clone.c 26.9 KB
Newer Older
1 2 3
#include "clar_libgit2.h"

#include "git2/clone.h"
4
#include "git2/cred_helpers.h"
5
#include "remote.h"
6
#include "futils.h"
7
#include "refs.h"
8

9 10
#define LIVE_REPO_URL "http://github.com/libgit2/TestGitRepository"
#define LIVE_EMPTYREPO_URL "http://github.com/libgit2/TestEmptyRepository"
11 12 13
#define BB_REPO_URL "https://libgit3@bitbucket.org/libgit2/testgitrepository.git"
#define BB_REPO_URL_WITH_PASS "https://libgit3:libgit3@bitbucket.org/libgit2/testgitrepository.git"
#define BB_REPO_URL_WITH_WRONG_PASS "https://libgit3:wrong@bitbucket.org/libgit2/testgitrepository.git"
14
#define GOOGLESOURCE_REPO_URL "https://chromium.googlesource.com/external/github.com/sergi/go-diff"
15

16 17
#define SSH_REPO_URL "ssh://github.com/libgit2/TestGitRepository"

18
static git_repository *g_repo;
19
static git_clone_options g_options;
20

21 22 23
static char *_remote_url = NULL;
static char *_remote_user = NULL;
static char *_remote_pass = NULL;
24
static char *_remote_sslnoverify = NULL;
25 26 27 28
static char *_remote_ssh_pubkey = NULL;
static char *_remote_ssh_privkey = NULL;
static char *_remote_ssh_passphrase = NULL;
static char *_remote_ssh_fingerprint = NULL;
29
static char *_remote_proxy_scheme = NULL;
30
static char *_remote_proxy_host = NULL;
31 32
static char *_remote_proxy_user = NULL;
static char *_remote_proxy_pass = NULL;
33
static char *_remote_proxy_selfsigned = NULL;
34
static char *_remote_expectcontinue = NULL;
35

36 37 38
static int _orig_proxies_need_reset = 0;
static char *_orig_http_proxy = NULL;
static char *_orig_https_proxy = NULL;
39

40 41 42 43 44 45 46 47 48 49 50 51
static int ssl_cert(git_cert *cert, int valid, const char *host, void *payload)
{
	GIT_UNUSED(cert);
	GIT_UNUSED(host);
	GIT_UNUSED(payload);

	if (_remote_sslnoverify != NULL)
		valid = 1;

	return valid ? 0 : GIT_ECERTIFICATE;
}

52
void test_online_clone__initialize(void)
53
{
54
	git_checkout_options dummy_opts = GIT_CHECKOUT_OPTIONS_INIT;
55
	git_fetch_options dummy_fetch = GIT_FETCH_OPTIONS_INIT;
56

57
	g_repo = NULL;
58 59 60

	memset(&g_options, 0, sizeof(git_clone_options));
	g_options.version = GIT_CLONE_OPTIONS_VERSION;
61 62
	g_options.checkout_opts = dummy_opts;
	g_options.checkout_opts.checkout_strategy = GIT_CHECKOUT_SAFE;
63
	g_options.fetch_opts = dummy_fetch;
64
	g_options.fetch_opts.callbacks.certificate_check = ssl_cert;
65 66 67 68

	_remote_url = cl_getenv("GITTEST_REMOTE_URL");
	_remote_user = cl_getenv("GITTEST_REMOTE_USER");
	_remote_pass = cl_getenv("GITTEST_REMOTE_PASS");
69
	_remote_sslnoverify = cl_getenv("GITTEST_REMOTE_SSL_NOVERIFY");
70 71 72 73
	_remote_ssh_pubkey = cl_getenv("GITTEST_REMOTE_SSH_PUBKEY");
	_remote_ssh_privkey = cl_getenv("GITTEST_REMOTE_SSH_KEY");
	_remote_ssh_passphrase = cl_getenv("GITTEST_REMOTE_SSH_PASSPHRASE");
	_remote_ssh_fingerprint = cl_getenv("GITTEST_REMOTE_SSH_FINGERPRINT");
74
	_remote_proxy_scheme = cl_getenv("GITTEST_REMOTE_PROXY_SCHEME");
75
	_remote_proxy_host = cl_getenv("GITTEST_REMOTE_PROXY_HOST");
76 77
	_remote_proxy_user = cl_getenv("GITTEST_REMOTE_PROXY_USER");
	_remote_proxy_pass = cl_getenv("GITTEST_REMOTE_PROXY_PASS");
78
	_remote_proxy_selfsigned = cl_getenv("GITTEST_REMOTE_PROXY_SELFSIGNED");
79 80 81 82
	_remote_expectcontinue = cl_getenv("GITTEST_REMOTE_EXPECTCONTINUE");

	if (_remote_expectcontinue)
		git_libgit2_opts(GIT_OPT_ENABLE_HTTP_EXPECT_CONTINUE, 1);
83 84

	_orig_proxies_need_reset = 0;
85 86
}

87
void test_online_clone__cleanup(void)
88
{
89
	if (g_repo) {
90
		git_repository_free(g_repo);
91 92
		g_repo = NULL;
	}
93
	cl_fixture_cleanup("./foo");
94 95 96 97

	git__free(_remote_url);
	git__free(_remote_user);
	git__free(_remote_pass);
98
	git__free(_remote_sslnoverify);
99 100 101 102
	git__free(_remote_ssh_pubkey);
	git__free(_remote_ssh_privkey);
	git__free(_remote_ssh_passphrase);
	git__free(_remote_ssh_fingerprint);
103
	git__free(_remote_proxy_scheme);
104
	git__free(_remote_proxy_host);
105 106
	git__free(_remote_proxy_user);
	git__free(_remote_proxy_pass);
107
	git__free(_remote_proxy_selfsigned);
108
	git__free(_remote_expectcontinue);
109 110 111 112 113 114 115 116

	if (_orig_proxies_need_reset) {
		cl_setenv("HTTP_PROXY", _orig_http_proxy);
		cl_setenv("HTTPS_PROXY", _orig_https_proxy);

		git__free(_orig_http_proxy);
		git__free(_orig_https_proxy);
	}
117 118
}

119
void test_online_clone__network_full(void)
120 121 122
{
	git_remote *origin;

123
	cl_git_pass(git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));
124
	cl_assert(!git_repository_is_bare(g_repo));
125
	cl_git_pass(git_remote_lookup(&origin, g_repo, "origin"));
nulltoken committed
126

127 128
	cl_assert_equal_i(GIT_REMOTE_DOWNLOAD_TAGS_AUTO, origin->download_tags);

nulltoken committed
129
	git_remote_free(origin);
130 131
}

132
void test_online_clone__network_bare(void)
133 134 135
{
	git_remote *origin;

136
	g_options.bare = true;
137

138
	cl_git_pass(git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));
139
	cl_assert(git_repository_is_bare(g_repo));
140
	cl_git_pass(git_remote_lookup(&origin, g_repo, "origin"));
nulltoken committed
141 142

	git_remote_free(origin);
143 144
}

145
void test_online_clone__empty_repository(void)
146 147 148
{
	git_reference *head;

149
	cl_git_pass(git_clone(&g_repo, LIVE_EMPTYREPO_URL, "./foo", &g_options));
150 151

	cl_assert_equal_i(true, git_repository_is_empty(g_repo));
152
	cl_assert_equal_i(true, git_repository_head_unborn(g_repo));
153 154

	cl_git_pass(git_reference_lookup(&head, g_repo, GIT_HEAD_FILE));
155
	cl_assert_equal_i(GIT_REFERENCE_SYMBOLIC, git_reference_type(head));
156
	cl_assert_equal_s("refs/heads/master", git_reference_symbolic_target(head));
157 158 159

	git_reference_free(head);
}
160

161
static void checkout_progress(const char *path, size_t cur, size_t tot, void *payload)
162 163
{
	bool *was_called = (bool*)payload;
Ben Straub committed
164
	GIT_UNUSED(path); GIT_UNUSED(cur); GIT_UNUSED(tot);
165 166 167
	(*was_called) = true;
}

168
static int fetch_progress(const git_indexer_progress *stats, void *payload)
169 170
{
	bool *was_called = (bool*)payload;
Ben Straub committed
171
	GIT_UNUSED(stats);
172
	(*was_called) = true;
173
	return 0;
174 175
}

176
void test_online_clone__can_checkout_a_cloned_repo(void)
177 178
{
	git_buf path = GIT_BUF_INIT;
179
	git_reference *head, *remote_head;
180 181
	bool checkout_progress_cb_was_called = false,
		  fetch_progress_cb_was_called = false;
182

183
	g_options.checkout_opts.checkout_strategy = GIT_CHECKOUT_SAFE;
184 185
	g_options.checkout_opts.progress_cb = &checkout_progress;
	g_options.checkout_opts.progress_payload = &checkout_progress_cb_was_called;
186 187
	g_options.fetch_opts.callbacks.transfer_progress = &fetch_progress;
	g_options.fetch_opts.callbacks.payload = &fetch_progress_cb_was_called;
188

189
	cl_git_pass(git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));
190 191 192

	cl_git_pass(git_buf_joinpath(&path, git_repository_workdir(g_repo), "master.txt"));
	cl_assert_equal_i(true, git_path_isfile(git_buf_cstr(&path)));
193 194

	cl_git_pass(git_reference_lookup(&head, g_repo, "HEAD"));
195
	cl_assert_equal_i(GIT_REFERENCE_SYMBOLIC, git_reference_type(head));
196
	cl_assert_equal_s("refs/heads/master", git_reference_symbolic_target(head));
nulltoken committed
197

198 199 200 201
	cl_git_pass(git_reference_lookup(&remote_head, g_repo, "refs/remotes/origin/HEAD"));
	cl_assert_equal_i(GIT_REFERENCE_SYMBOLIC, git_reference_type(remote_head));
	cl_assert_equal_s("refs/remotes/origin/master", git_reference_symbolic_target(remote_head));

