kmx git

Commit	Date	Message
ecf4f33a	2018-02-08T11:14:48	Convert usage of `git_buf_free` to new `git_buf_dispose`
874ce161	2018-03-27T15:03:15	transports: ssh: replace deprecated function `libssh2_session_startup` The function `libssh2_session_startup` has been deprecated since libssh2 version 1.2.8 in favor of `libssh2_session_handshake` introduced in the same version. libssh2 1.2.8 was released in April 2011, so it is already seven years old. It is available in Debian Wheezy, Ubuntu Trusty and CentOS 7.4, so the most important and conservative distros already have it available. As such, it seems safe to just use the new function.
2785cc8e	2018-03-27T14:49:21	transports: ssh: disconnect session before freeing it The function `ssh_stream_free` takes over the responsibility of closing channels and streams just before freeing their memory, but it does not do so for the session. In fact, we never disconnect the session ourselves at all, as libssh2 will not do so itself upon freeing the structure. Quoting the documentation of `libssh2_session_free`: > Frees all resources associated with a session instance. Typically > called after libssh2_session_disconnect_ex, The missing disconnect probably stems from a misunderstanding what it actually does. As we are already closing the TCP socket ourselves, the assumption was that no additional disconnect is required. But calling `libssh2_session_disconnect` will notify the server that we are cleanly closing the connection, such that the server can free his own resources. Add a call to `libssh2_session_disconnect` to fix that issue. [1]: https://www.libssh2.org/libssh2_session_free.html
6f577906	2018-03-03T20:09:09	ssh urls: use `git_buf_decode_percent` Use `git_buf_decode_percent` so that we can avoid allocating a temporary buffer.
16210877	2018-02-28T12:59:47	Unescape repo before constructing ssh request
88450c1c	2017-11-09T21:49:30	Merge pull request #4283 from tiennou/generic-tls CMake: make HTTPS support more generic
e9369856	2017-03-21T00:25:15	stream: Gather streams to src/streams
f2f14724	2017-09-21T15:51:52	transports: ssh: ask for credentials again when passphrase is wrong When trying to decode the private key it looks like LibSSH2 returns a LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED when the passphrase is incorrect.
0c7f49dd	2017-06-30T13:39:01	Make sure to always include "common.h" first Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.
2ce2a48f	2017-05-02T13:37:15	transports: ssh: clean up after libssh2 on exit After calling `libssh2_init`, we need to clean up after the library by executing `libssh2_exit` as soon as we exit. Register a shutdown handler to do so which simply calls `libssh2_exit`. This fixes several memory leaks.
8c027351	2017-05-02T13:35:09	transports: ssh: report failure initializing libssh2 We unconditionally return success when initializing libssh2, regardless of whether `libgssh2_init` signals success or an error. Fix this by checking its return code.
909d5494	2016-12-29T12:25:15	giterr_set: consistent error messages Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one
b7809b84	2016-03-08T13:38:55	Merge pull request #3555 from cbargren/ssh-git-protocols Support for ssh+git and git+ssh protocols
22f3d3aa	2016-03-03T22:26:31	ssh: initialize libssh2 We should have been doing this, but it initializes itself upon first use, which works as long as nobody's doing concurrent network operations. Initialize it on our init to make sure it's not getting initialized concurrently.
4df17045	2015-12-28T07:43:24	Removing #define for SSH_PREFIX_COUNT and using ARRAY_SIZE instead Also moving var declarations to top of blocks to support bad old compilers
02fdc2db	2015-12-26T17:17:05	ssh_stream_read(): fix possible bytes_read < 0 branch Fix the possibility of returning successfully from ssh_stream_read() with bytes_read < 0. This would occur if stdout channel read resulted in 0, and stderr channel read failed afterwards.
ed21fd74	2015-12-22T10:38:31	Handle git+ssh:// and ssh+git:// protocols support
241414ee	2015-08-14T15:42:59	added a single line of additional error reporting from libssh2 when failing to retrieve the list of authentication methods
ac728c24	2015-08-03T07:38:07	Handle ssh:// and git:// urls containing a '~' character. For such a path '/~/...' the leading '/' is stripped so the server will get a path starting with '~' and correctly handle it.
79698030	2015-06-29T22:51:18	git_cert: child types use proper base type
81be2f46	2015-06-09T16:01:29	ssh: move NULL check to the free function Let `ssh_stream_free()` take a NULL stream, as free functions should, and remove the check from the connection setup. The connection setup would not need the check anyhow, as we always have a stream by the time we reach this code.
d71e3b25	2015-06-02T10:23:54	Change error when running out of ssh agent keys
2629fc87	2015-05-24T22:33:55	cred: Check for null values when getting key from memory The public key field is optional and as such can take NULL. Account for that and do not call strlen() on NULL values. Also assert() for non-NULL values of username & private key.
7a8b8503	2015-03-17T09:19:15	Add support to read ssh keys from memory.
1396c381	2015-05-18T16:04:55	errors: add GIT_EEOF to indicate early EOF This can be used by tools to show mesages about failing to communicate with the server. The error message in this case will often contain the server's error message, as far as it managed to send anything.
e3435673	2015-05-18T15:51:55	ssh: read from stderr if stdout is empty When we fail to read from stdout, it's typically because the URL was wrong and the server process has sent some output over its stderr output. Read that output and set the error message to whatever we read from it.
142e5379	2015-03-17T12:49:33	Add a custom param to git_smart_subtransport_definition The smart transport has already take the payload param. For the sub transport a payload param is useful for the implementer.
4fd4341f	2014-11-02T10:52:03	ssh: use socket_stream to perform the connection Having an ssh stream would require extra work for stream capabilities we don't need anywhere else (oob auth and command execution) so for now let's move away from the gitno connection to use socket_stream. We can introduce an ssh stream interface if and as we need it.
bc42479a	2014-10-13T15:43:03	Cleanup memory leak in ssh transport
369b0217	2014-10-13T13:34:15	Clean up various compiler warnings
e6e834a1	2014-09-18T12:23:07	Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth <email@cs-ware.de>
1e0aa105	2014-09-16T03:22:09	ssh: expose both hashes The user may have the data hashed as MD5 or SHA-1, so we should provide both types for consumption.
286369a8	2014-09-16T02:27:16	ssh: provide our own types for host key lengths Instead of using the libssh2 defines, provide our own, which eases usage as we do not need to check whether libgit2 was built with libssh2 or not.
0782fc43	2014-09-16T01:47:30	net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.
0fef3899	2014-09-16T01:25:53	Merge remote-tracking branch 'upstream/master' into cmn/host-cert-info
23ca0ad5	2014-08-29T21:25:13	Bring certificate check back to the normal return code Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.
2f5864c5	2014-08-29T21:15:36	ssh: do ssh cert info before asking for credentials We know the host's key as soon as we connect, so we should perform the check as soon as we can, before we bother with the user's credentials.
17491f6e	2014-08-29T17:18:23	transport: always call the certificate check callback We should let the user decide whether to cancel the connection or not regardless of whether our checks have decided that the certificate is fine. We provide our own assessment to the callback to let the user fall back to our checks if they so desire.
ec1ce458	2014-08-10T17:06:53	http: send the DER-encoded cert to the callback Instead of the parsed data, we can ask OpenSSL to give us the DER-encoded version of the certificate, which the user can then parse and validate.
9b940586	2014-07-04T12:45:43	Provide a callback for certificate validation If the certificate validation fails (or always in the case of ssh), let the user decide whether to allow the connection. The data structure passed to the user is the native certificate information from the underlying implementation, namely OpenSSL or WinHTTP.
2dc399a8	2014-09-04T16:46:14	ssh: store error message immediately after a failed agent call When the call to the agent fails, we must retrieve the error message just after the function call, as other calls may overwrite it. As the agent authentication is the only one which has a teardown and there does not seem to be a way to get the error message from a stored error number, this tries to introduce some small changes to store the error from the agent. Clearing the error at the beginning of the loop lets us know whether the agent has already set the libgit2 error message and we should skip it, or if we should set it.
6a0d2b43	2014-08-27T15:09:07	Merge remote-tracking branch 'upstream/master' into cmn/ssh-retry
959a93e7	2014-07-13T11:50:49	Silence unused variables warnings
8baeb8a4	2014-07-16T13:03:34	ssh: Fix unused warning
d4256ed5	2014-07-04T10:00:39	ssh: provide a factory function for setting ssh paths git allows you to set which paths to use for the git server programs when connecting over ssh; and we want to provide something similar. We do this by providing a factory function which can be set as the remote's transport callback which will set the given paths upon creation.
ae241ae1	2014-07-03T20:20:00	Include libssh2.h before git2.h (transport.h)
0963716b	2014-07-02T12:49:51	ssh: libssh2_channel_write() behaves like send() When the stream writing function was written, it assume that libssh2_channel_write() would always write all of the data to the wire. This is only true for the first 32k of data, which it tries to fit into one ssh packet. Since it can perform short writes, call it in a loop like we do for send(), advancing the buffer offset.
ccb85c8f	2014-06-25T16:27:43	ssh: make sure to ask for a username and use the same one In order to know which authentication methods are supported/allowed by the ssh server, we need to send a NONE auth request, which needs a username associated with it. Most ssh server implementations do not allow switching the username between authentication attempts, which means we cannot use a dummy username and then switch. There are two ways around this. The first is to use a different connection, which an earlier commit implements, but this increases how long it takes to get set up, and without knowing the right username, we cannot guarantee that the list we get in response is the right one. The second is what's implemented here: if there is no username specified in the url, ask for it first. We can then ask for the list of auth methods and use the user's credentials in the same connection.
d7f962f4	2014-06-16T19:30:06	ssh: request credentials again on authentication failure Instead of completely giving up on the first failure, ask for credentials as long as we fail to authenticate.
b529c5f9	2014-06-12T17:19:00	ssh: propagate the error code from the auth callback We need to be able to get a GIT_EUSER back through the outermost call.
22618906	2014-06-12T16:09:54	ssh: detect authentication methods Before calling the credentials callback, ask the sever which authentication methods it supports and report that to the user, instead of simply reporting everything that the transport supports. In case of an error, we do fall back to listing all of them.
bc0a6198	2014-04-19T15:52:58	transports: allow the creds callback to say it doesn't exist Allow the credentials callback to return GIT_PASSTHROUGH to make the transports code behave as though none was set. This should make it easier for bindings to behave closer to the C code when there is no credentials callback set at their level.
8ec0a552	2014-04-18T00:49:07	Make git_cred_ssh_custom_new() naming more consistent
478408c0	2014-04-17T23:03:44	Introduce git_cred_ssh_interactive_new() This allows for keyboard-interactive based SSH authentication
bd270b70	2014-04-18T17:08:10	cred: tighten username rules The ssh-specific credentials allow the username to be missing. The idea being that the ssh transport will then use the username provided in the url, if it's available. There are two main issues with this. The credential callback already knows what username was provided by the url and needs to figure out whether it wants to ask the user for it or it can reuse it, so passing NULL as the username means the credential callback is suspicious. The username provided in the url is not in fact used by the transport. The only time it even considers it is for the user/pass credential, which asserts the existence of a username in its constructor. For the ssh-specific ones, it passes in the username stored in the credential, which is NULL. The libssh2 macro we use runs strlen() against this value (which is no different from what we would be doing ourselves), so we then crash. As the documentation doesn't suggest to leave out the username, assert the need for a username in the code, which removes this buggy behavior and removes implicit state. git_cred_has_username() becomes a blacklist of credential types that do not have a username. The only one at the moment is the 'default' one, which is meant to call up some Microsoft magic.
300f4412	2014-02-25T11:56:11	- BUGFIX #2133 (@fourplusone) in smart_protocol.c - added MSVC cmake definitions to disable warnings - general.c is rewritten so it is ansi-c compatible and compiles ok on microsoft windows - some MSVC reported warning fixes
ee7040fd	2013-11-20T14:11:44	ssh: add support for ssh-agent authentication
ac72051a	2013-11-04T19:09:30	Fix ssh.c compile
c227c173	2013-11-04T11:42:14	Use http_parser_parse_url to parse urls
048f837b	2013-10-31T13:30:22	Prevent another segfault from bad URL
70a8c78f	2013-10-23T12:08:54	Rename the ssh credentials The names from libssh2 are somewhat obtuse for us. We can simplify the usual key/passphrase credential's name, as well as make clearer what the custom signature function is.
2648dc1a	2013-10-21T11:03:31	Allowed credential types should be a bitfield
eec4dcc3	2013-08-09T13:14:19	Whitespace.
b622aabe	2013-08-09T13:14:06	Add a wrapper to provide the libssh2 error message
b345026b	2013-09-10T05:16:52	Test for repo before removing leading colon
fbabe855	2013-09-08T14:11:08	Trim leading colon from ssh repository path
c87bf86c	2013-08-14T10:58:02	Commit 7affc2f7 removed var initialization That commit accidentally removed the initialization of the "start" variable giving undefined results for the host extraction from the url input.
7affc2f7	2013-08-11T23:30:47	Include username in each credential type Key-based authentication also needs an username, so include it in each one. Also stop assuming a default username of "git" in the ssh transport which has no business making such a decision.
c2de6b1a	2013-07-10T10:21:24	Bring SSH error reporting up to base standards The SSH error checking and reporting could still be further improved by using the libssh2 native methods to get error info, but at least this ensures that all error codes are checked and translated into libgit2 error messages.
68bc49a1	2013-07-10T09:20:46	Merge branch 'ssh-cred-fix' of tiennou/libgit2 Conflicts: src/transports/ssh.c
08bf80fa	2013-07-10T10:29:32	Tab indent.
367c1903	2013-07-10T10:29:09	Add some missing error messages.
a3c062db	2013-07-09T09:58:33	Make SSH APIs present even without SSH support The SSH APIs will just return an error code and state that the library was built without SSH support if they are called in that case.
f6bd0863	2013-07-03T22:02:44	Fix a probable leak.
219f318c	2013-07-03T22:02:29	Fix a crash if git_remote_set_cred_acquire_cb wasn't called before connecting. Fixes #1700.
84ac625d	2013-05-15T12:51:40	Added GITERR_CHECK_ALLOC
b54ed3ef	2013-05-15T12:41:16	Added error check
22011b33	2013-05-15T12:38:40	Cleanup
ce6d50b9	2013-05-09T17:37:42	Changed to use libssh2_channel_exec
05f58131	2013-05-09T17:36:27	Renaming
574b86b7	2013-05-07T13:53:23	Fixed compilation issues when libssh2 is missing
c36565c0	2013-05-07T13:43:10	Added SSH public key authentication
7621519f	2013-05-05T14:46:28	Cleanup
67a7136c	2013-05-05T14:24:47	Renaming
3eed595e	2013-05-05T14:24:05	Refactoring
d9766959	2013-05-05T14:05:03	Cleanup
c0cef9e0	2013-05-05T13:58:18	Added username and password auth for ssh
7261d983	2013-05-05T13:36:11	Added support for ssh:// urls
120b0122	2013-05-05T09:03:49	Refactoring
22595b84	2013-05-05T08:43:58	Added ssh stream cleanup
58ba0a4e	2013-05-05T08:34:56	Cleanup
f7158cd7	2013-05-03T16:31:16	Push working over ssh
d04c3840	2013-05-03T14:53:23	Adding ssh transport logic
8ae55d94	2013-05-03T10:53:59	Renaming
297758dc	2013-05-03T10:37:33	Added ssh transport file

