diff options
| -rw-r--r-- | docs/changelog.md | 8 | ||||
| -rw-r--r-- | include/git2.h | 2 | ||||
| -rw-r--r-- | include/git2/cert.h | 127 | ||||
| -rw-r--r-- | include/git2/cred.h | 308 | ||||
| -rw-r--r-- | include/git2/proxy.h | 6 | ||||
| -rw-r--r-- | include/git2/sys/cred.h | 90 | ||||
| -rw-r--r-- | include/git2/transport.h | 365 | ||||
| -rw-r--r-- | include/git2/types.h | 60 | ||||
| -rw-r--r-- | src/transports/auth.c | 1 | ||||
| -rw-r--r-- | src/transports/auth_ntlm.c | 1 | ||||
| -rw-r--r-- | src/transports/cred.c | 8 | ||||
| -rw-r--r-- | src/transports/cred.h | 16 | ||||
| -rw-r--r-- | src/transports/http.c | 1 | ||||
| -rw-r--r-- | src/transports/ssh.c | 6 | ||||
| -rw-r--r-- | src/transports/winhttp.c | 1 | ||||
| -rw-r--r-- | tests/network/cred.c | 18 |
16 files changed, 570 insertions, 448 deletions
diff --git a/docs/changelog.md b/docs/changelog.md index 563c5c9c8..1ca70493f 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -1,6 +1,14 @@ v0.28 + 1 --------- +### Breaking API changes + +* The "private" implementation details of the `git_cred` structure have been + moved to a dedicated `git2/sys/cred.h` header, to clarify that the underlying + structures are only provided for custom transport implementers. + The breaking change is that the `username` member of the underlying struct + is now hidden, and a new `git_cred_get_username` function has been provided. + ### Breaking CMake configuration changes * The CMake option to use a system http-parser library, instead of the diff --git a/include/git2.h b/include/git2.h index c07c26038..7f49f8faf 100644 --- a/include/git2.h +++ b/include/git2.h @@ -15,12 +15,14 @@ #include "git2/blame.h" #include "git2/branch.h" #include "git2/buffer.h" +#include "git2/cert.h" #include "git2/checkout.h" #include "git2/cherrypick.h" #include "git2/clone.h" #include "git2/commit.h" #include "git2/common.h" #include "git2/config.h" +#include "git2/cred.h" #include "git2/deprecated.h" #include "git2/describe.h" #include "git2/diff.h" diff --git a/include/git2/cert.h b/include/git2/cert.h new file mode 100644 index 000000000..61a92d4d6 --- /dev/null +++ b/include/git2/cert.h @@ -0,0 +1,127 @@ +/* + * Copyright (C) the libgit2 contributors. All rights reserved. + * + * This file is part of libgit2, distributed under the GNU GPL v2 with + * a Linking Exception. For full terms see the included COPYING file. + */ +#ifndef INCLUDE_git_cert_h__ +#define INCLUDE_git_cert_h__ + +#include "common.h" + +/** + * @file git2/cert.h + * @brief Git certificate objects + * @defgroup git_cert Certificate objects + * @ingroup Git + * @{ + */ +GIT_BEGIN_DECL + +/** + * Type of host certificate structure that is passed to the check callback + */ +typedef enum git_cert_t { + /** + * No information about the certificate is available. This may + * happen when using curl. + */ + GIT_CERT_NONE, + /** + * The `data` argument to the callback will be a pointer to + * the DER-encoded data. + */ + GIT_CERT_X509, + /** + * The `data` argument to the callback will be a pointer to a + * `git_cert_hostkey` structure. + */ + GIT_CERT_HOSTKEY_LIBSSH2, + /** + * The `data` argument to the callback will be a pointer to a + * `git_strarray` with `name:content` strings containing + * information about the certificate. This is used when using + * curl. + */ + GIT_CERT_STRARRAY, +} git_cert_t; + +/** + * Parent type for `git_cert_hostkey` and `git_cert_x509`. + */ +struct git_cert { + /** + * Type of certificate. A `GIT_CERT_` value. + */ + git_cert_t cert_type; +}; + +/** + * Callback for the user's custom certificate checks. + * + * @param cert The host certificate + * @param valid Whether the libgit2 checks (OpenSSL or WinHTTP) think + * this certificate is valid + * @param host Hostname of the host libgit2 connected to + * @param payload Payload provided by the caller + * @return 0 to proceed with the connection, < 0 to fail the connection + * or > 0 to indicate that the callback refused to act and that + * the existing validity determination should be honored + */ +typedef int GIT_CALLBACK(git_transport_certificate_check_cb)(git_cert *cert, int valid, const char *host, void *payload); + +/** + * Type of SSH host fingerprint + */ +typedef enum { + /** MD5 is available */ + GIT_CERT_SSH_MD5 = (1 << 0), + /** SHA-1 is available */ + GIT_CERT_SSH_SHA1 = (1 << 1), +} git_cert_ssh_t; + +/** + * Hostkey information taken from libssh2 + */ +typedef struct { + git_cert parent; /**< The parent cert */ + + /** + * A hostkey type from libssh2, either + * `GIT_CERT_SSH_MD5` or `GIT_CERT_SSH_SHA1` + */ + git_cert_ssh_t