kmx git

Commit	Date	Message
142e5379	2015-03-17T12:49:33	Add a custom param to git_smart_subtransport_definition The smart transport has already take the payload param. For the sub transport a payload param is useful for the implementer.
4fd4341f	2014-11-02T10:52:03	ssh: use socket_stream to perform the connection Having an ssh stream would require extra work for stream capabilities we don't need anywhere else (oob auth and command execution) so for now let's move away from the gitno connection to use socket_stream. We can introduce an ssh stream interface if and as we need it.
bc42479a	2014-10-13T15:43:03	Cleanup memory leak in ssh transport
369b0217	2014-10-13T13:34:15	Clean up various compiler warnings
e6e834a1	2014-09-18T12:23:07	Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth <email@cs-ware.de>
1e0aa105	2014-09-16T03:22:09	ssh: expose both hashes The user may have the data hashed as MD5 or SHA-1, so we should provide both types for consumption.
286369a8	2014-09-16T02:27:16	ssh: provide our own types for host key lengths Instead of using the libssh2 defines, provide our own, which eases usage as we do not need to check whether libgit2 was built with libssh2 or not.
0782fc43	2014-09-16T01:47:30	net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.
0fef3899	2014-09-16T01:25:53	Merge remote-tracking branch 'upstream/master' into cmn/host-cert-info
23ca0ad5	2014-08-29T21:25:13	Bring certificate check back to the normal return code Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.
2f5864c5	2014-08-29T21:15:36	ssh: do ssh cert info before asking for credentials We know the host's key as soon as we connect, so we should perform the check as soon as we can, before we bother with the user's credentials.
17491f6e	2014-08-29T17:18:23	transport: always call the certificate check callback We should let the user decide whether to cancel the connection or not regardless of whether our checks have decided that the certificate is fine. We provide our own assessment to the callback to let the user fall back to our checks if they so desire.
ec1ce458	2014-08-10T17:06:53	http: send the DER-encoded cert to the callback Instead of the parsed data, we can ask OpenSSL to give us the DER-encoded version of the certificate, which the user can then parse and validate.
9b940586	2014-07-04T12:45:43	Provide a callback for certificate validation If the certificate validation fails (or always in the case of ssh), let the user decide whether to allow the connection. The data structure passed to the user is the native certificate information from the underlying implementation, namely OpenSSL or WinHTTP.
2dc399a8	2014-09-04T16:46:14	ssh: store error message immediately after a failed agent call When the call to the agent fails, we must retrieve the error message just after the function call, as other calls may overwrite it. As the agent authentication is the only one which has a teardown and there does not seem to be a way to get the error message from a stored error number, this tries to introduce some small changes to store the error from the agent. Clearing the error at the beginning of the loop lets us know whether the agent has already set the libgit2 error message and we should skip it, or if we should set it.
6a0d2b43	2014-08-27T15:09:07	Merge remote-tracking branch 'upstream/master' into cmn/ssh-retry
959a93e7	2014-07-13T11:50:49	Silence unused variables warnings
8baeb8a4	2014-07-16T13:03:34	ssh: Fix unused warning
d4256ed5	2014-07-04T10:00:39	ssh: provide a factory function for setting ssh paths git allows you to set which paths to use for the git server programs when connecting over ssh; and we want to provide something similar. We do this by providing a factory function which can be set as the remote's transport callback which will set the given paths upon creation.
ae241ae1	2014-07-03T20:20:00	Include libssh2.h before git2.h (transport.h)
0963716b	2014-07-02T12:49:51	ssh: libssh2_channel_write() behaves like send() When the stream writing function was written, it assume that libssh2_channel_write() would always write all of the data to the wire. This is only true for the first 32k of data, which it tries to fit into one ssh packet. Since it can perform short writes, call it in a loop like we do for send(), advancing the buffer offset.
ccb85c8f	2014-06-25T16:27:43	ssh: make sure to ask for a username and use the same one In order to know which authentication methods are supported/allowed by the ssh server, we need to send a NONE auth request, which needs a username associated with it. Most ssh server implementations do not allow switching the username between authentication attempts, which means we cannot use a dummy username and then switch. There are two ways around this. The first is to use a different connection, which an earlier commit implements, but this increases how long it takes to get set up, and without knowing the right username, we cannot guarantee that the list we get in response is the right one. The second is what's implemented here: if there is no username specified in the url, ask for it first. We can then ask for the list of auth methods and use the user's credentials in the same connection.
d7f962f4	2014-06-16T19:30:06	ssh: request credentials again on authentication failure Instead of completely giving up on the first failure, ask for credentials as long as we fail to authenticate.
b529c5f9	2014-06-12T17:19:00	ssh: propagate the error code from the auth callback We need to be able to get a GIT_EUSER back through the outermost call.
22618906	2014-06-12T16:09:54	ssh: detect authentication methods Before calling the credentials callback, ask the sever which authentication methods it supports and report that to the user, instead of simply reporting everything that the transport supports. In case of an error, we do fall back to listing all of them.
bc0a6198	2014-04-19T15:52:58	transports: allow the creds callback to say it doesn't exist Allow the credentials callback to return GIT_PASSTHROUGH to make the transports code behave as though none was set. This should make it easier for bindings to behave closer to the C code when there is no credentials callback set at their level.
8ec0a552	2014-04-18T00:49:07	Make git_cred_ssh_custom_new() naming more consistent
478408c0	2014-04-17T23:03:44	Introduce git_cred_ssh_interactive_new() This allows for keyboard-interactive based SSH authentication
bd270b70	2014-04-18T17:08:10	cred: tighten username rules The ssh-specific credentials allow the username to be missing. The idea being that the ssh transport will then use the username provided in the url, if it's available. There are two main issues with this. The credential callback already knows what username was provided by the url and needs to figure out whether it wants to ask the user for it or it can reuse it, so passing NULL as the username means the credential callback is suspicious. The username provided in the url is not in fact used by the transport. The only time it even considers it is for the user/pass credential, which asserts the existence of a username in its constructor. For the ssh-specific ones, it passes in the username stored in the credential, which is NULL. The libssh2 macro we use runs strlen() against this value (which is no different from what we would be doing ourselves), so we then crash. As the documentation doesn't suggest to leave out the username, assert the need for a username in the code, which removes this buggy behavior and removes implicit state. git_cred_has_username() becomes a blacklist of credential types that do not have a username. The only one at the moment is the 'default' one, which is meant to call up some Microsoft magic.
300f4412	2014-02-25T11:56:11	- BUGFIX #2133 (@fourplusone) in smart_protocol.c - added MSVC cmake definitions to disable warnings - general.c is rewritten so it is ansi-c compatible and compiles ok on microsoft windows - some MSVC reported warning fixes
ee7040fd	2013-11-20T14:11:44	ssh: add support for ssh-agent authentication
ac72051a	2013-11-04T19:09:30	Fix ssh.c compile
c227c173	2013-11-04T11:42:14	Use http_parser_parse_url to parse urls
048f837b	2013-10-31T13:30:22	Prevent another segfault from bad URL
70a8c78f	2013-10-23T12:08:54	Rename the ssh credentials The names from libssh2 are somewhat obtuse for us. We can simplify the usual key/passphrase credential's name, as well as make clearer what the custom signature function is.
2648dc1a	2013-10-21T11:03:31	Allowed credential types should be a bitfield
eec4dcc3	2013-08-09T13:14:19	Whitespace.
b622aabe	2013-08-09T13:14:06	Add a wrapper to provide the libssh2 error message
b345026b	2013-09-10T05:16:52	Test for repo before removing leading colon
fbabe855	2013-09-08T14:11:08	Trim leading colon from ssh repository path
c87bf86c	2013-08-14T10:58:02	Commit 7affc2f7 removed var initialization That commit accidentally removed the initialization of the "start" variable giving undefined results for the host extraction from the url input.
7affc2f7	2013-08-11T23:30:47	Include username in each credential type Key-based authentication also needs an username, so include it in each one. Also stop assuming a default username of "git" in the ssh transport which has no business making such a decision.
c2de6b1a	2013-07-10T10:21:24	Bring SSH error reporting up to base standards The SSH error checking and reporting could still be further improved by using the libssh2 native methods to get error info, but at least this ensures that all error codes are checked and translated into libgit2 error messages.
68bc49a1	2013-07-10T09:20:46	Merge branch 'ssh-cred-fix' of tiennou/libgit2 Conflicts: src/transports/ssh.c
08bf80fa	2013-07-10T10:29:32	Tab indent.
367c1903	2013-07-10T10:29:09	Add some missing error messages.
a3c062db	2013-07-09T09:58:33	Make SSH APIs present even without SSH support The SSH APIs will just return an error code and state that the library was built without SSH support if they are called in that case.
f6bd0863	2013-07-03T22:02:44	Fix a probable leak.
219f318c	2013-07-03T22:02:29	Fix a crash if git_remote_set_cred_acquire_cb wasn't called before connecting. Fixes #1700.
84ac625d	2013-05-15T12:51:40	Added GITERR_CHECK_ALLOC
b54ed3ef	2013-05-15T12:41:16	Added error check
22011b33	2013-05-15T12:38:40	Cleanup
ce6d50b9	2013-05-09T17:37:42	Changed to use libssh2_channel_exec
05f58131	2013-05-09T17:36:27	Renaming
574b86b7	2013-05-07T13:53:23	Fixed compilation issues when libssh2 is missing
c36565c0	2013-05-07T13:43:10	Added SSH public key authentication
7621519f	2013-05-05T14:46:28	Cleanup
67a7136c	2013-05-05T14:24:47	Renaming
3eed595e	2013-05-05T14:24:05	Refactoring
d9766959	2013-05-05T14:05:03	Cleanup
c0cef9e0	2013-05-05T13:58:18	Added username and password auth for ssh
7261d983	2013-05-05T13:36:11	Added support for ssh:// urls
120b0122	2013-05-05T09:03:49	Refactoring
22595b84	2013-05-05T08:43:58	Added ssh stream cleanup
58ba0a4e	2013-05-05T08:34:56	Cleanup
f7158cd7	2013-05-03T16:31:16	Push working over ssh
d04c3840	2013-05-03T14:53:23	Adding ssh transport logic
8ae55d94	2013-05-03T10:53:59	Renaming
297758dc	2013-05-03T10:37:33	Added ssh transport file

142e5379

2015-03-17T12:49:33

Add a custom param to git_smart_subtransport_definition The smart transport has already take the payload param. For the sub transport a payload param is useful for the implementer.

4fd4341f

2014-11-02T10:52:03

ssh: use socket_stream to perform the connection Having an ssh stream would require extra work for stream capabilities we don't need anywhere else (oob auth and command execution) so for now let's move away from the gitno connection to use socket_stream. We can introduce an ssh stream interface if and as we need it.

bc42479a

2014-10-13T15:43:03

Cleanup memory leak in ssh transport

369b0217

2014-10-13T13:34:15

Clean up various compiler warnings

e6e834a1

2014-09-18T12:23:07

Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth <email@cs-ware.de>

1e0aa105

2014-09-16T03:22:09

ssh: expose both hashes The user may have the data hashed as MD5 or SHA-1, so we should provide both types for consumption.

286369a8

2014-09-16T02:27:16

ssh: provide our own types for host key lengths Instead of using the libssh2 defines, provide our own, which eases usage as we do not need to check whether libgit2 was built with libssh2 or not.

0782fc43

2014-09-16T01:47:30

net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.

0fef3899

2014-09-16T01:25:53

Merge remote-tracking branch 'upstream/master' into cmn/host-cert-info

23ca0ad5

2014-08-29T21:25:13

Bring certificate check back to the normal return code Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.

2f5864c5

2014-08-29T21:15:36

ssh: do ssh cert info before asking for credentials We know the host's key as soon as we connect, so we should perform the check as soon as we can, before we bother with the user's credentials.

17491f6e

2014-08-29T17:18:23

transport: always call the certificate check callback We should let the user decide whether to cancel the connection or not regardless of whether our checks have decided that the certificate is fine. We provide our own assessment to the callback to let the user fall back to our checks if they so desire.

ec1ce458

2014-08-10T17:06:53

http: send the DER-encoded cert to the callback Instead of the parsed data, we can ask OpenSSL to give us the DER-encoded version of the certificate, which the user can then parse and validate.

9b940586

2014-07-04T12:45:43

Provide a callback for certificate validation If the certificate validation fails (or always in the case of ssh), let the user decide whether to allow the connection. The data structure passed to the user is the native certificate information from the underlying implementation, namely OpenSSL or WinHTTP.

2dc399a8

2014-09-04T16:46:14

ssh: store error message immediately after a failed agent call When the call to the agent fails, we must retrieve the error message just after the function call, as other calls may overwrite it. As the agent authentication is the only one which has a teardown and there does not seem to be a way to get the error message from a stored error number, this tries to introduce some small changes to store the error from the agent. Clearing the error at the beginning of the loop lets us know whether the agent has already set the libgit2 error message and we should skip it, or if we should set it.

6a0d2b43

2014-08-27T15:09:07

Merge remote-tracking branch 'upstream/master' into cmn/ssh-retry

959a93e7

2014-07-13T11:50:49

Silence unused variables warnings

8baeb8a4

2014-07-16T13:03:34

ssh: Fix unused warning

d4256ed5

2014-07-04T10:00:39

ssh: provide a factory function for setting ssh paths git allows you to set which paths to use for the git server programs when connecting over ssh; and we want to provide something similar. We do this by providing a factory function which can be set as the remote's transport callback which will set the given paths upon creation.

ae241ae1

2014-07-03T20:20:00

Include libssh2.h before git2.h (transport.h)

0963716b

2014-07-02T12:49:51

ssh: libssh2_channel_write() behaves like send() When the stream writing function was written, it assume that libssh2_channel_write() would always write all of the data to the wire. This is only true for the first 32k of data, which it tries to fit into one ssh packet. Since it can perform short writes, call it in a loop like we do for send(), advancing the buffer offset.

ccb85c8f

2014-06-25T16:27:43

ssh: make sure to ask for a username and use the same one In order to know which authentication methods are supported/allowed by the ssh server, we need to send a NONE auth request, which needs a username associated with it. Most ssh server implementations do not allow switching the username between authentication attempts, which means we cannot use a dummy username and then switch. There are two ways around this. The first is to use a different connection, which an earlier commit implements, but this increases how long it takes to get set up, and without knowing the right username, we cannot guarantee that the list we get in response is the right one. The second is what's implemented here: if there is no username specified in the url, ask for it first. We can then ask for the list of auth methods and use the user's credentials in the same connection.

d7f962f4

2014-06-16T19:30:06

ssh: request credentials again on authentication failure Instead of completely giving up on the first failure, ask for credentials as long as we fail to authenticate.

b529c5f9

2014-06-12T17:19:00

ssh: propagate the error code from the auth callback We need to be able to get a GIT_EUSER back through the outermost call.

22618906

2014-06-12T16:09:54

ssh: detect authentication methods Before calling the credentials callback, ask the sever which authentication methods it supports and report that to the user, instead of simply reporting everything that the transport supports. In case of an error, we do fall back to listing all of them.

bc0a6198

2014-04-19T15:52:58

transports: allow the creds callback to say it doesn't exist Allow the credentials callback to return GIT_PASSTHROUGH to make the transports code behave as though none was set. This should make it easier for bindings to behave closer to the C code when there is no credentials callback set at their level.

8ec0a552

2014-04-18T00:49:07

Make git_cred_ssh_custom_new() naming more consistent

478408c0

2014-04-17T23:03:44

Introduce git_cred_ssh_interactive_new() This allows for keyboard-interactive based SSH authentication

bd270b70

2014-04-18T17:08:10

cred: tighten username rules The ssh-specific credentials allow the username to be missing. The idea being that the ssh transport will then use the username provided in the url, if it's available. There are two main issues with this. The credential callback already knows what username was provided by the url and needs to figure out whether it wants to ask the user for it or it can reuse it, so passing NULL as the username means the credential callback is suspicious. The username provided in the url is not in fact used by the transport. The only time it even considers it is for the user/pass credential, which asserts the existence of a username in its constructor. For the ssh-specific ones, it passes in the username stored in the credential, which is NULL. The libssh2 macro we use runs strlen() against this value (which is no different from what we would be doing ourselves), so we then crash. As the documentation doesn't suggest to leave out the username, assert the need for a username in the code, which removes this buggy behavior and removes implicit state. git_cred_has_username() becomes a blacklist of credential types that do not have a username. The only one at the moment is the 'default' one, which is meant to call up some Microsoft magic.

