src/transports/winhttp.c


Log

Author Commit Date CI Message
Etienne Samson 8bf0f7eb 2019-09-09T13:00:27 cred: separate public interface from low-level details
Patrick Steinhardt c2dd895a 2019-08-08T10:47:29 transports: http: check for memory allocation failures When allocating a chunk that is used to write to HTTP streams, we do not check for memory allocation errors. This may lead us to write to a `NULL` pointer and thus cause a segfault. Fix this by adding a call to `GIT_ERROR_CHECK_ALLOC`.
Edward Thomson 3cd123e9 2019-06-15T21:56:53 win32: define DWORD_MAX if it's not defined MinGW does not define DWORD_MAX. Specify it when it's not defined.
Edward Thomson d93b0aa0 2019-06-15T21:47:40 win32: decorate unused parameters
Edward Thomson 8048ba70 2019-05-21T14:18:40 winhttp: safely cast length to DWORD
Edward Thomson 3d11b6c5 2019-03-11T20:36:09 winhttp: support default credentials for proxies We did not properly support default credentials for proxies, only for destination servers. Refactor the credential handling to support sending either username/password _or_ default credentials to either the proxy or the destination server. This actually shares the authentication logic between proxy servers and destination servers. Due to copy/pasta drift over time, they had diverged. Now they share a common logic which is: first, use credentials specified in the URL (if there were any), treating empty username and password (ie, "http://:@foo.com/") as default credentials, for compatibility with git. Next, call the credential callbacks. Finally, fallback to WinHTTP compatibility layers using built-in authentication like we always have. Allowing default credentials for proxies requires moving the security level downgrade into the credential setting routines themselves. We will update our security level to "high" by default which means that we will never send default credentials without prompting. (A lower setting, like the WinHTTP default of "medium" would allow WinHTTP to handle credentials for us, despite what a user may have requested with their structures.) Now we start with "high" and downgrade to "low" only after a user has explicitly requested default credentials.
Edward Thomson c6ab183e 2019-03-11T11:43:08 net: rename gitno_connection_data to git_net_url "Connection data" is an imprecise and largely incorrect name; these structures are actually parsed URLs. Provide a parser that takes a URL string and produces a URL structure (if it is valid). Separate the HTTP redirect handling logic from URL parsing, keeping a `gitno_connection_data_handle_redirect` whose only job is redirect handling logic and does not parse URLs itself.
Sven Strickroth bff7aed2 2019-01-24T16:44:04 Don't use deprecated constants Follow up for PR #4917. Signed-off-by: Sven Strickroth <email@cs-ware.de>
Edward Thomson f673e232 2018-12-27T13:47:34 git_error: use new names in internal APIs and usage Move to the `git_error` name in the internal API for error-related functions.
lhchavez 321d19c1 2019-01-06T08:36:06 Windows is hard.
lhchavez 7b453e7e 2019-01-05T22:12:48 Fix a bunch of warnings This change fixes a bunch of warnings that were discovered by compiling with `clang -target=i386-pc-linux-gnu`. It turned out that the intrinsics were not necessarily being used in all platforms! Especially in GCC, since it does not support __has_builtin. Some more warnings were gleaned from the Windows build, but I stopped when I saw that some third-party dependencies (e.g. zlib) have warnings of their own, so we might never be able to enable -Werror there.
Edward Thomson 6af8572c 2018-10-22T11:29:01 http transport: cap number of authentication replays Put a limit on the number of authentication replays in the HTTP transport. Standardize on 7 replays for authentication or redirects, which matches the behavior of the WinHTTP transport.
Edward Thomson a2e6e0ea 2018-11-06T14:15:43 transport: allow cred/cert callbacks to return GIT_PASSTHROUGH Allow credential and certificate checking callbacks to return GIT_PASSTHROUGH, indicating that they do not want to act. Introduce this to support in both the http and ssh callbacks. Additionally, enable the same mechanism for certificate validation. This is most useful to disambiguate any meaning in the publicly exposed credential and certificate functions (`git_transport_smart_credentials` and `git_transport_smart_certificate_check`) but it may be more generally useful for callers to be able to defer back to libgit2.