ecf4f33a

2018-02-08T11:14:48

Convert usage of `git_buf_free` to new `git_buf_dispose`

874ce161

2018-03-27T15:03:15

transports: ssh: replace deprecated function `libssh2_session_startup` The function `libssh2_session_startup` has been deprecated since libssh2 version 1.2.8 in favor of `libssh2_session_handshake` introduced in the same version. libssh2 1.2.8 was released in April 2011, so it is already seven years old. It is available in Debian Wheezy, Ubuntu Trusty and CentOS 7.4, so the most important and conservative distros already have it available. As such, it seems safe to just use the new function.

2785cc8e

2018-03-27T14:49:21

transports: ssh: disconnect session before freeing it The function `ssh_stream_free` takes over the responsibility of closing channels and streams just before freeing their memory, but it does not do so for the session. In fact, we never disconnect the session ourselves at all, as libssh2 will not do so itself upon freeing the structure. Quoting the documentation of `libssh2_session_free`: > Frees all resources associated with a session instance. Typically > called after libssh2_session_disconnect_ex, The missing disconnect probably stems from a misunderstanding what it actually does. As we are already closing the TCP socket ourselves, the assumption was that no additional disconnect is required. But calling `libssh2_session_disconnect` will notify the server that we are cleanly closing the connection, such that the server can free his own resources. Add a call to `libssh2_session_disconnect` to fix that issue. [1]: https://www.libssh2.org/libssh2_session_free.html

6f577906

2018-03-03T20:09:09

ssh urls: use `git_buf_decode_percent` Use `git_buf_decode_percent` so that we can avoid allocating a temporary buffer.

16210877

2018-02-28T12:59:47

Unescape repo before constructing ssh request

88450c1c

2017-11-09T21:49:30

Merge pull request #4283 from tiennou/generic-tls CMake: make HTTPS support more generic

e9369856

2017-03-21T00:25:15

stream: Gather streams to src/streams

f2f14724

2017-09-21T15:51:52

transports: ssh: ask for credentials again when passphrase is wrong When trying to decode the private key it looks like LibSSH2 returns a LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED when the passphrase is incorrect.

0c7f49dd

2017-06-30T13:39:01

Make sure to always include "common.h" first Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.

2ce2a48f

2017-05-02T13:37:15

transports: ssh: clean up after libssh2 on exit After calling `libssh2_init`, we need to clean up after the library by executing `libssh2_exit` as soon as we exit. Register a shutdown handler to do so which simply calls `libssh2_exit`. This fixes several memory leaks.

8c027351

2017-05-02T13:35:09

transports: ssh: report failure initializing libssh2 We unconditionally return success when initializing libssh2, regardless of whether `libgssh2_init` signals success or an error. Fix this by checking its return code.

909d5494

2016-12-29T12:25:15

giterr_set: consistent error messages Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one

b7809b84

2016-03-08T13:38:55

Merge pull request #3555 from cbargren/ssh-git-protocols Support for ssh+git and git+ssh protocols

22f3d3aa

2016-03-03T22:26:31

ssh: initialize libssh2 We should have been doing this, but it initializes itself upon first use, which works as long as nobody's doing concurrent network operations. Initialize it on our init to make sure it's not getting initialized concurrently.

4df17045

2015-12-28T07:43:24

Removing #define for SSH_PREFIX_COUNT and using ARRAY_SIZE instead Also moving var declarations to top of blocks to support bad old compilers

02fdc2db

2015-12-26T17:17:05

ssh_stream_read(): fix possible *bytes_read < 0 branch Fix the possibility of returning successfully from ssh_stream_read() with *bytes_read < 0. This would occur if stdout channel read resulted in 0, and stderr channel read failed afterwards.

ed21fd74

2015-12-22T10:38:31

Handle git+ssh:// and ssh+git:// protocols support

241414ee

2015-08-14T15:42:59

added a single line of additional error reporting from libssh2 when failing to retrieve the list of authentication methods

ac728c24

2015-08-03T07:38:07

Handle ssh:// and git:// urls containing a '~' character. For such a path '/~/...' the leading '/' is stripped so the server will get a path starting with '~' and correctly handle it.

