/**
* Create credential object from S4 class 'cred_ssh_key'.
*
* @param cred The newly created credential object.
* @param user_from_url The username that was embedded in a "user@host"
* @param allowed_types A bitmask stating which cred types are OK to return.
* @param credentials The S4 class object with credentials.
* @return 0 on success, else -1.
*/
static int git2r_cred_ssh_key(
git_cred **cred,
const char *username_from_url,
unsigned int allowed_types,
SEXP credentials)
{
if (GIT_CREDTYPE_SSH_KEY & allowed_types) {
SEXP slot;
const char *publickey;
const char *privatekey = NULL;
const char *passphrase = NULL;
publickey = CHAR(STRING_ELT(
GET_SLOT(credentials,
Rf_install("publickey")), 0));
privatekey = CHAR(STRING_ELT(
GET_SLOT(credentials,
Rf_install("privatekey")), 0));
slot = GET_SLOT(credentials, Rf_install("passphrase"));
if (length(slot) && (NA_STRING != STRING_ELT(slot, 0)))
passphrase = CHAR(STRING_ELT(slot, 0));
if (git_cred_ssh_key_new(
cred, username_from_url, publickey, privatekey, passphrase))
return -1;
return 0;
}
return -1;
}
int cred_acquire_cb(git_cred **cred, const char *url, const char *username_from_url, unsigned int allowed_types, void *payload)
{
git_cred_ssh_key_new(cred, username_from_url, nullptr, "/Users/xiaochen/.ssh/id_rsa", nullptr);
return 0;
}
int credential_ssh_cb(git_cred **out,
const char *url,
const char *username_from_url,
unsigned int allowed_types,
void *payload)
{
const char *priv_key = format_string("%s/%s", system_default_directory(), "ssrf_remote.key");
const char *passphrase = prefs.cloud_storage_password ? strdup(prefs.cloud_storage_password) : strdup("");
return git_cred_ssh_key_new(out, username_from_url, NULL, priv_key, passphrase);
}
GitCredentialResponse GitCredentialResponse::createForSSHKey(const QString &username, const QString &pubkeyPath, const QString &privkeyPath, const QString &passthrase)
{
git_cred *cred;
if (git_cred_ssh_key_new(&cred,
username.toLocal8Bit().constData(),
pubkeyPath.toLocal8Bit().constData(),
privkeyPath.toLocal8Bit().constData(),
passthrase.toLocal8Bit().constData()) < 0) {
return createError();
} else {
return GitCredentialResponse(cred);
}
}
int cred_acquire_cb(git_cred **out,
const char * UNUSED(url),
const char * UNUSED(username_from_url),
unsigned int UNUSED(allowed_types),
void * UNUSED(payload))
{
return git_cred_ssh_key_new(out,
UNUSED_username_from_url,
QString(QSettings().fileName()
+".key.pub").toUtf8().constData(),
QString(QSettings().fileName()
+".key").toUtf8().constData(),
"");
}
static int cred_acquire_cb(
git_cred **cred,
const char *url,
const char *user_from_url,
unsigned int allowed_types,
void *payload)
{
GIT_UNUSED(url);
GIT_UNUSED(user_from_url);
GIT_UNUSED(payload);
if (GIT_CREDTYPE_USERNAME & allowed_types) {
if (!_remote_user) {
printf("GITTEST_REMOTE_USER must be set\n");
return -1;
}
return git_cred_username_new(cred, _remote_user);
}
if (GIT_CREDTYPE_DEFAULT & allowed_types) {
if (!_remote_default) {
printf("GITTEST_REMOTE_DEFAULT must be set to use NTLM/Negotiate credentials\n");
return -1;
}
return git_cred_default_new(cred);
}
if (GIT_CREDTYPE_SSH_KEY & allowed_types) {
if (!_remote_user || !_remote_ssh_pubkey || !_remote_ssh_key || !_remote_ssh_passphrase) {
printf("GITTEST_REMOTE_USER, GITTEST_REMOTE_SSH_PUBKEY, GITTEST_REMOTE_SSH_KEY and GITTEST_REMOTE_SSH_PASSPHRASE must be set\n");
return -1;
}
return git_cred_ssh_key_new(cred, _remote_user, _remote_ssh_pubkey, _remote_ssh_key, _remote_ssh_passphrase);
}
if (GIT_CREDTYPE_USERPASS_PLAINTEXT & allowed_types) {
if (!_remote_user || !_remote_pass) {
printf("GITTEST_REMOTE_USER and GITTEST_REMOTE_PASS must be set\n");
return -1;
}
return git_cred_userpass_plaintext_new(cred, _remote_user, _remote_pass);
}
return -1;
}
static int cred_cb(git_cred **cred, const char *url, const char *user_from_url,
unsigned int allowed_types, void *payload)
{
GIT_UNUSED(url); GIT_UNUSED(user_from_url); GIT_UNUSED(payload);
if (allowed_types & GIT_CREDTYPE_USERNAME)
return git_cred_username_new(cred, _remote_user);
if (allowed_types & GIT_CREDTYPE_SSH_KEY)
return git_cred_ssh_key_new(cred,
_remote_user, _remote_ssh_pubkey,
_remote_ssh_privkey, _remote_ssh_passphrase);
giterr_set(GITERR_NET, "unexpected cred type");
return -1;
}
static int cred_cb(git_cred **cred, const char *url, const char *user_from_url,
unsigned int allowed_types, void *payload)
{
const char *remote_user = cl_getenv("GITTEST_REMOTE_USER");
const char *pubkey = cl_getenv("GITTEST_REMOTE_SSH_PUBKEY");
const char *privkey = cl_getenv("GITTEST_REMOTE_SSH_KEY");
const char *passphrase = cl_getenv("GITTEST_REMOTE_SSH_PASSPHRASE");
GIT_UNUSED(url); GIT_UNUSED(user_from_url); GIT_UNUSED(payload);
if (allowed_types & GIT_CREDTYPE_USERNAME)
return git_cred_username_new(cred, remote_user);
if (allowed_types & GIT_CREDTYPE_SSH_KEY)
return git_cred_ssh_key_new(cred, remote_user, pubkey, privkey, passphrase);
giterr_set(GITERR_NET, "unexpected cred type");
return -1;
}
int credential_ssh_cb(git_cred **out,
const char *url,
const char *username_from_url,
unsigned int allowed_types,
void *payload)
{
UNUSED(url);
UNUSED(payload);
UNUSED(username_from_url);
const char *username = prefs.cloud_storage_email_encoded;
const char *passphrase = prefs.cloud_storage_password ? prefs.cloud_storage_password : "";
// TODO: We need a way to differentiate between password and private key authentication
if (allowed_types & GIT_CREDTYPE_SSH_KEY) {
char *priv_key = format_string("%s/%s", system_default_directory(), "ssrf_remote.key");
if (!access(priv_key, F_OK)) {
if (exceeded_auth_attempts())
return GIT_EUSER;
int ret = git_cred_ssh_key_new(out, username, NULL, priv_key, passphrase);
free(priv_key);
return ret;
}
free(priv_key);
}
if (allowed_types & GIT_CREDTYPE_USERPASS_PLAINTEXT) {
if (exceeded_auth_attempts())
return GIT_EUSER;
return git_cred_userpass_plaintext_new(out, username, passphrase);
}
if (allowed_types & GIT_CREDTYPE_USERNAME)
return git_cred_username_new(out, username);
report_error("No supported ssh authentication.");
return GIT_EUSER;
}
static void rugged_cred_extract_ssh_key(git_cred **cred, VALUE rb_credential)
{
VALUE rb_username = rb_iv_get(rb_credential, "@username");
VALUE rb_publickey = rb_iv_get(rb_credential, "@publickey");
VALUE rb_privatekey = rb_iv_get(rb_credential, "@privatekey");
VALUE rb_passphrase = rb_iv_get(rb_credential, "@passphrase");
Check_Type(rb_username, T_STRING);
Check_Type(rb_privatekey, T_STRING);
if (!NIL_P(rb_publickey))
Check_Type(rb_publickey, T_STRING);
if (!NIL_P(rb_passphrase))
Check_Type(rb_passphrase, T_STRING);
rugged_exception_check(
git_cred_ssh_key_new(cred,
StringValueCStr(rb_username),
NIL_P(rb_publickey) ? NULL : StringValueCStr(rb_publickey),
StringValueCStr(rb_privatekey),
NIL_P(rb_passphrase) ? NULL : StringValueCStr(rb_passphrase)
)
);
}
/**
* Callback if the remote host requires authentication in order to
* connect to it
*
* @param cred The newly created credential object.
* @param url The resource for which we are demanding a credential.
* @param user_from_url The username that was embedded in a "user@host"
* remote url, or NULL if not included.
* @param allowed_types A bitmask stating which cred types are OK to return.
* @param payload The payload provided when specifying this callback.
* @return 0 on success, else -1.
*/
int git2r_cred_acquire_cb(
git_cred **cred,
const char *url,
const char *username_from_url,
unsigned int allowed_types,
void *payload)
{
int err = -1;
SEXP credentials = (SEXP)payload;
GIT_UNUSED(url);
if (R_NilValue != credentials) {
SEXP class_name;
class_name = getAttrib(credentials, R_ClassSymbol);
if (0 == strcmp(CHAR(STRING_ELT(class_name, 0)), "cred_ssh_key")) {
if (GIT_CREDTYPE_SSH_KEY & allowed_types) {
SEXP slot;
const char *publickey;
const char *privatekey = NULL;
const char *passphrase = NULL;
publickey = CHAR(STRING_ELT(
GET_SLOT(credentials,
Rf_install("publickey")), 0));
privatekey = CHAR(STRING_ELT(
GET_SLOT(credentials,
Rf_install("privatekey")), 0));
slot = GET_SLOT(credentials, Rf_install("passphrase"));
if (length(slot)) {
if (NA_STRING != STRING_ELT(slot, 0))
passphrase = CHAR(STRING_ELT(slot, 0));
}
err = git_cred_ssh_key_new(
cred,
username_from_url,
publickey,
privatekey,
passphrase);
}
} else if (0 == strcmp(CHAR(STRING_ELT(class_name, 0)), "cred_plaintext")) {
if (GIT_CREDTYPE_USERPASS_PLAINTEXT & allowed_types) {
const char *username;
const char *password;
username = CHAR(STRING_ELT(
GET_SLOT(credentials,
Rf_install("username")), 0));
password = CHAR(STRING_ELT(
GET_SLOT(credentials,
Rf_install("password")), 0));
err = git_cred_userpass_plaintext_new(cred, username, password);
}
}
} else if (GIT_CREDTYPE_SSH_KEY & allowed_types) {
err = git_cred_ssh_key_from_agent(cred, username_from_url);
}
return err;
}