src/transports/ssh.c


Log

Author Commit Date CI Message
Edward Thomson 6fc6eeb6 2021-12-24T15:14:38 remote: introduce `git_remote_connect_options` The existing mechanism for providing options to remote fetch/push calls, and subsequently to transports, is unsatisfactory. It requires an options structure to avoid breaking the API and callback signatures. 1. Introduce `git_remote_connect_options` to satisfy those needs. 2. Add a new remote connection API, `git_remote_connect_ext` that will take this new options structure. Existing `git_remote_connect` calls will proxy to that. `git_remote_fetch` and `git_remote_push` will proxy their fetch/push options to that as well. 3. Define the interaction between `git_remote_connect` and fetch/push. Connect _may_ be called before fetch/push, but _need not_ be. The semantics of which options would be used for these operations was not specified if you specify options for both connect _and_ fetch. Now these are defined that the fetch or push options will be used _if_ they were specified. Otherwise, the connect options will be used if they were specified. Otherwise, the library's defaults will be used. 4. Update the transports to understand `git_remote_connect_options`. This is a breaking change to the systems API.
Edward Thomson f0e693b1 2021-09-07T17:53:49 str: introduce `git_str` for internal, `git_buf` is external libgit2 has two distinct requirements that were previously solved by `git_buf`. We require: 1. A general purpose string class that provides a number of utility APIs for manipulating data (eg, concatenating, truncating, etc). 2. A structure that we can use to return strings to callers that they can take ownership of. By using a single class (`git_buf`) for both of these purposes, we have confused the API to the point that refactorings are difficult and reasoning about correctness is also difficult. Move the utility class `git_buf` to be called `git_str`: this represents its general purpose, as an internal string buffer class. The name also is an homage to Junio Hamano ("gitstr"). The public API remains `git_buf`, and has a much smaller footprint. It is generally only used as an "out" param with strict requirements that follow the documentation. (Exceptions exist for some legacy APIs to avoid breaking callers unnecessarily.) Utility functions exist to convert a user-specified `git_buf` to a `git_str` so that we can call internal functions, then converting it back again.
punkymaniac 379c4646 2021-09-09T19:49:04 Fix coding style for pointer Make some syntax change to follow coding style.
Edward Thomson 9937967e 2021-08-29T21:29:14 Merge branch 'main' into http-use-eauth
Miguel Arroz 3433acd9 2020-12-21T21:27:58 Wrap newer hostkeys in #ifdefs This allows the library to be built using a pre-1.9.0 version of libssh2.
Miguel Arroz ed7b20e7 2020-12-21T17:26:34 Add support for additional hostkey types. Specifically: ECDSA_256, ECDSA_384, ECDSA_521 and ED25519.
lhchavez 29fe5f61 2020-11-22T18:25:00 Also add the raw hostkey to `git_cert_hostkey` `git_cert_x509` has the raw encoded certificate. Let's do the same for the SSH certificate for symmetry.
Edward Thomson 4f5f1127 2020-11-22T00:01:09 transports: use GIT_ASSERT
Edward Thomson e316b0d3 2020-05-15T11:47:09 runtime: move init/shutdown into the "runtime" Provide a mechanism for system components to register for initialization and shutdown of the libgit2 runtime.
Josh Bleecher Snyder 216165ec 2020-02-07T10:06:28 transports: use GIT_EAUTH for authentication failures When the failure is clearly an auth failure (as opposed to possibly an auth failure), use the error code GIT_EAUTH instead of GIT_ERROR. While we're here, fix a typo and improve an error message. Fixes #5389.
Edward Thomson 3f54ba8b 2020-01-18T13:51:40 credential: change git_cred to git_credential We avoid abbreviations where possible; rename git_cred to git_credential. In addition, we have standardized on a trailing `_t` for enum types, instead of using "type" in the name. So `git_credtype_t` has become `git_credential_t` and its members have become `GIT_CREDENTIAL` instead of `GIT_CREDTYPE`. Finally, the source and header files have been renamed to `credential` instead of `cred`. Keep previous name and values as deprecated, and include the new header files from the previous ones.
