src/transports/winhttp.c


Log

Author Commit Date CI Message
Edward Thomson f0e693b1 2021-09-07T17:53:49 str: introduce `git_str` for internal, `git_buf` is external libgit2 has two distinct requirements that were previously solved by `git_buf`. We require: 1. A general purpose string class that provides a number of utility APIs for manipulating data (eg, concatenating, truncating, etc). 2. A structure that we can use to return strings to callers that they can take ownership of. By using a single class (`git_buf`) for both of these purposes, we have confused the API to the point that refactorings are difficult and reasoning about correctness is also difficult. Move the utility class `git_buf` to be called `git_str`: this represents its general purpose, as an internal string buffer class. The name also is an homage to Junio Hamano ("gitstr"). The public API remains `git_buf`, and has a much smaller footprint. It is generally only used as an "out" param with strict requirements that follow the documentation. (Exceptions exist for some legacy APIs to avoid breaking callers unnecessarily.) Utility functions exist to convert a user-specified `git_buf` to a `git_str` so that we can call internal functions, then converting it back again.
punkymaniac 379c4646 2021-09-09T19:49:04 Fix coding style for pointer Make some syntax change to follow coding style.
Edward Thomson 3c0f14cc 2021-09-01T20:34:28 remote: refactor proxy detection Update the proxy detection for a remote. 1. Honor `http.<url>.proxy` syntax for a remote's direct URL and parent URLs. 2. Honor an empty configuration URL to override a proxy configuration. Add tests to ensure that configuration specificity is honored.
Mathieu Parent e5a32774 2021-02-11T22:53:16 Add NO_PROXY env support Item 2 of 3 from #4164 Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Edward Thomson 9937967e 2021-08-29T21:29:14 Merge branch 'main' into http-use-eauth
Jacques Germishuys a2cd10e5 2021-06-26T18:52:21 define WINHTTP_NO_CLIENT_CERT_CONTEXT if needed
Edward Thomson b31795ef 2021-05-06T01:46:19 test: clean up memory leaks
Ian Hattendorf edffea15 2021-03-01T16:26:58 winhttp: skip certificate check if unable to send request In some circumstances (e.g. when proxies are involved), winhttp will fail to reach the WINHTTP_CALLBACK_STATUS_SENDING_REQUEST phase. If this occurs, we'll error with ERROR_WINHTTP_INCORRECT_HANDLE_STATE when attempting to query the server certificate context (see https://docs.microsoft.com/en-us/windows/win32/api/winhttp/nf-winhttp-winhttpsendrequest#remarks). To avoid this, verify that WinHttpSendRequest has reached the WINHTTP_CALLBACK_STATUS_SENDING_REQUEST phase before checking the certificate. Since we're using WinHTTP in synchronous mode, we know for sure that once WinHttpSendRequest returns we've either sent it successfully or not. NOTE: WINHTTP_CALLBACK_STATUS_SENDING_REQUEST appears to be deprecated with no direct replacement. WINHTTP_CALLBACK_STATUS_SENDREQUEST_COMPLETE is only available in async mode, and there doesn't appear to be a method of querying this flag outside of the status callback.
Aaron Franke 7efddeb7 2021-02-15T15:47:28 Fix some typos
Edward Thomson b7ffc63b 2020-12-17T18:38:01 winhttp: handle ipv6 addresses
Edward Thomson 86a1cdd3 2020-12-13T13:44:56 Merge pull request #5384 from ianhattendorf/fix/winhttp-client-cert winhttp: support optional client cert
Edward Thomson 4f5f1127 2020-11-22T00:01:09 transports: use GIT_ASSERT
Edward Thomson e316b0d3 2020-05-15T11:47:09 runtime: move init/shutdown into the "runtime" Provide a mechanism for system components to register for initialization and shutdown of the libgit2 runtime.
Patrick Steinhardt 9e81711b 2020-09-18T10:31:50 Merge pull request #5632 from csware/winhttp_typo Fix typo: Make ifndef macroname the same as the define name
Sven Strickroth 797535b6 2020-09-12T00:14:41 WinHTTP: Try to use TLS1.3 Signed-off-by: Sven Strickroth <email@cs-ware.de>
Sven Strickroth 621e501c 2020-09-10T10:32:02 Fix typo: Make ifndef macroname the same as the define name Signed-off-by: Sven Strickroth <email@cs-ware.de>
Ian Hattendorf 6a10b802 2020-06-24T08:53:46 winhttp: clarify invalid cert case
Josh Bleecher Snyder 216165ec 2020-02-07T10:06:28 transports: use GIT_EAUTH for authentication failures When the failure is clearly an auth failure (as opposed to possibly an auth failure), use the error code GIT_EAUTH instead of GIT_ERROR. While we're here, fix a typo and improve an error message. Fixes #5389.
Ian Hattendorf 1697e90f 2020-02-06T09:22:46 winhttp: variable and switch case scoping
Ian Hattendorf 5b2cd755 2020-02-03T16:24:02 winhttp: support optional client cert
Edward Thomson 3f54ba8b 2020-01-18T13:51:40 credential: change git_cred to git_credential We avoid abbreviations where possible; rename git_cred to git_credential. In addition, we have standardized on a trailing `_t` for enum types, instead of using "type" in the name. So `git_credtype_t` has become `git_credential_t` and its members have become `GIT_CREDENTIAL` instead of `GIT_CREDTYPE`. Finally, the source and header files have been renamed to `credential` instead of `cred`. Keep previous name and values as deprecated, and include the new header files from the previous ones.
Edward Thomson e9cef7c4 2020-01-11T23:53:45 http: introduce GIT_ERROR_HTTP Disambiguate between general network problems and HTTP problems in error codes.
Edward Thomson 7372573b 2019-10-25T12:22:10 httpclient: support expect/continue Allow users to opt-in to expect/continue handling when sending a POST and we're authenticated with a "connection-based" authentication mechanism like NTLM or Negotiate. If the response is a 100, return to the caller (to allow them to post their body). If the response is *not* a 100, buffer the response for the caller. HTTP expect/continue is generally safe, but some legacy servers have not implemented it correctly. Require it to be opt-in.
Edward Thomson 471daeea 2019-12-01T14:00:49 net: refactor gitno redirect handling Move the redirect handling into `git_net_url` for consistency.
Edward Thomson a194e17f 2019-11-27T18:43:36 winhttp: refactor request sending Clarify what it means to not send a length; this allows us to refactor requests further.
Josh Bleecher Snyder 05c1fb8a 2019-12-06T11:04:40 http: avoid generating double slashes in url Prior to this change, given a remote url with a trailing slash, such as http://localhost/a/, service requests would contain a double slash: http://localhost/a//info/refs?service=git-receive-pack. Detect and prevent that. Updates #5321
pcpthm 3f998aee 2019-10-26T17:21:29 Follow 308 redirect in WinHTTP transport
Etienne Samson 8bf0f7eb 2019-09-09T13:00:27 cred: separate public interface from low-level details
Patrick Steinhardt c2dd895a 2019-08-08T10:47:29 transports: http: check for memory allocation failures When allocating a chunk that is used to write to HTTP streams, we do not check for memory allocation errors. This may lead us to write to a `NULL` pointer and thus cause a segfault. Fix this by adding a call to `GIT_ERROR_CHECK_ALLOC`.
Edward Thomson 3cd123e9 2019-06-15T21:56:53 win32: define DWORD_MAX if it's not defined MinGW does not define DWORD_MAX. Specify it when it's not defined.
Edward Thomson d93b0aa0 2019-06-15T21:47:40 win32: decorate unused parameters
Edward Thomson 8048ba70 2019-05-21T14:18:40 winhttp: safely cast length to DWORD
Edward Thomson 3d11b6c5 2019-03-11T20:36:09 winhttp: support default credentials for proxies We did not properly support default credentials for proxies, only for destination servers. Refactor the credential handling to support sending either username/password _or_ default credentials to either the proxy or the destination server. This actually shares the authentication logic between proxy servers and destination servers. Due to copy/pasta drift over time, they had diverged. Now they share a common logic which is: first, use credentials specified in the URL (if there were any), treating empty username and password (ie, "http://:@foo.com/") as default credentials, for compatibility with git. Next, call the credential callbacks. Finally, fallback to WinHTTP compatibility layers using built-in authentication like we always have. Allowing default credentials for proxies requires moving the security level downgrade into the credential setting routines themselves. We will update our security level to "high" by default which means that we will never send default credentials without prompting. (A lower setting, like the WinHTTP default of "medium" would allow WinHTTP to handle credentials for us, despite what a user may have requested with their structures.) Now we start with "high" and downgrade to "low" only after a user has explicitly requested default credentials.