Patrick Steinhardt 2613fbb2 2018-10-18T11:58:14 global: replace remaining use of `git__strtol32` Replace remaining uses of the `git__strtol32` function. While these uses are all safe as the strings were either sanitized or from a trusted source, we want to remove `git__strtol32` altogether to avoid future misuse.
Edward Thomson ba55592f 2018-08-02T20:34:56 Merge pull request #4743 from Agent00Log/dev/winbugfixes Windows: default credentials / fallback credential handling
Henning Schaffaf ccbffbae 2018-07-30T13:39:21 Only unitialize if the call to CoInitializeEx was successful
Henning Schaffaf 8c21cb5c 2018-07-26T09:52:32 Fix fallback credentials: The call to CoInitializeEx fails if it was previously been set to a different mode.
Henning Schaffaf c9dc30ff 2018-07-26T09:52:21 Fix default credentials: The WinHttpSetCredentials auth scheme must only be one of the supported schemes.
Edward Thomson dc371e3c 2018-07-20T08:20:48 winhttp: retry erroneously failing requests Early Windows TLS 1.2 implementations have an issue during key exchange with OpenSSL implementations that cause negotiation to fail with the error "the buffer supplied to a function was too small." This is a transient error on the connection, so when that error is received, retry up to 5 times to create a connection to the remote server before actually giving up.
Patrick Steinhardt ecf4f33a 2018-02-08T11:14:48 Convert usage of `git_buf_free` to new `git_buf_dispose`
Edward Thomson 5ecb6220 2018-02-25T15:46:51 winhttp: enable TLS 1.2 on Windows 7 and earlier Versions of Windows prior to Windows 8 do not enable TLS 1.2 by default, though support may exist. Try to enable TLS 1.2 support explicitly on connections. This request may fail if the operating system does not have TLS 1.2 support - the initial release of Vista lacks TLS 1.2 support (though it is available as a software update) and XP completely lacks TLS 1.2 support. If this request does fail, the HTTP context is still valid, and still maintains the original protocol support. So we ignore the failure from this operation.
Edward Thomson 934e6a3b 2018-02-27T11:24:30 winhttp: include constants for TLS 1.1/1.2 support For platforms that do not define `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and/or `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2`.
Edward Thomson 8c8db980 2018-02-27T10:32:29 mingw: update TLS option flags Include the constants for `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2` so that they can be used by mingw. This updates both the `deps/winhttp` framework (for classic mingw) and adds the defines for mingw64, which does not use that framework.
Edward Thomson ee6be190 2018-01-31T08:36:19 http: standardize user-agent addition The winhttp and posix http each need to add the user-agent to their requests. Standardize on a single function to include this so that we do not get the version numbers we're sending out of sync. Assemble the complete user agent in `git_http__user_agent`, returning assembled strings. Co-authored-by: Patrick Steinhardt <ps@pks.im>
Edward Thomson 526dea1c 2017-12-29T17:41:24 winhttp: properly support ntlm and negotiate When parsing unauthorized responses, properly parse headers looking for both NTLM and Negotiate challenges. Set the HTTP credentials to default credentials (using a `NULL` username and password) with the schemes supported by ourselves and the server.
Etienne Samson 38eaa7ab 2017-11-24T12:28:19 winhttp: pass the same payload as ssh & http transports when checking certificates
Patrick Steinhardt 0c7f49dd 2017-06-30T13:39:01 Make sure to always include "common.h" first Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.
Patrick Steinhardt 97eb5ef0 2017-06-07T10:05:54 buffer: rely on `GITERR_OOM` set by `git_buf_try_grow` The function `git_buf_try_grow` consistently calls `giterr_set_oom` whenever growing the buffer fails due to insufficient memory being available. So in fact, we do not have to do this ourselves when a call to any buffer-growing function has failed due to an OOM situation. But we still do so in two functions, which this patch cleans up.