Patrick Steinhardt dbb6429c 2020-01-10T14:30:18 Merge pull request #5305 from kas-luthor/bugfix/multiple-auth Adds support for multiple SSH auth mechanisms being used sequentially
kas cb7fd1ed 2019-12-13T15:11:38 Fixes code styling
Anders Borum 48c3f7e1 2019-11-20T11:21:14 ssh: include sha256 host key hash when supported
kas fbdf5bdd 2019-11-16T22:41:25 Adds support for multiple SSH auth mechanisms being used sequentially
Etienne Samson 8bf0f7eb 2019-09-09T13:00:27 cred: separate public interface from low-level details
Edward Thomson c6ab183e 2019-03-11T11:43:08 net: rename gitno_connection_data to git_net_url "Connection data" is an imprecise and largely incorrect name; these structures are actually parsed URLs. Provide a parser that takes a URL string and produces a URL structure (if it is valid). Separate the HTTP redirect handling logic from URL parsing, keeping a `gitno_connection_data_handle_redirect` whose only job is redirect handling logic and does not parse URLs itself.
Etienne Samson b51789ac 2019-04-16T13:20:08 transports: make use of the `GIT_CONTAINER_OF` macro
Edward Thomson f673e232 2018-12-27T13:47:34 git_error: use new names in internal APIs and usage Move to the `git_error` name in the internal API for error-related functions.
Edward Thomson a2e6e0ea 2018-11-06T14:15:43 transport: allow cred/cert callbacks to return GIT_PASSTHROUGH Allow credential and certificate checking callbacks to return GIT_PASSTHROUGH, indicating that they do not want to act. Introduce this to support in both the http and ssh callbacks. Additionally, enable the same mechanism for certificate validation. This is most useful to disambiguate any meaning in the publicly exposed credential and certificate functions (`git_transport_smart_credentials` and `git_transport_smart_certificate_check`) but it may be more generally useful for callers to be able to defer back to libgit2.
Patrick Steinhardt ecf4f33a 2018-02-08T11:14:48 Convert usage of `git_buf_free` to new `git_buf_dispose`
Patrick Steinhardt 874ce161 2018-03-27T15:03:15 transports: ssh: replace deprecated function `libssh2_session_startup` The function `libssh2_session_startup` has been deprecated since libssh2 version 1.2.8 in favor of `libssh2_session_handshake` introduced in the same version. libssh2 1.2.8 was released in April 2011, so it is already seven years old. It is available in Debian Wheezy, Ubuntu Trusty and CentOS 7.4, so the most important and conservative distros already have it available. As such, it seems safe to just use the new function.
Patrick Steinhardt 2785cc8e 2018-03-27T14:49:21 transports: ssh: disconnect session before freeing it The function `ssh_stream_free` takes over the responsibility of closing channels and streams just before freeing their memory, but it does not do so for the session. In fact, we never disconnect the session ourselves at all, as libssh2 will not do so itself upon freeing the structure. Quoting the documentation of `libssh2_session_free`: > Frees all resources associated with a session instance. Typically > called after libssh2_session_disconnect_ex, The missing disconnect probably stems from a misunderstanding what it actually does. As we are already closing the TCP socket ourselves, the assumption was that no additional disconnect is required. But calling `libssh2_session_disconnect` will notify the server that we are cleanly closing the connection, such that the server can free his own resources. Add a call to `libssh2_session_disconnect` to fix that issue. [1]: https://www.libssh2.org/libssh2_session_free.html
Edward Thomson 6f577906 2018-03-03T20:09:09 ssh urls: use `git_buf_decode_percent` Use `git_buf_decode_percent` so that we can avoid allocating a temporary buffer.
Steven King Jr 16210877 2018-02-28T12:59:47 Unescape repo before constructing ssh request
Patrick Steinhardt 88450c1c 2017-11-09T21:49:30 Merge pull request #4283 from tiennou/generic-tls CMake: make HTTPS support more generic
Etienne Samson e9369856 2017-03-21T00:25:15 stream: Gather streams to src/streams
Curtis Vogt f2f14724 2017-09-21T15:51:52 transports: ssh: ask for credentials again when passphrase is wrong When trying to decode the private key it looks like LibSSH2 returns a LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED when the passphrase is incorrect.
Patrick Steinhardt 0c7f49dd 2017-06-30T13:39:01 Make sure to always include "common.h" first Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.
Patrick Steinhardt 2ce2a48f 2017-05-02T13:37:15 transports: ssh: clean up after libssh2 on exit After calling `libssh2_init`, we need to clean up after the library by executing `libssh2_exit` as soon as we exit. Register a shutdown handler to do so which simply calls `libssh2_exit`. This fixes several memory leaks.
Patrick Steinhardt 8c027351 2017-05-02T13:35:09 transports: ssh: report failure initializing libssh2 We unconditionally return success when initializing libssh2, regardless of whether `libgssh2_init` signals success or an error. Fix this by checking its return code.