Edward Thomson c6ab183e 2019-03-11T11:43:08 net: rename gitno_connection_data to git_net_url "Connection data" is an imprecise and largely incorrect name; these structures are actually parsed URLs. Provide a parser that takes a URL string and produces a URL structure (if it is valid). Separate the HTTP redirect handling logic from URL parsing, keeping a `gitno_connection_data_handle_redirect` whose only job is redirect handling logic and does not parse URLs itself.
Sven Strickroth bff7aed2 2019-01-24T16:44:04 Don't use deprecated constants Follow up for PR #4917. Signed-off-by: Sven Strickroth <email@cs-ware.de>
Edward Thomson f673e232 2018-12-27T13:47:34 git_error: use new names in internal APIs and usage Move to the `git_error` name in the internal API for error-related functions.
lhchavez 321d19c1 2019-01-06T08:36:06 Windows is hard.
lhchavez 7b453e7e 2019-01-05T22:12:48 Fix a bunch of warnings This change fixes a bunch of warnings that were discovered by compiling with `clang -target=i386-pc-linux-gnu`. It turned out that the intrinsics were not necessarily being used in all platforms! Especially in GCC, since it does not support __has_builtin. Some more warnings were gleaned from the Windows build, but I stopped when I saw that some third-party dependencies (e.g. zlib) have warnings of their own, so we might never be able to enable -Werror there.
Edward Thomson 6af8572c 2018-10-22T11:29:01 http transport: cap number of authentication replays Put a limit on the number of authentication replays in the HTTP transport. Standardize on 7 replays for authentication or redirects, which matches the behavior of the WinHTTP transport.
Edward Thomson a2e6e0ea 2018-11-06T14:15:43 transport: allow cred/cert callbacks to return GIT_PASSTHROUGH Allow credential and certificate checking callbacks to return GIT_PASSTHROUGH, indicating that they do not want to act. Introduce this to support in both the http and ssh callbacks. Additionally, enable the same mechanism for certificate validation. This is most useful to disambiguate any meaning in the publicly exposed credential and certificate functions (`git_transport_smart_credentials` and `git_transport_smart_certificate_check`) but it may be more generally useful for callers to be able to defer back to libgit2.
Patrick Steinhardt 2613fbb2 2018-10-18T11:58:14 global: replace remaining use of `git__strtol32` Replace remaining uses of the `git__strtol32` function. While these uses are all safe as the strings were either sanitized or from a trusted source, we want to remove `git__strtol32` altogether to avoid future misuse.
Edward Thomson ba55592f 2018-08-02T20:34:56 Merge pull request #4743 from Agent00Log/dev/winbugfixes Windows: default credentials / fallback credential handling
Henning Schaffaf ccbffbae 2018-07-30T13:39:21 Only unitialize if the call to CoInitializeEx was successful
Henning Schaffaf 8c21cb5c 2018-07-26T09:52:32 Fix fallback credentials: The call to CoInitializeEx fails if it was previously been set to a different mode.
Henning Schaffaf c9dc30ff 2018-07-26T09:52:21 Fix default credentials: The WinHttpSetCredentials auth scheme must only be one of the supported schemes.
Edward Thomson dc371e3c 2018-07-20T08:20:48 winhttp: retry erroneously failing requests Early Windows TLS 1.2 implementations have an issue during key exchange with OpenSSL implementations that cause negotiation to fail with the error "the buffer supplied to a function was too small." This is a transient error on the connection, so when that error is received, retry up to 5 times to create a connection to the remote server before actually giving up.
Patrick Steinhardt ecf4f33a 2018-02-08T11:14:48 Convert usage of `git_buf_free` to new `git_buf_dispose`
Edward Thomson 5ecb6220 2018-02-25T15:46:51 winhttp: enable TLS 1.2 on Windows 7 and earlier Versions of Windows prior to Windows 8 do not enable TLS 1.2 by default, though support may exist. Try to enable TLS 1.2 support explicitly on connections. This request may fail if the operating system does not have TLS 1.2 support - the initial release of Vista lacks TLS 1.2 support (though it is available as a software update) and XP completely lacks TLS 1.2 support. If this request does fail, the HTTP context is still valid, and still maintains the original protocol support. So we ignore the failure from this operation.
Edward Thomson 934e6a3b 2018-02-27T11:24:30 winhttp: include constants for TLS 1.1/1.2 support For platforms that do not define `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and/or `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2`.
Edward Thomson 8c8db980 2018-02-27T10:32:29 mingw: update TLS option flags Include the constants for `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2` so that they can be used by mingw. This updates both the `deps/winhttp` framework (for classic mingw) and adds the defines for mingw64, which does not use that framework.
Edward Thomson ee6be190 2018-01-31T08:36:19 http: standardize user-agent addition The winhttp and posix http each need to add the user-agent to their requests. Standardize on a single function to include this so that we do not get the version numbers we're sending out of sync. Assemble the complete user agent in `git_http__user_agent`, returning assembled strings. Co-authored-by: Patrick Steinhardt <ps@pks.im>
Edward Thomson 526dea1c 2017-12-29T17:41:24 winhttp: properly support ntlm and negotiate When parsing unauthorized responses, properly parse headers looking for both NTLM and Negotiate challenges. Set the HTTP credentials to default credentials (using a `NULL` username and password) with the schemes supported by ourselves and the server.
Etienne Samson 38eaa7ab 2017-11-24T12:28:19 winhttp: pass the same payload as ssh & http transports when checking certificates
Patrick Steinhardt 0c7f49dd 2017-06-30T13:39:01 Make sure to always include "common.h" first Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.
Patrick Steinhardt 97eb5ef0 2017-06-07T10:05:54 buffer: rely on `GITERR_OOM` set by `git_buf_try_grow` The function `git_buf_try_grow` consistently calls `giterr_set_oom` whenever growing the buffer fails due to insufficient memory being available. So in fact, we do not have to do this ourselves when a call to any buffer-growing function has failed due to an OOM situation. But we still do so in two functions, which this patch cleans up.
Patrick Steinhardt b65a5e9b 2017-03-01T07:58:40 winhttp: disambiguate error messages when sending requests
Christopher Bargren 1e929eb5 2017-02-06T11:00:06 Pass proxy options payload to credentials callback
Chris Bargren fa2dfcf9 2017-02-01T09:28:30 Fix digest credentials for proxy in windows
Edward Thomson 1910a04a 2016-12-30T12:42:42 winhttp: set proper cert failure error messages Set up a WinHTTP status callback; inspect the WinHTTP status for WINHTTP_CALLBACK_STATUS_SECURE_FAILURE, and convert the status code to a useful message for callers.
Edward Thomson 4e4a1460 2016-12-30T12:13:34 WinHTTP: support best auth mechanism For username/password credentials, support NTLM or Basic (in that order of priority). Use the WinHTTP built-in authentication support for both, and maintain a bitfield of the supported mechanisms from the response.
Edward Thomson 909d5494 2016-12-29T12:25:15 giterr_set: consistent error messages Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one
Patrick Steinhardt 43c55111 2016-06-07T14:14:07 winhttp: plug several memory leaks
Carlos Martín Nieto 0d72f67f 2016-03-14T17:36:04 proxy: don't specify the protocol in the type We leave this up to the scheme in the url field. The type should only tell us about whether we want a proxy and whether we want to auto-detect it.
Carlos Martín Nieto bf6f7ad2 2015-09-30T17:42:53 winhttp: correctly detect HTTPS usage
Carlos Martín Nieto 22e6aa0d 2015-09-23T04:39:05 proxy: don't require the trailing slash on WinHTTP The path is not something that you use for proxies, so make use of the new optionality of the path when extracting URL parts.
Carlos Martín Nieto 07bd3e57 2015-05-07T12:57:56 proxy: ask the user for credentials if necessary
Carlos Martín Nieto a4cba9d4 2016-03-03T10:48:24 winhttp: retry authentication If the caller has provided bad authentication, give them another apportunity to get it right until they give up. This brings WinHTTP in line with the other transports.
Edward Thomson 9ce0399c 2016-02-12T10:27:05 winhttp: use an unsigned iterator
Edward Thomson 5c7f2f01 2016-01-19T11:13:23 winhttp: name mangle class / iid on mingw Standard Windows type systems define CLSID_InternetSecurityManager and IID_IInternetSecurityManager, but MinGW lacks these definitions. As a result, we must hardcode these definitions ourselves. However, we should not use a public struct with those names, lest another library do the same thing and consumers cannot link to both.