79698030

2015-06-29T22:51:18

git_cert: child types use proper base type

81be2f46

2015-06-09T16:01:29

ssh: move NULL check to the free function Let `ssh_stream_free()` take a NULL stream, as free functions should, and remove the check from the connection setup. The connection setup would not need the check anyhow, as we always have a stream by the time we reach this code.

d71e3b25

2015-06-02T10:23:54

Change error when running out of ssh agent keys

2629fc87

2015-05-24T22:33:55

cred: Check for null values when getting key from memory The public key field is optional and as such can take NULL. Account for that and do not call strlen() on NULL values. Also assert() for non-NULL values of username & private key.

7a8b8503

2015-03-17T09:19:15

Add support to read ssh keys from memory.

1396c381

2015-05-18T16:04:55

errors: add GIT_EEOF to indicate early EOF This can be used by tools to show mesages about failing to communicate with the server. The error message in this case will often contain the server's error message, as far as it managed to send anything.

e3435673

2015-05-18T15:51:55

ssh: read from stderr if stdout is empty When we fail to read from stdout, it's typically because the URL was wrong and the server process has sent some output over its stderr output. Read that output and set the error message to whatever we read from it.

142e5379

2015-03-17T12:49:33

Add a custom param to git_smart_subtransport_definition The smart transport has already take the payload param. For the sub transport a payload param is useful for the implementer.

4fd4341f

2014-11-02T10:52:03

ssh: use socket_stream to perform the connection Having an ssh stream would require extra work for stream capabilities we don't need anywhere else (oob auth and command execution) so for now let's move away from the gitno connection to use socket_stream. We can introduce an ssh stream interface if and as we need it.

bc42479a

2014-10-13T15:43:03

Cleanup memory leak in ssh transport

369b0217

2014-10-13T13:34:15

Clean up various compiler warnings

e6e834a1

2014-09-18T12:23:07

Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth <email@cs-ware.de>

1e0aa105

2014-09-16T03:22:09

ssh: expose both hashes The user may have the data hashed as MD5 or SHA-1, so we should provide both types for consumption.

286369a8

2014-09-16T02:27:16

ssh: provide our own types for host key lengths Instead of using the libssh2 defines, provide our own, which eases usage as we do not need to check whether libgit2 was built with libssh2 or not.

0782fc43

2014-09-16T01:47:30

net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.

0fef3899

2014-09-16T01:25:53

Merge remote-tracking branch 'upstream/master' into cmn/host-cert-info

23ca0ad5

2014-08-29T21:25:13

Bring certificate check back to the normal return code Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.

2f5864c5

2014-08-29T21:15:36

ssh: do ssh cert info before asking for credentials We know the host's key as soon as we connect, so we should perform the check as soon as we can, before we bother with the user's credentials.

17491f6e

2014-08-29T17:18:23

transport: always call the certificate check callback We should let the user decide whether to cancel the connection or not regardless of whether our checks have decided that the certificate is fine. We provide our own assessment to the callback to let the user fall back to our checks if they so desire.

ec1ce458

2014-08-10T17:06:53

http: send the DER-encoded cert to the callback Instead of the parsed data, we can ask OpenSSL to give us the DER-encoded version of the certificate, which the user can then parse and validate.

9b940586

2014-07-04T12:45:43

Provide a callback for certificate validation If the certificate validation fails (or always in the case of ssh), let the user decide whether to allow the connection. The data structure passed to the user is the native certificate information from the underlying implementation, namely OpenSSL or WinHTTP.

2dc399a8

2014-09-04T16:46:14

ssh: store error message immediately after a failed agent call When the call to the agent fails, we must retrieve the error message just after the function call, as other calls may overwrite it. As the agent authentication is the only one which has a teardown and there does not seem to be a way to get the error message from a stored error number, this tries to introduce some small changes to store the error from the agent. Clearing the error at the beginning of the loop lets us know whether the agent has already set the libgit2 error message and we should skip it, or if we should set it.