202 203
	cl_assert_equal_i(true, checkout_progress_cb_was_called);
	cl_assert_equal_i(true, fetch_progress_cb_was_called);
204

205
	git_reference_free(remote_head);
nulltoken committed
206
	git_reference_free(head);
207
	git_buf_dispose(&path);
208
}
Ben Straub committed
209

210 211
static int remote_mirror_cb(git_remote **out, git_repository *repo,
			    const char *name, const char *url, void *payload)
212
{
213
	int error;
214 215
	git_remote *remote;

216
	GIT_UNUSED(payload);
217

218
	if ((error = git_remote_create_with_fetchspec(&remote, repo, name, url, "+refs/*:refs/*")) < 0)
219
		return error;
220

221 222
	*out = remote;
	return 0;
223 224
}

225 226
void test_online_clone__clone_mirror(void)
{
227
	git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
228 229 230 231
	git_reference *head;

	bool fetch_progress_cb_was_called = false;

232 233
	opts.fetch_opts.callbacks.transfer_progress = &fetch_progress;
	opts.fetch_opts.callbacks.payload = &fetch_progress_cb_was_called;
234

235 236
	opts.bare = true;
	opts.remote_cb = remote_mirror_cb;
237

238
	cl_git_pass(git_clone(&g_repo, LIVE_REPO_URL, "./foo.git", &opts));
239 240

	cl_git_pass(git_reference_lookup(&head, g_repo, "HEAD"));
241
	cl_assert_equal_i(GIT_REFERENCE_SYMBOLIC, git_reference_type(head));
242 243 244 245 246
	cl_assert_equal_s("refs/heads/master", git_reference_symbolic_target(head));

	cl_assert_equal_i(true, fetch_progress_cb_was_called);

	git_reference_free(head);
247 248 249
	git_repository_free(g_repo);
	g_repo = NULL;

250 251 252
	cl_fixture_cleanup("./foo.git");
}

Ben Straub committed
253 254 255 256 257 258 259 260
static int update_tips(const char *refname, const git_oid *a, const git_oid *b, void *payload)
{
	int *callcount = (int*)payload;
	GIT_UNUSED(refname); GIT_UNUSED(a); GIT_UNUSED(b);
	*callcount = *callcount + 1;
	return 0;
}

261
void test_online_clone__custom_remote_callbacks(void)
Ben Straub committed
262 263 264
{
	int callcount = 0;

265 266
	g_options.fetch_opts.callbacks.update_tips = update_tips;
	g_options.fetch_opts.callbacks.payload = &callcount;
Ben Straub committed
267 268 269 270 271

	cl_git_pass(git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));
	cl_assert(callcount > 0);
}

272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298
void test_online_clone__custom_headers(void)
{
	char *empty_header = "";
	char *unnamed_header = "this is a header about nothing";
	char *newlines = "X-Custom: almost OK\n";
	char *conflict = "Accept: defined-by-git";
	char *ok = "X-Custom: this should be ok";

	g_options.fetch_opts.custom_headers.count = 1;

	g_options.fetch_opts.custom_headers.strings = &empty_header;
	cl_git_fail(git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));

	g_options.fetch_opts.custom_headers.strings = &unnamed_header;
	cl_git_fail(git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));

	g_options.fetch_opts.custom_headers.strings = &newlines;
	cl_git_fail(git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));

	g_options.fetch_opts.custom_headers.strings = &conflict;
	cl_git_fail(git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));

	/* Finally, we got it right! */
	g_options.fetch_opts.custom_headers.strings = &ok;
	cl_git_pass(git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));
}

299
static int cred_failure_cb(
300
	git_credential **cred,
301 302 303 304 305
	const char *url,
	const char *username_from_url,
	unsigned int allowed_types,
	void *data)
{
Russell Belfer committed
306 307
	GIT_UNUSED(cred); GIT_UNUSED(url); GIT_UNUSED(username_from_url);
	GIT_UNUSED(allowed_types); GIT_UNUSED(data);
Ben Straub committed
308
	return -172;
309 310
}

Ben Straub committed
311
void test_online_clone__cred_callback_failure_return_code_is_tunnelled(void)
312
{
313 314 315
	git__free(_remote_url);
	git__free(_remote_user);

316 317
	_remote_url = git__strdup("https://github.com/libgit2/non-existent");
	_remote_user = git__strdup("libgit2test");
318

319
	g_options.fetch_opts.callbacks.credentials = cred_failure_cb;
320

321
	cl_git_fail_with(-172, git_clone(&g_repo, _remote_url, "./foo", &g_options));
322 323
}

324
static int cred_count_calls_cb(git_credential **cred, const char *url, const char *user,
325 326 327 328 329 330
			       unsigned int allowed_types, void *data)
{
	size_t *counter = (size_t *) data;

	GIT_UNUSED(url); GIT_UNUSED(user); GIT_UNUSED(allowed_types);

