Merge pull request #4879 from libgit2/ethomson/defer_cert_cred_cb Allow certificate and credential callbacks to decline to act
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157
diff --git a/include/git2/errors.h b/include/git2/errors.h
index b0ce45f..2c0ac1c 100644
--- a/include/git2/errors.h
+++ b/include/git2/errors.h
@@ -52,7 +52,7 @@ typedef enum {
GIT_EDIRECTORY = -23, /**< The operation is not valid for a directory */
GIT_EMERGECONFLICT = -24, /**< A merge conflict exists and cannot continue */
- GIT_PASSTHROUGH = -30, /**< Internal only */
+ GIT_PASSTHROUGH = -30, /**< A user-configured callback refused to act */
GIT_ITEROVER = -31, /**< Signals end of iteration with iterator */
GIT_RETRY = -32, /**< Internal only */
GIT_EMISMATCH = -33, /**< Hashsum mismatch in object */
diff --git a/include/git2/sys/transport.h b/include/git2/sys/transport.h
index a395de5..aac6f9f 100644
--- a/include/git2/sys/transport.h
+++ b/include/git2/sys/transport.h
@@ -226,7 +226,10 @@ GIT_EXTERN(int) git_transport_smart(
* @param cert the certificate to pass to the caller
* @param valid whether we believe the certificate is valid
* @param hostname the hostname we connected to
- * @return the return value of the callback
+ * @return the return value of the callback: 0 for no error, GIT_PASSTHROUGH
+ * to indicate that there is no callback registered (or the callback
+ * refused to validate the certificate and callers should behave as
+ * if no callback was set), or < 0 for an error
*/
GIT_EXTERN(int) git_transport_smart_certificate_check(git_transport *transport, git_cert *cert, int valid, const char *hostname);
@@ -237,7 +240,10 @@ GIT_EXTERN(int) git_transport_smart_certificate_check(git_transport *transport,
* @param transport a smart transport
* @param user the user we saw on the url (if any)
* @param methods available methods for authentication
- * @return the return value of the callback
+ * @return the return value of the callback: 0 for no error, GIT_PASSTHROUGH
+ * to indicate that there is no callback registered (or the callback
+ * refused to provide credentials and callers should behave as if no
+ * callback was set), or < 0 for an error
*/
GIT_EXTERN(int) git_transport_smart_credentials(git_cred **out, git_transport *transport, const char *user, int methods);
diff --git a/include/git2/types.h b/include/git2/types.h
index e77e628..3c127e3 100644
--- a/include/git2/types.h
+++ b/include/git2/types.h
@@ -333,6 +333,9 @@ typedef struct {
* this certificate is valid
* @param host Hostname of the host libgit2 connected to
* @param payload Payload provided by the caller
+ * @return 0 to proceed with the connection, < 0 to fail the connection
+ * or > 0 to indicate that the callback refused to act and that
+ * the existing validity determination should be honored
*/
typedef int (*git_transport_certificate_check_cb)(git_cert *cert, int valid, const char *host, void *payload);
diff --git a/src/transports/http.c b/src/transports/http.c
index 5121996..7f9d350 100644
--- a/src/transports/http.c
+++ b/src/transports/http.c
@@ -371,6 +371,7 @@ static int on_headers_complete(http_parser *parser)
allowed_auth_types,
t->owner->cred_acquire_payload);
+ /* treat GIT_PASSTHROUGH as if callback isn't set */
if (error == GIT_PASSTHROUGH) {
no_callback = 1;
} else if (error < 0) {
@@ -639,6 +640,9 @@ static int http_connect(http_subtransport *t)
giterr_clear();
error = t->owner->certificate_check_cb(cert, is_valid, t->connection_data.host, t->owner->message_cb_payload);
+ if (error == GIT_PASSTHROUGH)
+ error = is_valid ? 0 : GIT_ECERTIFICATE;
+
if (error < 0) {
if (!giterr_last())
giterr_set(GITERR_NET, "user cancelled certificate check");
diff --git a/src/transports/smart.c b/src/transports/smart.c
index e972d30..9fcbdcf 100644
--- a/src/transports/smart.c
+++ b/src/transports/smart.c
@@ -481,6 +481,11 @@ int git_transport_smart_certificate_check(git_transport *transport, git_cert *ce
{
transport_smart *t = (transport_smart *)transport;
+ assert(transport && cert && hostname);
+
+ if (!t->certificate_check_cb)
+ return GIT_PASSTHROUGH;
+
return t->certificate_check_cb(cert, valid, hostname, t->message_cb_payload);
}
@@ -488,6 +493,11 @@ int git_transport_smart_credentials(git_cred **out, git_transport *transport, co
{
transport_smart *t = (transport_smart *)transport;
+ assert(out && transport);
+
+ if (!t->cred_acquire_cb)
+ return GIT_PASSTHROUGH;
+
return t->cred_acquire_cb(out, t->url, user, methods, t->cred_acquire_payload);
}
diff --git a/src/transports/ssh.c b/src/transports/ssh.c
index 7d9114c..9e01a4a 100644
--- a/src/transports/ssh.c
+++ b/src/transports/ssh.c
@@ -447,11 +447,11 @@ static int request_creds(git_cred **out, ssh_subtransport *t, const char *user,
error = t->owner->cred_acquire_cb(&cred, t->owner->url, user, auth_methods,
t->owner->cred_acquire_payload);
- if (error == GIT_PASSTHROUGH)
+ if (error == GIT_PASSTHROUGH) {
no_callback = 1;
- else if (error < 0)
+ } else if (error < 0) {
return error;
- else if (!cred) {
+ } else if (!cred) {
giterr_set(GITERR_SSH, "callback failed to initialize SSH credentials");
return -1;
}
@@ -584,7 +584,8 @@ post_extract:
cert_ptr = &cert;
error = t->owner->certificate_check_cb((git_cert *) cert_ptr, 0, host, t->owner->message_cb_payload);
- if (error < 0) {
+
+ if (error < 0 && error != GIT_PASSTHROUGH) {
if (!giterr_last())
giterr_set(GITERR_NET, "user cancelled hostkey check");
diff --git a/src/transports/winhttp.c b/src/transports/winhttp.c
index e925dbd..5e7bde7 100644
--- a/src/transports/winhttp.c
+++ b/src/transports/winhttp.c
@@ -228,7 +228,7 @@ static int fallback_cred_acquire_cb(
}
hCoInitResult = CoInitializeEx(NULL, COINIT_MULTITHREADED);
-
+
if (SUCCEEDED(hCoInitResult) || hCoInitResult == RPC_E_CHANGED_MODE) {
IInternetSecurityManager* pISM;
@@ -295,6 +295,9 @@ static int certificate_check(winhttp_stream *s, int valid)
error = t->owner->certificate_check_cb((git_cert *) &cert, valid, t->connection_data.host, t->owner->message_cb_payload);
CertFreeCertificateContext(cert_ctx);
+ if (error == GIT_PASSTHROUGH)
+ error = valid ? 0 : GIT_ECERTIFICATE;
+
if (error < 0 && !giterr_last())
giterr_set(GITERR_NET, "user cancelled certificate check");