kmx git

Commit	Date	Message
fd634019	2018-04-16T15:42:35	Merge pull request #4556 from libgit2/ethomson/proxy_pass_in_env online::clone: validate user:pass in HTTP_PROXY
54bf4d14	2018-03-20T07:47:27	online tests: update auth for bitbucket test Update the settings to use a specific read-only token for accessing our test repositories in Bitbucket.
03c58778	2018-03-19T09:20:35	online::clone: skip creds fallback test At present, we have three online tests against bitbucket: one which specifies the credentials in the payload, one which specifies the correct credentials in the URL and a final one that specifies the incorrect credentials in the URL. Bitbucket has begun responding to the latter test with a 403, which causes us to fail. Break these three tests into separate tests so that we can skip the latter until this is resolved on Bitbucket's end or until we can change the test to a different provider.
e380eae0	2018-02-28T16:10:53	online::clone: validate user:pass in HTTP_PROXY Validate using the http://user:pass@host/ format in HTTP_PROXY and HTTPS_PROXY environment variables.
820fb712	2018-01-18T07:48:28	tests: online::clone: fix memory leak due to not freeing URL
54a1bf05	2017-06-07T13:06:53	tests: online::clone: inline creds-test with nonexistent URL Right now, we test our credential callback code twice, once via SSH on localhost and once via a non-existent GitHub repository. While the first URL makes sense to be configurable, it does not make sense to hard-code the non-existing repository, which requires us to call tests multiple times. Instead, we can just inline the URL into another set of tests.
fea60920	2017-06-07T12:48:48	tests: online::clone: construct credential-URL from environment We support two types of passing credentials to the proxy, either via the URL or explicitly by specifying user and password. We test these types by modifying the proxy URL and executing the tests twice, which is in fact unnecessary and requires us to maintain the list of environment variables and test executions across multiple CI infrastructures. To fix the situation, we can just always pass the host, port, user and password to the tests. The tests can then assemble the complete URL either with or without included credentials, allowing us to test both cases in-process.
c2c95ad0	2017-04-26T13:16:18	tests: online::clone: use URL of test server All our tests running against a local SSH server usually read the server's URL from environment variables. But online::clone::ssh_cert test fails to do so and instead always connects to "ssh://localhost/foo". This assumption breaks whenever the SSH server is not running on the standard port, e.g. when it is running as a user. Fix the issue by using the URL provided by the environment.
0bd77401	2016-04-21T11:05:21	clone test: annotate unused vars
0d72f67f	2016-03-14T17:36:04	proxy: don't specify the protocol in the type We leave this up to the scheme in the url field. The type should only tell us about whether we want a proxy and whether we want to auto-detect it.
b117721d	2015-07-29T21:23:56	proxy: use poxy to test our Windows proxy support
07bd3e57	2015-05-07T12:57:56	proxy: ask the user for credentials if necessary
3245896b	2015-09-10T13:18:26	Add a test for custom header validation Also, some custom headers actually are valid.
e069c621	2015-07-02T09:25:48	git__getenv: utf-8 aware env reader Introduce `git__getenv` which is a UTF-8 aware `getenv` everywhere. Make `cl_getenv` use this to keep consistent memory handling around return values (free everywhere, as opposed to only some platforms).
352ee171	2015-06-12T12:45:49	clone: set the credentials callback during testing
8085adf8	2015-05-27T18:44:40	test: Add a test for in-memory SSH private key cred_cb
77254990	2015-04-23T06:51:34	remote: remove live changing of refspecs The base refspecs changing can be a cause of confusion as to what is the current base refspec set and complicate saving the remote's configuration. Change `git_remote_add_{fetch,push}()` to update the configuration instead of an instance. This finally makes `git_remote_save()` a no-op, it will be removed in a later commit.
058b753c	2015-04-22T15:45:21	remote: move the transport ctor to the callbacks Instead of having it set in a different place from every other callback, put it the main structure. This removes some state from the remote and makes it behave more like clone, where the constructors are passed via the options.