6a0d2b43

2014-08-27T15:09:07

Merge remote-tracking branch 'upstream/master' into cmn/ssh-retry

959a93e7

2014-07-13T11:50:49

Silence unused variables warnings

8baeb8a4

2014-07-16T13:03:34

ssh: Fix unused warning

d4256ed5

2014-07-04T10:00:39

ssh: provide a factory function for setting ssh paths git allows you to set which paths to use for the git server programs when connecting over ssh; and we want to provide something similar. We do this by providing a factory function which can be set as the remote's transport callback which will set the given paths upon creation.

ae241ae1

2014-07-03T20:20:00

Include libssh2.h before git2.h (transport.h)

0963716b

2014-07-02T12:49:51

ssh: libssh2_channel_write() behaves like send() When the stream writing function was written, it assume that libssh2_channel_write() would always write all of the data to the wire. This is only true for the first 32k of data, which it tries to fit into one ssh packet. Since it can perform short writes, call it in a loop like we do for send(), advancing the buffer offset.

ccb85c8f

2014-06-25T16:27:43

ssh: make sure to ask for a username and use the same one In order to know which authentication methods are supported/allowed by the ssh server, we need to send a NONE auth request, which needs a username associated with it. Most ssh server implementations do not allow switching the username between authentication attempts, which means we cannot use a dummy username and then switch. There are two ways around this. The first is to use a different connection, which an earlier commit implements, but this increases how long it takes to get set up, and without knowing the right username, we cannot guarantee that the list we get in response is the right one. The second is what's implemented here: if there is no username specified in the url, ask for it first. We can then ask for the list of auth methods and use the user's credentials in the same connection.

d7f962f4

2014-06-16T19:30:06

ssh: request credentials again on authentication failure Instead of completely giving up on the first failure, ask for credentials as long as we fail to authenticate.

b529c5f9

2014-06-12T17:19:00

ssh: propagate the error code from the auth callback We need to be able to get a GIT_EUSER back through the outermost call.

22618906

2014-06-12T16:09:54

ssh: detect authentication methods Before calling the credentials callback, ask the sever which authentication methods it supports and report that to the user, instead of simply reporting everything that the transport supports. In case of an error, we do fall back to listing all of them.

bc0a6198

2014-04-19T15:52:58

transports: allow the creds callback to say it doesn't exist Allow the credentials callback to return GIT_PASSTHROUGH to make the transports code behave as though none was set. This should make it easier for bindings to behave closer to the C code when there is no credentials callback set at their level.

8ec0a552

2014-04-18T00:49:07

Make git_cred_ssh_custom_new() naming more consistent

478408c0

2014-04-17T23:03:44

Introduce git_cred_ssh_interactive_new() This allows for keyboard-interactive based SSH authentication

bd270b70

2014-04-18T17:08:10

cred: tighten username rules The ssh-specific credentials allow the username to be missing. The idea being that the ssh transport will then use the username provided in the url, if it's available. There are two main issues with this. The credential callback already knows what username was provided by the url and needs to figure out whether it wants to ask the user for it or it can reuse it, so passing NULL as the username means the credential callback is suspicious. The username provided in the url is not in fact used by the transport. The only time it even considers it is for the user/pass credential, which asserts the existence of a username in its constructor. For the ssh-specific ones, it passes in the username stored in the credential, which is NULL. The libssh2 macro we use runs strlen() against this value (which is no different from what we would be doing ourselves), so we then crash. As the documentation doesn't suggest to leave out the username, assert the need for a username in the code, which removes this buggy behavior and removes implicit state. git_cred_has_username() becomes a blacklist of credential types that do not have a username. The only one at the moment is the 'default' one, which is meant to call up some Microsoft magic.

300f4412

2014-02-25T11:56:11

- BUGFIX #2133 (@fourplusone) in smart_protocol.c - added MSVC cmake definitions to disable warnings - general.c is rewritten so it is ansi-c compatible and compiles ok on microsoft windows - some MSVC reported warning fixes

ee7040fd

2013-11-20T14:11:44

ssh: add support for ssh-agent authentication

ac72051a

2013-11-04T19:09:30

Fix ssh.c compile

c227c173

2013-11-04T11:42:14

Use http_parser_parse_url to parse urls

048f837b

2013-10-31T13:30:22

Prevent another segfault from bad URL

70a8c78f

2013-10-23T12:08:54

Rename the ssh credentials The names from libssh2 are somewhat obtuse for us. We can simplify the usual key/passphrase credential's name, as well as make clearer what the custom signature function is.

2648dc1a

2013-10-21T11:03:31

Allowed credential types should be a bitfield

eec4dcc3

2013-08-09T13:14:19

Whitespace.

b622aabe

2013-08-09T13:14:06

Add a wrapper to provide the libssh2 error message

b345026b

2013-09-10T05:16:52

Test for repo before removing leading colon

fbabe855

2013-09-08T14:11:08

Trim leading colon from ssh repository path

c87bf86c

2013-08-14T10:58:02

Commit 7affc2f7 removed var initialization That commit accidentally removed the initialization of the "start" variable giving undefined results for the host extraction from the url input.

7affc2f7

2013-08-11T23:30:47

Include username in each credential type Key-based authentication also needs an username, so include it in each one. Also stop assuming a default username of "git" in the ssh transport which has no business making such a decision.

c2de6b1a

2013-07-10T10:21:24

Bring SSH error reporting up to base standards The SSH error checking and reporting could still be further improved by using the libssh2 native methods to get error info, but at least this ensures that all error codes are checked and translated into libgit2 error messages.

68bc49a1

2013-07-10T09:20:46

Merge branch 'ssh-cred-fix' of tiennou/libgit2 Conflicts: src/transports/ssh.c

08bf80fa

2013-07-10T10:29:32

Tab indent.

367c1903

2013-07-10T10:29:09

Add some missing error messages.

a3c062db

2013-07-09T09:58:33

Make SSH APIs present even without SSH support The SSH APIs will just return an error code and state that the library was built without SSH support if they are called in that case.

f6bd0863

2013-07-03T22:02:44

Fix a probable leak.

219f318c

2013-07-03T22:02:29

Fix a crash if git_remote_set_cred_acquire_cb wasn't called before connecting. Fixes #1700.

84ac625d

2013-05-15T12:51:40

Added GITERR_CHECK_ALLOC

b54ed3ef

2013-05-15T12:41:16

Added error check

22011b33

2013-05-15T12:38:40

Cleanup

ce6d50b9

2013-05-09T17:37:42

Changed to use libssh2_channel_exec

05f58131

2013-05-09T17:36:27

Renaming

574b86b7

2013-05-07T13:53:23

Fixed compilation issues when libssh2 is missing

c36565c0

2013-05-07T13:43:10

Added SSH public key authentication

7621519f

2013-05-05T14:46:28

Cleanup

67a7136c

2013-05-05T14:24:47

Renaming

3eed595e

2013-05-05T14:24:05

Refactoring

d9766959

2013-05-05T14:05:03

Cleanup

c0cef9e0

2013-05-05T13:58:18

Added username and password auth for ssh

7261d983

2013-05-05T13:36:11

Added support for ssh:// urls

120b0122

2013-05-05T09:03:49

Refactoring

22595b84

2013-05-05T08:43:58

Added ssh stream cleanup

58ba0a4e

2013-05-05T08:34:56

Cleanup

f7158cd7

2013-05-03T16:31:16

Push working over ssh

d04c3840

2013-05-03T14:53:23

Adding ssh transport logic

8ae55d94

2013-05-03T10:53:59

Renaming

297758dc

2013-05-03T10:37:33

Added ssh transport file

thodg/libgit2/src/transports/ssh.c

src/transports/ssh.c

Log