src/transports


Log

Author Commit Date CI Message
Carlos Martín Nieto 4fe5b771 2014-09-16T13:35:36 winhttp: get rid of the cert ignore flag This brings us back in line with the other transports.
Carlos Martín Nieto 1e0aa105 2014-09-16T03:22:09 ssh: expose both hashes The user may have the data hashed as MD5 or SHA-1, so we should provide both types for consumption.
Carlos Martín Nieto 0782fc43 2014-09-16T01:47:30 net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.
Carlos Martín Nieto 286369a8 2014-09-16T02:27:16 ssh: provide our own types for host key lengths Instead of using the libssh2 defines, provide our own, which eases usage as we do not need to check whether libgit2 was built with libssh2 or not.
Carlos Martín Nieto 0fef3899 2014-09-16T01:25:53 Merge remote-tracking branch 'upstream/master' into cmn/host-cert-info
Carlos Martín Nieto 41698f22 2014-09-11T10:04:05 net: remove support for outright ignoring certificates This option make it easy to ignore anything about the server we're connecting to, which is bad security practice. This was necessary as we didn't use to expose detailed information about the certificate, but now that we do, we should get rid of this. If the user wants to ignore everything, they can still provide a callback which ignores all the information passed.
Carlos Martín Nieto 7c8acc54 2014-08-30T14:26:57 winhttp: set ignore security flags on user command If the user returns 0 from the certificate check and we had certificate issues, set the options to ignore certificate errors and resend the request.
Carlos Martín Nieto 67c84e06 2014-08-30T14:04:57 winhttp: bring together request sending We need to call WinHttpSendRequest() in three different places. Unify all in a single function to have a single place for the certificate check.
Carlos Martín Nieto 5f2cf732 2014-08-30T13:12:33 winhttp: only do certificate check for SSL If we're not using SSL, don't call the user's certificate check callback.
Carlos Martín Nieto 08545d36 2014-08-30T00:40:37 winhttp: credential check on successful connect On successful connection, still ask the user whether they accept the server's certificate, indicating that WinHTTP would let it though.
Carlos Martín Nieto 23ca0ad5 2014-08-29T21:25:13 Bring certificate check back to the normal return code Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.
Carlos Martín Nieto 2f5864c5 2014-08-29T21:15:36 ssh: do ssh cert info before asking for credentials We know the host's key as soon as we connect, so we should perform the check as soon as we can, before we bother with the user's credentials.
Carlos Martín Nieto 17491f6e 2014-08-29T17:18:23 transport: always call the certificate check callback We should let the user decide whether to cancel the connection or not regardless of whether our checks have decided that the certificate is fine. We provide our own assessment to the callback to let the user fall back to our checks if they so desire.
Carlos Martín Nieto ec1ce458 2014-08-10T17:06:53 http: send the DER-encoded cert to the callback Instead of the parsed data, we can ask OpenSSL to give us the DER-encoded version of the certificate, which the user can then parse and validate.
Carlos Martín Nieto 9b940586 2014-07-04T12:45:43 Provide a callback for certificate validation If the certificate validation fails (or always in the case of ssh), let the user decide whether to allow the connection. The data structure passed to the user is the native certificate information from the underlying implementation, namely OpenSSL or WinHTTP.
Carlos Martín Nieto 2dc399a8 2014-09-04T16:46:14 ssh: store error message immediately after a failed agent call When the call to the agent fails, we must retrieve the error message just after the function call, as other calls may overwrite it. As the agent authentication is the only one which has a teardown and there does not seem to be a way to get the error message from a stored error number, this tries to introduce some small changes to store the error from the agent. Clearing the error at the beginning of the loop lets us know whether the agent has already set the libgit2 error message and we should skip it, or if we should set it.