Chris Hescock efd9ab56 2015-11-20T11:26:26 Treat GIT_PASSTHROUGH as though git_cred_acquire_cb isn't set.
Carlos Martín Nieto 1411cb9e 2015-10-02T03:57:14 winhttp: use a custom user-agent if the user has set it We also keep the "git/1.0" prefix in order to maintain compatibility with hosters.
Matt Burke d7375662 2015-09-25T10:16:16 Copy custom_headers insteach of referencing the caller's copy
Matt Burke 35969c68 2015-09-10T08:58:23 Ignore NULL headers
Matt Burke c82c2ba6 2015-09-08T14:17:59 o i
Matt Burke 80ee2543 2015-09-08T13:38:22 Teach winhttp about the extra headers
Edward Thomson 79698030 2015-06-29T22:51:18 git_cert: child types use proper base type
Edward Thomson 0305721c 2015-06-30T14:23:41 winhttp: remove unused var
Edward Thomson c5e07187 2015-03-24T14:03:51 Merge pull request #2990 from leoyanggit/custom_param Add a custom param to git_smart_subtransport_definition
Tony Kelman b631e0d9 2015-03-19T07:25:25 Use swprintf_s everywhere except mingw.org
Leo Yang 142e5379 2015-03-17T12:49:33 Add a custom param to git_smart_subtransport_definition The smart transport has already take the payload param. For the sub transport a payload param is useful for the implementer.
Alex Crichton 3066026b 2014-08-26T11:18:33 Fix build on mingw-w64
Philip Kelley 8f426d7d 2014-06-09T11:43:25 Win32: Enable WinHTTP for MinGW
Edward Thomson 392702ee 2015-02-09T23:41:13 allocations: test for overflow of requested size Introduce some helper macros to test integer overflow from arithmetic and set error message appropriately.
Edward Thomson ad2bf40a 2014-12-08T17:31:34 winhttp: plug some leaks
Edward Thomson 70d21742 2014-12-03T00:41:46 win32: clear connection data on close
Sven Strickroth 334a0696 2014-10-26T17:36:14 Minor cleanup: Use defined no_check_cert_flags instead of C&P them again Signed-off-by: Sven Strickroth <email@cs-ware.de>
Sven Strickroth e6e834a1 2014-09-18T12:23:07 Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth <email@cs-ware.de>
Carlos Martín Nieto 4fe5b771 2014-09-16T13:35:36 winhttp: get rid of the cert ignore flag This brings us back in line with the other transports.
Carlos Martín Nieto 0782fc43 2014-09-16T01:47:30 net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.
Carlos Martín Nieto 7c8acc54 2014-08-30T14:26:57 winhttp: set ignore security flags on user command If the user returns 0 from the certificate check and we had certificate issues, set the options to ignore certificate errors and resend the request.
Carlos Martín Nieto 67c84e06 2014-08-30T14:04:57 winhttp: bring together request sending We need to call WinHttpSendRequest() in three different places. Unify all in a single function to have a single place for the certificate check.
Carlos Martín Nieto 5f2cf732 2014-08-30T13:12:33 winhttp: only do certificate check for SSL If we're not using SSL, don't call the user's certificate check callback.
Carlos Martín Nieto 08545d36 2014-08-30T00:40:37 winhttp: credential check on successful connect On successful connection, still ask the user whether they accept the server's certificate, indicating that WinHTTP would let it though.
Vicent Marti 69db8934 2014-08-27T19:19:55 Merge pull request #2538 from libgit2/ntk/propagate_url_parsing_error winhttp: Prevent swallowing of url parsing error
nulltoken f0c53d21 2014-08-27T10:28:46 winhttp: Prevent swallowing of url parsing error
Rafal Nowosielski 86d0a53c 2014-08-27T01:30:47 Set timeout on remote (WinHTTP) should return error in case of failure. Connection timeout set to 1 minute. Read/Write timeout remains set to infinite #2147
Rafal Nowosielski 2db71194 2014-07-24T04:15:24 Set timeout on remote (WinHTTP) to infinite #2147
Edward Thomson e003f83a 2014-07-31T15:14:56 Introduce git_buf_decode_base64 Decode base64-encoded text into a git_buf
Jacques Germishuys d07fd442 2014-07-12T14:37:39 Define WINHTTP_IGNORE_REQUEST_TOTAL_LENGTH if not defined
Jacques Germishuys c983604e 2014-07-12T14:44:21 Consistently use p_snprintf