331 332
	if (allowed_types == GIT_CREDENTIAL_USERNAME)
		return git_credential_username_new(cred, "foo");
333

334 335 336 337 338
	(*counter)++;

	if (*counter == 3)
		return GIT_EUSER;

339
	return git_credential_userpass_plaintext_new(cred, "foo", "bar");
340 341 342 343 344 345
}

void test_online_clone__cred_callback_called_again_on_auth_failure(void)
{
	size_t counter = 0;

346 347 348
	git__free(_remote_url);
	git__free(_remote_user);

349
	_remote_url = git__strdup("https://gitlab.com/libgit2/non-existent");
350
	_remote_user = git__strdup("libgit2test");
351

352 353
	g_options.fetch_opts.callbacks.credentials = cred_count_calls_cb;
	g_options.fetch_opts.callbacks.payload = &counter;
354

355
	cl_git_fail_with(GIT_EUSER, git_clone(&g_repo, _remote_url, "./foo", &g_options));
356 357 358
	cl_assert_equal_i(3, counter);
}

359
int cred_default(
360
	git_credential **cred,
361 362 363 364 365 366 367 368 369
	const char *url,
	const char *user_from_url,
	unsigned int allowed_types,
	void *payload)
{
	GIT_UNUSED(url);
	GIT_UNUSED(user_from_url);
	GIT_UNUSED(payload);

370
	if (!(allowed_types & GIT_CREDENTIAL_DEFAULT))
371 372
		return 0;

373
	return git_credential_default_new(cred);
374 375
}

376
void test_online_clone__credentials(void)
Ben Straub committed
377
{
378 379 380
	/* Remote URL environment variable must be set.
	 * User and password are optional.
	 */
381
	git_credential_userpass_payload user_pass = {
382 383
		_remote_user,
		_remote_pass
Ben Straub committed
384 385
	};

386 387
	if (!_remote_url)
		clar__skip();
Ben Straub committed
388

389
	if (cl_is_env_set("GITTEST_REMOTE_DEFAULT")) {
390
		g_options.fetch_opts.callbacks.credentials = cred_default;
391
	} else {
392
		g_options.fetch_opts.callbacks.credentials = git_credential_userpass;
393
		g_options.fetch_opts.callbacks.payload = &user_pass;
394
	}
Ben Straub committed
395

396
	cl_git_pass(git_clone(&g_repo, _remote_url, "./foo", &g_options));
397 398 399 400
	git_repository_free(g_repo); g_repo = NULL;
	cl_fixture_cleanup("./foo");
}

401 402 403 404 405 406 407 408 409 410 411 412 413 414 415
void test_online_clone__credentials_via_custom_headers(void)
{
	const char *creds = "libgit3:libgit3";
	git_buf auth = GIT_BUF_INIT;

	cl_git_pass(git_buf_puts(&auth, "Authorization: Basic "));
	cl_git_pass(git_buf_encode_base64(&auth, creds, strlen(creds)));
	g_options.fetch_opts.custom_headers.count = 1;
	g_options.fetch_opts.custom_headers.strings = &auth.ptr;

	cl_git_pass(git_clone(&g_repo, "https://bitbucket.org/libgit2/testgitrepository.git", "./foo", &g_options));

	git_buf_dispose(&auth);
}

416 417
void test_online_clone__bitbucket_style(void)
{
418
	git_credential_userpass_payload user_pass = {
419
		"libgit3", "libgit3"
420 421
	};

422
	g_options.fetch_opts.callbacks.credentials = git_credential_userpass;
423
	g_options.fetch_opts.callbacks.payload = &user_pass;
424 425 426 427

	cl_git_pass(git_clone(&g_repo, BB_REPO_URL, "./foo", &g_options));
	git_repository_free(g_repo); g_repo = NULL;
	cl_fixture_cleanup("./foo");
428 429 430 431
}

void test_online_clone__bitbucket_uses_creds_in_url(void)
{
432
	git_credential_userpass_payload user_pass = {
433 434
		"libgit2", "wrong"
	};
435

436
	g_options.fetch_opts.callbacks.credentials = git_credential_userpass;
437 438 439 440
	g_options.fetch_opts.callbacks.payload = &user_pass;

	/*
	 * Correct user and pass are in the URL; the (incorrect) creds in
441
	 * the `git_credential_userpass_payload` should be ignored.
442
	 */
443 444 445
	cl_git_pass(git_clone(&g_repo, BB_REPO_URL_WITH_PASS, "./foo", &g_options));
	git_repository_free(g_repo); g_repo = NULL;
	cl_fixture_cleanup("./foo");
446
}
447

448 449
void test_online_clone__bitbucket_falls_back_to_specified_creds(void)
{
450
	git_credential_userpass_payload user_pass = {
451 452 453
		"libgit2", "libgit2"
	};

454
	g_options.fetch_opts.callbacks.credentials = git_credential_userpass;
455 456 457 458 459 460 461 462 463 464
	g_options.fetch_opts.callbacks.payload = &user_pass;

	/*
	 * TODO: as of March 2018, bitbucket sporadically fails with
	 * 403s instead of replying with a 401 - but only sometimes.
	 */
	cl_skip();

	/*
	 * Incorrect user and pass are in the URL; the (correct) creds in
465
	 * the `git_credential_userpass_payload` should be used as a fallback.
466
	 */
467
	cl_git_pass(git_clone(&g_repo, BB_REPO_URL_WITH_WRONG_PASS, "./foo", &g_options));
468 469 470 471 472 473 474
	git_repository_free(g_repo); g_repo = NULL;
	cl_fixture_cleanup("./foo");
}

void test_online_clone__googlesource(void)
{
	cl_git_pass(git_clone(&g_repo, GOOGLESOURCE_REPO_URL, "./foo", &g_options));
475 476
	git_repository_free(g_repo); g_repo = NULL;
	cl_fixture_cleanup("./foo");
Ben Straub committed
477
}
478

479
static int cancel_at_half(const git_indexer_progress *stats, void *payload)
480 481 482 483
{
	GIT_UNUSED(payload);

	if (stats->received_objects > (stats->total_objects/2))
484
		return 4321;
485 486 487 488 489
	return 0;
}

void test_online_clone__can_cancel(void)
{
490
	g_options.fetch_opts.callbacks.transfer_progress = cancel_at_half;
491

492 493
	cl_git_fail_with(4321,
		git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));
494
}
495

496
static int cred_cb(git_credential **cred, const char *url, const char *user_from_url,
497 498 499 500
		   unsigned int allowed_types, void *payload)
{
	GIT_UNUSED(url); GIT_UNUSED(user_from_url); GIT_UNUSED(payload);

501 502
	if (allowed_types & GIT_CREDENTIAL_USERNAME)
		return git_credential_username_new(cred, _remote_user);
503

504 505
	if (allowed_types & GIT_CREDENTIAL_SSH_KEY)
		return git_credential_ssh_key_new(cred,
506 507
			_remote_user, _remote_ssh_pubkey,
			_remote_ssh_privkey, _remote_ssh_passphrase);
508

509
	git_error_set(GIT_ERROR_NET, "unexpected cred type");
510 511
	return -1;
}
512

513
static int check_ssh_auth_methods(git_credential **cred, const char *url, const char *username_from_url,
514 515
				  unsigned int allowed_types, void *data)
{
516
	int *with_user = (int *) data;
517
	GIT_UNUSED(cred); GIT_UNUSED(url); GIT_UNUSED(username_from_url); GIT_UNUSED(data);
518

519
	if (!*with_user)
520
		cl_assert_equal_i(GIT_CREDENTIAL_USERNAME, allowed_types);
521
	else
522
		cl_assert(!(allowed_types & GIT_CREDENTIAL_USERNAME));
523

524 525
	return GIT_EUSER;
}
526

527 528
void test_online_clone__ssh_auth_methods(void)
{
529 530
	int with_user;

531 532 533
#ifndef GIT_SSH
	clar__skip();
#endif
534 535
	g_options.fetch_opts.callbacks.credentials = check_ssh_auth_methods;
	g_options.fetch_opts.callbacks.payload = &with_user;
536
	g_options.fetch_opts.callbacks.certificate_check = NULL;
537

538
	with_user = 0;
539 540
	cl_git_fail_with(GIT_EUSER,
		git_clone(&g_repo, SSH_REPO_URL, "./foo", &g_options));
541 542 543 544 545 546

	with_user = 1;
	cl_git_fail_with(GIT_EUSER,
		git_clone(&g_repo, "ssh://git@github.com/libgit2/TestGitRepository", "./foo", &g_options));
}

547 548 549 550 551 552 553 554 555
static int custom_remote_ssh_with_paths(
	git_remote **out,
	git_repository *repo,
	const char *name,
	const char *url,
	void *payload)
{
	int error;

556
	GIT_UNUSED(payload);
557

558
	if ((error = git_remote_create(out, repo, name, url)) < 0)
559
		return error;
560

561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578
	return 0;
}

void test_online_clone__ssh_with_paths(void)
{
	char *bad_paths[] = {
		"/bin/yes",
		"/bin/false",
	};
	char *good_paths[] = {
		"/usr/bin/git-upload-pack",
		"/usr/bin/git-receive-pack",
	};
	git_strarray arr = {
		bad_paths,
		2,
	};

579 580 581
#ifndef GIT_SSH
	clar__skip();
#endif
582
	if (!_remote_url || !_remote_user || strncmp(_remote_url, "ssh://", 5) != 0)
583 584 585
		clar__skip();

	g_options.remote_cb = custom_remote_ssh_with_paths;
586
	g_options.fetch_opts.callbacks.transport = git_transport_ssh_with_paths;
587
	g_options.fetch_opts.callbacks.credentials = cred_cb;
588
	g_options.fetch_opts.callbacks.payload = &arr;
589
	g_options.fetch_opts.callbacks.certificate_check = NULL;
590

