|
1e0aa105
|
2014-09-16T03:22:09
|
|
ssh: expose both hashes
The user may have the data hashed as MD5 or SHA-1, so we should provide
both types for consumption.
|
|
286369a8
|
2014-09-16T02:27:16
|
|
ssh: provide our own types for host key lengths
Instead of using the libssh2 defines, provide our own, which eases usage
as we do not need to check whether libgit2 was built with libssh2 or not.
|
|
0782fc43
|
2014-09-16T01:47:30
|
|
net: use only structs to pass information about cert
Instead of spreading the data in function arguments, some of which
aren't used for ssh and having a struct only for ssh, use a struct for
both, using a common parent to pass to the callback.
|
|
0fef3899
|
2014-09-16T01:25:53
|
|
Merge remote-tracking branch 'upstream/master' into cmn/host-cert-info
|
|
23ca0ad5
|
2014-08-29T21:25:13
|
|
Bring certificate check back to the normal return code
Returning 0 lets the certificate check succeed. An error code is bubbled
up to the user.
|
|
2f5864c5
|
2014-08-29T21:15:36
|
|
ssh: do ssh cert info before asking for credentials
We know the host's key as soon as we connect, so we should perform the
check as soon as we can, before we bother with the user's credentials.
|
|
17491f6e
|
2014-08-29T17:18:23
|
|
transport: always call the certificate check callback
We should let the user decide whether to cancel the connection or not
regardless of whether our checks have decided that the certificate is
fine. We provide our own assessment to the callback to let the user fall
back to our checks if they so desire.
|
|
ec1ce458
|
2014-08-10T17:06:53
|
|
http: send the DER-encoded cert to the callback
Instead of the parsed data, we can ask OpenSSL to give us the
DER-encoded version of the certificate, which the user can then parse
and validate.
|
|
9b940586
|
2014-07-04T12:45:43
|
|
Provide a callback for certificate validation
If the certificate validation fails (or always in the case of ssh),
let the user decide whether to allow the connection.
The data structure passed to the user is the native certificate
information from the underlying implementation, namely OpenSSL or
WinHTTP.
|
|
2dc399a8
|
2014-09-04T16:46:14
|
|
ssh: store error message immediately after a failed agent call
When the call to the agent fails, we must retrieve the error message
just after the function call, as other calls may overwrite it.
As the agent authentication is the only one which has a teardown and
there does not seem to be a way to get the error message from a stored
error number, this tries to introduce some small changes to store the
error from the agent.
Clearing the error at the beginning of the loop lets us know whether the
agent has already set the libgit2 error message and we should skip it,
or if we should set it.
|
|
6a0d2b43
|
2014-08-27T15:09:07
|
|
Merge remote-tracking branch 'upstream/master' into cmn/ssh-retry
|
|
959a93e7
|
2014-07-13T11:50:49
|
|
Silence unused variables warnings
|
|
8baeb8a4
|
2014-07-16T13:03:34
|
|
ssh: Fix unused warning
|
|
d4256ed5
|
2014-07-04T10:00:39
|
|
ssh: provide a factory function for setting ssh paths
git allows you to set which paths to use for the git server programs
when connecting over ssh; and we want to provide something similar.
We do this by providing a factory function which can be set as the
remote's transport callback which will set the given paths upon
creation.
|
|
ae241ae1
|
2014-07-03T20:20:00
|
|
Include libssh2.h before git2.h (transport.h)
|
|
0963716b
|
2014-07-02T12:49:51
|
|
ssh: libssh2_channel_write() behaves like send()
When the stream writing function was written, it assume that
libssh2_channel_write() would always write all of the data to the
wire. This is only true for the first 32k of data, which it tries to
fit into one ssh packet.
Since it can perform short writes, call it in a loop like we do for
send(), advancing the buffer offset.
|
|
ccb85c8f
|
2014-06-25T16:27:43
|
|
ssh: make sure to ask for a username and use the same one
In order to know which authentication methods are supported/allowed by
the ssh server, we need to send a NONE auth request, which needs a
username associated with it.
