- 18 Mar, 2015 1 commit
-
-
The smart transport has already take the payload param. For the sub transport a payload param is useful for the implementer.
Leo Yang committed
-
- 10 Dec, 2014 1 commit
-
-
Having an ssh stream would require extra work for stream capabilities we don't need anywhere else (oob auth and command execution) so for now let's move away from the gitno connection to use socket_stream. We can introduce an ssh stream interface if and as we need it.
Carlos Martín Nieto committed
-
- 27 Oct, 2014 2 commits
-
-
Edward Thomson committed
-
Edward Thomson committed
-
- 22 Sep, 2014 1 commit
-
-
Signed-off-by: Sven Strickroth <email@cs-ware.de>
Sven Strickroth committed
-
- 16 Sep, 2014 8 commits
-
-
The user may have the data hashed as MD5 or SHA-1, so we should provide both types for consumption.
Carlos Martín Nieto committed -
Instead of using the libssh2 defines, provide our own, which eases usage as we do not need to check whether libgit2 was built with libssh2 or not.
Carlos Martín Nieto committed -
Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.
Carlos Martín Nieto committed -
Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.
Carlos Martín Nieto committed -
We know the host's key as soon as we connect, so we should perform the check as soon as we can, before we bother with the user's credentials.
Carlos Martín Nieto committed -
We should let the user decide whether to cancel the connection or not regardless of whether our checks have decided that the certificate is fine. We provide our own assessment to the callback to let the user fall back to our checks if they so desire.
Carlos Martín Nieto committed -
Instead of the parsed data, we can ask OpenSSL to give us the DER-encoded version of the certificate, which the user can then parse and validate.
Carlos Martín Nieto committed -
If the certificate validation fails (or always in the case of ssh), let the user decide whether to allow the connection. The data structure passed to the user is the native certificate information from the underlying implementation, namely OpenSSL or WinHTTP.
Carlos Martín Nieto committed
-
- 04 Sep, 2014 1 commit
-
-
When the call to the agent fails, we must retrieve the error message just after the function call, as other calls may overwrite it. As the agent authentication is the only one which has a teardown and there does not seem to be a way to get the error message from a stored error number, this tries to introduce some small changes to store the error from the agent. Clearing the error at the beginning of the loop lets us know whether the agent has already set the libgit2 error message and we should skip it, or if we should set it.
Carlos Martín Nieto committed
-
- 05 Aug, 2014 1 commit
-
-
Jacques Germishuys committed
-
- 16 Jul, 2014 1 commit
-
-
Vicent Marti committed
-
- 07 Jul, 2014 1 commit
-
-
git allows you to set which paths to use for the git server programs when connecting over ssh; and we want to provide something similar. We do this by providing a factory function which can be set as the remote's transport callback which will set the given paths upon creation.
Carlos Martín Nieto committed
-
- 03 Jul, 2014 1 commit
-
-
Jacques Germishuys committed
-
- 02 Jul, 2014 1 commit
-
-
When the stream writing function was written, it assume that libssh2_channel_write() would always write all of the data to the wire. This is only true for the first 32k of data, which it tries to fit into one ssh packet. Since it can perform short writes, call it in a loop like we do for send(), advancing the buffer offset.
Carlos Martín Nieto committed
-
- 26 Jun, 2014 2 commits
-
-
In order to know which authentication methods are supported/allowed by the ssh server, we need to send a NONE auth request, which needs a username associated with it. Most ssh server implementations do not allow switching the username between authentication attempts, which means we cannot use a dummy username and then switch. There are two ways around this. The first is to use a different connection, which an earlier commit implements, but this increases how long it takes to get set up, and without knowing the right username, we cannot guarantee that the list we get in response is the right one. The second is what's implemented here: if there is no username specified in the url, ask for it first. We can then ask for the list of auth methods and use the user's credentials in the same connection.
Carlos Martín Nieto committed -
Instead of completely giving up on the first failure, ask for credentials as long as we fail to authenticate.
Carlos Martín Nieto committed
-
- 17 Jun, 2014 2 commits
-
-
We need to be able to get a GIT_EUSER back through the outermost call.
Carlos Martín Nieto committed -
Before calling the credentials callback, ask the sever which authentication methods it supports and report that to the user, instead of simply reporting everything that the transport supports. In case of an error, we do fall back to listing all of them.
Carlos Martín Nieto committed
-
- 22 Apr, 2014 1 commit
-
-
Allow the credentials callback to return GIT_PASSTHROUGH to make the transports code behave as though none was set. This should make it easier for bindings to behave closer to the C code when there is no credentials callback set at their level.
Carlos Martín Nieto committed
-
- 18 Apr, 2014 3 commits
-
-
Jacques Germishuys committed
-
This allows for keyboard-interactive based SSH authentication
Jacques Germishuys committed -
The ssh-specific credentials allow the username to be missing. The idea being that the ssh transport will then use the username provided in the url, if it's available. There are two main issues with this. The credential callback already knows what username was provided by the url and needs to figure out whether it wants to ask the user for it or it can reuse it, so passing NULL as the username means the credential callback is suspicious. The username provided in the url is not in fact used by the transport. The only time it even considers it is for the user/pass credential, which asserts the existence of a username in its constructor. For the ssh-specific ones, it passes in the username stored in the credential, which is NULL. The libssh2 macro we use runs strlen() against this value (which is no different from what we would be doing ourselves), so we then crash. As the documentation doesn't suggest to leave out the username, assert the need for a username in the code, which removes this buggy behavior and removes implicit state. git_cred_has_username() becomes a blacklist of credential types that do not have a username. The only one at the moment is the 'default' one, which is meant to call up some Microsoft magic.
Carlos Martín Nieto committed
-
- 25 Feb, 2014 1 commit
-
-
- added MSVC cmake definitions to disable warnings - general.c is rewritten so it is ansi-c compatible and compiles ok on microsoft windows - some MSVC reported warning fixes
Miha committed
-
- 20 Nov, 2013 1 commit
-
-
Alessandro Ghedini committed
-
- 05 Nov, 2013 1 commit
-
-
Ben Straub committed
-
- 04 Nov, 2013 1 commit
-
-
Ben Straub committed
-
- 31 Oct, 2013 1 commit
-
-
Ben Straub committed
-
- 23 Oct, 2013 1 commit
-
-
The names from libssh2 are somewhat obtuse for us. We can simplify the usual key/passphrase credential's name, as well as make clearer what the custom signature function is.
Carlos Martín Nieto committed
-
- 21 Oct, 2013 1 commit
-
-
Edward Thomson committed
-
- 16 Sep, 2013 2 commits
-
-
Etienne Samson committed
-
Etienne Samson committed
-
- 09 Sep, 2013 1 commit
-
-
Isaac Kearse committed
-
- 08 Sep, 2013 1 commit
-
-
Isaac Kearse committed
-
- 14 Aug, 2013 1 commit
-
-
That commit accidentally removed the initialization of the "start" variable giving undefined results for the host extraction from the url input.
Russell Belfer committed
-
- 12 Aug, 2013 1 commit
-
-
Key-based authentication also needs an username, so include it in each one. Also stop assuming a default username of "git" in the ssh transport which has no business making such a decision.
Carlos Martín Nieto committed
-