591
	cl_git_fail(git_clone(&g_repo, _remote_url, "./foo", &g_options));
592

593
	arr.strings = good_paths;
594
	cl_git_pass(git_clone(&g_repo, _remote_url, "./foo", &g_options));
595
}
596

597
static int cred_foo_bar(git_credential **cred, const char *url, const char *username_from_url,
598 599 600 601 602
				  unsigned int allowed_types, void *data)

{
	GIT_UNUSED(url); GIT_UNUSED(username_from_url); GIT_UNUSED(allowed_types); GIT_UNUSED(data);

603
	return git_credential_userpass_plaintext_new(cred, "foo", "bar");
604 605 606 607
}

void test_online_clone__ssh_cannot_change_username(void)
{
608 609 610
#ifndef GIT_SSH
	clar__skip();
#endif
611
	g_options.fetch_opts.callbacks.credentials = cred_foo_bar;
612 613

	cl_git_fail(git_clone(&g_repo, "ssh://git@github.com/libgit2/TestGitRepository", "./foo", &g_options));
614
}
615

616
int ssh_certificate_check(git_cert *cert, int valid, const char *host, void *payload)
617 618 619 620 621 622 623
{
	git_cert_hostkey *key;
	git_oid expected = {{0}}, actual = {{0}};

	GIT_UNUSED(valid);
	GIT_UNUSED(payload);

624
	cl_assert(_remote_ssh_fingerprint);
625

626
	cl_git_pass(git_oid_fromstrp(&expected, _remote_ssh_fingerprint));
627 628
	cl_assert_equal_i(GIT_CERT_HOSTKEY_LIBSSH2, cert->cert_type);
	key = (git_cert_hostkey *) cert;
629

630 631 632 633 634
	/*
	 * We need to figure out how long our input was to check for
	 * the type. Here we abuse the fact that both hashes fit into
	 * our git_oid type.
	 */
635
	if (strlen(_remote_ssh_fingerprint) == 32 && key->type & GIT_CERT_SSH_MD5) {
636
		memcpy(&actual.id, key->hash_md5, 16);
637
	} else 	if (strlen(_remote_ssh_fingerprint) == 40 && key->type & GIT_CERT_SSH_SHA1) {
638 639 640 641
		memcpy(&actual, key->hash_sha1, 20);
	} else {
		cl_fail("Cannot find a usable SSH hash");
	}
642

643
	cl_assert(!memcmp(&expected, &actual, 20));
644

645 646
	cl_assert_equal_s("localhost", host);

647 648 649 650 651
	return GIT_EUSER;
}

void test_online_clone__ssh_cert(void)
{
652
	g_options.fetch_opts.callbacks.certificate_check = ssh_certificate_check;
653

654
	if (!_remote_ssh_fingerprint)
655 656
		cl_skip();

657
	cl_git_fail_with(GIT_EUSER, git_clone(&g_repo, _remote_url, "./foo", &g_options));
658 659
}

660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679
static char *read_key_file(const char *path)
{
	FILE *f;
	char *buf;
	long key_length;

	if (!path || !*path)
		return NULL;

	cl_assert((f = fopen(path, "r")) != NULL);
	cl_assert(fseek(f, 0, SEEK_END) != -1);
	cl_assert((key_length = ftell(f)) != -1);
	cl_assert(fseek(f, 0, SEEK_SET) != -1);
	cl_assert((buf = malloc(key_length)) != NULL);
	cl_assert(fread(buf, key_length, 1, f) == 1);
	fclose(f);

	return buf;
}

680
static int ssh_memory_cred_cb(git_credential **cred, const char *url, const char *user_from_url,
681 682 683 684
		   unsigned int allowed_types, void *payload)
{
	GIT_UNUSED(url); GIT_UNUSED(user_from_url); GIT_UNUSED(payload);

685 686
	if (allowed_types & GIT_CREDENTIAL_USERNAME)
		return git_credential_username_new(cred, _remote_user);
687

688
	if (allowed_types & GIT_CREDENTIAL_SSH_KEY)
689
	{
690 691
		char *pubkey = read_key_file(_remote_ssh_pubkey);
		char *privkey = read_key_file(_remote_ssh_privkey);
692

693
		int ret = git_credential_ssh_key_memory_new(cred, _remote_user, pubkey, privkey, _remote_ssh_passphrase);
694 695 696 697 698 699 700 701

		if (privkey)
			free(privkey);
		if (pubkey)
			free(pubkey);
		return ret;
	}

702
	git_error_set(GIT_ERROR_NET, "unexpected cred type");
703 704 705 706 707 708 709 710
	return -1;
}

void test_online_clone__ssh_memory_auth(void)
{
#ifndef GIT_SSH_MEMORY_CREDENTIALS
	clar__skip();
#endif
711
	if (!_remote_url || !_remote_user || !_remote_ssh_privkey || strncmp(_remote_url, "ssh://", 5) != 0)
712 713 714 715
		clar__skip();

	g_options.fetch_opts.callbacks.credentials = ssh_memory_cred_cb;