Arkady Shapkin 5cd81bb3 2014-09-03T01:01:25 Several CppCat warnings fixed
Vicent Marti 69db8934 2014-08-27T19:19:55 Merge pull request #2538 from libgit2/ntk/propagate_url_parsing_error winhttp: Prevent swallowing of url parsing error
Vicent Marti 893cfe06 2014-08-27T19:18:46 Merge pull request #2502 from rnowosielski/remote_set_timeout Set timeout on remote (Add timeout for WinHttpReceiveResponse #2147)
nulltoken f0c53d21 2014-08-27T10:28:46 winhttp: Prevent swallowing of url parsing error
Carlos Martín Nieto 6a0d2b43 2014-08-27T15:09:07 Merge remote-tracking branch 'upstream/master' into cmn/ssh-retry
Rafal Nowosielski 86d0a53c 2014-08-27T01:30:47 Set timeout on remote (WinHTTP) should return error in case of failure. Connection timeout set to 1 minute. Read/Write timeout remains set to infinite #2147
Rafal Nowosielski 2db71194 2014-07-24T04:15:24 Set timeout on remote (WinHTTP) to infinite #2147
Carlos Martín Nieto 294c6f29 2014-08-16T22:12:13 http: make sure we can consume the data we request The recv buffer (parse_buffer) and the buffer have independent sizes and offsets. We try to fill in parse_buffer as much as possible before passing it to the http parser. This is fine most of the time, but fails us when the buffer is almost full. In those situations, parse_buffer can have more data than we would be able to put into the buffer (which may be getting full if we're towards the end of a data sideband packet). To work around this, we check if the space we have left on our buffer is smaller than what could come from the network. If this happens, we make parse_buffer think that it has as much space left as our buffer, so it won't try to retrieve more data than we can deal with. As the start of the data may no longer be at the start of the buffer, we need to keep track of where it really starts (data_offset) and use that in our calculations for the real size of the data we received from the network. This fixes #2518.
Edward Thomson 23135afa 2014-08-14T11:52:20 Introduce proper http authentication API
Edward Thomson 315cb38e 2014-07-31T18:43:20 Add GSSAPI support for SPNEGO/Kerberos auth over HTTP
Edward Thomson e003f83a 2014-07-31T15:14:56 Introduce git_buf_decode_base64 Decode base64-encoded text into a git_buf
Edward Thomson 40867266 2014-07-31T18:39:58 Perform HTTP keep-alive
Edward Thomson c180c065 2014-07-09T17:58:39 Custom transport: minor cleanups * Move the transport registration mechanisms into a new header under 'sys/' because this is advanced stuff. * Remove the 'priority' argument from the registration as it adds unnecessary complexity. (Since transports cannot decline to operate, only the highest priority transport is ever executed.) Users who require per-priority transports can implement that in their custom transport themselves. * Simplify registration further by taking a scheme (eg "http") instead of a prefix (eg "http://").
Jacques Germishuys d07fd442 2014-07-12T14:37:39 Define WINHTTP_IGNORE_REQUEST_TOTAL_LENGTH if not defined
Jacques Germishuys 959a93e7 2014-07-13T11:50:49 Silence unused variables warnings
Jacques Germishuys c983604e 2014-07-12T14:44:21 Consistently use p_snprintf
Vicent Marti 8baeb8a4 2014-07-16T13:03:34 ssh: Fix unused warning
Carlos Martín Nieto d4256ed5 2014-07-04T10:00:39 ssh: provide a factory function for setting ssh paths git allows you to set which paths to use for the git server programs when connecting over ssh; and we want to provide something similar. We do this by providing a factory function which can be set as the remote's transport callback which will set the given paths upon creation.
Jacques Germishuys ae241ae1 2014-07-03T20:20:00 Include libssh2.h before git2.h (transport.h)
Vicent Marti de3cf801 2014-07-02T15:28:24 Merge pull request #2456 from libgit2/cmn/ssh-send-everything ssh: libssh2_channel_write() behaves like send()
Carlos Martín Nieto 0963716b 2014-07-02T12:49:51 ssh: libssh2_channel_write() behaves like send() When the stream writing function was written, it assume that libssh2_channel_write() would always write all of the data to the wire. This is only true for the first 32k of data, which it tries to fit into one ssh packet. Since it can perform short writes, call it in a loop like we do for send(), advancing the buffer offset.
Philip Kelley bc8a0886 2014-06-27T11:51:35 Fix assert when receiving uncommon sideband packet
Carlos Martín Nieto ccb85c8f 2014-06-25T16:27:43 ssh: make sure to ask for a username and use the same one In order to know which authentication methods are supported/allowed by the ssh server, we need to send a NONE auth request, which needs a username associated with it. Most ssh server implementations do not allow switching the username between authentication attempts, which means we cannot use a dummy username and then switch. There are two ways around this. The first is to use a different connection, which an earlier commit implements, but this increases how long it takes to get set up, and without knowing the right username, we cannot guarantee that the list we get in response is the right one. The second is what's implemented here: if there is no username specified in the url, ask for it first. We can then ask for the list of auth methods and use the user's credentials in the same connection.
Carlos Martín Nieto d1c281a5 2014-06-25T16:24:26 cred: add convenience function to get the username Since each cred defines the username on their own, introduce git_cred__username to retrieve the username pointer from them.