Edward Thomson 909d5494 2016-12-29T12:25:15 giterr_set: consistent error messages Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one
Edward Thomson b7809b84 2016-03-08T13:38:55 Merge pull request #3555 from cbargren/ssh-git-protocols Support for ssh+git and git+ssh protocols
Carlos Martín Nieto 22f3d3aa 2016-03-03T22:26:31 ssh: initialize libssh2 We should have been doing this, but it initializes itself upon first use, which works as long as nobody's doing concurrent network operations. Initialize it on our init to make sure it's not getting initialized concurrently.
Chris Bargren 4df17045 2015-12-28T07:43:24 Removing #define for SSH_PREFIX_COUNT and using ARRAY_SIZE instead Also moving var declarations to top of blocks to support bad old compilers
Michał Górny 02fdc2db 2015-12-26T17:17:05 ssh_stream_read(): fix possible *bytes_read < 0 branch Fix the possibility of returning successfully from ssh_stream_read() with *bytes_read < 0. This would occur if stdout channel read resulted in 0, and stderr channel read failed afterwards.
Chris Bargren ed21fd74 2015-12-22T10:38:31 Handle git+ssh:// and ssh+git:// protocols support
Max Leske 241414ee 2015-08-14T15:42:59 added a single line of additional error reporting from libssh2 when failing to retrieve the list of authentication methods
Simon ac728c24 2015-08-03T07:38:07 Handle ssh:// and git:// urls containing a '~' character. For such a path '/~/...' the leading '/' is stripped so the server will get a path starting with '~' and correctly handle it.
Edward Thomson 79698030 2015-06-29T22:51:18 git_cert: child types use proper base type
Carlos Martín Nieto 81be2f46 2015-06-09T16:01:29 ssh: move NULL check to the free function Let `ssh_stream_free()` take a NULL stream, as free functions should, and remove the check from the connection setup. The connection setup would not need the check anyhow, as we always have a stream by the time we reach this code.
Marius Ungureanu d71e3b25 2015-06-02T10:23:54 Change error when running out of ssh agent keys
Michał Górny 2629fc87 2015-05-24T22:33:55 cred: Check for null values when getting key from memory The public key field is optional and as such can take NULL. Account for that and do not call strlen() on NULL values. Also assert() for non-NULL values of username & private key.
David Calavera 7a8b8503 2015-03-17T09:19:15 Add support to read ssh keys from memory.
Carlos Martín Nieto 1396c381 2015-05-18T16:04:55 errors: add GIT_EEOF to indicate early EOF This can be used by tools to show mesages about failing to communicate with the server. The error message in this case will often contain the server's error message, as far as it managed to send anything.
Carlos Martín Nieto e3435673 2015-05-18T15:51:55 ssh: read from stderr if stdout is empty When we fail to read from stdout, it's typically because the URL was wrong and the server process has sent some output over its stderr output. Read that output and set the error message to whatever we read from it.
Leo Yang 142e5379 2015-03-17T12:49:33 Add a custom param to git_smart_subtransport_definition The smart transport has already take the payload param. For the sub transport a payload param is useful for the implementer.
Carlos Martín Nieto 4fd4341f 2014-11-02T10:52:03 ssh: use socket_stream to perform the connection Having an ssh stream would require extra work for stream capabilities we don't need anywhere else (oob auth and command execution) so for now let's move away from the gitno connection to use socket_stream. We can introduce an ssh stream interface if and as we need it.
Edward Thomson bc42479a 2014-10-13T15:43:03 Cleanup memory leak in ssh transport
Edward Thomson 369b0217 2014-10-13T13:34:15 Clean up various compiler warnings
Sven Strickroth e6e834a1 2014-09-18T12:23:07 Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth <email@cs-ware.de>
Carlos Martín Nieto 1e0aa105 2014-09-16T03:22:09 ssh: expose both hashes The user may have the data hashed as MD5 or SHA-1, so we should provide both types for consumption.
Carlos Martín Nieto 286369a8 2014-09-16T02:27:16 ssh: provide our own types for host key lengths Instead of using the libssh2 defines, provide our own, which eases usage as we do not need to check whether libgit2 was built with libssh2 or not.
Carlos Martín Nieto 0782fc43 2014-09-16T01:47:30 net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.
Carlos Martín Nieto 0fef3899 2014-09-16T01:25:53 Merge remote-tracking branch 'upstream/master' into cmn/host-cert-info
Carlos Martín Nieto 23ca0ad5 2014-08-29T21:25:13 Bring certificate check back to the normal return code Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.
Carlos Martín Nieto 2f5864c5 2014-08-29T21:15:36 ssh: do ssh cert info before asking for credentials We know the host's key as soon as we connect, so we should perform the check as soon as we can, before we bother with the user's credentials.
Carlos Martín Nieto 17491f6e 2014-08-29T17:18:23 transport: always call the certificate check callback We should let the user decide whether to cancel the connection or not regardless of whether our checks have decided that the certificate is fine. We provide our own assessment to the callback to let the user fall back to our checks if they so desire.
Carlos Martín Nieto ec1ce458 2014-08-10T17:06:53 http: send the DER-encoded cert to the callback Instead of the parsed data, we can ask OpenSSL to give us the DER-encoded version of the certificate, which the user can then parse and validate.
Carlos Martín Nieto 9b940586 2014-07-04T12:45:43 Provide a callback for certificate validation If the certificate validation fails (or always in the case of ssh), let the user decide whether to allow the connection. The data structure passed to the user is the native certificate information from the underlying implementation, namely OpenSSL or WinHTTP.
Carlos Martín Nieto 2dc399a8 2014-09-04T16:46:14 ssh: store error message immediately after a failed agent call When the call to the agent fails, we must retrieve the error message just after the function call, as other calls may overwrite it. As the agent authentication is the only one which has a teardown and there does not seem to be a way to get the error message from a stored error number, this tries to introduce some small changes to store the error from the agent. Clearing the error at the beginning of the loop lets us know whether the agent has already set the libgit2 error message and we should skip it, or if we should set it.
Carlos Martín Nieto 6a0d2b43 2014-08-27T15:09:07 Merge remote-tracking branch 'upstream/master' into cmn/ssh-retry
Jacques Germishuys 959a93e7 2014-07-13T11:50:49 Silence unused variables warnings
Vicent Marti 8baeb8a4 2014-07-16T13:03:34 ssh: Fix unused warning
Carlos Martín Nieto d4256ed5 2014-07-04T10:00:39 ssh: provide a factory function for setting ssh paths git allows you to set which paths to use for the git server programs when connecting over ssh; and we want to provide something similar. We do this by providing a factory function which can be set as the remote's transport callback which will set the given paths upon creation.
Jacques Germishuys ae241ae1 2014-07-03T20:20:00 Include libssh2.h before git2.h (transport.h)
Carlos Martín Nieto 0963716b 2014-07-02T12:49:51 ssh: libssh2_channel_write() behaves like send() When the stream writing function was written, it assume that libssh2_channel_write() would always write all of the data to the wire. This is only true for the first 32k of data, which it tries to fit into one ssh packet. Since it can perform short writes, call it in a loop like we do for send(), advancing the buffer offset.
Carlos Martín Nieto ccb85c8f 2014-06-25T16:27:43 ssh: make sure to ask for a username and use the same one In order to know which authentication methods are supported/allowed by the ssh server, we need to send a NONE auth request, which needs a username associated with it. Most ssh server implementations do not allow switching the username between authentication attempts, which means we cannot use a dummy username and then switch. There are two ways around this. The first is to use a different connection, which an earlier commit implements, but this increases how long it takes to get set up, and without knowing the right username, we cannot guarantee that the list we get in response is the right one. The second is what's implemented here: if there is no username specified in the url, ask for it first. We can then ask for the list of auth methods and use the user's credentials in the same connection.
Carlos Martín Nieto d7f962f4 2014-06-16T19:30:06 ssh: request credentials again on authentication failure Instead of completely giving up on the first failure, ask for credentials as long as we fail to authenticate.
Carlos Martín Nieto b529c5f9 2014-06-12T17:19:00 ssh: propagate the error code from the auth callback We need to be able to get a GIT_EUSER back through the outermost call.
Carlos Martín Nieto 22618906 2014-06-12T16:09:54 ssh: detect authentication methods Before calling the credentials callback, ask the sever which authentication methods it supports and report that to the user, instead of simply reporting everything that the transport supports. In case of an error, we do fall back to listing all of them.
Carlos Martín Nieto bc0a6198 2014-04-19T15:52:58 transports: allow the creds callback to say it doesn't exist Allow the credentials callback to return GIT_PASSTHROUGH to make the transports code behave as though none was set. This should make it easier for bindings to behave closer to the C code when there is no credentials callback set at their level.
