key");
+ return -1;
+ }
+
+ /* We don't currently trust any hostkeys */
+ allow = t->owner->certificate_check_cb(GIT_CERT_HOSTKEY_LIBSSH2, &cert, certlen, 0, t->owner->message_cb_payload);
+ if (allow < 0) {
+ error = allow;
+ goto on_error;
+ }
+
+ if (!allow) {
+ error = GIT_ECERTIFICATE;
+ goto on_error;
+ }
+ }
+
/* we need the username to ask for auth methods */
if (!user) {
if ((error = request_creds(&cred, t, NULL, GIT_CREDTYPE_USERNAME)) < 0)
@@ -482,12 +525,6 @@ static int _git_ssh_setup_conn(
goto on_error;
}
- if ((error = gitno_connect(&s->socket, host, port, 0)) < 0)
- goto on_error;
-
- if ((error = _git_ssh_session_create(&session, s->socket)) < 0)
- goto on_error;
-
if ((error = list_auth_methods(&auth_methods, session, user)) < 0)
goto on_error;
@@ -517,48 +554,10 @@ static int _git_ssh_setup_conn(
if (error < 0)
goto on_error;
- if (t->owner->certificate_check_cb != NULL) {
- git_cert_hostkey cert;
- const char *key;
- int allow;
- size_t certlen;
-
- cert.type = LIBSSH2_HOSTKEY_HASH_SHA1;
- key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
- if (key != NULL) {
- certlen = 20;
- memcpy(&cert.hash, key, certlen);
- } else {
- cert.type = LIBSSH2_HOSTKEY_HASH_MD5;
- key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
- certlen = 16;
- if (key != NULL)
- memcpy(&cert.hash, key, certlen);
- }
-
- if (key == NULL) {
- giterr_set(GITERR_SSH, "unable to get the host key");
- return -1;
- }
-
- /* We don't currently trust any hostkeys */
- allow = t->owner->certificate_check_cb(GIT_CERT_HOSTKEY_LIBSSH2, &cert, certlen, 0, t->owner->message_cb_payload);
- if (allow < 0) {
- error = allow;
- goto on_error;
- }
-
- if (!allow) {
- error = GIT_ECERTIFICATE;
- goto on_error;
- }
- }
-
channel = libssh2_channel_open_session(session);
if (!channel) {
error = -1;
ssh_error(session, "Failed to open SSH channel");
- error = -1;
goto on_error;
}
@@ -634,10 +633,8 @@ static int ssh_receivepack_ls(
{
const char *cmd = t->cmd_receivepack ? t->cmd_receivepack : cmd_receivepack;
- if (_git_ssh_setup_conn(t, url, cmd, stream) < 0)
- return -1;
- return 0;
+ return _git_ssh_setup_conn(t, url, cmd, stream);
}
static int ssh_receivepack(
diff --git a/tests/online/clone.c b/tests/online/clone.c
index 0e9a176..66e614e 100644
--- a/tests/online/clone.c
+++ b/tests/online/clone.c
@@ -487,6 +487,9 @@ void test_online_clone__certificate_invalid(void)
cl_git_fail_with(git_clone(&g_repo, "http://github.com/libgit2/TestGitRepository", "./foo", &g_options),
GIT_ECERTIFICATE);
+
+ cl_git_fail_with(git_clone(&g_repo, "ssh://github.com/libgit2/TestGitRepository", "./foo", &g_options),
+ GIT_ECERTIFICATE);
}
static int succeed_certificate_check(git_cert_t type, void *data, size_t len, int valid, void *payload)