Patrick Steinhardt b65a5e9b 2017-03-01T07:58:40 winhttp: disambiguate error messages when sending requests
Christopher Bargren 1e929eb5 2017-02-06T11:00:06 Pass proxy options payload to credentials callback
Chris Bargren fa2dfcf9 2017-02-01T09:28:30 Fix digest credentials for proxy in windows
Edward Thomson 1910a04a 2016-12-30T12:42:42 winhttp: set proper cert failure error messages Set up a WinHTTP status callback; inspect the WinHTTP status for WINHTTP_CALLBACK_STATUS_SECURE_FAILURE, and convert the status code to a useful message for callers.
Edward Thomson 4e4a1460 2016-12-30T12:13:34 WinHTTP: support best auth mechanism For username/password credentials, support NTLM or Basic (in that order of priority). Use the WinHTTP built-in authentication support for both, and maintain a bitfield of the supported mechanisms from the response.
Edward Thomson 909d5494 2016-12-29T12:25:15 giterr_set: consistent error messages Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one
Patrick Steinhardt 43c55111 2016-06-07T14:14:07 winhttp: plug several memory leaks
Carlos Martín Nieto 0d72f67f 2016-03-14T17:36:04 proxy: don't specify the protocol in the type We leave this up to the scheme in the url field. The type should only tell us about whether we want a proxy and whether we want to auto-detect it.
Carlos Martín Nieto bf6f7ad2 2015-09-30T17:42:53 winhttp: correctly detect HTTPS usage
Carlos Martín Nieto 22e6aa0d 2015-09-23T04:39:05 proxy: don't require the trailing slash on WinHTTP The path is not something that you use for proxies, so make use of the new optionality of the path when extracting URL parts.
Carlos Martín Nieto 07bd3e57 2015-05-07T12:57:56 proxy: ask the user for credentials if necessary
Carlos Martín Nieto a4cba9d4 2016-03-03T10:48:24 winhttp: retry authentication If the caller has provided bad authentication, give them another apportunity to get it right until they give up. This brings WinHTTP in line with the other transports.
Edward Thomson 9ce0399c 2016-02-12T10:27:05 winhttp: use an unsigned iterator
Edward Thomson 5c7f2f01 2016-01-19T11:13:23 winhttp: name mangle class / iid on mingw Standard Windows type systems define CLSID_InternetSecurityManager and IID_IInternetSecurityManager, but MinGW lacks these definitions. As a result, we must hardcode these definitions ourselves. However, we should not use a public struct with those names, lest another library do the same thing and consumers cannot link to both.
Chris Hescock efd9ab56 2015-11-20T11:26:26 Treat GIT_PASSTHROUGH as though git_cred_acquire_cb isn't set.
Carlos Martín Nieto 1411cb9e 2015-10-02T03:57:14 winhttp: use a custom user-agent if the user has set it We also keep the "git/1.0" prefix in order to maintain compatibility with hosters.
Matt Burke d7375662 2015-09-25T10:16:16 Copy custom_headers insteach of referencing the caller's copy
Matt Burke 35969c68 2015-09-10T08:58:23 Ignore NULL headers
Matt Burke c82c2ba6 2015-09-08T14:17:59 o i
Matt Burke 80ee2543 2015-09-08T13:38:22 Teach winhttp about the extra headers
Edward Thomson 79698030 2015-06-29T22:51:18 git_cert: child types use proper base type
Edward Thomson 0305721c 2015-06-30T14:23:41 winhttp: remove unused var
Edward Thomson c5e07187 2015-03-24T14:03:51 Merge pull request #2990 from leoyanggit/custom_param Add a custom param to git_smart_subtransport_definition
Tony Kelman b631e0d9 2015-03-19T07:25:25 Use swprintf_s everywhere except mingw.org
Leo Yang 142e5379 2015-03-17T12:49:33 Add a custom param to git_smart_subtransport_definition The smart transport has already take the payload param. For the sub transport a payload param is useful for the implementer.
Alex Crichton 3066026b 2014-08-26T11:18:33 Fix build on mingw-w64
Philip Kelley 8f426d7d 2014-06-09T11:43:25 Win32: Enable WinHTTP for MinGW
Edward Thomson 392702ee 2015-02-09T23:41:13 allocations: test for overflow of requested size Introduce some helper macros to test integer overflow from arithmetic and set error message appropriately.
Edward Thomson ad2bf40a 2014-12-08T17:31:34 winhttp: plug some leaks
Edward Thomson 70d21742 2014-12-03T00:41:46 win32: clear connection data on close
Sven Strickroth 334a0696 2014-10-26T17:36:14 Minor cleanup: Use defined no_check_cert_flags instead of C&P them again Signed-off-by: Sven Strickroth <email@cs-ware.de>
Sven Strickroth e6e834a1 2014-09-18T12:23:07 Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth <email@cs-ware.de>
Carlos Martín Nieto 4fe5b771 2014-09-16T13:35:36 winhttp: get rid of the cert ignore flag This brings us back in line with the other transports.
Carlos Martín Nieto 0782fc43 2014-09-16T01:47:30 net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.
Carlos Martín Nieto 7c8acc54 2014-08-30T14:26:57 winhttp: set ignore security flags on user command If the user returns 0 from the certificate check and we had certificate issues, set the options to ignore certificate errors and resend the request.
Carlos Martín Nieto 67c84e06 2014-08-30T14:04:57 winhttp: bring together request sending We need to call WinHttpSendRequest() in three different places. Unify all in a single function to have a single place for the certificate check.
Carlos Martín Nieto 5f2cf732 2014-08-30T13:12:33 winhttp: only do certificate check for SSL If we're not using SSL, don't call the user's certificate check callback.
Carlos Martín Nieto 08545d36 2014-08-30T00:40:37 winhttp: credential check on successful connect On successful connection, still ask the user whether they accept the server's certificate, indicating that WinHTTP would let it though.
Vicent Marti 69db8934 2014-08-27T19:19:55 Merge pull request #2538 from libgit2/ntk/propagate_url_parsing_error winhttp: Prevent swallowing of url parsing error
nulltoken f0c53d21 2014-08-27T10:28:46 winhttp: Prevent swallowing of url parsing error
Rafal Nowosielski 86d0a53c 2014-08-27T01:30:47 Set timeout on remote (WinHTTP) should return error in case of failure. Connection timeout set to 1 minute. Read/Write timeout remains set to infinite #2147
Rafal Nowosielski 2db71194 2014-07-24T04:15:24 Set timeout on remote (WinHTTP) to infinite #2147
Edward Thomson e003f83a 2014-07-31T15:14:56 Introduce git_buf_decode_base64 Decode base64-encoded text into a git_buf
Jacques Germishuys c983604e 2014-07-12T14:44:21 Consistently use p_snprintf
Jacques Germishuys d07fd442 2014-07-12T14:37:39 Define WINHTTP_IGNORE_REQUEST_TOTAL_LENGTH if not defined
Philip Kelley c2c81615 2014-04-19T18:05:31 Win32: UTF-8 <-> WCHAR conversion overhaul
Philip Kelley 1392418e 2014-03-18T09:04:33 Seamless support for NTLM/Kerberos auth on Windows
Russell Belfer 25e0b157 2013-12-06T15:07:57 Remove converting user error to GIT_EUSER This changes the behavior of callbacks so that the callback error code is not converted into GIT_EUSER and instead we propagate the return value through to the caller. Instead of using the giterr_capture and giterr_restore functions, we now rely on all functions to pass back the return value from a callback. To avoid having a return value with no error message, the user can call the public giterr_set_str or some such function to set an error message. There is a new helper 'giterr_set_callback' that functions can invoke after making a callback which ensures that some error message was set in case the callback did not set one. In places where the sign of the callback return value is meaningful (e.g. positive to skip, negative to abort), only the negative values are returned back to the caller, obviously, since the other values allow for continuing the loop. The hardest parts of this were in the checkout code where positive return values were overloaded as meaningful values for checkout. I fixed this by adding an output parameter to many of the internal checkout functions and removing the overload. This added some code, but it is probably a better implementation. There is some funkiness in the network code where user provided callbacks could be returning a positive or a negative value and we want to rely on that to cancel the loop. There are still a couple places where an user error might get turned into GIT_EUSER there, I think, though none exercised by the tests.