Carlos Martín Nieto 54da6958 2014-06-25T15:41:01 cred: introduce username-only cred This exists as ssh needs to know about the username to use before it can query for the supported authentication methods.
Carlos Martín Nieto d7f962f4 2014-06-16T19:30:06 ssh: request credentials again on authentication failure Instead of completely giving up on the first failure, ask for credentials as long as we fail to authenticate.
Carlos Martín Nieto b529c5f9 2014-06-12T17:19:00 ssh: propagate the error code from the auth callback We need to be able to get a GIT_EUSER back through the outermost call.
Carlos Martín Nieto 22618906 2014-06-12T16:09:54 ssh: detect authentication methods Before calling the credentials callback, ask the sever which authentication methods it supports and report that to the user, instead of simply reporting everything that the transport supports. In case of an error, we do fall back to listing all of them.
Carlos Martín Nieto 9c3e4e97 2014-06-13T02:35:33 http: fix typo in credentials logic We want to check whether the credentials callback is NULL, not whether the payload is.
Carlos Martín Nieto 18d7896c 2014-06-03T21:47:53 clone: re-use the local transport's path resolution Whe already worked out the kinks with the function used in the local transport. Expose it and make use of it in the local clone method instead of trying to work it out again.
Carlos Martín Nieto 9331f98a 2014-05-22T12:52:31 smart: initialize the error variable
Carlos Martín Nieto 4c4408c3 2014-05-22T12:28:39 Plug leaks and fix a C99-ism We have too many places where we repeat free code, so when adding the new free to the generic code, it didn't take for the local transport. While there, fix a C99-ism that sneaked through.
Vicent Marti a5982644 2014-05-22T02:28:42 Merge pull request #2376 from libgit2/cmn/remote-symref Add support for the symref extension
Carlos Martín Nieto 04865aa0 2014-05-21T10:01:44 local transport: expose the symref data When using the local transport, we always have the symbolic information available, so fill it.
Carlos Martín Nieto 306475eb 2014-05-20T09:55:26 remote: expose the remote's symref mappings Add a symref_target field to git_remote_head to expose the symref mappings to the user.
Carlos Martín Nieto 8156835d 2014-05-20T09:29:39 smart: store reported symrefs The protocol has a capability which allows the server to tell us which refs are symrefs, so we can e.g. know which is the default branch. This capability is different from the ones we already support, as it's not setting a flag to true, but requires us to store a list of refspec-formatted mappings. This commit does not yet expose the information in the reference listing.
Carlos Martín Nieto ac11219b 2014-05-19T16:54:19 smart: send a flush when we disconnect The git server wants to hear a flush from us when we disconnect, particularly when we want to perform a fetch but are up to date.
Vicent Marti 8443ed6c 2014-04-25T02:10:19 Merge pull request #2284 from jacquesg/push-progress-callback Fire progress and update tips callbacks also for pushes.
Vicent Marti 5ca410b9 2014-04-23T07:13:49 Merge pull request #2283 from phkelley/win32_fs Win32: UTF-8 <-> WCHAR conversion overhaul
Carlos Martín Nieto bc0a6198 2014-04-19T15:52:58 transports: allow the creds callback to say it doesn't exist Allow the credentials callback to return GIT_PASSTHROUGH to make the transports code behave as though none was set. This should make it easier for bindings to behave closer to the C code when there is no credentials callback set at their level.
Jacques Germishuys 8b686b31 2014-04-21T15:25:19 Correct argument order of git__calloc()
Jacques Germishuys 48e60ae7 2014-04-21T11:23:29 Don't redefine the same callback types, their signatures may change
Jacques Germishuys 98020d3a 2014-04-21T10:55:37 Rename progress callback to sideband_progress
Jacques Germishuys 4f62163e 2014-04-20T22:06:05 Check the return codes of remote callbacks. The user may have requested that the operation be cancelled.
Jacques Germishuys 9effa2fb 2014-04-20T19:19:13 Fire progress callbacks also for pushes. It's not very useful to only know that a pre-receive hook has declined a push, you probably want to know why.