8f0104ec	2015-04-21T22:10:36	Remove the callbacks struct from the remote Having the setting be different from calling its actions was not a great idea and made for the sake of the wrong convenience. Instead of that, accept either fetch options, push options or the callbacks when dealing with the remote. The fetch options are currently only the callbacks, but more options will be moved from setters and getters on the remote to the options. This does mean passing the same struct along the different functions but the typical use-case will only call git_remote_fetch() or git_remote_push() and so won't notice much difference.
29e7ae5d	2015-03-16T19:39:05	Add failing test for cert callback with non-ecrypted stream When we have an HTTP stream and have set the certificatre check callback, we currently fail as we ask the unencrypted stream for its certificate.
6c9e86ad	2015-02-14T10:46:41	clone: drop now unnecessary SAFE_CREATE
209425ce	2014-11-08T13:25:51	remote: rename _load() to _lookup() This brings it in line with the rest of the lookup functions.
db3d169c	2014-09-24T11:28:45	Add tests for host names Signed-off-by: Sven Strickroth <email@cs-ware.de>
e6e834a1	2014-09-18T12:23:07	Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth <email@cs-ware.de>
52e09724	2014-09-16T17:13:58	ssh: skip the localhost cert check earlier Skip it before we attempt to clone, as we would exit with -1 on systems which do not have sshd running.
1e0aa105	2014-09-16T03:22:09	ssh: expose both hashes The user may have the data hashed as MD5 or SHA-1, so we should provide both types for consumption.
286369a8	2014-09-16T02:27:16	ssh: provide our own types for host key lengths Instead of using the libssh2 defines, provide our own, which eases usage as we do not need to check whether libgit2 was built with libssh2 or not.
0782fc43	2014-09-16T01:47:30	net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.
0fef3899	2014-09-16T01:25:53	Merge remote-tracking branch 'upstream/master' into cmn/host-cert-info
bf8756d6	2014-09-15T21:51:42	ssh: add test for host key Test that the certificate check callback gets the right fingerprint from the host we're connecting to.
08545d36	2014-08-30T00:40:37	winhttp: credential check on successful connect On successful connection, still ask the user whether they accept the server's certificate, indicating that WinHTTP would let it though.
23ca0ad5	2014-08-29T21:25:13	Bring certificate check back to the normal return code Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.
2f5864c5	2014-08-29T21:15:36	ssh: do ssh cert info before asking for credentials We know the host's key as soon as we connect, so we should perform the check as soon as we can, before we bother with the user's credentials.
17491f6e	2014-08-29T17:18:23	transport: always call the certificate check callback We should let the user decide whether to cancel the connection or not regardless of whether our checks have decided that the certificate is fine. We provide our own assessment to the callback to let the user fall back to our checks if they so desire.
85acc562	2014-08-29T17:07:07	remote: add tests for the certificate callback
fe3b6789	2014-09-01T19:18:20	Skip SSH clone tests if libgit2 not built with GIT_SSH defined
f0c53d21	2014-08-27T10:28:46	winhttp: Prevent swallowing of url parsing error
c13b6844	2014-08-27T15:25:46	Adjust clone tests to USERNAME cred type
6a0d2b43	2014-08-27T15:09:07	Merge remote-tracking branch 'upstream/master' into cmn/ssh-retry
adcdeb36	2014-08-01T13:06:37	online::clone::credentials support default credentials
aea67633	2014-07-31T17:59:03	Don't run the ssh clone tests against http remotes
d4256ed5	2014-07-04T10:00:39	ssh: provide a factory function for setting ssh paths git allows you to set which paths to use for the git server programs when connecting over ssh; and we want to provide something similar. We do this by providing a factory function which can be set as the remote's transport callback which will set the given paths upon creation.
6812afaf	2014-06-30T21:36:38	clone: remote git_clone_into{,_local} from the public API As git_clone now has callbacks to configure the details of the repository and remote, remove the lower-level functions from the public API, as they lack some of the logic from git_clone proper.