Jacques Germishuys 478408c0 2014-04-17T23:03:44 Introduce git_cred_ssh_interactive_new() This allows for keyboard-interactive based SSH authentication
Jacques Germishuys 8ec0a552 2014-04-18T00:49:07 Make git_cred_ssh_custom_new() naming more consistent
Carlos Martín Nieto bd270b70 2014-04-18T17:08:10 cred: tighten username rules The ssh-specific credentials allow the username to be missing. The idea being that the ssh transport will then use the username provided in the url, if it's available. There are two main issues with this. The credential callback already knows what username was provided by the url and needs to figure out whether it wants to ask the user for it or it can reuse it, so passing NULL as the username means the credential callback is suspicious. The username provided in the url is not in fact used by the transport. The only time it even considers it is for the user/pass credential, which asserts the existence of a username in its constructor. For the ssh-specific ones, it passes in the username stored in the credential, which is NULL. The libssh2 macro we use runs strlen() against this value (which is no different from what we would be doing ourselves), so we then crash. As the documentation doesn't suggest to leave out the username, assert the need for a username in the code, which removes this buggy behavior and removes implicit state. git_cred_has_username() becomes a blacklist of credential types that do not have a username. The only one at the moment is the 'default' one, which is meant to call up some Microsoft magic.
Miha 300f4412 2014-02-25T11:56:11 - BUGFIX #2133 (@fourplusone) in smart_protocol.c - added MSVC cmake definitions to disable warnings - general.c is rewritten so it is ansi-c compatible and compiles ok on microsoft windows - some MSVC reported warning fixes
Alessandro Ghedini ee7040fd 2013-11-20T14:11:44 ssh: add support for ssh-agent authentication
Ben Straub ac72051a 2013-11-04T19:09:30 Fix ssh.c compile
Ben Straub c227c173 2013-11-04T11:42:14 Use http_parser_parse_url to parse urls
Ben Straub 048f837b 2013-10-31T13:30:22 Prevent another segfault from bad URL
Carlos Martín Nieto 70a8c78f 2013-10-23T12:08:54 Rename the ssh credentials The names from libssh2 are somewhat obtuse for us. We can simplify the usual key/passphrase credential's name, as well as make clearer what the custom signature function is.
Edward Thomson 2648dc1a 2013-10-21T11:03:31 Allowed credential types should be a bitfield
Etienne Samson eec4dcc3 2013-08-09T13:14:19 Whitespace.
Etienne Samson b622aabe 2013-08-09T13:14:06 Add a wrapper to provide the libssh2 error message
Isaac Kearse b345026b 2013-09-10T05:16:52 Test for repo before removing leading colon
Isaac Kearse fbabe855 2013-09-08T14:11:08 Trim leading colon from ssh repository path
Russell Belfer c87bf86c 2013-08-14T10:58:02 Commit 7affc2f7 removed var initialization That commit accidentally removed the initialization of the "start" variable giving undefined results for the host extraction from the url input.
Carlos Martín Nieto 7affc2f7 2013-08-11T23:30:47 Include username in each credential type Key-based authentication also needs an username, so include it in each one. Also stop assuming a default username of "git" in the ssh transport which has no business making such a decision.
Russell Belfer c2de6b1a 2013-07-10T10:21:24 Bring SSH error reporting up to base standards The SSH error checking and reporting could still be further improved by using the libssh2 native methods to get error info, but at least this ensures that all error codes are checked and translated into libgit2 error messages.
Russell Belfer 68bc49a1 2013-07-10T09:20:46 Merge branch 'ssh-cred-fix' of tiennou/libgit2 Conflicts: src/transports/ssh.c
Etienne Samson 08bf80fa 2013-07-10T10:29:32 Tab indent.
Etienne Samson 367c1903 2013-07-10T10:29:09 Add some missing error messages.
Russell Belfer a3c062db 2013-07-09T09:58:33 Make SSH APIs present even without SSH support The SSH APIs will just return an error code and state that the library was built without SSH support if they are called in that case.
Etienne Samson 219f318c 2013-07-03T22:02:29 Fix a crash if git_remote_set_cred_acquire_cb wasn't called before connecting. Fixes #1700.
Etienne Samson f6bd0863 2013-07-03T22:02:44 Fix a probable leak.
Brad Morgan 84ac625d 2013-05-15T12:51:40 Added GITERR_CHECK_ALLOC
Brad Morgan b54ed3ef 2013-05-15T12:41:16 Added error check
Brad Morgan 22011b33 2013-05-15T12:38:40 Cleanup
Brad Morgan ce6d50b9 2013-05-09T17:37:42 Changed to use libssh2_channel_exec
Brad Morgan 05f58131 2013-05-09T17:36:27 Renaming