|
f1453c59
|
2015-02-12T12:19:37
|
|
Make our overflow check look more like gcc/clang's
Make our overflow checking look more like gcc and clang's, so that
we can substitute it out with the compiler instrinsics on platforms
that support it. This means dropping the ability to pass `NULL` as
an out parameter.
As a result, the macros also get updated to reflect this as well.
|
|
ec3b4d35
|
2015-02-11T11:20:05
|
|
Use `size_t` to hold size of arrays
Use `size_t` to hold the size of arrays to ease overflow checking,
lest we check for overflow of a `size_t` then promptly truncate
by packing the length into a smaller type.
|
|
4aa664ae
|
2015-02-10T23:55:07
|
|
git_buf_grow_by: increase buf asize incrementally
Introduce `git_buf_grow_by` to incrementally increase the size of a
`git_buf`, performing an overflow calculation on the growth.
|
|
392702ee
|
2015-02-09T23:41:13
|
|
allocations: test for overflow of requested size
Introduce some helper macros to test integer overflow from arithmetic
and set error message appropriately.
|
|
6f73e026
|
2014-12-24T11:42:50
|
|
Plug some leaks
|
|
4fd2bda9
|
2014-12-16T10:25:45
|
|
local: send 'counting objects' output
Pretend we have a git process at the other end by creating a similar
progress output when inserting objects into the packbuilder.
|
|
cd305c2f
|
2014-12-10T11:30:28
|
|
Merge pull request #2678 from libgit2/cmn/io-stream
Introduce stackable IO streams
|
|
a2fd56ab
|
2014-12-10T16:22:50
|
|
Fix a couple of compiler warnings
|
|
1b75c29e
|
2014-11-02T11:17:01
|
|
gitno: remove code which is no longer needed
Most of the network-facing facilities have been copied to the socket and
openssl streams. No code now uses these functions directly anymore, so
we can now remove them.
|
|
4fd4341f
|
2014-11-02T10:52:03
|
|
ssh: use socket_stream to perform the connection
Having an ssh stream would require extra work for stream capabilities we
don't need anywhere else (oob auth and command execution) so for now
let's move away from the gitno connection to use socket_stream.
We can introduce an ssh stream interface if and as we need it.
|
|
b6f5464e
|
2014-11-01T21:35:06
|
|
Port HTTP(S) to the new stream API
|
|
02b4c1e2
|
2014-11-01T16:58:20
|
|
Port the TCP transport to the new stream API
|
|
ad2bf40a
|
2014-12-08T17:31:34
|
|
winhttp: plug some leaks
|
|
013924c1
|
2014-12-05T23:44:34
|
|
Merge pull request #2730 from libgit2/cmn/local-push
Adjust the local transport for the common refspec parser
|
|
70d21742
|
2014-12-03T00:41:46
|
|
win32: clear connection data on close
|
|
d5c84f67
|
2014-11-23T21:34:45
|
|
local: adjust to the common refspec parser
We no longer have NULL strings, but empty ones and duplicate the sides
if necessar, so the first check will never do anything.
While in the area, remove unnecessary ifs and early returns.
|
|
f7fcb18f
|
2014-11-23T14:12:54
|
|
Plug leaks
Valgrind is now clean except for libssl and libgcrypt.
|
|
1ca61bdc
|
2014-11-19T20:53:25
|
|
fetch: clear the connection data on close
When we fetch twice with the same remote object, we did not properly
clear the connection flags, so we would leak state from the last
connection.
This can cause the second fetch with the same remote object to fail if
using a HTTP URL where the server redirects to HTTPS, as the second
fetch would see `use_ssl` set and think the initial connection wanted to
downgrade the connection.
|
|
aad638f3
|
2014-11-07T15:00:11
|
|
push: use the common refspec parser
There is one well-known and well-tested parser which we should use,
instead of implementing parsing a second time.
The common parser is also augmented to copy the LHS into the RHS if the
latter is empty.
The expressions test had to change a bit, as we now catch a bad RHS of a
refspec locally.
|
|
334a0696
|
2014-10-26T17:36:14
|
|
Minor cleanup: Use defined no_check_cert_flags instead of C&P them again
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
bc42479a
|
2014-10-13T15:43:03
|
|
Cleanup memory leak in ssh transport
|
|
369b0217
|
2014-10-13T13:34:15
|
|
Clean up various compiler warnings
|
|
e6e834a1
|
2014-09-18T12:23:07
|
|
Provide host name to certificate_check_cb
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
14556cbf
|
2014-09-17T17:13:25
|
|
Merge pull request #2567 from cirosantilli/factor-41
Factor 40 and 41 constants from source.
|
|
4fe5b771
|
2014-09-16T13:35:36
|
|
winhttp: get rid of the cert ignore flag
This brings us back in line with the other transports.
|
|
1e0aa105
|
2014-09-16T03:22:09
|
|
ssh: expose both hashes
The user may have the data hashed as MD5 or SHA-1, so we should provide
both types for consumption.
|
|
286369a8
|
2014-09-16T02:27:16
|
|
ssh: provide our own types for host key lengths
Instead of using the libssh2 defines, provide our own, which eases usage
as we do not need to check whether libgit2 was built with libssh2 or not.
|
|
0782fc43
|
2014-09-16T01:47:30
|
|
net: use only structs to pass information about cert
Instead of spreading the data in function arguments, some of which
aren't used for ssh and having a struct only for ssh, use a struct for
both, using a common parent to pass to the callback.
|
|
0fef3899
|
2014-09-16T01:25:53
|
|
Merge remote-tracking branch 'upstream/master' into cmn/host-cert-info
|
|
41698f22
|
2014-09-11T10:04:05
|
|
net: remove support for outright ignoring certificates
This option make it easy to ignore anything about the server we're
connecting to, which is bad security practice. This was necessary as we
didn't use to expose detailed information about the certificate, but now
that we do, we should get rid of this.
If the user wants to ignore everything, they can still provide a
callback which ignores all the information passed.
|
|
7c8acc54
|
2014-08-30T14:26:57
|
|
winhttp: set ignore security flags on user command
If the user returns 0 from the certificate check and we had certificate issues, set the options to ignore certificate errors and resend the request.
|
|
67c84e06
|
2014-08-30T14:04:57
|
|
winhttp: bring together request sending
We need to call WinHttpSendRequest() in three different places. Unify all in a single function to have a single place for the certificate check.
|
|
5f2cf732
|
2014-08-30T13:12:33
|
|
winhttp: only do certificate check for SSL
If we're not using SSL, don't call the user's certificate check callback.
|
|
08545d36
|
2014-08-30T00:40:37
|
|
winhttp: credential check on successful connect
On successful connection, still ask the user whether they accept the server's certificate, indicating that WinHTTP would let it though.
|
|
23ca0ad5
|
2014-08-29T21:25:13
|
|
Bring certificate check back to the normal return code
Returning 0 lets the certificate check succeed. An error code is bubbled
up to the user.
|
|
2f5864c5
|
2014-08-29T21:15:36
|
|
ssh: do ssh cert info before asking for credentials
We know the host's key as soon as we connect, so we should perform the
check as soon as we can, before we bother with the user's credentials.
|
|
17491f6e
|
2014-08-29T17:18:23
|
|
transport: always call the certificate check callback
We should let the user decide whether to cancel the connection or not
regardless of whether our checks have decided that the certificate is
fine. We provide our own assessment to the callback to let the user fall
back to our checks if they so desire.
|
|
ec1ce458
|
2014-08-10T17:06:53
|
|
http: send the DER-encoded cert to the callback
Instead of the parsed data, we can ask OpenSSL to give us the
DER-encoded version of the certificate, which the user can then parse
and validate.
|
|
9b940586
|
2014-07-04T12:45:43
|
|
Provide a callback for certificate validation
If the certificate validation fails (or always in the case of ssh),
let the user decide whether to allow the connection.
The data structure passed to the user is the native certificate
information from the underlying implementation, namely OpenSSL or
WinHTTP.
|
|
3b2cb2c9
|
2014-09-16T11:49:25
|
|
Factor 40 and 41 constants from source.
|
|
2dc399a8
|
2014-09-04T16:46:14
|
|
ssh: store error message immediately after a failed agent call
When the call to the agent fails, we must retrieve the error message
just after the function call, as other calls may overwrite it.
As the agent authentication is the only one which has a teardown and
there does not seem to be a way to get the error message from a stored
error number, this tries to introduce some small changes to store the
error from the agent.
Clearing the error at the beginning of the loop lets us know whether the
agent has already set the libgit2 error message and we should skip it,
or if we should set it.
|
|
5cd81bb3
|
2014-09-03T01:01:25
|
|
Several CppCat warnings fixed
|
|
69db8934
|
2014-08-27T19:19:55
|
|
Merge pull request #2538 from libgit2/ntk/propagate_url_parsing_error
winhttp: Prevent swallowing of url parsing error
|
|
893cfe06
|
2014-08-27T19:18:46
|
|
Merge pull request #2502 from rnowosielski/remote_set_timeout
Set timeout on remote (Add timeout for WinHttpReceiveResponse #2147)
|
|
f0c53d21
|
2014-08-27T10:28:46
|
|
winhttp: Prevent swallowing of url parsing error
|
|
6a0d2b43
|
2014-08-27T15:09:07
|
|
Merge remote-tracking branch 'upstream/master' into cmn/ssh-retry
|
|
86d0a53c
|
2014-08-27T01:30:47
|
|
Set timeout on remote (WinHTTP) should return error in case of failure. Connection timeout set to 1 minute. Read/Write timeout remains set to infinite #2147
|
|
2db71194
|
2014-07-24T04:15:24
|
|
Set timeout on remote (WinHTTP) to infinite #2147
|
|
294c6f29
|
2014-08-16T22:12:13
|
|
http: make sure we can consume the data we request
The recv buffer (parse_buffer) and the buffer have independent sizes and
offsets. We try to fill in parse_buffer as much as possible before
passing it to the http parser. This is fine most of the time, but fails
us when the buffer is almost full.
In those situations, parse_buffer can have more data than we would be
able to put into the buffer (which may be getting full if we're towards
the end of a data sideband packet).
To work around this, we check if the space we have left on our buffer is
smaller than what could come from the network. If this happens, we make
parse_buffer think that it has as much space left as our buffer, so it
won't try to retrieve more data than we can deal with.
As the start of the data may no longer be at the start of the buffer, we
need to keep track of where it really starts (data_offset) and use that
in our calculations for the real size of the data we received from the
network.
This fixes #2518.
|
|
23135afa
|
2014-08-14T11:52:20
|
|
Introduce proper http authentication API
|
|
315cb38e
|
2014-07-31T18:43:20
|
|
Add GSSAPI support for SPNEGO/Kerberos auth over HTTP
|
|
e003f83a
|
2014-07-31T15:14:56
|
|
Introduce git_buf_decode_base64
Decode base64-encoded text into a git_buf
|
|
40867266
|
2014-07-31T18:39:58
|
|
Perform HTTP keep-alive
|
|
c180c065
|
2014-07-09T17:58:39
|
|
Custom transport: minor cleanups
* Move the transport registration mechanisms into a new header under
'sys/' because this is advanced stuff.
* Remove the 'priority' argument from the registration as it adds
unnecessary complexity. (Since transports cannot decline to operate,
only the highest priority transport is ever executed.) Users who
require per-priority transports can implement that in their custom
transport themselves.
* Simplify registration further by taking a scheme (eg "http") instead
of a prefix (eg "http://").
|
|
c983604e
|
2014-07-12T14:44:21
|
|
Consistently use p_snprintf
|
|
d07fd442
|
2014-07-12T14:37:39
|
|
Define WINHTTP_IGNORE_REQUEST_TOTAL_LENGTH if not defined
|
|
959a93e7
|
2014-07-13T11:50:49
|
|
Silence unused variables warnings
|
|
8baeb8a4
|
2014-07-16T13:03:34
|
|
ssh: Fix unused warning
|
|
d4256ed5
|
2014-07-04T10:00:39
|
|
ssh: provide a factory function for setting ssh paths
git allows you to set which paths to use for the git server programs
when connecting over ssh; and we want to provide something similar.
We do this by providing a factory function which can be set as the
remote's transport callback which will set the given paths upon
creation.
|
|
ae241ae1
|
2014-07-03T20:20:00
|
|
Include libssh2.h before git2.h (transport.h)
|
|
de3cf801
|
2014-07-02T15:28:24
|
|
Merge pull request #2456 from libgit2/cmn/ssh-send-everything
ssh: libssh2_channel_write() behaves like send()
|
|
0963716b
|
2014-07-02T12:49:51
|
|
ssh: libssh2_channel_write() behaves like send()
When the stream writing function was written, it assume that
libssh2_channel_write() would always write all of the data to the
wire. This is only true for the first 32k of data, which it tries to
fit into one ssh packet.
Since it can perform short writes, call it in a loop like we do for
send(), advancing the buffer offset.
|
|
bc8a0886
|
2014-06-27T11:51:35
|
|
Fix assert when receiving uncommon sideband packet
|
|
ccb85c8f
|
2014-06-25T16:27:43
|
|
ssh: make sure to ask for a username and use the same one
In order to know which authentication methods are supported/allowed by
the ssh server, we need to send a NONE auth request, which needs a
username associated with it.
Most ssh server implementations do not allow switching the username
between authentication attempts, which means we cannot use a dummy
username and then switch. There are two ways around this.
The first is to use a different connection, which an earlier commit
implements, but this increases how long it takes to get set up, and
without knowing the right username, we cannot guarantee that the
list we get in response is the right one.
The second is what's implemented here: if there is no username specified
in the url, ask for it first. We can then ask for the list of auth
methods and use the user's credentials in the same connection.
|
|
d1c281a5
|
2014-06-25T16:24:26
|
|
cred: add convenience function to get the username
Since each cred defines the username on their own, introduce
git_cred__username to retrieve the username pointer from them.
|
|
54da6958
|
2014-06-25T15:41:01
|
|
cred: introduce username-only cred
This exists as ssh needs to know about the username to use before it can
query for the supported authentication methods.
|
|
d7f962f4
|
2014-06-16T19:30:06
|
|
ssh: request credentials again on authentication failure
Instead of completely giving up on the first failure, ask for
credentials as long as we fail to authenticate.
|
|
b529c5f9
|
2014-06-12T17:19:00
|
|
ssh: propagate the error code from the auth callback
We need to be able to get a GIT_EUSER back through the outermost call.
|
|
22618906
|
2014-06-12T16:09:54
|
|
ssh: detect authentication methods
Before calling the credentials callback, ask the sever which
authentication methods it supports and report that to the user, instead
of simply reporting everything that the transport supports.
In case of an error, we do fall back to listing all of them.
|
|
9c3e4e97
|
2014-06-13T02:35:33
|
|
http: fix typo in credentials logic
We want to check whether the credentials callback is NULL, not whether
the payload is.
|
|
18d7896c
|
2014-06-03T21:47:53
|
|
clone: re-use the local transport's path resolution
Whe already worked out the kinks with the function used in the local
transport. Expose it and make use of it in the local clone method
instead of trying to work it out again.
|
|
9331f98a
|
2014-05-22T12:52:31
|
|
smart: initialize the error variable
|
|
4c4408c3
|
2014-05-22T12:28:39
|
|
Plug leaks and fix a C99-ism
We have too many places where we repeat free code, so when adding the
new free to the generic code, it didn't take for the local transport.
