Commit 2f5864c5 by Carlos Martín Nieto

ssh: do ssh cert info before asking for credentials

We know the host's key as soon as we connect, so we should perform the
check as soon as we can, before we bother with the user's credentials.
parent 17491f6e
...@@ -467,6 +467,49 @@ static int _git_ssh_setup_conn( ...@@ -467,6 +467,49 @@ static int _git_ssh_setup_conn(
GITERR_CHECK_ALLOC(port); GITERR_CHECK_ALLOC(port);
} }
if ((error = gitno_connect(&s->socket, host, port, 0)) < 0)
goto on_error;
if ((error = _git_ssh_session_create(&session, s->socket)) < 0)
goto on_error;
if (t->owner->certificate_check_cb != NULL) {
git_cert_hostkey cert;
const char *key;
int allow;
size_t certlen;
cert.type = LIBSSH2_HOSTKEY_HASH_SHA1;
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
if (key != NULL) {
certlen = 20;
memcpy(&cert.hash, key, certlen);
} else {
cert.type = LIBSSH2_HOSTKEY_HASH_MD5;
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
certlen = 16;
if (key != NULL)
memcpy(&cert.hash, key, certlen);
}
if (key == NULL) {
giterr_set(GITERR_SSH, "unable to get the host key");
return -1;
}
/* We don't currently trust any hostkeys */
allow = t->owner->certificate_check_cb(GIT_CERT_HOSTKEY_LIBSSH2, &cert, certlen, 0, t->owner->message_cb_payload);
if (allow < 0) {
error = allow;
goto on_error;
}
if (!allow) {
error = GIT_ECERTIFICATE;
goto on_error;
}
}
/* we need the username to ask for auth methods */ /* we need the username to ask for auth methods */
if (!user) { if (!user) {
if ((error = request_creds(&cred, t, NULL, GIT_CREDTYPE_USERNAME)) < 0) if ((error = request_creds(&cred, t, NULL, GIT_CREDTYPE_USERNAME)) < 0)
...@@ -482,12 +525,6 @@ static int _git_ssh_setup_conn( ...@@ -482,12 +525,6 @@ static int _git_ssh_setup_conn(
goto on_error; goto on_error;
} }
if ((error = gitno_connect(&s->socket, host, port, 0)) < 0)
goto on_error;
if ((error = _git_ssh_session_create(&session, s->socket)) < 0)
goto on_error;
if ((error = list_auth_methods(&auth_methods, session, user)) < 0) if ((error = list_auth_methods(&auth_methods, session, user)) < 0)
goto on_error; goto on_error;
...@@ -517,48 +554,10 @@ static int _git_ssh_setup_conn( ...@@ -517,48 +554,10 @@ static int _git_ssh_setup_conn(
if (error < 0) if (error < 0)
goto on_error; goto on_error;
if (t->owner->certificate_check_cb != NULL) {
git_cert_hostkey cert;
const char *key;
int allow;
size_t certlen;
cert.type = LIBSSH2_HOSTKEY_HASH_SHA1;
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
if (key != NULL) {
certlen = 20;
memcpy(&cert.hash, key, certlen);
} else {
cert.type = LIBSSH2_HOSTKEY_HASH_MD5;
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
certlen = 16;
if (key != NULL)
memcpy(&cert.hash, key, certlen);
}
if (key == NULL) {
giterr_set(GITERR_SSH, "unable to get the host key");
return -1;
}
/* We don't currently trust any hostkeys */
allow = t->owner->certificate_check_cb(GIT_CERT_HOSTKEY_LIBSSH2, &cert, certlen, 0, t->owner->message_cb_payload);
if (allow < 0) {
error = allow;
goto on_error;
}
if (!allow) {
error = GIT_ECERTIFICATE;
goto on_error;
}
}
channel = libssh2_channel_open_session(session); channel = libssh2_channel_open_session(session);
if (!channel) { if (!channel) {
error = -1; error = -1;
ssh_error(session, "Failed to open SSH channel"); ssh_error(session, "Failed to open SSH channel");
error = -1;
goto on_error; goto on_error;
} }
...@@ -634,10 +633,8 @@ static int ssh_receivepack_ls( ...@@ -634,10 +633,8 @@ static int ssh_receivepack_ls(
{ {
const char *cmd = t->cmd_receivepack ? t->cmd_receivepack : cmd_receivepack; const char *cmd = t->cmd_receivepack ? t->cmd_receivepack : cmd_receivepack;
if (_git_ssh_setup_conn(t, url, cmd, stream) < 0)
return -1;
return 0; return _git_ssh_setup_conn(t, url, cmd, stream);
} }
static int ssh_receivepack( static int ssh_receivepack(
......
...@@ -487,6 +487,9 @@ void test_online_clone__certificate_invalid(void) ...@@ -487,6 +487,9 @@ void test_online_clone__certificate_invalid(void)
cl_git_fail_with(git_clone(&g_repo, "http://github.com/libgit2/TestGitRepository", "./foo", &g_options), cl_git_fail_with(git_clone(&g_repo, "http://github.com/libgit2/TestGitRepository", "./foo", &g_options),
GIT_ECERTIFICATE); GIT_ECERTIFICATE);
cl_git_fail_with(git_clone(&g_repo, "ssh://github.com/libgit2/TestGitRepository", "./foo", &g_options),
GIT_ECERTIFICATE);
} }
static int succeed_certificate_check(git_cert_t type, void *data, size_t len, int valid, void *payload) static int succeed_certificate_check(git_cert_t type, void *data, size_t len, int valid, void *payload)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment