/**
* Create credential object from S4 class 'cred_token'.
*
* @param cred The newly created credential object.
* @param allowed_types A bitmask stating which cred types are OK to return.
* @param credentials The S4 class object with credentials.
* @return 0 on success, else -1.
*/
static int git2r_cred_token(
git_cred **cred,
unsigned int allowed_types,
SEXP credentials)
{
if (GIT_CREDTYPE_USERPASS_PLAINTEXT & allowed_types) {
int err;
git_buf token = GIT_BUF_INIT;
/* Read value of the personal access token from the
* environment variable */
err = git__getenv(&token,
CHAR(STRING_ELT(GET_SLOT(credentials,
Rf_install("token")), 0)));
if (err)
goto cleanup;
err = git_cred_userpass_plaintext_new(cred, " ", git_buf_cstr(&token));
cleanup:
git_buf_free(&token);
if (err)
return -1;
return 0;
}
return -1;
}
static int proxy_creds(git_cred **out, const char *url, const char *username, unsigned int allowed, void *payload)
{
GIT_UNUSED(payload);
GIT_UNUSED(username);
called_proxy_creds = 1;
return git_cred_userpass_plaintext_new(out, _remote_proxy_user, _remote_proxy_pass);
}
static int cred_foo_bar(git_cred **cred, const char *url, const char *username_from_url,
unsigned int allowed_types, void *data)
{
GIT_UNUSED(url); GIT_UNUSED(username_from_url); GIT_UNUSED(allowed_types); GIT_UNUSED(data);
return git_cred_userpass_plaintext_new(cred, "foo", "bar");
}
int credential_https_cb(git_cred **out,
const char *url,
const char *username_from_url,
unsigned int allowed_types,
void *payload)
{
const char *username = prefs.cloud_storage_email_encoded;
const char *password = prefs.cloud_storage_password ? strdup(prefs.cloud_storage_password) : strdup("");
return git_cred_userpass_plaintext_new(out, username, password);
}
GitCredentialResponse GitCredentialResponse::createForUsernamePassword(const QString &username, const QString &password)
{
git_cred *cred;
if (git_cred_userpass_plaintext_new(&cred,
username.toLocal8Bit().constData(),
password.toLocal8Bit().constData()) < 0) {
return createError();
} else {
return GitCredentialResponse(cred);
}
}
/**
* Create credential object from S4 class 'cred_env'.
*
* @param cred The newly created credential object.
* @param allowed_types A bitmask stating which cred types are OK to return.
* @param credentials The S4 class object with credentials.
* @return 0 on success, else -1.
*/
static int git2r_cred_env(
git_cred **cred,
unsigned int allowed_types,
SEXP credentials)
{
if (GIT_CREDTYPE_USERPASS_PLAINTEXT & allowed_types) {
int err;
git_buf username = GIT_BUF_INIT;
git_buf password = GIT_BUF_INIT;
/* Read value of the username environment variable */
err = git__getenv(&username,
CHAR(STRING_ELT(
GET_SLOT(credentials,
Rf_install("username")), 0)));
if (err)
goto cleanup;
if (!git_buf_len(&username)) {
err = -1;
goto cleanup;
}
/* Read value of the password environment variable */
err = git__getenv(&password,
CHAR(STRING_ELT(
GET_SLOT(credentials,
Rf_install("password")), 0)));
if (err)
goto cleanup;
if (!git_buf_len(&password)) {
err = -1;
goto cleanup;
}
err = git_cred_userpass_plaintext_new(
cred,
git_buf_cstr(&username),
git_buf_cstr(&password));
cleanup:
git_buf_free(&username);
git_buf_free(&password);
if (err)
return -1;
return 0;
}
return -1;
}
int Gitarre::RCredentialsCb (git_cred **cred, const char *url, const char *username_from_url, unsigned int allowed_types)
{
CredentialsDialog *dialog = new CredentialsDialog (url, username_from_url, this);
int res = dialog->exec();
if (res == QDialog::Accepted)
{
git_cred *credentials;
git_cred_userpass_plaintext_new (&credentials, dialog->GetUsername().toStdString().c_str(), dialog->GetPassword().toStdString().c_str());
*cred = credentials;
return 0;
}
else
return -1;
}
static int cred_acquire_cb(
git_cred **cred,
const char *url,
const char *user_from_url,
unsigned int allowed_types,
void *payload)
{
GIT_UNUSED(url);
GIT_UNUSED(user_from_url);
GIT_UNUSED(payload);
if (GIT_CREDTYPE_USERNAME & allowed_types) {
if (!_remote_user) {
printf("GITTEST_REMOTE_USER must be set\n");
return -1;
}
return git_cred_username_new(cred, _remote_user);
}
if (GIT_CREDTYPE_DEFAULT & allowed_types) {
if (!_remote_default) {
printf("GITTEST_REMOTE_DEFAULT must be set to use NTLM/Negotiate credentials\n");
return -1;
}
return git_cred_default_new(cred);
}
if (GIT_CREDTYPE_SSH_KEY & allowed_types) {
if (!_remote_user || !_remote_ssh_pubkey || !_remote_ssh_key || !_remote_ssh_passphrase) {
printf("GITTEST_REMOTE_USER, GITTEST_REMOTE_SSH_PUBKEY, GITTEST_REMOTE_SSH_KEY and GITTEST_REMOTE_SSH_PASSPHRASE must be set\n");
return -1;
}
return git_cred_ssh_key_new(cred, _remote_user, _remote_ssh_pubkey, _remote_ssh_key, _remote_ssh_passphrase);
}
if (GIT_CREDTYPE_USERPASS_PLAINTEXT & allowed_types) {
if (!_remote_user || !_remote_pass) {
printf("GITTEST_REMOTE_USER and GITTEST_REMOTE_PASS must be set\n");
return -1;
}
return git_cred_userpass_plaintext_new(cred, _remote_user, _remote_pass);
}
return -1;
}
static void rugged_cred_extract_userpass(git_cred **cred, VALUE rb_credential)
{
VALUE rb_username = rb_iv_get(rb_credential, "@username");
VALUE rb_password = rb_iv_get(rb_credential, "@password");
Check_Type(rb_username, T_STRING);
Check_Type(rb_password, T_STRING);
rugged_exception_check(
git_cred_userpass_plaintext_new(cred,
StringValueCStr(rb_username),
StringValueCStr(rb_password)
)
);
}
int cred_acquire(
git_cred **cred,
const char *url,
const char *username_from_url,
unsigned int allowed_types,
void *payload)
{
char username[128] = {0};
char password[128] = {0};
printf("cred required for %s\n", url);
printf("Username: "******"%s", username);
printf("Password: "******"%s", password);
return git_cred_userpass_plaintext_new(cred, username, password);
}
static int cred_acquire(git_cred **out, const char *url,
const char *username_from_url, unsigned int allowed_types,
void *payload)
{
char username[128] = { 0 };
char password[128] = { 0 };
printf("Username: "******"%s", username);
/* Yup. Right there on your terminal. Careful where you copy/paste output. */
printf("Password: "******"%s", password);
return git_cred_userpass_plaintext_new(out, username, password);
}
static int cred_count_calls_cb(git_cred **cred, const char *url, const char *user,
unsigned int allowed_types, void *data)
{
size_t *counter = (size_t *) data;
GIT_UNUSED(url); GIT_UNUSED(user); GIT_UNUSED(allowed_types);
if (allowed_types == GIT_CREDTYPE_USERNAME)
return git_cred_username_new(cred, "foo");
(*counter)++;
if (*counter == 3)
return GIT_EUSER;
return git_cred_userpass_plaintext_new(cred, "foo", "bar");
}
static int gen_request(
git_buf *buf,
http_stream *s,
size_t content_length)
{
http_subtransport *t = OWNING_SUBTRANSPORT(s);
const char *path = t->connection_data.path ? t->connection_data.path : "/";
git_buf_printf(buf, "%s %s%s HTTP/1.1\r\n", s->verb, path, s->service_url);
git_buf_puts(buf, "User-Agent: git/1.0 (libgit2 " LIBGIT2_VERSION ")\r\n");
git_buf_printf(buf, "Host: %s\r\n", t->connection_data.host);
if (s->chunked || content_length > 0) {
git_buf_printf(buf, "Accept: application/x-git-%s-result\r\n", s->service);
git_buf_printf(buf, "Content-Type: application/x-git-%s-request\r\n", s->service);
if (s->chunked)
git_buf_puts(buf, "Transfer-Encoding: chunked\r\n");
else
git_buf_printf(buf, "Content-Length: %"PRIuZ "\r\n", content_length);
} else
git_buf_puts(buf, "Accept: */*\r\n");
/* Apply credentials to the request */
if (t->cred && t->cred->credtype == GIT_CREDTYPE_USERPASS_PLAINTEXT &&
t->auth_mechanism == GIT_HTTP_AUTH_BASIC &&
apply_basic_credential(buf, t->cred) < 0)
return -1;
/* Use url-parsed basic auth if username and password are both provided */
if (!t->cred && t->connection_data.user && t->connection_data.pass) {
if (!t->url_cred && git_cred_userpass_plaintext_new(&t->url_cred,
t->connection_data.user, t->connection_data.pass) < 0)
return -1;
if (apply_basic_credential(buf, t->url_cred) < 0) return -1;
}
git_buf_puts(buf, "\r\n");
if (git_buf_oom(buf))
return -1;
return 0;
}
int git_cred_userpass(
git_cred **cred,
const char *url,
unsigned int allowed_types,
void *payload)
{
git_cred_userpass_payload *userpass = (git_cred_userpass_payload*)payload;
GIT_UNUSED(url);
if (!userpass || !userpass->username || !userpass->password) return -1;
if ((GIT_CREDTYPE_USERPASS_PLAINTEXT & allowed_types) == 0 ||
git_cred_userpass_plaintext_new(cred, userpass->username, userpass->password) < 0)
return -1;
return 0;
}
int credential_https_cb(git_cred **out,
const char *url,
const char *username_from_url,
unsigned int allowed_types,
void *payload)
{
UNUSED(url);
UNUSED(username_from_url);
UNUSED(payload);
UNUSED(allowed_types);
if (exceeded_auth_attempts())
return GIT_EUSER;
const char *username = prefs.cloud_storage_email_encoded;
const char *password = prefs.cloud_storage_password ? prefs.cloud_storage_password : "";
return git_cred_userpass_plaintext_new(out, username, password);
}
// callback: tries the access_token passed in through the payload ONCE
// and returns GIT_EAUTH if called for a second time
int cb_cred_access_token(git_cred **out, const char *url, const char *username_from_url,
unsigned int allowed_types, void *payload) {
GIT_UNUSED(url);
GIT_UNUSED(username_from_url);
if (allowed_types & GIT_CREDTYPE_USERPASS_PLAINTEXT) {
struct credentials_s *credentials = payload;
if (credentials->count > 0) {
git_error_set_str(GIT_ERROR_CALLBACK, "Invalid token");
return GIT_EAUTH;
} else {
credentials->count++;
return git_cred_userpass_plaintext_new(out, "x-access-token", credentials->access_token);
}
}
return GIT_PASSTHROUGH;
}
int git_cred_userpass(
git_cred **cred,
const char *url,
const char *user_from_url,
unsigned int allowed_types,
void *payload)
{
git_cred_userpass_payload *userpass = (git_cred_userpass_payload*)payload;
const char *effective_username = NULL;
GIT_UNUSED(url);
if (!userpass || !userpass->password) return -1;
/* Username resolution: a username can be passed with the URL, the
* credentials payload, or both. Here's what we do. Note that if we get
* this far, we know that any password the url may contain has already
* failed at least once, so we ignore it.
*
* | Payload | URL | Used |
* +-------------+----------+-----------+
* | yes | no | payload |
* | yes | yes | payload |
* | no | yes | url |
* | no | no | FAIL |
*/
if (userpass->username)
effective_username = userpass->username;
else if (user_from_url)
effective_username = user_from_url;
else
return -1;
if ((GIT_CREDTYPE_USERPASS_PLAINTEXT & allowed_types) == 0 ||
git_cred_userpass_plaintext_new(cred, effective_username, userpass->password) < 0)
return -1;
return 0;
}
int credential_ssh_cb(git_cred **out,
const char *url,
const char *username_from_url,
unsigned int allowed_types,
void *payload)
{
UNUSED(url);
UNUSED(payload);
UNUSED(username_from_url);
const char *username = prefs.cloud_storage_email_encoded;
const char *passphrase = prefs.cloud_storage_password ? prefs.cloud_storage_password : "";
// TODO: We need a way to differentiate between password and private key authentication
if (allowed_types & GIT_CREDTYPE_SSH_KEY) {
char *priv_key = format_string("%s/%s", system_default_directory(), "ssrf_remote.key");
if (!access(priv_key, F_OK)) {
if (exceeded_auth_attempts())
return GIT_EUSER;
int ret = git_cred_ssh_key_new(out, username, NULL, priv_key, passphrase);
free(priv_key);
return ret;
}
free(priv_key);
}
if (allowed_types & GIT_CREDTYPE_USERPASS_PLAINTEXT) {
if (exceeded_auth_attempts())
return GIT_EUSER;
return git_cred_userpass_plaintext_new(out, username, passphrase);
}
if (allowed_types & GIT_CREDTYPE_USERNAME)
return git_cred_username_new(out, username);
report_error("No supported ssh authentication.");
return GIT_EUSER;
}
/**
* Create credential object from S4 class 'cred_user_pass'.
*
* @param cred The newly created credential object.
* @param allowed_types A bitmask stating which cred types are OK to return.
* @param credentials The S4 class object with credentials.
* @return 0 on success, else -1.
*/
static int git2r_cred_user_pass(
git_cred **cred,
unsigned int allowed_types,
SEXP credentials)
{
if (GIT_CREDTYPE_USERPASS_PLAINTEXT & allowed_types) {
const char *username;
const char *password;
username = CHAR(STRING_ELT(
GET_SLOT(credentials,
Rf_install("username")), 0));
password = CHAR(STRING_ELT(
GET_SLOT(credentials,
Rf_install("password")), 0));
if (git_cred_userpass_plaintext_new(cred, username, password))
return -1;
return 0;
}
return -1;
}
static int _git_ssh_setup_conn(
ssh_subtransport *t,
const char *url,
const char *cmd,
git_smart_subtransport_stream **stream)
{
char *host=NULL, *port=NULL, *path=NULL, *user=NULL, *pass=NULL;
const char *default_port="22";
int auth_methods, error = 0;
ssh_stream *s;
git_cred *cred = NULL;
LIBSSH2_SESSION* session=NULL;
LIBSSH2_CHANNEL* channel=NULL;
*stream = NULL;
if (ssh_stream_alloc(t, url, cmd, stream) < 0)
return -1;
s = (ssh_stream *)*stream;
if (!git__prefixcmp(url, prefix_ssh)) {
if ((error = gitno_extract_url_parts(&host, &port, &path, &user, &pass, url, default_port)) < 0)
goto on_error;
} else {
if ((error = git_ssh_extract_url_parts(&host, &user, url)) < 0)
goto on_error;
port = git__strdup(default_port);
GITERR_CHECK_ALLOC(port);
}
/* we need the username to ask for auth methods */
if (!user) {
if ((error = request_creds(&cred, t, NULL, GIT_CREDTYPE_USERNAME)) < 0)
goto on_error;
user = git__strdup(((git_cred_username *) cred)->username);
cred->free(cred);
cred = NULL;
if (!user)
goto on_error;
} else if (user && pass) {
if ((error = git_cred_userpass_plaintext_new(&cred, user, pass)) < 0)
goto on_error;
}
if ((error = gitno_connect(&s->socket, host, port, 0)) < 0)
goto on_error;
if ((error = _git_ssh_session_create(&session, s->socket)) < 0)
goto on_error;
if ((error = list_auth_methods(&auth_methods, session, user)) < 0)
goto on_error;
error = GIT_EAUTH;
/* if we already have something to try */
if (cred && auth_methods & cred->credtype)
error = _git_ssh_authenticate_session(session, cred);
while (error == GIT_EAUTH) {
if (cred) {
cred->free(cred);
cred = NULL;
}
if ((error = request_creds(&cred, t, user, auth_methods)) < 0)
goto on_error;
if (strcmp(user, git_cred__username(cred))) {
giterr_set(GITERR_SSH, "username does not match previous request");
error = -1;
goto on_error;
}
error = _git_ssh_authenticate_session(session, cred);
}
if (error < 0)
goto on_error;
channel = libssh2_channel_open_session(session);
if (!channel) {
error = -1;
ssh_error(session, "Failed to open SSH channel");
goto on_error;
}
libssh2_channel_set_blocking(channel, 1);
s->session = session;
s->channel = channel;
t->current_stream = s;
if (cred)
cred->free(cred);
git__free(host);
git__free(port);
git__free(path);
git__free(user);
git__free(pass);
return 0;
on_error:
s->session = NULL;
s->channel = NULL;
t->current_stream = NULL;
if (*stream)
ssh_stream_free(*stream);
if (cred)
cred->free(cred);
git__free(host);
git__free(port);
git__free(user);
git__free(pass);
if (session)
libssh2_session_free(session);
return error;
}
static int winhttp_stream_connect(winhttp_stream *s)
{
winhttp_subtransport *t = OWNING_SUBTRANSPORT(s);
git_buf buf = GIT_BUF_INIT;
char *proxy_url = NULL;
wchar_t ct[MAX_CONTENT_TYPE_LEN];
LPCWSTR types[] = { L"*/*", NULL };
BOOL peerdist = FALSE;
int error = -1;
unsigned long disable_redirects = WINHTTP_DISABLE_REDIRECTS;
int default_timeout = TIMEOUT_INFINITE;
int default_connect_timeout = DEFAULT_CONNECT_TIMEOUT;
/* Prepare URL */
git_buf_printf(&buf, "%s%s", t->connection_data.path, s->service_url);
if (git_buf_oom(&buf))
return -1;
/* Convert URL to wide characters */
if (git__utf8_to_16_alloc(&s->request_uri, git_buf_cstr(&buf)) < 0) {
giterr_set(GITERR_OS, "Failed to convert string to wide form");
goto on_error;
}
/* Establish request */
s->request = WinHttpOpenRequest(
t->connection,
s->verb,
s->request_uri,
NULL,
WINHTTP_NO_REFERER,
types,
t->connection_data.use_ssl ? WINHTTP_FLAG_SECURE : 0);
if (!s->request) {
giterr_set(GITERR_OS, "Failed to open request");
goto on_error;
}
if (!WinHttpSetTimeouts(s->request, default_timeout, default_connect_timeout, default_timeout, default_timeout)) {
giterr_set(GITERR_OS, "Failed to set timeouts for WinHTTP");
goto on_error;
}
/* Set proxy if necessary */
if (git_remote__get_http_proxy(t->owner->owner, !!t->connection_data.use_ssl, &proxy_url) < 0)
goto on_error;
if (proxy_url) {
WINHTTP_PROXY_INFO proxy_info;
wchar_t *proxy_wide;
/* Convert URL to wide characters */
int proxy_wide_len = git__utf8_to_16_alloc(&proxy_wide, proxy_url);
if (proxy_wide_len < 0) {
giterr_set(GITERR_OS, "Failed to convert string to wide form");
goto on_error;
}
/* Strip any trailing forward slash on the proxy URL;
* WinHTTP doesn't like it if one is present */
if (proxy_wide_len > 1 && L'/' == proxy_wide[proxy_wide_len - 2])
proxy_wide[proxy_wide_len - 2] = L'\0';
proxy_info.dwAccessType = WINHTTP_ACCESS_TYPE_NAMED_PROXY;
proxy_info.lpszProxy = proxy_wide;
proxy_info.lpszProxyBypass = NULL;
if (!WinHttpSetOption(s->request,
WINHTTP_OPTION_PROXY,
&proxy_info,
sizeof(WINHTTP_PROXY_INFO))) {
giterr_set(GITERR_OS, "Failed to set proxy");
git__free(proxy_wide);
goto on_error;
}
git__free(proxy_wide);
}
/* Disable WinHTTP redirects so we can handle them manually. Why, you ask?
* http://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/b2ff8879-ab9f-4218-8f09-16d25dff87ae
*/
if (!WinHttpSetOption(s->request,
WINHTTP_OPTION_DISABLE_FEATURE,
&disable_redirects,
sizeof(disable_redirects))) {
giterr_set(GITERR_OS, "Failed to disable redirects");
goto on_error;
}
/* Strip unwanted headers (X-P2P-PeerDist, X-P2P-PeerDistEx) that WinHTTP
* adds itself. This option may not be supported by the underlying
* platform, so we do not error-check it */
WinHttpSetOption(s->request,
WINHTTP_OPTION_PEERDIST_EXTENSION_STATE,
&peerdist,
sizeof(peerdist));
/* Send Pragma: no-cache header */
if (!WinHttpAddRequestHeaders(s->request, pragma_nocache, (ULONG) -1L, WINHTTP_ADDREQ_FLAG_ADD)) {
giterr_set(GITERR_OS, "Failed to add a header to the request");
goto on_error;
}
if (post_verb == s->verb) {
/* Send Content-Type and Accept headers -- only necessary on a POST */
git_buf_clear(&buf);
if (git_buf_printf(&buf,
"Content-Type: application/x-git-%s-request",
s->service) < 0)
goto on_error;
if (git__utf8_to_16(ct, MAX_CONTENT_TYPE_LEN, git_buf_cstr(&buf)) < 0) {
giterr_set(GITERR_OS, "Failed to convert content-type to wide characters");
goto on_error;
}
if (!WinHttpAddRequestHeaders(s->request, ct, (ULONG)-1L,
WINHTTP_ADDREQ_FLAG_ADD | WINHTTP_ADDREQ_FLAG_REPLACE)) {
giterr_set(GITERR_OS, "Failed to add a header to the request");
goto on_error;
}
git_buf_clear(&buf);
if (git_buf_printf(&buf,
"Accept: application/x-git-%s-result",
s->service) < 0)
goto on_error;
if (git__utf8_to_16(ct, MAX_CONTENT_TYPE_LEN, git_buf_cstr(&buf)) < 0) {
giterr_set(GITERR_OS, "Failed to convert accept header to wide characters");
goto on_error;
}
if (!WinHttpAddRequestHeaders(s->request, ct, (ULONG)-1L,
WINHTTP_ADDREQ_FLAG_ADD | WINHTTP_ADDREQ_FLAG_REPLACE)) {
giterr_set(GITERR_OS, "Failed to add a header to the request");
goto on_error;
}
}
/* If requested, disable certificate validation */
if (t->connection_data.use_ssl) {
int flags;
if (t->owner->parent.read_flags(&t->owner->parent, &flags) < 0)
goto on_error;
}
/* If we have a credential on the subtransport, apply it to the request */
if (t->cred &&
t->cred->credtype == GIT_CREDTYPE_USERPASS_PLAINTEXT &&
t->auth_mechanism == GIT_WINHTTP_AUTH_BASIC &&
apply_basic_credential(s->request, t->cred) < 0)
goto on_error;
else if (t->cred &&
t->cred->credtype == GIT_CREDTYPE_DEFAULT &&
t->auth_mechanism == GIT_WINHTTP_AUTH_NEGOTIATE &&
apply_default_credentials(s->request) < 0)
goto on_error;
/* If no other credentials have been applied and the URL has username and
* password, use those */
if (!t->cred && t->connection_data.user && t->connection_data.pass) {
if (!t->url_cred &&
git_cred_userpass_plaintext_new(&t->url_cred, t->connection_data.user, t->connection_data.pass) < 0)
goto on_error;
if (apply_basic_credential(s->request, t->url_cred) < 0)
goto on_error;
}
/* We've done everything up to calling WinHttpSendRequest. */
error = 0;
on_error:
if (error < 0)
winhttp_stream_close(s);
git__free(proxy_url);
git_buf_free(&buf);
return error;
}
/**
* Callback if the remote host requires authentication in order to
* connect to it
*
* @param cred The newly created credential object.
* @param url The resource for which we are demanding a credential.
* @param user_from_url The username that was embedded in a "user@host"
* remote url, or NULL if not included.
* @param allowed_types A bitmask stating which cred types are OK to return.
* @param payload The payload provided when specifying this callback.
* @return 0 on success, else -1.
*/
int git2r_cred_acquire_cb(
git_cred **cred,
const char *url,
const char *username_from_url,
unsigned int allowed_types,
void *payload)
{
int err = -1;
SEXP credentials = (SEXP)payload;
GIT_UNUSED(url);
if (R_NilValue != credentials) {
SEXP class_name;
class_name = getAttrib(credentials, R_ClassSymbol);
if (0 == strcmp(CHAR(STRING_ELT(class_name, 0)), "cred_ssh_key")) {
if (GIT_CREDTYPE_SSH_KEY & allowed_types) {
SEXP slot;
const char *publickey;
const char *privatekey = NULL;
const char *passphrase = NULL;
publickey = CHAR(STRING_ELT(
GET_SLOT(credentials,
Rf_install("publickey")), 0));
privatekey = CHAR(STRING_ELT(
GET_SLOT(credentials,
Rf_install("privatekey")), 0));
slot = GET_SLOT(credentials, Rf_install("passphrase"));
if (length(slot)) {
if (NA_STRING != STRING_ELT(slot, 0))
passphrase = CHAR(STRING_ELT(slot, 0));
}
err = git_cred_ssh_key_new(
cred,
username_from_url,
publickey,
privatekey,
passphrase);
}
} else if (0 == strcmp(CHAR(STRING_ELT(class_name, 0)), "cred_plaintext")) {
if (GIT_CREDTYPE_USERPASS_PLAINTEXT & allowed_types) {
const char *username;
const char *password;
username = CHAR(STRING_ELT(
GET_SLOT(credentials,
Rf_install("username")), 0));
password = CHAR(STRING_ELT(
GET_SLOT(credentials,
Rf_install("password")), 0));
err = git_cred_userpass_plaintext_new(cred, username, password);
}
}
} else if (GIT_CREDTYPE_SSH_KEY & allowed_types) {
err = git_cred_ssh_key_from_agent(cred, username_from_url);
}
return err;
}
static int winhttp_stream_connect(winhttp_stream *s)
{
winhttp_subtransport *t = OWNING_SUBTRANSPORT(s);
git_buf buf = GIT_BUF_INIT;
char *proxy_url = NULL;
wchar_t ct[MAX_CONTENT_TYPE_LEN];
LPCWSTR types[] = { L"*/*", NULL };
BOOL peerdist = FALSE;
int error = -1;
unsigned long disable_redirects = WINHTTP_DISABLE_REDIRECTS;
int default_timeout = TIMEOUT_INFINITE;
int default_connect_timeout = DEFAULT_CONNECT_TIMEOUT;
size_t i;
const git_proxy_options *proxy_opts;
/* Prepare URL */
git_buf_printf(&buf, "%s%s", t->connection_data.path, s->service_url);
if (git_buf_oom(&buf))
return -1;
/* Convert URL to wide characters */
if (git__utf8_to_16_alloc(&s->request_uri, git_buf_cstr(&buf)) < 0) {
giterr_set(GITERR_OS, "failed to convert string to wide form");
goto on_error;
}
/* Establish request */
s->request = WinHttpOpenRequest(
t->connection,
s->verb,
s->request_uri,
NULL,
WINHTTP_NO_REFERER,
types,
t->connection_data.use_ssl ? WINHTTP_FLAG_SECURE : 0);
if (!s->request) {
giterr_set(GITERR_OS, "failed to open request");
goto on_error;
}
if (!WinHttpSetTimeouts(s->request, default_timeout, default_connect_timeout, default_timeout, default_timeout)) {
giterr_set(GITERR_OS, "failed to set timeouts for WinHTTP");
goto on_error;
}
proxy_opts = &t->owner->proxy;
if (proxy_opts->type == GIT_PROXY_AUTO) {
/* Set proxy if necessary */
if (git_remote__get_http_proxy(t->owner->owner, !!t->connection_data.use_ssl, &proxy_url) < 0)
goto on_error;
}
else if (proxy_opts->type == GIT_PROXY_SPECIFIED) {
proxy_url = git__strdup(proxy_opts->url);
GITERR_CHECK_ALLOC(proxy_url);
}
if (proxy_url) {
git_buf processed_url = GIT_BUF_INIT;
WINHTTP_PROXY_INFO proxy_info;
wchar_t *proxy_wide;
if (!git__prefixcmp(proxy_url, SCHEME_HTTP)) {
t->proxy_connection_data.use_ssl = false;
} else if (!git__prefixcmp(proxy_url, SCHEME_HTTPS)) {
t->proxy_connection_data.use_ssl = true;
} else {
giterr_set(GITERR_NET, "invalid URL: '%s'", proxy_url);
return -1;
}
gitno_connection_data_free_ptrs(&t->proxy_connection_data);
if ((error = gitno_extract_url_parts(&t->proxy_connection_data.host, &t->proxy_connection_data.port, NULL,
&t->proxy_connection_data.user, &t->proxy_connection_data.pass, proxy_url, NULL)) < 0)
goto on_error;
if (t->proxy_connection_data.user && t->proxy_connection_data.pass) {
if (t->proxy_cred) {
t->proxy_cred->free(t->proxy_cred);
}
if ((error = git_cred_userpass_plaintext_new(&t->proxy_cred, t->proxy_connection_data.user, t->proxy_connection_data.pass)) < 0)
goto on_error;
}
if (t->proxy_connection_data.use_ssl)
git_buf_PUTS(&processed_url, SCHEME_HTTPS);
else
git_buf_PUTS(&processed_url, SCHEME_HTTP);
git_buf_puts(&processed_url, t->proxy_connection_data.host);
if (t->proxy_connection_data.port)
git_buf_printf(&processed_url, ":%s", t->proxy_connection_data.port);
if (git_buf_oom(&processed_url)) {
giterr_set_oom();
error = -1;
goto on_error;
}
/* Convert URL to wide characters */
error = git__utf8_to_16_alloc(&proxy_wide, processed_url.ptr);
git_buf_free(&processed_url);
if (error < 0)
goto on_error;
proxy_info.dwAccessType = WINHTTP_ACCESS_TYPE_NAMED_PROXY;
proxy_info.lpszProxy = proxy_wide;
proxy_info.lpszProxyBypass = NULL;
if (!WinHttpSetOption(s->request,
WINHTTP_OPTION_PROXY,
&proxy_info,
sizeof(WINHTTP_PROXY_INFO))) {
giterr_set(GITERR_OS, "failed to set proxy");
git__free(proxy_wide);
goto on_error;
}
git__free(proxy_wide);
if (t->proxy_cred) {
if (t->proxy_cred->credtype == GIT_CREDTYPE_USERPASS_PLAINTEXT) {
if ((error = apply_userpass_credential_proxy(s->request, t->proxy_cred)) < 0)
goto on_error;
}
}
}
/* Disable WinHTTP redirects so we can handle them manually. Why, you ask?
* http://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/b2ff8879-ab9f-4218-8f09-16d25dff87ae
*/
if (!WinHttpSetOption(s->request,
WINHTTP_OPTION_DISABLE_FEATURE,
&disable_redirects,
sizeof(disable_redirects))) {
giterr_set(GITERR_OS, "failed to disable redirects");
goto on_error;
}
/* Strip unwanted headers (X-P2P-PeerDist, X-P2P-PeerDistEx) that WinHTTP
* adds itself. This option may not be supported by the underlying
* platform, so we do not error-check it */
WinHttpSetOption(s->request,
WINHTTP_OPTION_PEERDIST_EXTENSION_STATE,
&peerdist,
sizeof(peerdist));
/* Send Pragma: no-cache header */
if (!WinHttpAddRequestHeaders(s->request, pragma_nocache, (ULONG) -1L, WINHTTP_ADDREQ_FLAG_ADD)) {
giterr_set(GITERR_OS, "failed to add a header to the request");
goto on_error;
}
if (post_verb == s->verb) {
/* Send Content-Type and Accept headers -- only necessary on a POST */
git_buf_clear(&buf);
if (git_buf_printf(&buf,
"Content-Type: application/x-git-%s-request",
s->service) < 0)
goto on_error;
if (git__utf8_to_16(ct, MAX_CONTENT_TYPE_LEN, git_buf_cstr(&buf)) < 0) {
giterr_set(GITERR_OS, "failed to convert content-type to wide characters");
goto on_error;
}
if (!WinHttpAddRequestHeaders(s->request, ct, (ULONG)-1L,
WINHTTP_ADDREQ_FLAG_ADD | WINHTTP_ADDREQ_FLAG_REPLACE)) {
giterr_set(GITERR_OS, "failed to add a header to the request");
goto on_error;
}
git_buf_clear(&buf);
if (git_buf_printf(&buf,
"Accept: application/x-git-%s-result",
s->service) < 0)
goto on_error;
if (git__utf8_to_16(ct, MAX_CONTENT_TYPE_LEN, git_buf_cstr(&buf)) < 0) {
giterr_set(GITERR_OS, "failed to convert accept header to wide characters");
goto on_error;
}
if (!WinHttpAddRequestHeaders(s->request, ct, (ULONG)-1L,
WINHTTP_ADDREQ_FLAG_ADD | WINHTTP_ADDREQ_FLAG_REPLACE)) {
giterr_set(GITERR_OS, "failed to add a header to the request");
goto on_error;
}
}
for (i = 0; i < t->owner->custom_headers.count; i++) {
if (t->owner->custom_headers.strings[i]) {
git_buf_clear(&buf);
git_buf_puts(&buf, t->owner->custom_headers.strings[i]);
if (git__utf8_to_16(ct, MAX_CONTENT_TYPE_LEN, git_buf_cstr(&buf)) < 0) {
giterr_set(GITERR_OS, "failed to convert custom header to wide characters");
goto on_error;
}
if (!WinHttpAddRequestHeaders(s->request, ct, (ULONG)-1L,
WINHTTP_ADDREQ_FLAG_ADD | WINHTTP_ADDREQ_FLAG_REPLACE)) {
giterr_set(GITERR_OS, "failed to add a header to the request");
goto on_error;
}
}
}
/* If requested, disable certificate validation */
if (t->connection_data.use_ssl) {
int flags;
if (t->owner->parent.read_flags(&t->owner->parent, &flags) < 0)
goto on_error;
}
/* If we have a credential on the subtransport, apply it to the request */
if (t->cred &&
t->cred->credtype == GIT_CREDTYPE_USERPASS_PLAINTEXT &&
apply_userpass_credential(s->request, t->auth_mechanisms, t->cred) < 0)
goto on_error;
else if (t->cred &&
t->cred->credtype == GIT_CREDTYPE_DEFAULT &&
apply_default_credentials(s->request, t->auth_mechanisms) < 0)
goto on_error;
/* If no other credentials have been applied and the URL has username and
* password, use those */
if (!t->cred && t->connection_data.user && t->connection_data.pass) {
if (!t->url_cred &&
git_cred_userpass_plaintext_new(&t->url_cred, t->connection_data.user, t->connection_data.pass) < 0)
goto on_error;
if (apply_userpass_credential(s->request, GIT_WINHTTP_AUTH_BASIC, t->url_cred) < 0)
goto on_error;
}
/* We've done everything up to calling WinHttpSendRequest. */
error = 0;
on_error:
if (error < 0)
winhttp_stream_close(s);
git__free(proxy_url);
git_buf_free(&buf);
return error;
}
static int _git_ssh_setup_conn(
ssh_subtransport *t,
const char *url,
const char *cmd,
git_smart_subtransport_stream **stream)
{
char *host=NULL, *port=NULL, *path=NULL, *user=NULL, *pass=NULL;
const char *default_port="22";
ssh_stream *s;
LIBSSH2_SESSION* session=NULL;
LIBSSH2_CHANNEL* channel=NULL;
*stream = NULL;
if (ssh_stream_alloc(t, url, cmd, stream) < 0)
return -1;
s = (ssh_stream *)*stream;
if (!git__prefixcmp(url, prefix_ssh)) {
if (gitno_extract_url_parts(&host, &port, &path, &user, &pass, url, default_port) < 0)
goto on_error;
} else {
if (git_ssh_extract_url_parts(&host, &user, url) < 0)
goto on_error;
port = git__strdup(default_port);
GITERR_CHECK_ALLOC(port);
}
if (gitno_connect(&s->socket, host, port, 0) < 0)
goto on_error;
if (user && pass) {
if (git_cred_userpass_plaintext_new(&t->cred, user, pass) < 0)
goto on_error;
} else if (t->owner->cred_acquire_cb) {
if (t->owner->cred_acquire_cb(
&t->cred, t->owner->url, user,
GIT_CREDTYPE_USERPASS_PLAINTEXT |
GIT_CREDTYPE_SSH_KEY |
GIT_CREDTYPE_SSH_CUSTOM,
t->owner->cred_acquire_payload) < 0)
goto on_error;
if (!t->cred) {
giterr_set(GITERR_SSH, "Callback failed to initialize SSH credentials");
goto on_error;
}
} else {
giterr_set(GITERR_SSH, "Cannot set up SSH connection without credentials");
goto on_error;
}
assert(t->cred);
if (!user && !git_cred_has_username(t->cred)) {
giterr_set_str(GITERR_NET, "Cannot authenticate without a username");
goto on_error;
}
if (_git_ssh_session_create(&session, s->socket) < 0)
goto on_error;
if (_git_ssh_authenticate_session(session, user, t->cred) < 0)
goto on_error;
channel = libssh2_channel_open_session(session);
if (!channel) {
ssh_error(session, "Failed to open SSH channel");
goto on_error;
}
libssh2_channel_set_blocking(channel, 1);
s->session = session;
s->channel = channel;
t->current_stream = s;
git__free(host);
git__free(port);
git__free(path);
git__free(user);
git__free(pass);
return 0;
on_error:
s->session = NULL;
s->channel = NULL;
t->current_stream = NULL;
if (*stream)
ssh_stream_free(*stream);
git__free(host);
git__free(port);
git__free(user);
git__free(pass);
if (session)
libssh2_session_free(session);
return -1;
}
static int _git_ssh_setup_conn(
ssh_subtransport *t,
const char *url,
const char *cmd,
git_smart_subtransport_stream **stream)
{
char *host=NULL, *port=NULL, *path=NULL, *user=NULL, *pass=NULL;
const char *default_port="22";
int auth_methods, error = 0;
size_t i;
ssh_stream *s;
git_cred *cred = NULL;
LIBSSH2_SESSION* session=NULL;
LIBSSH2_CHANNEL* channel=NULL;
t->current_stream = NULL;
*stream = NULL;
if (ssh_stream_alloc(t, url, cmd, stream) < 0)
return -1;
s = (ssh_stream *)*stream;
s->session = NULL;
s->channel = NULL;
for (i = 0; i < ARRAY_SIZE(ssh_prefixes); ++i) {
const char *p = ssh_prefixes[i];
if (!git__prefixcmp(url, p)) {
if ((error = gitno_extract_url_parts(&host, &port, &path, &user, &pass, url, default_port)) < 0)
goto done;
goto post_extract;
}
}
if ((error = git_ssh_extract_url_parts(&host, &user, url)) < 0)
goto done;
port = git__strdup(default_port);
GITERR_CHECK_ALLOC(port);
post_extract:
if ((error = git_socket_stream_new(&s->io, host, port)) < 0 ||
(error = git_stream_connect(s->io)) < 0)
goto done;
if ((error = _git_ssh_session_create(&session, s->io)) < 0)
goto done;
if (t->owner->certificate_check_cb != NULL) {
git_cert_hostkey cert = {{ 0 }}, *cert_ptr;
const char *key;
cert.parent.cert_type = GIT_CERT_HOSTKEY_LIBSSH2;
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
if (key != NULL) {
cert.type |= GIT_CERT_SSH_SHA1;
memcpy(&cert.hash_sha1, key, 20);
}
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
if (key != NULL) {
cert.type |= GIT_CERT_SSH_MD5;
memcpy(&cert.hash_md5, key, 16);
}
if (cert.type == 0) {
giterr_set(GITERR_SSH, "unable to get the host key");
error = -1;
goto done;
}
/* We don't currently trust any hostkeys */
giterr_clear();
cert_ptr = &cert;
error = t->owner->certificate_check_cb((git_cert *) cert_ptr, 0, host, t->owner->message_cb_payload);
if (error < 0) {
if (!giterr_last())
giterr_set(GITERR_NET, "user cancelled hostkey check");
goto done;
}
}
/* we need the username to ask for auth methods */
if (!user) {
if ((error = request_creds(&cred, t, NULL, GIT_CREDTYPE_USERNAME)) < 0)
goto done;
user = git__strdup(((git_cred_username *) cred)->username);
cred->free(cred);
cred = NULL;
if (!user)
goto done;
} else if (user && pass) {
if ((error = git_cred_userpass_plaintext_new(&cred, user, pass)) < 0)
goto done;
}
if ((error = list_auth_methods(&auth_methods, session, user)) < 0)
goto done;
error = GIT_EAUTH;
/* if we already have something to try */
if (cred && auth_methods & cred->credtype)
error = _git_ssh_authenticate_session(session, cred);
while (error == GIT_EAUTH) {
if (cred) {
cred->free(cred);
cred = NULL;
}
if ((error = request_creds(&cred, t, user, auth_methods)) < 0)
goto done;
if (strcmp(user, git_cred__username(cred))) {
giterr_set(GITERR_SSH, "username does not match previous request");
error = -1;
goto done;
}
error = _git_ssh_authenticate_session(session, cred);
}
if (error < 0)
goto done;
channel = libssh2_channel_open_session(session);
if (!channel) {
error = -1;
ssh_error(session, "Failed to open SSH channel");
goto done;
}
libssh2_channel_set_blocking(channel, 1);
s->session = session;
s->channel = channel;
t->current_stream = s;
done:
if (error < 0) {
ssh_stream_free(*stream);
if (session)
libssh2_session_free(session);
}
if (cred)
cred->free(cred);
git__free(host);
git__free(port);
git__free(path);
git__free(user);
git__free(pass);
return error;
}
static int _git_ssh_setup_conn(
ssh_subtransport *t,
const char *url,
const char *cmd,
git_smart_subtransport_stream **stream
)
{
char *host, *port=NULL, *user=NULL, *pass=NULL;
const char *default_port="22";
ssh_stream *s;
LIBSSH2_SESSION* session=NULL;
LIBSSH2_CHANNEL* channel=NULL;
*stream = NULL;
if (ssh_stream_alloc(t, url, cmd, stream) < 0)
return -1;
s = (ssh_stream *)*stream;
if (!git__prefixcmp(url, prefix_ssh)) {
url = url + strlen(prefix_ssh);
if (gitno_extract_url_parts(&host, &port, &user, &pass, url, default_port) < 0)
goto on_error;
} else {
if (git_ssh_extract_url_parts(&host, &user, url) < 0)
goto on_error;
port = git__strdup(default_port);
GITERR_CHECK_ALLOC(port);
}
if (gitno_connect(&s->socket, host, port, 0) < 0)
goto on_error;
if (user && pass) {
if (git_cred_userpass_plaintext_new(&t->cred, user, pass) < 0)
goto on_error;
} else {
if (t->owner->cred_acquire_cb(&t->cred,
t->owner->url,
user,
GIT_CREDTYPE_USERPASS_PLAINTEXT | GIT_CREDTYPE_SSH_KEYFILE_PASSPHRASE | GIT_CREDTYPE_SSH_PUBLICKEY,
t->owner->cred_acquire_payload) < 0)
return -1;
}
assert(t->cred);
if (!user) {
user = git__strdup(default_user);
}
if (_git_ssh_session_create(&session, s->socket) < 0)
goto on_error;
if (_git_ssh_authenticate_session(session, user, t->cred) < 0)
goto on_error;
channel = libssh2_channel_open_session(session);
if (!channel)
goto on_error;
libssh2_channel_set_blocking(channel, 1);
s->session = session;
s->channel = channel;
t->current_stream = s;
git__free(host);
git__free(port);
git__free(user);
git__free(pass);
return 0;
on_error:
if (*stream)
ssh_stream_free(*stream);
git__free(host);
git__free(port);
git__free(user);
git__free(pass);
if (session)
libssh2_session_free(session), session = NULL;
return -1;
}
