cred: tighten username rules The ssh-specific credentials allow the username to be missing. The idea being that the ssh transport will then use the username provided in the url, if it's available. There are two main issues with this. The credential callback already knows what username was provided by the url and needs to figure out whether it wants to ask the user for it or it can reuse it, so passing NULL as the username means the credential callback is suspicious. The username provided in the url is not in fact used by the transport. The only time it even considers it is for the user/pass credential, which asserts the existence of a username in its constructor. For the ssh-specific ones, it passes in the username stored in the credential, which is NULL. The libssh2 macro we use runs strlen() against this value (which is no different from what we would be doing ourselves), so we then crash. As the documentation doesn't suggest to leave out the username, assert the need for a username in the code, which removes this buggy behavior and removes implicit state. git_cred_has_username() becomes a blacklist of credential types that do not have a username. The only one at the moment is the 'default' one, which is meant to call up some Microsoft magic.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157
diff --git a/src/transports/cred.c b/src/transports/cred.c
index abae70b..460ed04 100644
--- a/src/transports/cred.c
+++ b/src/transports/cred.c
@@ -11,31 +11,10 @@
int git_cred_has_username(git_cred *cred)
{
- int ret = 0;
+ if (cred->credtype == GIT_CREDTYPE_DEFAULT)
+ return 0;
- switch (cred->credtype) {
- case GIT_CREDTYPE_USERPASS_PLAINTEXT: {
- git_cred_userpass_plaintext *c = (git_cred_userpass_plaintext *)cred;
- ret = !!c->username;
- break;
- }
- case GIT_CREDTYPE_SSH_KEY: {
- git_cred_ssh_key *c = (git_cred_ssh_key *)cred;
- ret = !!c->username;
- break;
- }
- case GIT_CREDTYPE_SSH_CUSTOM: {
- git_cred_ssh_custom *c = (git_cred_ssh_custom *)cred;
- ret = !!c->username;
- break;
- }
- case GIT_CREDTYPE_DEFAULT: {
- ret = 0;
- break;
- }
- }
-
- return ret;
+ return 1;
}
static void plaintext_free(struct git_cred *cred)
@@ -135,7 +114,7 @@ int git_cred_ssh_key_new(
{
git_cred_ssh_key *c;
- assert(cred && privatekey);
+ assert(username && cred && privatekey);
c = git__calloc(1, sizeof(git_cred_ssh_key));
GITERR_CHECK_ALLOC(c);
@@ -143,10 +122,8 @@ int git_cred_ssh_key_new(
c->parent.credtype = GIT_CREDTYPE_SSH_KEY;
c->parent.free = ssh_key_free;
- if (username) {
- c->username = git__strdup(username);
- GITERR_CHECK_ALLOC(c->username);
- }
+ c->username = git__strdup(username);
+ GITERR_CHECK_ALLOC(c->username);
c->privatekey = git__strdup(privatekey);
GITERR_CHECK_ALLOC(c->privatekey);
@@ -168,7 +145,7 @@ int git_cred_ssh_key_new(
int git_cred_ssh_key_from_agent(git_cred **cred, const char *username) {
git_cred_ssh_key *c;
- assert(cred);
+ assert(username && cred);
c = git__calloc(1, sizeof(git_cred_ssh_key));
GITERR_CHECK_ALLOC(c);
@@ -176,10 +153,8 @@ int git_cred_ssh_key_from_agent(git_cred **cred, const char *username) {
c->parent.credtype = GIT_CREDTYPE_SSH_KEY;
c->parent.free = ssh_key_free;
- if (username) {
- c->username = git__strdup(username);
- GITERR_CHECK_ALLOC(c->username);
- }
+ c->username = git__strdup(username);
+ GITERR_CHECK_ALLOC(c->username);
c->privatekey = NULL;
@@ -197,7 +172,7 @@ int git_cred_ssh_custom_new(
{
git_cred_ssh_custom *c;
- assert(cred);
+ assert(username && cred);
c = git__calloc(1, sizeof(git_cred_ssh_custom));
GITERR_CHECK_ALLOC(c);
@@ -205,10 +180,8 @@ int git_cred_ssh_custom_new(
c->parent.credtype = GIT_CREDTYPE_SSH_CUSTOM;
c->parent.free = ssh_custom_free;
- if (username) {
- c->username = git__strdup(username);
- GITERR_CHECK_ALLOC(c->username);
- }
+ c->username = git__strdup(username);
+ GITERR_CHECK_ALLOC(c->username);
if (publickey_len > 0) {
c->publickey = git__malloc(publickey_len);
diff --git a/src/transports/ssh.c b/src/transports/ssh.c
index bece0b4..879af90 100644
--- a/src/transports/ssh.c
+++ b/src/transports/ssh.c
@@ -282,7 +282,6 @@ shutdown:
static int _git_ssh_authenticate_session(
LIBSSH2_SESSION* session,
- const char *user,
git_cred* cred)
{
int rc;
@@ -291,13 +290,11 @@ static int _git_ssh_authenticate_session(
switch (cred->credtype) {
case GIT_CREDTYPE_USERPASS_PLAINTEXT: {
git_cred_userpass_plaintext *c = (git_cred_userpass_plaintext *)cred;
- user = c->username ? c->username : user;
- rc = libssh2_userauth_password(session, user, c->password);
+ rc = libssh2_userauth_password(session, c->username, c->password);
break;
}
case GIT_CREDTYPE_SSH_KEY: {
git_cred_ssh_key *c = (git_cred_ssh_key *)cred;
- user = c->username ? c->username : user;
if (c->privatekey)
rc = libssh2_userauth_publickey_fromfile(
@@ -311,7 +308,6 @@ static int _git_ssh_authenticate_session(
case GIT_CREDTYPE_SSH_CUSTOM: {
git_cred_ssh_custom *c = (git_cred_ssh_custom *)cred;
- user = c->username ? c->username : user;
rc = libssh2_userauth_publickey(
session, c->username, (const unsigned char *)c->publickey,
c->publickey_len, c->sign_callback, &c->sign_data);
@@ -415,15 +411,10 @@ static int _git_ssh_setup_conn(
}
assert(t->cred);
- if (!user && !git_cred_has_username(t->cred)) {
- giterr_set_str(GITERR_NET, "Cannot authenticate without a username");
- goto on_error;
- }
-
if (_git_ssh_session_create(&session, s->socket) < 0)
goto on_error;
- if (_git_ssh_authenticate_session(session, user, t->cred) < 0)
+ if (_git_ssh_authenticate_session(session, t->cred) < 0)
goto on_error;
channel = libssh2_channel_open_session(session);