Most ssh server implementations do not allow switching the username
between authentication attempts, which means we cannot use a dummy
username and then switch. There are two ways around this.
The first is to use a different connection, which an earlier commit
implements, but this increases how long it takes to get set up, and
without knowing the right username, we cannot guarantee that the
list we get in response is the right one.
The second is what's implemented here: if there is no username specified
in the url, ask for it first. We can then ask for the list of auth
methods and use the user's credentials in the same connection.
|
|
d7f962f4
|
2014-06-16T19:30:06
|
|
ssh: request credentials again on authentication failure
Instead of completely giving up on the first failure, ask for
credentials as long as we fail to authenticate.
|
|
b529c5f9
|
2014-06-12T17:19:00
|
|
ssh: propagate the error code from the auth callback
We need to be able to get a GIT_EUSER back through the outermost call.
|
|
22618906
|
2014-06-12T16:09:54
|
|
ssh: detect authentication methods
Before calling the credentials callback, ask the sever which
authentication methods it supports and report that to the user, instead
of simply reporting everything that the transport supports.
In case of an error, we do fall back to listing all of them.
|
|
bc0a6198
|
2014-04-19T15:52:58
|
|
transports: allow the creds callback to say it doesn't exist
Allow the credentials callback to return GIT_PASSTHROUGH to make the
transports code behave as though none was set.
This should make it easier for bindings to behave closer to the C code
when there is no credentials callback set at their level.
|
|
8ec0a552
|
2014-04-18T00:49:07
|
|
Make git_cred_ssh_custom_new() naming more consistent
|
|
478408c0
|
2014-04-17T23:03:44
|
|
Introduce git_cred_ssh_interactive_new()
This allows for keyboard-interactive based SSH authentication
|
|
bd270b70
|
2014-04-18T17:08:10
|
|
cred: tighten username rules
The ssh-specific credentials allow the username to be missing. The idea
being that the ssh transport will then use the username provided in the
url, if it's available. There are two main issues with this.
The credential callback already knows what username was provided by the
url and needs to figure out whether it wants to ask the user for it or
it can reuse it, so passing NULL as the username means the credential
callback is suspicious.
The username provided in the url is not in fact used by the
transport. The only time it even considers it is for the user/pass
credential, which asserts the existence of a username in its
constructor. For the ssh-specific ones, it passes in the username stored
in the credential, which is NULL. The libssh2 macro we use runs strlen()
against this value (which is no different from what we would be doing
ourselves), so we then crash.
As the documentation doesn't suggest to leave out the username, assert
the need for a username in the code, which removes this buggy behavior
and removes implicit state.
git_cred_has_username() becomes a blacklist of credential types that do
not have a username. The only one at the moment is the 'default' one,
which is meant to call up some Microsoft magic.
|
|
300f4412
|
2014-02-25T11:56:11
|
|
- BUGFIX #2133 (@fourplusone) in smart_protocol.c
- added MSVC cmake definitions to disable warnings
- general.c is rewritten so it is ansi-c compatible and compiles ok on microsoft windows
- some MSVC reported warning fixes
|
|
ee7040fd
|
2013-11-20T14:11:44
|
|
ssh: add support for ssh-agent authentication
|
|
ac72051a
|
2013-11-04T19:09:30
|
|
Fix ssh.c compile
|
|
c227c173
|
2013-11-04T11:42:14
|
|
Use http_parser_parse_url to parse urls
|
|
048f837b
|
2013-10-31T13:30:22
|
|
Prevent another segfault from bad URL
|
|
70a8c78f
|
2013-10-23T12:08:54
|
|
Rename the ssh credentials
The names from libssh2 are somewhat obtuse for us. We can simplify the
usual key/passphrase credential's name, as well as make clearer what the
custom signature function is.
|
|
2648dc1a
|
2013-10-21T11:03:31
|
|
Allowed credential types should be a bitfield
|
|
eec4dcc3
|
2013-08-09T13:14:19
|
|
Whitespace.