e26b08d3	2014-06-25T17:05:27	ssh: adjust clone and push test credentials to the split user+pass method For urls where we do not specify a username, we must handle the case where the ssh transport asks us for the username. Test also that switching username fails.
ccb85c8f	2014-06-25T16:27:43	ssh: make sure to ask for a username and use the same one In order to know which authentication methods are supported/allowed by the ssh server, we need to send a NONE auth request, which needs a username associated with it. Most ssh server implementations do not allow switching the username between authentication attempts, which means we cannot use a dummy username and then switch. There are two ways around this. The first is to use a different connection, which an earlier commit implements, but this increases how long it takes to get set up, and without knowing the right username, we cannot guarantee that the list we get in response is the right one. The second is what's implemented here: if there is no username specified in the url, ask for it first. We can then ask for the list of auth methods and use the user's credentials in the same connection.
d7f962f4	2014-06-16T19:30:06	ssh: request credentials again on authentication failure Instead of completely giving up on the first failure, ask for credentials as long as we fail to authenticate.
b529c5f9	2014-06-12T17:19:00	ssh: propagate the error code from the auth callback We need to be able to get a GIT_EUSER back through the outermost call.
22618906	2014-06-12T16:09:54	ssh: detect authentication methods Before calling the credentials callback, ask the sever which authentication methods it supports and report that to the user, instead of simply reporting everything that the transport supports. In case of an error, we do fall back to listing all of them.
09561d33	2014-06-13T22:27:46	test: remove assembla clone test The assembla failure we were seeing referred to a private repository, which is not what is there at the moment. This reverts 1fd21b0342f
3382d8b1	2014-06-13T22:24:43	test: use read-only account Don't write in plaintext the password of an account which has full control over the repository. Instead use an account with read-only access.
6d1b0438	2014-06-07T12:18:24	Win32: Fix failing clone_mirror test
b2067248	2014-05-15T09:03:30	clone: add failing test for a mirror-clone with clone_into Show a failure to perform a mirror-clone from a repository, both local and remote.
0f65733b	2014-04-02T18:50:47	Clar: skip tests
6affd71f	2014-01-03T17:38:34	git_checkout_opts -> git_checkout_options
5dae3ffe	2014-02-05T19:27:27	Only run clone-failure test on private repo
fe45922d	2014-02-05T13:41:12	Fix broken clone test
1cc974ab	2014-01-27T14:40:31	Augment clone API with reflog parameters
25e0b157	2013-12-06T15:07:57	Remove converting user error to GIT_EUSER This changes the behavior of callbacks so that the callback error code is not converted into GIT_EUSER and instead we propagate the return value through to the caller. Instead of using the giterr_capture and giterr_restore functions, we now rely on all functions to pass back the return value from a callback. To avoid having a return value with no error message, the user can call the public giterr_set_str or some such function to set an error message. There is a new helper 'giterr_set_callback' that functions can invoke after making a callback which ensures that some error message was set in case the callback did not set one. In places where the sign of the callback return value is meaningful (e.g. positive to skip, negative to abort), only the negative values are returned back to the caller, obviously, since the other values allow for continuing the loop. The hardest parts of this were in the checkout code where positive return values were overloaded as meaningful values for checkout. I fixed this by adding an output parameter to many of the internal checkout functions and removing the overload. This added some code, but it is probably a better implementation. There is some funkiness in the network code where user provided callbacks could be returning a positive or a negative value and we want to rely on that to cancel the loop. There are still a couple places where an user error might get turned into GIT_EUSER there, I think, though none exercised by the tests.
8f2a3d62	2013-11-18T12:14:50	Fix warnings
80fc7d6b	2013-11-13T16:46:45	Propagate auth error codes as GIT_EUSER in winhttp
17820381	2013-11-14T14:05:52	Rename tests-clar to tests

