diff options
| author | Edward Thomson <ethomson@edwardthomson.com> | 2023-02-24 13:41:57 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-02-24 13:41:57 -0800 |
| commit | f7325c448053bfcd1a32ec319ed392f525480634 (patch) | |
| tree | 0a250fa6dd0dc59095a03602f6584d1964f9ca14 | |
| parent | cfc3b3796a4f0301e35da2869173b365c3248365 (diff) | |
| parent | 43e84e246cc716ac51a276945b5b112b21d802d1 (diff) | |
| download | libgit2-f7325c448053bfcd1a32ec319ed392f525480634.tar.gz | |
Merge pull request #6503 from fxcoudert/hostandport
Pass hostkey & port to host verify callback
| -rw-r--r-- | src/libgit2/transports/ssh.c | 32 | ||||
| -rw-r--r-- | src/util/net.c | 7 | ||||
| -rw-r--r-- | src/util/net.h | 6 | ||||
| -rw-r--r-- | tests/libgit2/online/clone.c | 12 |
4 files changed, 42 insertions, 15 deletions
diff --git a/src/libgit2/transports/ssh.c b/src/libgit2/transports/ssh.c index 60d26e802..d7594aa12 100644 --- a/src/libgit2/transports/ssh.c +++ b/src/libgit2/transports/ssh.c @@ -651,6 +651,8 @@ static int check_against_known_hosts( return ret; } +#define SSH_DEFAULT_PORT 22 + /* * Perform the check for the session's certificate against known hosts if * possible and then ask the user if they have a callback. @@ -748,9 +750,16 @@ static int check_certificate( if (check_cb != NULL) { git_cert_hostkey *cert_ptr = &cert; git_error_state previous_error = {0}; + const char *host_ptr = host; + git_str host_and_port = GIT_STR_INIT; + + if (port != SSH_DEFAULT_PORT) { + git_str_printf(&host_and_port, "%s:%d", host, port); + host_ptr = host_and_port.ptr; + } git_error_state_capture(&previous_error, error); - error = check_cb((git_cert *) cert_ptr, cert_valid, host, check_cb_payload); + error = check_cb((git_cert *) cert_ptr, cert_valid, host_ptr, check_cb_payload); if (error == GIT_PASSTHROUGH) { error = git_error_state_restore(&previous_error); } else if (error < 0 && !git_error_last()) { @@ -758,13 +767,12 @@ static int check_certificate( } git_error_state_free(&previous_error); + git_str_dispose(&host_and_port); } return error; } -#define SSH_DEFAULT_PORT "22" - static int _git_ssh_setup_conn( ssh_subtransport *t, const char *url, @@ -788,15 +796,8 @@ static int _git_ssh_setup_conn( s->session = NULL; s->channel = NULL; - if (git_net_str_is_url(url)) - error = git_net_url_parse(&s->url, url); - else - error = git_net_url_parse_scp(&s->url, url); - - if (error < 0) - goto done; - - if ((error = git_socket_stream_new(&s->io, s->url.host, s->url.port)) < 0 || + if ((error = git_net_url_parse_standard_or_scp(&s->url, url)) < 0 || + (error = git_socket_stream_new(&s->io, s->url.host, s->url.port)) < 0 || (error = git_stream_connect(s->io)) < 0) goto done; @@ -806,8 +807,11 @@ static int _git_ssh_setup_conn( * as part of the stream connection, but that's not something that's * exposed. */ - if (git__strntol32(&port, s->url.port, strlen(s->url.port), NULL, 10) < 0) - port = -1; + if (git__strntol32(&port, s->url.port, strlen(s->url.port), NULL, 10) < 0) { + git_error_set(GIT_ERROR_NET, "invalid port to ssh: %s", s->url.port); + error = -1; + goto done; + } if ((error = _git_ssh_session_create(&session, &known_hosts, s->url.host, port, s->io)) < 0) goto done; diff --git a/src/util/net.c b/src/util/net.c index 43c7dc952..ac7befe07 100644 --- a/src/util/net.c +++ b/src/util/net.c @@ -646,6 +646,13 @@ int git_net_url_parse_scp(git_net_url *url, const char *given) return 0; } +int git_net_url_parse_standard_or_scp(git_net_url *url, const char *given) +{ + return git_net_str_is_url(given) ? + git_net_url_parse(url, given) : + git_net_url_parse_scp(url, given); +} + int git_net_url_joinpath( git_net_url *out, git_net_url *one, diff --git a/src/util/net.h b/src/util/net.h index 383592812..17f0bc4f0 100644 --- a/src/util/net.h +++ b/src/util/net.h @@ -34,6 +34,12 @@ extern int git_net_url_parse(git_net_url *url, const char *str); /** Parses a string containing an SCP style path into a URL structure. */ extern int git_net_url_parse_scp(git_net_url *url, const char *str); +/** + * Parses a string containing a standard URL or an SCP style path into + * a URL structure. + */ +extern int git_net_url_parse_standard_or_scp(git_net_url *url, const char *str); + /** Appends a path and/or query string to the given URL */ extern int git_net_url_joinpath( git_net_url *out, diff --git a/tests/libgit2/online/clone.c b/tests/libgit2/online/clone.c index 1a4cdb520..bb704c066 100644 --- a/tests/libgit2/online/clone.c +++ b/tests/libgit2/online/clone.c @@ -787,10 +787,19 @@ static int ssh_certificate_check(git_cert *cert, int valid, const char *host, vo { git_cert_hostkey *key; git_oid expected = GIT_OID_SHA1_ZERO, actual = GIT_OID_SHA1_ZERO; + git_str expected_host = GIT_STR_INIT; + git_net_url parsed_url = GIT_NET_URL_INIT; GIT_UNUSED(valid); GIT_UNUSED(payload); + cl_git_pass(git_net_url_parse_standard_or_scp(&parsed_url, _remote_url)); + cl_git_pass(git_str_printf(&expected_host, "%s%s%s", + parsed_url.host, + git_net_url_is_default_port(&parsed_url) ? "" : ":", + git_net_url_is_default_port(&parsed_url) ? "" : parsed_url.port)); + cl_assert_equal_s(expected_host.ptr, host); + cl_assert(_remote_ssh_fingerprint); cl_git_pass(git_oid__fromstrp(&expected, _remote_ssh_fingerprint, GIT_OID_SHA1)); @@ -812,7 +821,8 @@ static int ssh_certificate_check(git_cert *cert, int valid, const char *host, vo cl_assert(!memcmp(&expected, &actual, 20)); - cl_assert_equal_s("localhost", host); + git_net_url_dispose(&parsed_url); + git_str_dispose(&expected_host); return GIT_EUSER; } |