Philip Kelley c2c81615 2014-04-19T18:05:31 Win32: UTF-8 <-> WCHAR conversion overhaul
Jacques Germishuys a622ff17 2014-04-18T20:05:28 Only zero sensitive information on destruction (and memory actually allocated by us)
Jacques Germishuys 8ec0a552 2014-04-18T00:49:07 Make git_cred_ssh_custom_new() naming more consistent
Jacques Germishuys 478408c0 2014-04-17T23:03:44 Introduce git_cred_ssh_interactive_new() This allows for keyboard-interactive based SSH authentication
Carlos Martín Nieto bd270b70 2014-04-18T17:08:10 cred: tighten username rules The ssh-specific credentials allow the username to be missing. The idea being that the ssh transport will then use the username provided in the url, if it's available. There are two main issues with this. The credential callback already knows what username was provided by the url and needs to figure out whether it wants to ask the user for it or it can reuse it, so passing NULL as the username means the credential callback is suspicious. The username provided in the url is not in fact used by the transport. The only time it even considers it is for the user/pass credential, which asserts the existence of a username in its constructor. For the ssh-specific ones, it passes in the username stored in the credential, which is NULL. The libssh2 macro we use runs strlen() against this value (which is no different from what we would be doing ourselves), so we then crash. As the documentation doesn't suggest to leave out the username, assert the need for a username in the code, which removes this buggy behavior and removes implicit state. git_cred_has_username() becomes a blacklist of credential types that do not have a username. The only one at the moment is the 'default' one, which is meant to call up some Microsoft magic.
Philip Kelley 1392418e 2014-03-18T09:04:33 Seamless support for NTLM/Kerberos auth on Windows
Carlos Martín Nieto 5187b609 2014-03-07T14:58:43 local transport: catch double-opens Combinations of connect + fetch can call local_open multiple times. Detect this and skip the initialization stage.
Miha 300f4412 2014-02-25T11:56:11 - BUGFIX #2133 (@fourplusone) in smart_protocol.c - added MSVC cmake definitions to disable warnings - general.c is rewritten so it is ansi-c compatible and compiles ok on microsoft windows - some MSVC reported warning fixes
Graham Dennis 8bf476ac 2014-01-19T16:24:58 Factor out code to convert local "url" into a path. Previously this code was shared between `local_push` and `local_connect`.
Graham Dennis 4e974c97 2014-01-18T08:02:58 Fix local push to file:// URL.
Carlos Martín Nieto 0b28217b 2014-01-15T12:51:31 refs: remove the _with_log differentiation Any well-behaved program should write a descriptive message to the reflog whenever it updates a reference. Let's make this more prominent by removing the version without the reflog parameters.
Russell Belfer 9cfce273 2013-12-12T12:11:38 Cleanups, renames, and leak fixes This renames git_vector_free_all to the better git_vector_free_deep and also contains a couple of memory leak fixes based on valgrind checks. The fixes are specifically: failure to free global dir path variables when not compiled with threading on and failure to free filters from the filter registry that had not be initialized fully.
Russell Belfer 25e0b157 2013-12-06T15:07:57 Remove converting user error to GIT_EUSER This changes the behavior of callbacks so that the callback error code is not converted into GIT_EUSER and instead we propagate the return value through to the caller. Instead of using the giterr_capture and giterr_restore functions, we now rely on all functions to pass back the return value from a callback. To avoid having a return value with no error message, the user can call the public giterr_set_str or some such function to set an error message. There is a new helper 'giterr_set_callback' that functions can invoke after making a callback which ensures that some error message was set in case the callback did not set one. In places where the sign of the callback return value is meaningful (e.g. positive to skip, negative to abort), only the negative values are returned back to the caller, obviously, since the other values allow for continuing the loop. The hardest parts of this were in the checkout code where positive return values were overloaded as meaningful values for checkout. I fixed this by adding an output parameter to many of the internal checkout functions and removing the overload. This added some code, but it is probably a better implementation. There is some funkiness in the network code where user provided callbacks could be returning a positive or a negative value and we want to rely on that to cancel the loop. There are still a couple places where an user error might get turned into GIT_EUSER there, I think, though none exercised by the tests.
Russell Belfer dab89f9b 2013-12-04T21:22:57 Further EUSER and error propagation fixes This continues auditing all the places where GIT_EUSER is being returned and making sure to clear any existing error using the new giterr_user_cancel helper. As a result, places that relied on intercepting GIT_EUSER but having the old error preserved also needed to be cleaned up to correctly stash and then retrieve the actual error. Additionally, as I encountered places where error codes were not being propagated correctly, I tried to fix them up. A number of those fixes are included in the this commit as well.
Russell Belfer 9f77b3f6 2013-11-25T14:21:34 Add config read fns with controlled error behavior This adds `git_config__lookup_entry` which will look up a key in a config and return either the entry or NULL if the key was not present. Optionally, it can either suppress all errors or can return them (although not finding the key is not an error for this function). Unlike other accessors, this does not normalize the config key string, so it must only be used when the key is known to be in normalized form (i.e. all lower-case before the first dot and after the last dot, with no invalid characters). This also adds three high-level helper functions to look up config values with no errors and a fallback value. The three functions are for string, bool, and int values, and will resort to the fallback value for any error that arises. They are: * `git_config__get_string_force` * `git_config__get_bool_force` * `git_config__get_int_force` None of them normalize the config `key` either, so they can only be used for internal cases where the key is known to be in normal format.
Jameson Miller db4cbfe5 2013-12-02T14:09:12 Updates to cancellation logic during download and indexing of packfile.
Alessandro Ghedini ee7040fd 2013-11-20T14:11:44 ssh: add support for ssh-agent authentication
Edward Thomson 84efffc3 2013-11-13T16:57:51 Introduce git_cred_default for NTLM/SPNEGO auth
Edward Thomson 80fc7d6b 2013-11-13T16:46:45 Propagate auth error codes as GIT_EUSER in winhttp
Vicent Martí 6414fd33 2013-11-11T06:47:15 Merge pull request #1956 from libgit2/cmn/fetch-default-head Remote revamp (director's cut)
Carlos Martín Nieto a6192d7c 2013-11-11T15:32:13 remote: update head list on push A previous commit forgot to update the head list after push as well, leading to wrong output of git_remote_ls().
Carlos Martín Nieto 359dce72 2013-11-02T00:05:32 remote: make _ls return the list directly The callback-based method of listing remote references dates back to the beginning of the network code's lifetime, when we didn't know any better. We need to keep the list around for update_tips() after disconnect() so let's make use of this to simply give the user a pointer to the array so they can write straightforward code instead of having to go through a callback.
Vicent Martí 0df96f2b 2013-11-10T07:31:21 Merge pull request #1936 from libgit2/better-url-parsing Streamline url-parsing logic.
Edward Thomson 7616b8d3 2013-11-05T17:34:45 don't double free pkt
Ben Straub ac72051a 2013-11-04T19:09:30 Fix ssh.c compile
Ben Straub c227c173 2013-11-04T11:42:14 Use http_parser_parse_url to parse urls
Carlos Martín Nieto af613ecd 2013-10-28T23:30:45 remote: store dwimed refspecs separately This allows us to add e.g. "HEAD" as a refspec when none are given without overwriting the user's data.
Carlos Martín Nieto a7382aa2 2013-10-26T16:52:54 remote: give up after 256 failures to find a common object This avoids sending our whole history bit by bit to the remote in cases where there is no common history, just to give up in the end. The number comes from the canonical implementation.
Vicent Martí ac5e507c 2013-11-01T09:31:52 Merge pull request #1918 from libgit2/cmn/indexer-naming indexer: remove the stream infix
Ben Straub 048f837b 2013-10-31T13:30:22 Prevent another segfault from bad URL
Ben Straub 29b77446 2013-10-30T15:38:52 Initialize variables
Carlos Martín Nieto 2f8c481c 2013-10-08T16:22:21 protocol: basic support for multi_ack_detailed This tells the server that we speak it, but we don't make use of its extra information to determine if there's a better place to stop negotiating. In a somewhat-related change, reorder the capabilities so we ask for them in the same order as git does. Also take this opportunity to factor out a fairly-indented portion of the negotiation logic.
Carlos Martín Nieto a6154f21 2013-10-30T15:00:05 indexer: remove the stream infix It was there to keep it apart from the one which read in from a file on disk. This other indexer does not exist anymore, so there is no need for anything other than git_indexer to refer to it. While here, rename _add() function to _append() and _finalize() to _commit(). The former change is cosmetic, while the latter avoids talking about "finalizing", which OO languages use to mean something completely different.
Vicent Martí 5c50f22a 2013-10-28T09:25:44 Merge pull request #1891 from libgit2/cmn/fix-thin-packs Add support for thin packs
Vicent Martí 5565f3cd 2013-10-28T07:04:58 Merge pull request #1904 from libgit2/cmn/ssh-naming Rename the ssh credentials
Edward Thomson df9fc82e 2013-10-25T13:33:42 Use two calls to set two headers
Carlos Martín Nieto 5cb13670 2013-10-23T15:45:29 transport: let the progress output return an error There are any number of issues that can come up in the progress callback, and we should let the user cancel at that point as well.
Carlos Martín Nieto 70a8c78f 2013-10-23T12:08:54 Rename the ssh credentials The names from libssh2 are somewhat obtuse for us. We can simplify the usual key/passphrase credential's name, as well as make clearer what the custom signature function is.
Edward Thomson 2648dc1a 2013-10-21T11:03:31 Allowed credential types should be a bitfield