fd634019

2018-04-16T15:42:35

Merge pull request #4556 from libgit2/ethomson/proxy_pass_in_env online::clone: validate user:pass in HTTP_PROXY

54bf4d14

2018-03-20T07:47:27

online tests: update auth for bitbucket test Update the settings to use a specific read-only token for accessing our test repositories in Bitbucket.

03c58778

2018-03-19T09:20:35

online::clone: skip creds fallback test At present, we have three online tests against bitbucket: one which specifies the credentials in the payload, one which specifies the correct credentials in the URL and a final one that specifies the incorrect credentials in the URL. Bitbucket has begun responding to the latter test with a 403, which causes us to fail. Break these three tests into separate tests so that we can skip the latter until this is resolved on Bitbucket's end or until we can change the test to a different provider.

e380eae0

2018-02-28T16:10:53

online::clone: validate user:pass in HTTP_PROXY Validate using the http://user:pass@host/ format in HTTP_PROXY and HTTPS_PROXY environment variables.

820fb712

2018-01-18T07:48:28

tests: online::clone: fix memory leak due to not freeing URL

54a1bf05

2017-06-07T13:06:53

tests: online::clone: inline creds-test with nonexistent URL Right now, we test our credential callback code twice, once via SSH on localhost and once via a non-existent GitHub repository. While the first URL makes sense to be configurable, it does not make sense to hard-code the non-existing repository, which requires us to call tests multiple times. Instead, we can just inline the URL into another set of tests.

fea60920

2017-06-07T12:48:48

tests: online::clone: construct credential-URL from environment We support two types of passing credentials to the proxy, either via the URL or explicitly by specifying user and password. We test these types by modifying the proxy URL and executing the tests twice, which is in fact unnecessary and requires us to maintain the list of environment variables and test executions across multiple CI infrastructures. To fix the situation, we can just always pass the host, port, user and password to the tests. The tests can then assemble the complete URL either with or without included credentials, allowing us to test both cases in-process.

c2c95ad0

2017-04-26T13:16:18

tests: online::clone: use URL of test server All our tests running against a local SSH server usually read the server's URL from environment variables. But online::clone::ssh_cert test fails to do so and instead always connects to "ssh://localhost/foo". This assumption breaks whenever the SSH server is not running on the standard port, e.g. when it is running as a user. Fix the issue by using the URL provided by the environment.

0bd77401

2016-04-21T11:05:21

clone test: annotate unused vars

0d72f67f

2016-03-14T17:36:04

proxy: don't specify the protocol in the type We leave this up to the scheme in the url field. The type should only tell us about whether we want a proxy and whether we want to auto-detect it.

b117721d

2015-07-29T21:23:56

proxy: use poxy to test our Windows proxy support

07bd3e57

2015-05-07T12:57:56

proxy: ask the user for credentials if necessary

3245896b

2015-09-10T13:18:26

Add a test for custom header validation Also, *some* custom headers actually are valid.

e069c621

2015-07-02T09:25:48

git__getenv: utf-8 aware env reader Introduce `git__getenv` which is a UTF-8 aware `getenv` everywhere. Make `cl_getenv` use this to keep consistent memory handling around return values (free everywhere, as opposed to only some platforms).

352ee171

2015-06-12T12:45:49

clone: set the credentials callback during testing

8085adf8

2015-05-27T18:44:40

test: Add a test for in-memory SSH private key cred_cb

77254990

2015-04-23T06:51:34

remote: remove live changing of refspecs The base refspecs changing can be a cause of confusion as to what is the current base refspec set and complicate saving the remote's configuration. Change `git_remote_add_{fetch,push}()` to update the configuration instead of an instance. This finally makes `git_remote_save()` a no-op, it will be removed in a later commit.

058b753c

2015-04-22T15:45:21

remote: move the transport ctor to the callbacks Instead of having it set in a different place from every other callback, put it the main structure. This removes some state from the remote and makes it behave more like clone, where the constructors are passed via the options.