While there, fix a C99-ism that sneaked through.
|
|
a5982644
|
2014-05-22T02:28:42
|
|
Merge pull request #2376 from libgit2/cmn/remote-symref
Add support for the symref extension
|
|
04865aa0
|
2014-05-21T10:01:44
|
|
local transport: expose the symref data
When using the local transport, we always have the symbolic information
available, so fill it.
|
|
306475eb
|
2014-05-20T09:55:26
|
|
remote: expose the remote's symref mappings
Add a symref_target field to git_remote_head to expose the symref
mappings to the user.
|
|
8156835d
|
2014-05-20T09:29:39
|
|
smart: store reported symrefs
The protocol has a capability which allows the server to tell us which
refs are symrefs, so we can e.g. know which is the default branch.
This capability is different from the ones we already support, as it's
not setting a flag to true, but requires us to store a list of
refspec-formatted mappings.
This commit does not yet expose the information in the reference
listing.
|
|
ac11219b
|
2014-05-19T16:54:19
|
|
smart: send a flush when we disconnect
The git server wants to hear a flush from us when we disconnect,
particularly when we want to perform a fetch but are up to date.
|
|
8443ed6c
|
2014-04-25T02:10:19
|
|
Merge pull request #2284 from jacquesg/push-progress-callback
Fire progress and update tips callbacks also for pushes.
|
|
5ca410b9
|
2014-04-23T07:13:49
|
|
Merge pull request #2283 from phkelley/win32_fs
Win32: UTF-8 <-> WCHAR conversion overhaul
|
|
bc0a6198
|
2014-04-19T15:52:58
|
|
transports: allow the creds callback to say it doesn't exist
Allow the credentials callback to return GIT_PASSTHROUGH to make the
transports code behave as though none was set.
This should make it easier for bindings to behave closer to the C code
when there is no credentials callback set at their level.
|
|
8b686b31
|
2014-04-21T15:25:19
|
|
Correct argument order of git__calloc()
|
|
48e60ae7
|
2014-04-21T11:23:29
|
|
Don't redefine the same callback types, their signatures may change
|
|
98020d3a
|
2014-04-21T10:55:37
|
|
Rename progress callback to sideband_progress
|
|
4f62163e
|
2014-04-20T22:06:05
|
|
Check the return codes of remote callbacks.
The user may have requested that the operation be cancelled.
|
|
9effa2fb
|
2014-04-20T19:19:13
|
|
Fire progress callbacks also for pushes.
It's not very useful to only know that a pre-receive hook has declined
a push, you probably want to know why.
|
|
c2c81615
|
2014-04-19T18:05:31
|
|
Win32: UTF-8 <-> WCHAR conversion overhaul
|
|
a622ff17
|
2014-04-18T20:05:28
|
|
Only zero sensitive information on destruction (and memory actually allocated by us)
|
|
8ec0a552
|
2014-04-18T00:49:07
|
|
Make git_cred_ssh_custom_new() naming more consistent
|
|
478408c0
|
2014-04-17T23:03:44
|
|
Introduce git_cred_ssh_interactive_new()
This allows for keyboard-interactive based SSH authentication
|
|
bd270b70
|
2014-04-18T17:08:10
|
|
cred: tighten username rules
The ssh-specific credentials allow the username to be missing. The idea
being that the ssh transport will then use the username provided in the
url, if it's available. There are two main issues with this.
The credential callback already knows what username was provided by the
url and needs to figure out whether it wants to ask the user for it or
it can reuse it, so passing NULL as the username means the credential
callback is suspicious.
The username provided in the url is not in fact used by the
transport. The only time it even considers it is for the user/pass
credential, which asserts the existence of a username in its
constructor. For the ssh-specific ones, it passes in the username stored
in the credential, which is NULL. The libssh2 macro we use runs strlen()
against this value (which is no different from what we would be doing
ourselves), so we then crash.
As the documentation doesn't suggest to leave out the username, assert
the need for a username in the code, which removes this buggy behavior
and removes implicit state.
git_cred_has_username() becomes a blacklist of credential types that do
not have a username. The only one at the moment is the 'default' one,
which is meant to call up some Microsoft magic.
|
|
1392418e
|
2014-03-18T09:04:33
|
|
Seamless support for NTLM/Kerberos auth on Windows
|
|
5187b609
|
2014-03-07T14:58:43
|
|
local transport: catch double-opens
Combinations of connect + fetch can call local_open multiple
times. Detect this and skip the initialization stage.
|
|
300f4412
|
2014-02-25T11:56:11
|
|
- BUGFIX #2133 (@fourplusone) in smart_protocol.c
- added MSVC cmake definitions to disable warnings
- general.c is rewritten so it is ansi-c compatible and compiles ok on microsoft windows
- some MSVC reported warning fixes
|
|
8bf476ac
|
2014-01-19T16:24:58
|
|
Factor out code to convert local "url" into a path.
Previously this code was shared between `local_push` and `local_connect`.
|
|
4e974c97
|
2014-01-18T08:02:58
|
|
Fix local push to file:// URL.
|
|
0b28217b
|
2014-01-15T12:51:31
|
|
refs: remove the _with_log differentiation
Any well-behaved program should write a descriptive message to the
reflog whenever it updates a reference. Let's make this more prominent
by removing the version without the reflog parameters.
|
|
9cfce273
|
2013-12-12T12:11:38
|
|
Cleanups, renames, and leak fixes
This renames git_vector_free_all to the better git_vector_free_deep
and also contains a couple of memory leak fixes based on valgrind
checks. The fixes are specifically: failure to free global dir
path variables when not compiled with threading on and failure to
free filters from the filter registry that had not be initialized
fully.
|
|
25e0b157
|
2013-12-06T15:07:57
|
|
Remove converting user error to GIT_EUSER
This changes the behavior of callbacks so that the callback error
code is not converted into GIT_EUSER and instead we propagate the
return value through to the caller. Instead of using the
giterr_capture and giterr_restore functions, we now rely on all
functions to pass back the return value from a callback.
To avoid having a return value with no error message, the user
can call the public giterr_set_str or some such function to set
an error message. There is a new helper 'giterr_set_callback'
that functions can invoke after making a callback which ensures
that some error message was set in case the callback did not set
one.
In places where the sign of the callback return value is
meaningful (e.g. positive to skip, negative to abort), only the
negative values are returned back to the caller, obviously, since
the other values allow for continuing the loop.
The hardest parts of this were in the checkout code where positive
return values were overloaded as meaningful values for checkout.
I fixed this by adding an output parameter to many of the internal
checkout functions and removing the overload. This added some
code, but it is probably a better implementation.
There is some funkiness in the network code where user provided
callbacks could be returning a positive or a negative value and
we want to rely on that to cancel the loop. There are still a
couple places where an user error might get turned into GIT_EUSER
there, I think, though none exercised by the tests.
|
|
dab89f9b
|
2013-12-04T21:22:57
|
|
Further EUSER and error propagation fixes
This continues auditing all the places where GIT_EUSER is being
returned and making sure to clear any existing error using the
new giterr_user_cancel helper. As a result, places that relied
on intercepting GIT_EUSER but having the old error preserved also
needed to be cleaned up to correctly stash and then retrieve the
actual error.
Additionally, as I encountered places where error codes were not
being propagated correctly, I tried to fix them up. A number of
those fixes are included in the this commit as well.
|