716
	cl_git_pass(git_clone(&g_repo, _remote_url, "./foo", &g_options));
717 718
}

719
static int fail_certificate_check(git_cert *cert, int valid, const char *host, void *payload)
720
{
721
	GIT_UNUSED(cert);
722
	GIT_UNUSED(valid);
723
	GIT_UNUSED(host);
724 725
	GIT_UNUSED(payload);

726
	return GIT_ECERTIFICATE;
727 728 729 730
}

void test_online_clone__certificate_invalid(void)
{
731
	g_options.fetch_opts.callbacks.certificate_check = fail_certificate_check;
732

733
	cl_git_fail_with(git_clone(&g_repo, "https://github.com/libgit2/TestGitRepository", "./foo", &g_options),
734
		GIT_ECERTIFICATE);
735

736
#ifdef GIT_SSH
737 738
	cl_git_fail_with(git_clone(&g_repo, "ssh://github.com/libgit2/TestGitRepository", "./foo", &g_options),
		GIT_ECERTIFICATE);
739
#endif
740 741
}

742
static int succeed_certificate_check(git_cert *cert, int valid, const char *host, void *payload)
743
{
744
	GIT_UNUSED(cert);
745
	GIT_UNUSED(valid);
746 747
	GIT_UNUSED(payload);

748 749
	cl_assert_equal_s("github.com", host);

750
	return 0;
751 752 753 754
}

void test_online_clone__certificate_valid(void)
{
755
	g_options.fetch_opts.callbacks.certificate_check = succeed_certificate_check;
756

757
	cl_git_pass(git_clone(&g_repo, "https://github.com/libgit2/TestGitRepository", "./foo", &g_options));
758
}
759 760 761

void test_online_clone__start_with_http(void)
{
762
	g_options.fetch_opts.callbacks.certificate_check = succeed_certificate_check;
763 764 765

	cl_git_pass(git_clone(&g_repo, "http://github.com/libgit2/TestGitRepository", "./foo", &g_options));
}
766 767

static int called_proxy_creds;
768
static int proxy_cred_cb(git_credential **out, const char *url, const char *username, unsigned int allowed, void *payload)
769
{
770
	GIT_UNUSED(url);
771
	GIT_UNUSED(username);
772 773
	GIT_UNUSED(allowed);
	GIT_UNUSED(payload);
774 775

	called_proxy_creds = 1;
776
	return git_credential_userpass_plaintext_new(out, _remote_proxy_user, _remote_proxy_pass);
777 778
}

779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802
static int proxy_cert_cb(git_cert *cert, int valid, const char *host, void *payload)
{
	char *colon;
	size_t host_len;

	GIT_UNUSED(cert);
	GIT_UNUSED(valid);
	GIT_UNUSED(payload);

	cl_assert(_remote_proxy_host);

	if ((colon = strchr(_remote_proxy_host, ':')) != NULL)
		host_len = (colon - _remote_proxy_host);
	else
		host_len = strlen(_remote_proxy_host);

	if (_remote_proxy_selfsigned != NULL &&
	    strlen(host) == host_len &&
	    strncmp(_remote_proxy_host, host, host_len) == 0)
		valid = 1;

	return valid ? 0 : GIT_ECERTIFICATE;
}

803 804
void test_online_clone__proxy_credentials_request(void)
{
805 806
	git_buf url = GIT_BUF_INIT;

807
	if (!_remote_proxy_host || !_remote_proxy_user || !_remote_proxy_pass)
808 809
		cl_skip();

810 811 812
	cl_git_pass(git_buf_printf(&url, "%s://%s/",
		_remote_proxy_scheme ? _remote_proxy_scheme : "http",
		_remote_proxy_host));
813

814
	g_options.fetch_opts.proxy_opts.type = GIT_PROXY_SPECIFIED;
815
	g_options.fetch_opts.proxy_opts.url = url.ptr;
816
	g_options.fetch_opts.proxy_opts.credentials = proxy_cred_cb;
817
	g_options.fetch_opts.proxy_opts.certificate_check = proxy_cert_cb;
818 819 820
	called_proxy_creds = 0;
	cl_git_pass(git_clone(&g_repo, "http://github.com/libgit2/TestGitRepository", "./foo", &g_options));
	cl_assert(called_proxy_creds);
821

822
	git_buf_dispose(&url);
823 824 825 826
}

void test_online_clone__proxy_credentials_in_url(void)
{
827 828
	git_buf url = GIT_BUF_INIT;

829
	if (!_remote_proxy_host || !_remote_proxy_user || !_remote_proxy_pass)
830 831
		cl_skip();

832 833 834
	cl_git_pass(git_buf_printf(&url, "%s://%s:%s@%s/",
		_remote_proxy_scheme ? _remote_proxy_scheme : "http",
		_remote_proxy_user, _remote_proxy_pass, _remote_proxy_host));
835