8f0104ec

2015-04-21T22:10:36

Remove the callbacks struct from the remote Having the setting be different from calling its actions was not a great idea and made for the sake of the wrong convenience. Instead of that, accept either fetch options, push options or the callbacks when dealing with the remote. The fetch options are currently only the callbacks, but more options will be moved from setters and getters on the remote to the options. This does mean passing the same struct along the different functions but the typical use-case will only call git_remote_fetch() or git_remote_push() and so won't notice much difference.

29e7ae5d

2015-03-16T19:39:05

Add failing test for cert callback with non-ecrypted stream When we have an HTTP stream and have set the certificatre check callback, we currently fail as we ask the unencrypted stream for its certificate.

6c9e86ad

2015-02-14T10:46:41

clone: drop now unnecessary SAFE_CREATE

209425ce

2014-11-08T13:25:51

remote: rename _load() to _lookup() This brings it in line with the rest of the lookup functions.

db3d169c

2014-09-24T11:28:45

Add tests for host names Signed-off-by: Sven Strickroth <email@cs-ware.de>

e6e834a1

2014-09-18T12:23:07

Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth <email@cs-ware.de>

52e09724

2014-09-16T17:13:58

ssh: skip the localhost cert check earlier Skip it before we attempt to clone, as we would exit with -1 on systems which do not have sshd running.

1e0aa105

2014-09-16T03:22:09

ssh: expose both hashes The user may have the data hashed as MD5 or SHA-1, so we should provide both types for consumption.

286369a8

2014-09-16T02:27:16

ssh: provide our own types for host key lengths Instead of using the libssh2 defines, provide our own, which eases usage as we do not need to check whether libgit2 was built with libssh2 or not.

0782fc43

2014-09-16T01:47:30

net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.

0fef3899

2014-09-16T01:25:53

Merge remote-tracking branch 'upstream/master' into cmn/host-cert-info

bf8756d6

2014-09-15T21:51:42

ssh: add test for host key Test that the certificate check callback gets the right fingerprint from the host we're connecting to.

08545d36

2014-08-30T00:40:37

winhttp: credential check on successful connect On successful connection, still ask the user whether they accept the server's certificate, indicating that WinHTTP would let it though.

23ca0ad5

2014-08-29T21:25:13

Bring certificate check back to the normal return code Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.

2f5864c5

2014-08-29T21:15:36

ssh: do ssh cert info before asking for credentials We know the host's key as soon as we connect, so we should perform the check as soon as we can, before we bother with the user's credentials.

17491f6e

2014-08-29T17:18:23

transport: always call the certificate check callback We should let the user decide whether to cancel the connection or not regardless of whether our checks have decided that the certificate is fine. We provide our own assessment to the callback to let the user fall back to our checks if they so desire.

85acc562

2014-08-29T17:07:07

remote: add tests for the certificate callback

fe3b6789

2014-09-01T19:18:20

Skip SSH clone tests if libgit2 not built with GIT_SSH defined

f0c53d21

2014-08-27T10:28:46

winhttp: Prevent swallowing of url parsing error

c13b6844

2014-08-27T15:25:46

Adjust clone tests to USERNAME cred type

6a0d2b43

2014-08-27T15:09:07

Merge remote-tracking branch 'upstream/master' into cmn/ssh-retry

adcdeb36

2014-08-01T13:06:37

online::clone::credentials support default credentials

aea67633

2014-07-31T17:59:03

Don't run the ssh clone tests against http remotes

d4256ed5

2014-07-04T10:00:39

ssh: provide a factory function for setting ssh paths git allows you to set which paths to use for the git server programs when connecting over ssh; and we want to provide something similar. We do this by providing a factory function which can be set as the remote's transport callback which will set the given paths upon creation.