Edward Thomson 84efffc3 2013-11-13T16:57:51 Introduce git_cred_default for NTLM/SPNEGO auth
Edward Thomson 80fc7d6b 2013-11-13T16:46:45 Propagate auth error codes as GIT_EUSER in winhttp
Edward Thomson df9fc82e 2013-10-25T13:33:42 Use two calls to set two headers
Ben Straub 3dc3c723 2013-10-08T15:52:37 Combine WinHTTP API calls
Ben Straub a58eecd4 2013-10-08T13:40:52 WinHTTP: set Accept header for POSTs
Ben Straub 256961e4 2013-09-26T16:36:05 WHOOPS
Ben Straub ea59f659 2013-09-26T16:20:30 Deploy gitno_connection_data into transport (winhttp) ...and have that call manage replaced memory in the output structure.
Ben Straub f30d91ce 2013-09-26T11:03:27 Refactor URL handling to use library call
Ben Straub ac316e74 2013-09-25T14:25:38 Why are we disabling redirects?
Ben Straub 4a88eb20 2013-09-25T12:13:09 Win32: handle http->https redirects
Linquize 66566516 2013-09-08T17:15:42 Fix warning
Edward Thomson 1ff3a094 2013-08-27T19:41:44 Improve win32 version check, no ipv6 tests on XP
Russell Belfer d4cff0cb 2013-08-13T09:40:32 Rename git__win32_path fns to git_win32_path
Vicent Marti abf37327 2013-08-13T09:15:39 windows: Path conversion with better semantics
Ben Straub aaefbdee 2013-08-08T08:48:57 Discriminate path-specific and general UTF-X conversions
Ben Straub 2c0128ee 2013-08-07T19:29:33 Rename git_win_str_utf* to git_win32_path_utf*
Ben Straub 9c38f7a6 2013-08-07T13:22:41 Add typedefs for win32 utf-8 and utf-16 buffers ...and normalize the signatures of the two conversion functions.
Ben Straub d8563619 2013-08-05T11:41:39 Split UTF-16 and UTF-8 buffer sizes for win32 Also fixed up call-sites to use the correct buffer sizes, especially when converting to utf-8.
Russell Belfer 37f66e82 2013-06-12T15:21:21 Fix Windows warnings This fixes problems with missing function prototypes and 64-bit data issues on Windows.
Linquize e583334c 2013-05-10T21:42:22 Fix broken build when MSVC SDL checks is enabled
Philip Kelley 5c5eeba6 2013-03-31T22:22:33 Add git_has_win32_version helper
Philip Kelley 0227fa2a 2013-03-30T21:36:04 Avoid pre-Win7 WinHTTP self-redirect quirk
Russell Belfer 55e0f53d 2013-03-14T15:09:29 Fix various build warnings This fixes various build warnings on Mac and Windows (64-bit).
Russell Belfer 56543a60 2013-02-15T16:02:45 Clear up warnings from cppcheck The cppcheck static analyzer generates warnings for a bunch of places in the libgit2 code base. All the ones fixed in this commit are actually false positives, but I've reorganized the code to hopefully make it easier for static analysis tools to correctly understand the structure. I wouldn't do this if I felt like it was making the code harder to read or worse for humans, but in this case, these fixes don't seem too bad and will hopefully make it easier for better analysis tools to get at any real issues.