thodg/libgit2

Browse

Commit 478408c01006f39ab916675bc84b8a7340bae086

Jacques Germishuys 2014-04-17T23:03:44

Introduce git_cred_ssh_interactive_new() This allows for keyboard-interactive based SSH authentication 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

diff --git a/include/git2/transport.h b/include/git2/transport.h
index 1f4d03e..eba08cd 100644
--- a/include/git2/transport.h
+++ b/include/git2/transport.h
@@ -41,6 +41,9 @@ typedef enum {
 
 	/* git_cred_default */
 	GIT_CREDTYPE_DEFAULT = (1u << 3),
+
+	/* git_cred_ssh_interactive */
+	GIT_CREDTYPE_SSH_INTERACTIVE = (1u << 4),
 } git_credtype_t;
 
 /* The base structure for all credential types */
@@ -60,8 +63,10 @@ typedef struct {
 
 #ifdef GIT_SSH
 typedef LIBSSH2_USERAUTH_PUBLICKEY_SIGN_FUNC((*git_cred_sign_callback));
+typedef LIBSSH2_USERAUTH_KBDINT_RESPONSE_FUNC((*git_cred_ssh_interactive_callback));
 #else
 typedef int (*git_cred_sign_callback)(void *, ...);
+typedef int (*git_cred_ssh_interactive_callback)(void *, ...);
 #endif
 
 /**
@@ -76,6 +81,16 @@ typedef struct git_cred_ssh_key {
 } git_cred_ssh_key;
 
 /**
+ * Keyboard-interactive based ssh authentication
+ */
+typedef struct git_cred_ssh_interactive {
+	git_cred parent;
+	char *username;
+	void *prompt_callback;
+	void *payload;
+} git_cred_ssh_interactive;
+
+/**
  * A key with a custom signature function
  */
 typedef struct git_cred_ssh_custom {
@@ -131,6 +146,21 @@ GIT_EXTERN(int) git_cred_ssh_key_new(
 	const char *passphrase);
 
 /**
+ * Create a new ssh keyboard-interactive based credential object.
+ * The supplied credential parameter will be internally duplicated.
+ *
+ * @param username Username to use to authenticate.
+ * @param prompt_callback The callback method used for prompts.
+ * @param payload Additional data to pass to the callback.
+ * @return 0 for success or an error code for failure.
+ */
+GIT_EXTERN(int) git_cred_ssh_interactive_new(
+	git_cred **out,
+	const char *username,
+	git_cred_ssh_interactive_callback prompt_callback,
+	void *payload);
+
+/**
  * Create a new ssh key credential object used for querying an ssh-agent.
  * The supplied credential parameter will be internally duplicated.
  *
diff --git a/src/transports/cred.c b/src/transports/cred.c
index 460ed04..528d6af 100644
--- a/src/transports/cred.c
+++ b/src/transports/cred.c
@@ -87,6 +87,16 @@ static void ssh_key_free(struct git_cred *cred)
 	git__free(c);
 }
 
+static void ssh_interactive_free(struct git_cred *cred)
+{
+	git_cred_ssh_interactive *c = (git_cred_ssh_interactive *)cred;
+
+	git__free(c->username);
+
+	git__memzero(c, sizeof(*c));
+	git__free(c);
+}
+
 static void ssh_custom_free(struct git_cred *cred)
 {
 	git_cred_ssh_custom *c = (git_cred_ssh_custom *)cred;
@@ -142,6 +152,32 @@ int git_cred_ssh_key_new(
 	return 0;
 }
 
+int git_cred_ssh_interactive_new(
+	git_cred **out,
+	const char *username,
+	git_cred_ssh_interactive_callback prompt_callback,
+	void *payload)
+{
+	git_cred_ssh_interactive *c;
+
+	assert(out && username && prompt_callback);
+
+	c = git__calloc(1, sizeof(git_cred_ssh_interactive));
+	GITERR_CHECK_ALLOC(c);
+
+	c->parent.credtype = GIT_CREDTYPE_SSH_INTERACTIVE;
+	c->parent.free = ssh_interactive_free;
+
+	c->username = git__strdup(username);
+	GITERR_CHECK_ALLOC(c->username);
+
+	c->prompt_callback = prompt_callback;
+	c->payload = payload;
+
+	*out = &c->parent;
+	return 0;
+}
+
 int git_cred_ssh_key_from_agent(git_cred **cred, const char *username) {
 	git_cred_ssh_key *c;
 
diff --git a/src/transports/ssh.c b/src/transports/ssh.c
index 879af90..48e51f2 100644
--- a/src/transports/ssh.c
+++ b/src/transports/ssh.c
@@ -313,6 +313,27 @@ static int _git_ssh_authenticate_session(
 				c->publickey_len, c->sign_callback, &c->sign_data);
 			break;
 		}
+		case GIT_CREDTYPE_SSH_INTERACTIVE: {
+			void **abstract = libssh2_session_abstract(session);
+			git_cred_ssh_interactive *c = (git_cred_ssh_interactive *)cred;
+
+			/* ideally, we should be able to set this by calling
+			 * libssh2_session_init_ex() instead of libssh2_session_init().
+			 * libssh2's API is inconsistent here i.e. libssh2_userauth_publickey()
+			 * allows you to pass the `abstract` as part of the call, whereas
+			 * libssh2_userauth_keyboard_interactive() does not!
+			 *
+			 * The only way to set the `abstract` pointer is by calling
+			 * libssh2_session_abstract(), which will replace the existing
+			 * pointer as is done below. This is safe for now (at time of writing),
+			 * but may not be valid in future.
+			 */
+			*abstract = c->payload;
+
+			rc = libssh2_userauth_keyboard_interactive(
+				session, c->username, c->prompt_callback);
+			break;
+		}
 		default:
 			rc = LIBSSH2_ERROR_AUTHENTICATION_FAILED;
 		}
@@ -397,6 +418,7 @@ static int _git_ssh_setup_conn(
 				&t->cred, t->owner->url, user,
 				GIT_CREDTYPE_USERPASS_PLAINTEXT |
 				GIT_CREDTYPE_SSH_KEY |
+				GIT_CREDTYPE_SSH_INTERACTIVE |
 				GIT_CREDTYPE_SSH_CUSTOM,
 				t->owner->cred_acquire_payload) < 0)
 			goto on_error;
kmx.io     mail     discord kmxgit v0.4.0