6812afaf

2014-06-30T21:36:38

clone: remote git_clone_into{,_local} from the public API As git_clone now has callbacks to configure the details of the repository and remote, remove the lower-level functions from the public API, as they lack some of the logic from git_clone proper.

e26b08d3

2014-06-25T17:05:27

ssh: adjust clone and push test credentials to the split user+pass method For urls where we do not specify a username, we must handle the case where the ssh transport asks us for the username. Test also that switching username fails.

ccb85c8f

2014-06-25T16:27:43

ssh: make sure to ask for a username and use the same one In order to know which authentication methods are supported/allowed by the ssh server, we need to send a NONE auth request, which needs a username associated with it. Most ssh server implementations do not allow switching the username between authentication attempts, which means we cannot use a dummy username and then switch. There are two ways around this. The first is to use a different connection, which an earlier commit implements, but this increases how long it takes to get set up, and without knowing the right username, we cannot guarantee that the list we get in response is the right one. The second is what's implemented here: if there is no username specified in the url, ask for it first. We can then ask for the list of auth methods and use the user's credentials in the same connection.

d7f962f4

2014-06-16T19:30:06

ssh: request credentials again on authentication failure Instead of completely giving up on the first failure, ask for credentials as long as we fail to authenticate.

b529c5f9

2014-06-12T17:19:00

ssh: propagate the error code from the auth callback We need to be able to get a GIT_EUSER back through the outermost call.

22618906

2014-06-12T16:09:54

ssh: detect authentication methods Before calling the credentials callback, ask the sever which authentication methods it supports and report that to the user, instead of simply reporting everything that the transport supports. In case of an error, we do fall back to listing all of them.

09561d33

2014-06-13T22:27:46

test: remove assembla clone test The assembla failure we were seeing referred to a private repository, which is not what is there at the moment. This reverts 1fd21b0342f

3382d8b1

2014-06-13T22:24:43

test: use read-only account Don't write in plaintext the password of an account which has full control over the repository. Instead use an account with read-only access.

6d1b0438

2014-06-07T12:18:24

Win32: Fix failing clone_mirror test

b2067248

2014-05-15T09:03:30

clone: add failing test for a mirror-clone with clone_into Show a failure to perform a mirror-clone from a repository, both local and remote.

0f65733b

2014-04-02T18:50:47

Clar: skip tests

6affd71f

2014-01-03T17:38:34

git_checkout_opts -> git_checkout_options

5dae3ffe

2014-02-05T19:27:27

Only run clone-failure test on private repo

fe45922d

2014-02-05T13:41:12

Fix broken clone test

1cc974ab

2014-01-27T14:40:31

Augment clone API with reflog parameters

25e0b157

2013-12-06T15:07:57

Remove converting user error to GIT_EUSER This changes the behavior of callbacks so that the callback error code is not converted into GIT_EUSER and instead we propagate the return value through to the caller. Instead of using the giterr_capture and giterr_restore functions, we now rely on all functions to pass back the return value from a callback. To avoid having a return value with no error message, the user can call the public giterr_set_str or some such function to set an error message. There is a new helper 'giterr_set_callback' that functions can invoke after making a callback which ensures that some error message was set in case the callback did not set one. In places where the sign of the callback return value is meaningful (e.g. positive to skip, negative to abort), only the negative values are returned back to the caller, obviously, since the other values allow for continuing the loop. The hardest parts of this were in the checkout code where positive return values were overloaded as meaningful values for checkout. I fixed this by adding an output parameter to many of the internal checkout functions and removing the overload. This added some code, but it is probably a better implementation. There is some funkiness in the network code where user provided callbacks could be returning a positive or a negative value and we want to rely on that to cancel the loop. There are still a couple places where an user error might get turned into GIT_EUSER there, I think, though none exercised by the tests.

8f2a3d62

2013-11-18T12:14:50

Fix warnings

80fc7d6b

2013-11-13T16:46:45

Propagate auth error codes as GIT_EUSER in winhttp

17820381

2013-11-14T14:05:52

Rename tests-clar to tests

thodg/libgit2/tests/online/clone.c

tests/online/clone.c

Log