type; + + /** + * Hostkey hash. If type has `GIT_CERT_SSH_MD5` set, this will + * have the MD5 hash of the hostkey. + */ + unsigned char hash_md5[16]; + + /** + * Hostkey hash. If type has `GIT_CERT_SSH_SHA1` set, this will + * have the SHA-1 hash of the hostkey. + */ + unsigned char hash_sha1[20]; +} git_cert_hostkey; + +/** + * X.509 certificate information + */ +typedef struct { + git_cert parent; /**< The parent cert */ + + /** + * Pointer to the X.509 certificate data + */ + void *data; + + /** + * Length of the memory block pointed to by `data`. + */ + size_t len; +} git_cert_x509; + +/** @} */ +GIT_END_DECL +#endif diff --git a/include/git2/cred.h b/include/git2/cred.h new file mode 100644 index 000000000..e89ab2361 --- /dev/null +++ b/include/git2/cred.h @@ -0,0 +1,308 @@ +/* + * Copyright (C) the libgit2 contributors. All rights reserved. + * + * This file is part of libgit2, distributed under the GNU GPL v2 with + * a Linking Exception. For full terms see the included COPYING file. + */ +#ifndef INCLUDE_git_cred_h__ +#define INCLUDE_git_cred_h__ + +#include "common.h" + +/** + * @file git2/cred.h + * @brief Git authentication & credential management + * @defgroup git_cred Authentication & credential management + * @ingroup Git + * @{ + */ +GIT_BEGIN_DECL + +/** + * Supported credential types + * + * This represents the various types of authentication methods supported by + * the library. + */ +typedef enum { + /** + * A vanilla user/password request + * @see git_cred_userpass_plaintext_new + */ + GIT_CREDTYPE_USERPASS_PLAINTEXT = (1u << 0), + + /** + * An SSH key-based authentication request + * @see git_cred_ssh_key_new + */ + GIT_CREDTYPE_SSH_KEY = (1u << 1), + + /** + * An SSH key-based authentication request, with a custom signature + * @see git_cred_ssh_custom_new + */ + GIT_CREDTYPE_SSH_CUSTOM = (1u << 2), + + /** + * An NTLM/Negotiate-based authentication request. + * @see git_cred_default + */ + GIT_CREDTYPE_DEFAULT = (1u << 3), + + /** + * An SSH interactive authentication request + * @see git_cred_ssh_interactive_new + */ + GIT_CREDTYPE_SSH_INTERACTIVE = (1u << 4), + + /** + * Username-only authentication request + * + * Used as a pre-authentication step if the underlying transport + * (eg. SSH, with no username in its URL) does not know which username + * to use. + * + * @see git_cred_username_new + */ + GIT_CREDTYPE_USERNAME = (1u << 5), + + /** + * An SSH key-based authentication request + * + * Allows credentials to be read from memory instead of files. + * Note that because of differences in crypto backend support, it might + * not be functional. + * + * @see git_cred_ssh_key_memory_new + */ + GIT_CREDTYPE_SSH_MEMORY = (1u << 6), +} git_credtype_t; + +/** + * The base structure for all credential types + */ +typedef struct git_cred git_cred; + +typedef struct git_cred_userpass_plaintext git_cred_userpass_plaintext; + +/** Username-only credential information */ +typedef struct git_cred_username git_cred_username; + +/** A key for NTLM/Kerberos "default" credentials */ +typedef struct git_cred git_cred_default; + +/** + * A ssh key from disk + */ +typedef struct git_cred_ssh_key git_cred_ssh_key; + +/** + * Keyboard-interactive based ssh authentication + */ +typedef struct git_cred_ssh_interactive git_cred_ssh_interactive; + +/** + * A key with a custom signature function + */ +typedef struct git_cred_ssh_custom git_cred_ssh_custom; + +/** + * Credential acquisition callback. + * + * This callback is usually involved any time another system might need + * authentication. As such, you are expected to provide a valid git_cred + * object back, depending on allowed_types (a git_credtype_t bitmask). + * + * Note that most authentication details are your responsibility - this + * callback will be called until the authentication succeeds, or you report + * an error. As such, it's easy to get in a loop if you fail to stop providing + * the same incorrect credentials. + * + * @param cred The newly created credential object. + * @param url The resource for which we are demanding a credential. + * @param username_from_url The username that was embedded in a "user\@host" + * remote url, or NULL if not included. + * @param allowed_types A bitmask stating which cred types are OK to return. + * @param payload The payload provided when specifying this callback. + * @return 0 for success, < 0 to indicate an error, > 0 to indicate + * no credential was acquired + */ +typedef int GIT_CALLBACK(git_cred_acquire_cb)( + git_cred **cred, + const char *url, + const char *username_from_url, + unsigned int allowed_types, + void *payload); + +/** + * Free a credential. + * + * This is only necessary if you own the object; that is, if you are a + * transport. + * + * @param cred the object to free + */ +GIT_EXTERN(void) git_cred_free(git_cred *cred); + +/** + * Check whether a credential object contains username information. + * + * @param cred object to check + * @return 1 if the credential object has non-NULL username, 0 otherwise + */ +GIT_EXTERN(int) git_cred_has_username(git_cred *cred); + +/** + * Return the username associated with a credential object. + * + * @param cred object to check + * @return the credential username, or NULL if not applicable + */ +GIT_EXTERN(const char *) git_cred_get_username(git_cred *cred); + +/** + * Create a new plain-text username and password credential object. + * The supplied credential parameter will be internally duplicated. + * + * @param out The newly created credential object. + * @param username The username of the credential. + * @param password The password of the credential. + * @return 0 for success or an error code for failure + */ +GIT_EXTERN(int) git_cred_userpass_plaintext_new( + git_cred **out, + const char *username, + const char *password); + +/** + * Create a "default" credential usable for Negotiate mechanisms like NTLM + * or Kerberos authentication. + * + * @return 0 for success or an error code for failure + */ +GIT_EXTERN(int) git_cred_default_new(git_cred **out); + +/** + * Create a credential to specify a username. + * + * This is used with ssh authentication to query for the username if + * none is specified in the url. + */ +GIT_EXTERN(int) git_cred_username_new(git_cred **cred, const char *username); + +/** + * Create a new passphrase-protected ssh key credential object. + * The supplied credential parameter will be internally duplicated. + * + * @param out The newly created credential object. + * @param username username to use to authenticate + * @param publickey The path to the public key of the credential. + * @param privatekey The path to the private key of the credential. + * @param passphrase The passphrase of the credential. + * @return 0 for success or an error code for failure + */ +GIT_EXTERN(int) git_cred_ssh_key_new( + git_cred **out, + const char *username, + const char *publickey, + const char *privatekey, + const char *passphrase); + +/** + * Create a new ssh key credential object reading the keys from memory. + * + * @param out The newly created credential object. + * @param username username to use to authenticate. + * @param publickey The public key of the credential. + * @param privatekey The private key of the credential. + * @param passphrase The passphrase of the credential. + * @return 0 for success or an error code for failure + */ +GIT_EXTERN(int) git_cred_ssh_key_memory_new( + git_cred **out, + const char *username, + const char *publickey, + const char *privatekey, + const char *passphrase); + +/* + * If the user hasn't included libssh2.h before git2.h, we need to + * define a few types for the callback signatures. + */ +#ifndef LIBSSH2_VERSION +typedef struct _LIBSSH2_SESSION LIBSSH2_SESSION; +typedef struct _LIBSSH2_USERAUTH_KBDINT_PROMPT LIBSSH2_USERAUTH_KBDINT_PROMPT; +typedef struct _LIBSSH2_USERAUTH_KBDINT_RESPONSE LIBSSH2_USERAUTH_KBDINT_RESPONSE; +#endif + +typedef void GIT_CALLBACK(git_cred_ssh_interactive_cb)( + const char *name, + int name_len, + const char *instruction, int instruction_len, + int num_prompts, const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts, + LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses, + void **abstract); + + +/** + * Create a new ssh keyboard-interactive based credential object. + * The supplied credential parameter will be internally duplicated. + * + * @param username Username to use to authenticate. + * @param prompt_callback The callback method used for prompts. + * @param payload Additional data to pass to the callback. + * @return 0 for success or an error code for failure. + */ +GIT_EXTERN(int) git_cred_ssh_interactive_new( + git_cred **out, + const char *username, + git_cred_ssh_interactive_cb prompt_callback, + void *payload); + +/** + * Create a new ssh key credential object used for querying an ssh-agent. + * The supplied credential parameter will be internally duplicated. + * + * @param out The newly created credential object. + * @param username username to use to authenticate + * @return 0 for success or an error code for failure + */ +GIT_EXTERN(int) git_cred_ssh_key_from_agent( + git_cred **out, + const char *username); + +typedef int GIT_CALLBACK(git_cred_sign_cb)( + LIBSSH2_SESSION *session, + unsigned char **sig, size_t *sig_len, + const unsigned char *data, size_t data_len, + void **abstract); + +/** + * Create an ssh key credential with a custom signing function. + * + * This lets you use your own function to sign the challenge. + * + * This function and its credential type is provided for completeness + * and wraps `libssh2_userauth_publickey()`, which is undocumented. + * + * The supplied credential parameter will be internally duplicated. + * + * @param out The newly created credential object. + * @param username username to use to authenticate + * @param publickey The bytes of the public key. + * @param publickey_len The length of the public key in bytes. + * @param sign_callback The callback method to sign the data during the challenge. + * @param payload Additional data to pass to the callback. + * @return 0 for success or an error code for failure + */ +GIT_EXTERN(int) git_cred_ssh_custom_new( + git_cred **out, + const char *username, + const char *publickey, + size_t publickey_len, + git_cred_sign_cb sign_callback, + void *payload); + +/** @} */ +GIT_END_DECL +#endif diff --git a/include/git2/proxy.h b/include/git2/proxy.h index 8fdcaa31d..f959ae2e2 100644 --- a/include/git2/proxy.h +++ b/include/git2/proxy.h @@ -8,7 +8,9 @@ #define INCLUDE_git_proxy_h__ #include "common.h" -#include "transport.h" + +#include "cert.h" +#include "cred.h" GIT_BEGIN_DECL @@ -67,7 +69,7 @@ typedef struct { * connection to proceed. Returns 0 to allow the connection * or a negative value to indicate an error. */ - git_transport_certificate_check_cb certificate_check; + git_transport_certificate_check_cb certificate_check; /** * Payload to be provided to the credentials and certificate diff --git a/include/git2/sys/cred.h b/include/git2/sys/cred.h new file mode 100644 index 000000000..7636e79e4 --- /dev/null +++ b/include/git2/sys/cred.h @@ -0,0 +1,90 @@ +/* + * Copyright (C) the libgit2 contributors. All rights reserved. + * + * This file is part of libgit2, distributed under the GNU GPL v2 with + * a Linking Exception. For full terms see the included COPYING file. + */ +#ifndef INCLUDE_sys_git_cred_h__ +#define INCLUDE_sys_git_cred_h__ + +#include "git2/common.h" +#include "git2/cred.h" + +/** + * @file git2/sys/cred.h + * @brief Git credentials low-level implementation + * @defgroup git_cred Git credentials low-level implementation + * @ingroup Git + * @{ + */ +GIT_BEGIN_DECL + +/** + * The base structure for all credential types + */ +struct git_cred { + git_credtype_t credtype; /**< A type of credential */ + + /** The deallocator for this type of credentials */ + void GIT_CALLBACK(free)(git_cred *cred); +}; + +/** A plaintext username and password */ +struct git_cred_userpass_plaintext { + git_cred parent; /**< The parent cred */ + char *username; /**< The username to authenticate as */ + char *password; /**< The password to use */ +}; + +/** Username-only credential information */ +struct git_cred_username { + git_cred parent; /**< The parent cred */ + char username[1]; /**< The username to authenticate as */ +}; + +/** + * A ssh key from disk + */ +struct git_cred_ssh_key { + git_cred parent; /**< The parent cred */ + char *username; /**< The username to authenticate as */ + char *publickey; /**< The path to a public key */ + char *privatekey; /**< The path to a private key */ + char *passphrase; /**< Passphrase used to decrypt the private key */ +}; + +/** + * Keyboard-interactive based ssh authentication + */ +struct git_cred_ssh_interactive { + git_cred parent; /**< The parent cred */ + char *username; /**< The username to authenticate as */ + + /** + * Callback used for authentication. + */ + git_cred_ssh_interactive_cb prompt_callback; + + void *payload; /**< Payload passed to prompt_callback */ +}; + +/** + * A key with a custom signature function + */ +struct git_cred_ssh_custom { + git_cred parent; /**< The parent cred */ + char *username; /**< The username to authenticate as */ + char *publickey; /**< The public key data */ + size_t publickey_len; /**< Length of the public key */ + + /** + * Callback used to sign the data. + */ + git_cred_sign_cb sign_callback; + + void *payload; /**< Payload passed to prompt_callback */ +}; + +GIT_END_DECL + +#endif diff --git a/include/git2/transport.h b/include/git2/transport.h index ab45a3a1f..b99bb30e1 100644 --- a/include/git2/transport.h +++ b/include/git2/transport.h @@ -10,6 +10,8 @@ #include "indexer.h" #include "net.h" #include "types.h" +#include "cert.h" +#include "cred.h" /** * @file git2/transport.h @@ -20,366 +22,21 @@ */ GIT_BEGIN_DECL -/** Signature of a function which creates a transport */ -typedef int GIT_CALLBACK(git_transport_cb)(git_transport **out, git_remote *owner, void *param); - -/** - * Type of SSH host fingerprint - */ -typedef enum { - /** MD5 is available */ - GIT_CERT_SSH_MD5 = (1 << 0), - /** SHA-1 is available */ - GIT_CERT_SSH_SHA1 = (1 << 1), -} git_cert_ssh_t; - -/** - * Hostkey information taken from libssh2 - */ -typedef struct { - git_cert parent; /**< The parent cert */ - - /** - * A hostkey type from libssh2, either - * `GIT_CERT_SSH_MD5` or `GIT_CERT_SSH_SHA1` - */ - git_cert_ssh_t type; - - /** - * Hostkey hash. If type has `GIT_CERT_SSH_MD5` set, this will - * have the MD5 hash of the hostkey. - */ - unsigned char hash_md5[16]; - - /** - * Hostkey hash. If type has `GIT_CERT_SSH_SHA1` set, this will - * have the SHA-1 hash of the hostkey. - */ - unsigned char hash_sha1[20]; -} git_cert_hostkey; - -/** - * X.509 certificate information - */ -typedef struct { - git_cert parent; /**< The parent cert */ - - /** - * Pointer to the X.509 certificate data - */ - void *data; - - /** - * Length of the memory block pointed to by `data`. - */ - size_t len; -} git_cert_x509; - -/* - *** Begin interface for credentials acquisition *** - */ - /** - * Supported credential types + * Callback for messages recieved by the transport. * - * This represents the various types of authentication methods supported by - * the library. - */ -typedef enum { - /** - * A vanilla user/password request - * @see git_cred_userpass_plaintext_new - */ - GIT_CREDTYPE_USERPASS_PLAINTEXT = (1u << 0), - - /** - * An SSH key-based authentication request - * @see git_cred_ssh_key_new - */ - GIT_CREDTYPE_SSH_KEY = (1u << 1), - - /** - * An SSH key-based authentication request, with a custom signature - * @see git_cred_ssh_custom_new - */ - GIT_CREDTYPE_SSH_CUSTOM = (1u << 2), - - /** - * An NTLM/Negotiate-based authentication request. - * @see git_cred_default - */ - GIT_CREDTYPE_DEFAULT = (1u << 3), - - /** - * An SSH interactive authentication request - * @see git_cred_ssh_interactive_new - */ - GIT_CREDTYPE_SSH_INTERACTIVE = (1u << 4), - - /** - * Username-only authentication request - * - * Used as a pre-authentication step if the underlying transport - * (eg. SSH, with no username in its URL) does not know which username - * to use. - * - * @see git_cred_username_new - */ - GIT_CREDTYPE_USERNAME = (1u << 5), - - /** - * An SSH key-based authentication request - * - * Allows credentials to be read from memory instead of files. - * Note that because of differences in crypto backend support, it might - * not be functional. - * - * @see git_cred_ssh_key_memory_new - */ - GIT_CREDTYPE_SSH_MEMORY = (1u << 6), -} git_credtype_t; - -typedef struct git_cred git_cred; - -/** - * The base structure for all credential types - */ -struct git_cred { - git_credtype_t credtype; /**< A type of credential */ - - /** The deallocator for this type of credentials */ - void GIT_CALLBACK(free)(git_cred *cred); -}; - -/** A plaintext username and password */ -typedef struct { - git_cred parent; /**< The parent cred */ - char *username; /**< The username to authenticate as */ - char *password; /**< The password to use */ -} git_cred_userpass_plaintext; - - -/* - * If the user hasn't included libssh2.h before git2.h, we need to - * define a few types for the callback signatures. - */ -#ifndef LIBSSH2_VERSION -typedef struct _LIBSSH2_SESSION LIBSSH2_SESSION; -typedef struct _LIBSSH2_USERAUTH_KBDINT_PROMPT LIBSSH2_USERAUTH_KBDINT_PROMPT; -typedef struct _LIBSSH2_USERAUTH_KBDINT_RESPONSE LIBSSH2_USERAUTH_KBDINT_RESPONSE; -#endif - -typedef int GIT_CALLBACK(git_cred_sign_cb)(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len, const unsigned char *data, size_t data_len, void **abstract); -typedef void GIT_CALLBACK(git_cred_ssh_interactive_cb)(const char* name, int name_len, const char* instruction, int instruction_len, int num_prompts, const LIBSSH2_USERAUTH_KBDINT_PROMPT* prompts, LIBSSH2_USERAUTH_KBDINT_RESPONSE* responses, void **abstract); - -/** - * A ssh key from disk - */ -typedef struct git_cred_ssh_key { - git_cred parent; /**< The parent cred */ - char *username; /**< The username to authenticate as */ - char *publickey; /**< The path to a public key */ - char *privatekey; /**< The path to a private key */ - char *passphrase; /**< Passphrase used to decrypt the private key */ -} git_cred_ssh_key; - -/** - * Keyboard-interactive based ssh authentication - */ -typedef struct git_cred_ssh_interactive { - git_cred parent; /**< The parent cred */ - char *username; /**< The username to authenticate as */ - - /** - * Callback used for authentication. - */ - git_cred_ssh_interactive_cb prompt_callback; - - void *payload; /**< Payload passed to prompt_callback */ -} git_cred_ssh_interactive; - -/** - * A key with a custom signature function - */ -typedef struct git_cred_ssh_custom { - git_cred parent; /**< The parent cred */ - char *username; /**< The username to authenticate as */ - char *publickey; /**< The public key data */ - size_t publickey_len; /**< Length of the public key */ - - /** - * Callback used to sign the data. - */ - git_cred_sign_cb sign_callback; - - void *payload; /**< Payload passed to prompt_callback */ -} git_cred_ssh_custom; - -/** A key for NTLM/Kerberos "default" credentials */ -typedef struct git_cred git_cred_default; - -/** Username-only credential information */ -typedef struct git_cred_username { - git_cred parent; /**< The parent cred */ - char username[1]; /**< The username to authenticate as */ -} git_cred_username; - -/** - * Check whether a credential object contains username information. - * - * @param cred object to check - * @return 1 if the credential object has non-NULL username, 0 otherwise - */ -GIT_EXTERN(int) git_cred_has_username(git_cred *cred); - -/** - * Create a new plain-text username and password credential object. - * The supplied credential parameter will be internally duplicated. - * - * @param out The newly created credential object. - * @param username The username of the credential. - * @param password The password of the credential. - * @return 0 for success or an error code for failure - */ -GIT_EXTERN(int) git_cred_userpass_plaintext_new( - git_cred **out, - const char *username, - const char *password); - -/** - * Create a new passphrase-protected ssh key credential object. - * The supplied credential parameter will be internally duplicated. - * - * @param out The newly created credential object. - * @param username username to use to authenticate - * @param publickey The path to the public key of the credential. - * @param privatekey The path to the private key of the credential. - * @param passphrase The passphrase of the credential. - * @return 0 for success or an error code for failure - */ -GIT_EXTERN(int) git_cred_ssh_key_new( - git_cred **out, - const char *username, - const char *publickey, - const char *privatekey, - const char *passphrase); - -/** - * Create a new ssh keyboard-interactive based credential object. - * The supplied credential parameter will be internally duplicated. - * - * @param username Username to use to authenticate. - * @param prompt_callback The callback method used for prompts. - * @param payload Additional data to pass to the callback. - * @return 0 for success or an error code for failure. - */ -GIT_EXTERN(int) git_cred_ssh_interactive_new( - git_cred **out, - const char *username, - git_cred_ssh_interactive_cb prompt_callback, - void *payload); - -/** - * Create a new ssh key credential object used for querying an ssh-agent. - * The supplied credential parameter will be internally duplicated. + * Return a negative value to cancel the network operation. * - * @param out The newly created credential object. - * @param username username to use to authenticate - * @return 0 for success or an error code for failure + * @param str The message from the transport + * @param len The length of the message + * @param payload Payload provided by the caller */ -GIT_EXTERN(int) git_cred_ssh_key_from_agent( - git_cred **out, - const char *username); +typedef int GIT_CALLBACK(git_transport_message_cb)(const char *str, int len, void *payload); -/** - * Create an ssh key credential with a custom signing function. - * - * This lets you use your own function to sign the challenge. - * - * This function and its credential type is provided for completeness - * and wraps `libssh2_userauth_publickey()`, which is undocumented. - * - * The supplied credential parameter will be internally duplicated. - * - * @param out The newly created credential object. - * @param username username to use to authenticate - * @param publickey The bytes of the public key. - * @param publickey_len The length of the public key in bytes. - * @param sign_callback The callback method to sign the data during the challenge. - * @param payload Additional data to pass to the callback. - * @return 0 for success or an error code for failure - */ -GIT_EXTERN(int) git_cred_ssh_custom_new( - git_cred **out, - const char *username, - const char *publickey, - size_t publickey_len, - git_cred_sign_cb sign_callback, - void *payload); - -/** - * Create a "default" credential usable for Negotiate mechanisms like NTLM - * or Kerberos authentication. - * - * @return 0 for success or an error code for failure - */ -GIT_EXTERN(int) git_cred_default_new(git_cred **out); - -/** - * Create a credential to specify a username. - * - * This is used with ssh authentication to query for the username if - * none is specified in the url. - */ -GIT_EXTERN(int) git_cred_username_new(git_cred **cred, const char *username); - -/** - * Create a new ssh key credential object reading the keys from memory. - * - * @param out The newly created credential object. - * @param username username to use to authenticate. - * @param publickey The public key of the credential. - * @param privatekey The private key of the credential. - * @param passphrase The passphrase of the credential. - * @return 0 for success or an error code for failure - */ -GIT_EXTERN(int) git_cred_ssh_key_memory_new( - git_cred **out, - const char *username, - const char *publickey, - const char *privatekey, - const char *passphrase); - - -/** - * Free a credential. - * - * This is only necessary if you own the object; that is, if you are a - * transport. - * - * @param cred the object to free - */ -GIT_EXTERN(void) git_cred_free(git_cred *cred); - -/** - * Signature of a function which acquires a credential object. - * - * @param cred The newly created credential object. - * @param url The resource for which we are demanding a credential. - * @param username_from_url The username that was embedded in a "user\@host" - * remote url, or NULL if not included. - * @param allowed_types A bitmask stating which cred types are OK to return. - * @param payload The payload provided when specifying this callback. - * @return 0 for success, < 0 to indicate an error, > 0 to indicate - * no credential was acquired - */ -typedef int GIT_CALLBACK(git_cred_acquire_cb)( - git_cred **cred, - const char *url, - const char *username_from_url, - unsigned int allowed_types, - void *payload); +/** Signature of a function which creates a transport */ +typedef int GIT_CALLBACK(git_transport_cb)(git_transport **out, git_remote *owner, void *param); /** @} */ GIT_END_DECL + #endif diff --git a/include/git2/types.h b/include/git2/types.h index 9b384ca13..de9ee43dd 100644 --- a/include/git2/types.h +++ b/include/git2/types.h @@ -245,67 +245,9 @@ typedef struct git_remote_head git_remote_head; typedef struct git_remote_callbacks git_remote_callbacks; /** - * Type for messages delivered by the transport. Return a negative value - * to cancel the network operation. - * - * @param str The message from the transport - * @param len The length of the message - * @param payload Payload provided by the caller - */ -typedef int GIT_CALLBACK(git_transport_message_cb)(const char *str, int len, void *payload); - - -/** - * Type of host certificate structure that is passed to the check callback - */ -typedef enum git_cert_t { - /** - * No information about the certificate is available. This may - * happen when using curl. - */ - GIT_CERT_NONE, - /** - * The `data` argument to the callback will be a pointer to - * the DER-encoded data. - */ - GIT_CERT_X509, - /** - * The `data` argument to the callback will be a pointer to a - * `git_cert_hostkey` structure. - */ - GIT_CERT_HOSTKEY_LIBSSH2, - /** - * The `data` argument to the callback will be a pointer to a - * `git_strarray` with `name:content` strings containing - * information about the certificate. This is used when using - * curl. - */ - GIT_CERT_STRARRAY, -} git_cert_t; - -/** * Parent type for `git_cert_hostkey` and `git_cert_x509`. */ -typedef struct { - /** - * Type of certificate. A `GIT_CERT_` value. - */ - git_cert_t cert_type; -} git_cert; - -/** - * Callback for the user's custom certificate checks. - * - * @param cert The host certificate - * @param valid Whether the libgit2 checks (OpenSSL or WinHTTP) think - * this certificate is valid - * @param host Hostname of the host libgit2 connected to - * @param payload Payload provided by the caller - * @return 0 to proceed with the connection, < 0 to fail the connection - * or > 0 to indicate that the callback refused to act and that - * the existing validity determination should be honored - */ -typedef int GIT_CALLBACK(git_transport_certificate_check_cb)(git_cert *cert, int valid, const char *host, void *payload); +typedef struct git_cert git_cert; /** * Opaque structure representing a submodule. diff --git a/src/transports/auth.c b/src/transports/auth.c index 4fcf73cb5..19127379f 100644 --- a/src/transports/auth.c +++ b/src/transports/auth.c @@ -9,6 +9,7 @@ #include "git2.h" #include "buffer.h" +#include "git2/sys/cred.h" static int basic_next_token( git_buf *out, diff --git a/src/transports/auth_ntlm.c b/src/transports/auth_ntlm.c index eff09bd8a..240c9ed81 100644 --- a/src/transports/auth_ntlm.c +++ b/src/transports/auth_ntlm.c @@ -10,6 +10,7 @@ #include "buffer.h" #include "auth.h" #include "auth_ntlm.h" +#include "git2/sys/cred.h" #ifdef GIT_NTLM diff --git a/src/transports/cred.c b/src/transports/cred.c index 621cae027..80c4d3698 100644 --- a/src/transports/cred.c +++ b/src/transports/cred.c @@ -5,10 +5,10 @@ * a Linking Exception. For full terms see the included COPYING file. */ -#include "cred.h" +#include "common.h" -#include "git2.h" -#include "smart.h" +#include "git2/cred.h" +#include "git2/sys/cred.h" #include "git2/cred_helpers.h" static int git_cred_ssh_key_type_new( @@ -27,7 +27,7 @@ int git_cred_has_username(git_cred *cred) return 1; } -const char *git_cred__username(git_cred *cred) +const char *git_cred_get_username(git_cred *cred) { switch (cred->credtype) { case GIT_CREDTYPE_USERNAME: diff --git a/src/transports/cred.h b/src/transports/cred.h deleted file mode 100644 index ed5821c55..000000000 --- a/src/transports/cred.h +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright (C) the libgit2 contributors. All rights reserved. - * - * This file is part of libgit2, distributed under the GNU GPL v2 with - * a Linking Exception. For full terms see the included COPYING file. - */ -#ifndef INCLUDE_transports_cred_h__ -#define INCLUDE_transports_cred_h__ - -#include "common.h" - -#include "git2/transport.h" - -const char *git_cred__username(git_cred *cred); - -#endif diff --git a/src/transports/http.c b/src/transports/http.c index 78458655b..47094f700 100644 --- a/src/transports/http.c +++ b/src/transports/http.c @@ -16,6 +16,7 @@ #include "netops.h" #include "global.h" #include "remote.h" +#include "git2/sys/cred.h" #include "smart.h" #include "auth.h" #include "http.h" diff --git a/src/transports/ssh.c b/src/transports/ssh.c index caa3a17f5..21594181b 100644 --- a/src/transports/ssh.c +++ b/src/transports/ssh.c @@ -17,9 +17,11 @@ #include "net.h" #include "netops.h" #include "smart.h" -#include "cred.h" #include "streams/socket.h" +#include "git2/cred.h" +#include "git2/sys/cred.h" + #ifdef GIT_SSH #define OWNING_SUBTRANSPORT(s) ((ssh_subtransport *)(s)->parent.subtransport) @@ -629,7 +631,7 @@ post_extract: if ((error = request_creds(&cred, t, urldata.username, auth_methods)) < 0) goto done; - if (strcmp(urldata.username, git_cred__username(cred))) { + if (strcmp(urldata.username, git_cred_get_username(cred))) { git_error_set(GIT_ERROR_SSH, "username does not match previous request"); error = -1; goto done; diff --git a/src/transports/winhttp.c b/src/transports/winhttp.c index 3cab5d700..a7c075906 100644 --- a/src/transports/winhttp.c +++ b/src/transports/winhttp.c @@ -19,6 +19,7 @@ #include "repository.h" #include "global.h" #include "http.h" +#include "git2/sys/cred.h" #include <wincrypt.h> #include <winhttp.h> diff --git a/tests/network/cred.c b/tests/network/cred.c index 6994cc0c3..d35e2b2ac 100644 --- a/tests/network/cred.c +++ b/tests/network/cred.c @@ -23,28 +23,24 @@ void test_network_cred__stock_userpass_validates_that_method_is_allowed(void) cl_git_fail(git_cred_userpass(&cred, NULL, NULL, 0, &payload)); cl_git_pass(git_cred_userpass(&cred, NULL, NULL, GIT_CREDTYPE_USERPASS_PLAINTEXT, &payload)); - cred->free(cred); + git_cred_free(cred); } void test_network_cred__stock_userpass_properly_handles_username_in_url(void) { git_cred *cred; - git_cred_userpass_plaintext *plain; git_cred_userpass_payload payload = {"alice", "password"}; cl_git_pass(git_cred_userpass(&cred, NULL, NULL, GIT_CREDTYPE_USERPASS_PLAINTEXT, &payload)); - plain = (git_cred_userpass_plaintext*)cred; - cl_assert_equal_s(plain->username, "alice"); - cred->free(cred); + cl_assert_equal_s("alice", git_cred_get_username(cred)); + git_cred_free(cred); cl_git_pass(git_cred_userpass(&cred, NULL, "bob", GIT_CREDTYPE_USERPASS_PLAINTEXT, &payload)); - plain = (git_cred_userpass_plaintext*)cred; - cl_assert_equal_s(plain->username, "alice"); - cred->free(cred); + cl_assert_equal_s("alice", git_cred_get_username(cred)); + git_cred_free(cred); payload.username = NULL; cl_git_pass(git_cred_userpass(&cred, NULL, "bob", GIT_CREDTYPE_USERPASS_PLAINTEXT, &payload)); - plain = (git_cred_userpass_plaintext*)cred; - cl_assert_equal_s(plain->username, "bob"); - cred->free(cred); + cl_assert_equal_s("bob", git_cred_get_username(cred)); + git_cred_free(cred); } |