836
	g_options.fetch_opts.proxy_opts.type = GIT_PROXY_SPECIFIED;
837
	g_options.fetch_opts.proxy_opts.url = url.ptr;
838
	g_options.fetch_opts.proxy_opts.certificate_check = proxy_cert_cb;
839 840 841
	called_proxy_creds = 0;
	cl_git_pass(git_clone(&g_repo, "http://github.com/libgit2/TestGitRepository", "./foo", &g_options));
	cl_assert(called_proxy_creds == 0);
842

843
	git_buf_dispose(&url);
844
}
845 846 847 848 849

void test_online_clone__proxy_credentials_in_environment(void)
{
	git_buf url = GIT_BUF_INIT;

850
	if (!_remote_proxy_host || !_remote_proxy_user || !_remote_proxy_pass)
851 852 853 854 855 856 857
		cl_skip();

	_orig_http_proxy = cl_getenv("HTTP_PROXY");
	_orig_https_proxy = cl_getenv("HTTPS_PROXY");
	_orig_proxies_need_reset = 1;

	g_options.fetch_opts.proxy_opts.type = GIT_PROXY_AUTO;
858
	g_options.fetch_opts.proxy_opts.certificate_check = proxy_cert_cb;
859

860 861 862
	cl_git_pass(git_buf_printf(&url, "%s://%s:%s@%s/",
		_remote_proxy_scheme ? _remote_proxy_scheme : "http",
		_remote_proxy_user, _remote_proxy_pass, _remote_proxy_host));
863 864 865 866 867 868

	cl_setenv("HTTP_PROXY", url.ptr);
	cl_setenv("HTTPS_PROXY", url.ptr);

	cl_git_pass(git_clone(&g_repo, "http://github.com/libgit2/TestGitRepository", "./foo", &g_options));

869
	git_buf_dispose(&url);
870
}
871

872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893
void test_online_clone__proxy_credentials_in_url_https(void)
{
	git_buf url = GIT_BUF_INIT;

	if (!_remote_proxy_host || !_remote_proxy_user || !_remote_proxy_pass)
		cl_skip();

	cl_git_pass(git_buf_printf(&url, "%s://%s:%s@%s/",
		_remote_proxy_scheme ? _remote_proxy_scheme : "http",
		_remote_proxy_user, _remote_proxy_pass, _remote_proxy_host));

	g_options.fetch_opts.proxy_opts.type = GIT_PROXY_SPECIFIED;
	g_options.fetch_opts.proxy_opts.url = url.ptr;
	g_options.fetch_opts.proxy_opts.certificate_check = proxy_cert_cb;
	g_options.fetch_opts.callbacks.certificate_check = ssl_cert;
	called_proxy_creds = 0;
	cl_git_pass(git_clone(&g_repo, "https://github.com/libgit2/TestGitRepository", "./foo", &g_options));
	cl_assert(called_proxy_creds == 0);

	git_buf_dispose(&url);
}

894 895 896 897 898 899
void test_online_clone__proxy_auto_not_detected(void)
{
	g_options.fetch_opts.proxy_opts.type = GIT_PROXY_AUTO;

	cl_git_pass(git_clone(&g_repo, "http://github.com/libgit2/TestGitRepository", "./foo", &g_options));
}
900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921

void test_online_clone__proxy_cred_callback_after_failed_url_creds(void)
{
	git_buf url = GIT_BUF_INIT;

	if (!_remote_proxy_host || !_remote_proxy_user || !_remote_proxy_pass)
		cl_skip();

	cl_git_pass(git_buf_printf(&url, "%s://invalid_user_name:INVALID_pass_WORD@%s/",
		_remote_proxy_scheme ? _remote_proxy_scheme : "http",
		_remote_proxy_host));

	g_options.fetch_opts.proxy_opts.type = GIT_PROXY_SPECIFIED;
	g_options.fetch_opts.proxy_opts.url = url.ptr;
	g_options.fetch_opts.proxy_opts.credentials = proxy_cred_cb;
	g_options.fetch_opts.proxy_opts.certificate_check = proxy_cert_cb;
	called_proxy_creds = 0;
	cl_git_pass(git_clone(&g_repo, "http://github.com/libgit2/TestGitRepository", "./foo", &g_options));
	cl_assert(called_proxy_creds);

	git_buf_dispose(&url);
}
922

923 924 925 926 927 928
void test_online_clone__azurerepos(void)
{
	cl_git_pass(git_clone(&g_repo, "https://libgit2@dev.azure.com/libgit2/test/_git/test", "./foo", &g_options));
	cl_assert(git_path_exists("./foo/master.txt"));
}

929
void test_online_clone__path_whitespace(void)
930
{
931 932
	cl_git_pass(git_clone(&g_repo, "https://libgit2@dev.azure.com/libgit2/test/_git/spaces%20in%20the%20name", "./foo", &g_options));
	cl_assert(git_path_exists("./foo/master.txt"));
933
}