300f4412

2014-02-25T11:56:11

- BUGFIX #2133 (@fourplusone) in smart_protocol.c - added MSVC cmake definitions to disable warnings - general.c is rewritten so it is ansi-c compatible and compiles ok on microsoft windows - some MSVC reported warning fixes

ee7040fd

2013-11-20T14:11:44

ssh: add support for ssh-agent authentication

ac72051a

2013-11-04T19:09:30

Fix ssh.c compile

c227c173

2013-11-04T11:42:14

Use http_parser_parse_url to parse urls

048f837b

2013-10-31T13:30:22

Prevent another segfault from bad URL

70a8c78f

2013-10-23T12:08:54

Rename the ssh credentials The names from libssh2 are somewhat obtuse for us. We can simplify the usual key/passphrase credential's name, as well as make clearer what the custom signature function is.

2648dc1a

2013-10-21T11:03:31

Allowed credential types should be a bitfield

eec4dcc3

2013-08-09T13:14:19

Whitespace.

b622aabe

2013-08-09T13:14:06

Add a wrapper to provide the libssh2 error message

b345026b

2013-09-10T05:16:52

Test for repo before removing leading colon

fbabe855

2013-09-08T14:11:08

Trim leading colon from ssh repository path

c87bf86c

2013-08-14T10:58:02

Commit 7affc2f7 removed var initialization That commit accidentally removed the initialization of the "start" variable giving undefined results for the host extraction from the url input.

7affc2f7

2013-08-11T23:30:47

Include username in each credential type Key-based authentication also needs an username, so include it in each one. Also stop assuming a default username of "git" in the ssh transport which has no business making such a decision.

c2de6b1a

2013-07-10T10:21:24

Bring SSH error reporting up to base standards The SSH error checking and reporting could still be further improved by using the libssh2 native methods to get error info, but at least this ensures that all error codes are checked and translated into libgit2 error messages.

68bc49a1

2013-07-10T09:20:46

Merge branch 'ssh-cred-fix' of tiennou/libgit2 Conflicts: src/transports/ssh.c

08bf80fa

2013-07-10T10:29:32

Tab indent.

367c1903

2013-07-10T10:29:09

Add some missing error messages.

a3c062db

2013-07-09T09:58:33

Make SSH APIs present even without SSH support The SSH APIs will just return an error code and state that the library was built without SSH support if they are called in that case.

f6bd0863

2013-07-03T22:02:44

Fix a probable leak.

219f318c

2013-07-03T22:02:29

Fix a crash if git_remote_set_cred_acquire_cb wasn't called before connecting. Fixes #1700.

84ac625d

2013-05-15T12:51:40

Added GITERR_CHECK_ALLOC

b54ed3ef

2013-05-15T12:41:16

Added error check

22011b33

2013-05-15T12:38:40

Cleanup

ce6d50b9

2013-05-09T17:37:42

Changed to use libssh2_channel_exec

05f58131

2013-05-09T17:36:27

Renaming

574b86b7

2013-05-07T13:53:23

Fixed compilation issues when libssh2 is missing

c36565c0

2013-05-07T13:43:10

Added SSH public key authentication

7621519f

2013-05-05T14:46:28

Cleanup

67a7136c

2013-05-05T14:24:47

Renaming

3eed595e

2013-05-05T14:24:05

Refactoring

d9766959

2013-05-05T14:05:03

Cleanup

c0cef9e0

2013-05-05T13:58:18

Added username and password auth for ssh

7261d983

2013-05-05T13:36:11

Added support for ssh:// urls

120b0122

2013-05-05T09:03:49

Refactoring

22595b84

2013-05-05T08:43:58

Added ssh stream cleanup

58ba0a4e

2013-05-05T08:34:56

Cleanup

f7158cd7

2013-05-03T16:31:16

Push working over ssh

d04c3840

2013-05-03T14:53:23

Adding ssh transport logic

8ae55d94

2013-05-03T10:53:59

Renaming

297758dc

2013-05-03T10:37:33

Added ssh transport file

thodg/libgit2/src/transports/ssh.c

src/transports/ssh.c

Log