|
|
b622aabe
|
2013-08-09T13:14:06
|
|
Add a wrapper to provide the libssh2 error message
|
|
b345026b
|
2013-09-10T05:16:52
|
|
Test for repo before removing leading colon
|
|
fbabe855
|
2013-09-08T14:11:08
|
|
Trim leading colon from ssh repository path
|
|
c87bf86c
|
2013-08-14T10:58:02
|
|
Commit 7affc2f7 removed var initialization
That commit accidentally removed the initialization of the "start"
variable giving undefined results for the host extraction from the
url input.
|
|
7affc2f7
|
2013-08-11T23:30:47
|
|
Include username in each credential type
Key-based authentication also needs an username, so include it in each
one.
Also stop assuming a default username of "git" in the ssh transport
which has no business making such a decision.
|
|
c2de6b1a
|
2013-07-10T10:21:24
|
|
Bring SSH error reporting up to base standards
The SSH error checking and reporting could still be further
improved by using the libssh2 native methods to get error info,
but at least this ensures that all error codes are checked and
translated into libgit2 error messages.
|
|
68bc49a1
|
2013-07-10T09:20:46
|
|
Merge branch 'ssh-cred-fix' of tiennou/libgit2
Conflicts:
src/transports/ssh.c
|
|
08bf80fa
|
2013-07-10T10:29:32
|
|
Tab indent.
|
|
367c1903
|
2013-07-10T10:29:09
|
|
Add some missing error messages.
|
|
a3c062db
|
2013-07-09T09:58:33
|
|
Make SSH APIs present even without SSH support
The SSH APIs will just return an error code and state that the
library was built without SSH support if they are called in
that case.
|
|
f6bd0863
|
2013-07-03T22:02:44
|
|
Fix a probable leak.
|
|
219f318c
|
2013-07-03T22:02:29
|
|
Fix a crash if git_remote_set_cred_acquire_cb wasn't called before connecting.
Fixes #1700.
|
|
84ac625d
|
2013-05-15T12:51:40
|
|
Added GITERR_CHECK_ALLOC
|
|
b54ed3ef
|
2013-05-15T12:41:16
|
|
Added error check
|
|
22011b33
|
2013-05-15T12:38:40
|
|
Cleanup
|
|
ce6d50b9
|
2013-05-09T17:37:42
|
|
Changed to use libssh2_channel_exec
|
|
05f58131
|
2013-05-09T17:36:27
|
|
Renaming
|
|
574b86b7
|
2013-05-07T13:53:23
|
|
Fixed compilation issues when libssh2 is missing
|
|
c36565c0
|
2013-05-07T13:43:10
|
|
Added SSH public key authentication
|
|
7621519f
|
2013-05-05T14:46:28
|
|
Cleanup
|
|
67a7136c
|
2013-05-05T14:24:47
|
|
Renaming
|
|
3eed595e
|
2013-05-05T14:24:05
|
|
Refactoring
|
|
d9766959
|
2013-05-05T14:05:03
|
|
Cleanup
|
|
c0cef9e0
|
2013-05-05T13:58:18
|
|
Added username and password auth for ssh
|
|
7261d983
|
2013-05-05T13:36:11
|
|
Added support for ssh:// urls
|
|
120b0122
|
2013-05-05T09:03:49
|
|
Refactoring
|
|
22595b84
|
2013-05-05T08:43:58
|
|
Added ssh stream cleanup
|
|
58ba0a4e
|
2013-05-05T08:34:56
|
|
Cleanup
|
|
f7158cd7
|
2013-05-03T16:31:16
|
|
Push working over ssh
|
|
d04c3840
|
2013-05-03T14:53:23
|
|
Adding ssh transport logic
|
|
8ae55d94
|
2013-05-03T10:53:59
|
|
Renaming
|
|
297758dc
|
2013-05-03T10:37:33
|
|
Added ssh transport file
|