Skip to content

G
git2
Commit 2f5864c5 by Carlos Martín Nieto
Options

ssh: do ssh cert info before asking for credentials 

We know the host's key as soon as we connect, so we should perform the
check as soon as we can, before we bother with the user's credentials.
parent 17491f6e
Showing with 47 additions and 47 deletions
src/transports/ssh.c
......@@ -467,6 +467,49 @@ static int _git_ssh_setup_conn(
GITERR_CHECK_ALLOC(port);
}
if ((error = gitno_connect(&s->socket, host, port, 0)) < 0)
goto on_error;
if ((error = _git_ssh_session_create(&session, s->socket)) < 0)
goto on_error;
if (t->owner->certificate_check_cb != NULL) {
git_cert_hostkey cert;
const char *key;
int allow;
size_t certlen;
cert.type = LIBSSH2_HOSTKEY_HASH_SHA1;
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
if (key != NULL) {
certlen = 20;
memcpy(&cert.hash, key, certlen);
} else {
cert.type = LIBSSH2_HOSTKEY_HASH_MD5;
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
certlen = 16;
if (key != NULL)
memcpy(&cert.hash, key, certlen);
}
if (key == NULL) {
giterr_set(GITERR_SSH, "unable to get the host key");
return -1;
}
/* We don't currently trust any hostkeys */
allow = t->owner->certificate_check_cb(GIT_CERT_HOSTKEY_LIBSSH2, &cert, certlen, 0, t->owner->message_cb_payload);
if (allow < 0) {
error = allow;
goto on_error;
}
if (!allow) {
error = GIT_ECERTIFICATE;
goto on_error;
}
}
/* we need the username to ask for auth methods */
if (!user) {
if ((error = request_creds(&cred, t, NULL, GIT_CREDTYPE_USERNAME)) < 0)
......@@ -482,12 +525,6 @@ static int _git_ssh_setup_conn(
goto on_error;
}
if ((error = gitno_connect(&s->socket, host, port, 0)) < 0)
goto on_error;
if ((error = _git_ssh_session_create(&session, s->socket)) < 0)
goto on_error;
if ((error = list_auth_methods(&auth_methods, session, user)) < 0)
goto on_error;
......@@ -517,48 +554,10 @@ static int _git_ssh_setup_conn(
if (error < 0)
goto on_error;
if (t->owner->certificate_check_cb != NULL) {
git_cert_hostkey cert;
const char *key;
int allow;
size_t certlen;
cert.type = LIBSSH2_HOSTKEY_HASH_SHA1;
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
if (key != NULL) {
certlen = 20;
memcpy(&cert.hash, key, certlen);
} else {
cert.type = LIBSSH2_HOSTKEY_HASH_MD5;
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
certlen = 16;
if (key != NULL)
memcpy(&cert.hash, key, certlen);
}
if (key == NULL) {
giterr_set(GITERR_SSH, "unable to get the host key");
return -1;
}
/* We don't currently trust any hostkeys */
allow = t->owner->certificate_check_cb(GIT_CERT_HOSTKEY_LIBSSH2, &cert, certlen, 0, t->owner->message_cb_payload);
if (allow < 0) {
error = allow;
goto on_error;
}
if (!allow) {
error = GIT_ECERTIFICATE;
goto on_error;
}
}
channel = libssh2_channel_open_session(session);
if (!channel) {
error = -1;
ssh_error(session, "Failed to open SSH channel");
error = -1;
goto on_error;
}
......@@ -634,10 +633,8 @@ static int ssh_receivepack_ls(
{
const char *cmd = t->cmd_receivepack ? t->cmd_receivepack : cmd_receivepack;
if (_git_ssh_setup_conn(t, url, cmd, stream) < 0)
return -1;
return 0;
return _git_ssh_setup_conn(t, url, cmd, stream);
}
static int ssh_receivepack(
......
tests/online/clone.c
......@@ -487,6 +487,9 @@ void test_online_clone__certificate_invalid(void)
cl_git_fail_with(git_clone(&g_repo, "http://github.com/libgit2/TestGitRepository", "./foo", &g_options),
GIT_ECERTIFICATE);
cl_git_fail_with(git_clone(&g_repo, "ssh://github.com/libgit2/TestGitRepository", "./foo", &g_options),
GIT_ECERTIFICATE);
}
static int succeed_certificate_check(git_cert_t type, void *data, size_t len, int valid, void *payload)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment