rugged 0.21.4 → 0.22.0b1

data/vendor/libgit2/src/transports/auth.c

@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+
+#include "git2.h"
+#include "buffer.h"
+#include "auth.h"
+
+static int basic_next_token(
+	git_buf *out, git_http_auth_context *ctx, git_cred *c)
+{
+	git_cred_userpass_plaintext *cred;
+	git_buf raw = GIT_BUF_INIT;
+	int error = -1;
+
+	GIT_UNUSED(ctx);
+
+	if (c->credtype != GIT_CREDTYPE_USERPASS_PLAINTEXT) {
+		giterr_set(GITERR_INVALID, "invalid credential type for basic auth");
+		goto on_error;
+	}
+
+	cred = (git_cred_userpass_plaintext *)c;
+
+	git_buf_printf(&raw, "%s:%s", cred->username, cred->password);
+
+	if (git_buf_oom(&raw) ||
+		git_buf_puts(out, "Authorization: Basic ") < 0 ||
+		git_buf_encode_base64(out, git_buf_cstr(&raw), raw.size) < 0 ||
+		git_buf_puts(out, "\r\n") < 0)
+		goto on_error;
+
+	error = 0;
+
+on_error:
+	if (raw.size)
+		git__memzero(raw.ptr, raw.size);
+
+	git_buf_free(&raw);
+	return error;
+}
+
+static git_http_auth_context basic_context = {
+	GIT_AUTHTYPE_BASIC,
+	GIT_CREDTYPE_USERPASS_PLAINTEXT,
+	NULL,
+	basic_next_token,
+	NULL
+};
+
+int git_http_auth_basic(
+	git_http_auth_context **out, const gitno_connection_data *connection_data)
+{
+	GIT_UNUSED(connection_data);
+
+	*out = &basic_context;
+	return 0;
+}
+
+int git_http_auth_dummy(
+	git_http_auth_context **out, const gitno_connection_data *connection_data)
+{
+	GIT_UNUSED(connection_data);
+
+	*out = NULL;
+	return 0;
+}
+

data/vendor/libgit2/src/transports/auth.h

@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+
+#ifndef INCLUDE_http_auth_h__
+#define INCLUDE_http_auth_h__
+
+#include "git2.h"
+#include "netops.h"
+
+typedef enum {
+	GIT_AUTHTYPE_BASIC = 1,
+	GIT_AUTHTYPE_NEGOTIATE = 2,
+} git_http_authtype_t;
+
+typedef struct git_http_auth_context git_http_auth_context;
+
+struct git_http_auth_context {
+	/** Type of scheme */
+	git_http_authtype_t type;
+
+	/** Supported credentials */
+	git_credtype_t credtypes;
+
+	/** Sets the challenge on the authentication context */
+	int (*set_challenge)(git_http_auth_context *ctx, const char *challenge);
+
+	/** Gets the next authentication token from the context */
+	int (*next_token)(git_buf *out, git_http_auth_context *ctx, git_cred *cred);
+
+	/** Frees the authentication context */
+	void (*free)(git_http_auth_context *ctx);
+};
+
+typedef struct {
+	/** Type of scheme */
+	git_http_authtype_t type;
+
+	/** Name of the scheme (as used in the Authorization header) */
+	const char *name;
+
+	/** Credential types this scheme supports */
+	git_credtype_t credtypes;
+
+	/** Function to initialize an authentication context */
+	int (*init_context)(
+		git_http_auth_context **out,
+		const gitno_connection_data *connection_data);
+} git_http_auth_scheme;
+
+int git_http_auth_dummy(
+	git_http_auth_context **out,
+	const gitno_connection_data *connection_data);
+
+int git_http_auth_basic(
+	git_http_auth_context **out,
+	const gitno_connection_data *connection_data);
+
+#endif
+

data/vendor/libgit2/src/transports/auth_negotiate.c

@@ -0,0 +1,275 @@
+/*
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+
+#ifdef GIT_GSSAPI
+
+#include "git2.h"
+#include "common.h"
+#include "buffer.h"
+#include "auth.h"
+
+#include <gssapi.h>
+#include <krb5.h>
+
+static gss_OID_desc negotiate_oid_spnego =
+	{ 6, (void *) "\x2b\x06\x01\x05\x05\x02" };
+static gss_OID_desc negotiate_oid_krb5 =
+	{ 9, (void *) "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
+
+static gss_OID negotiate_oids[] =
+	{ &negotiate_oid_spnego, &negotiate_oid_krb5, NULL };
+
+typedef struct {
+	git_http_auth_context parent;
+	unsigned configured : 1,
+		complete : 1;
+	git_buf target;
+	char *challenge;
+	gss_ctx_id_t gss_context;
+	gss_OID oid;
+} http_auth_negotiate_context;
+
+static void negotiate_err_set(
+	OM_uint32 status_major,
+	OM_uint32 status_minor,
+	const char *message)
+{
+	gss_buffer_desc buffer = GSS_C_EMPTY_BUFFER;
+	OM_uint32 status_display, context = 0;
+
+	if (gss_display_status(&status_display, status_major, GSS_C_GSS_CODE,
+		GSS_C_NO_OID, &context, &buffer) == GSS_S_COMPLETE) {
+		giterr_set(GITERR_NET, "%s: %.*s (%d.%d)",
+			message, (int)buffer.length, (const char *)buffer.value,
+			status_major, status_minor);
+		gss_release_buffer(&status_minor, &buffer);
+	} else {
+		giterr_set(GITERR_NET, "%s: unknown negotiate error (%d.%d)",
+			message, status_major, status_minor);
+	}
+}
+
+static int negotiate_set_challenge(
+	git_http_auth_context *c,
+	const char *challenge)
+{
+	http_auth_negotiate_context *ctx = (http_auth_negotiate_context *)c;
+
+	assert(ctx && ctx->configured && challenge);
+
+	git__free(ctx->challenge);
+
+	ctx->challenge = git__strdup(challenge);
+	GITERR_CHECK_ALLOC(ctx->challenge);
+
+	return 0;
+}
+
+static int negotiate_next_token(
+	git_buf *buf,
+	git_http_auth_context *c,
+	git_cred *cred)
+{
+	http_auth_negotiate_context *ctx = (http_auth_negotiate_context *)c;
+	OM_uint32 status_major, status_minor;
+	gss_buffer_desc target_buffer = GSS_C_EMPTY_BUFFER,
+		input_token = GSS_C_EMPTY_BUFFER,
+		output_token = GSS_C_EMPTY_BUFFER;
+	gss_buffer_t input_token_ptr = GSS_C_NO_BUFFER;
+	git_buf input_buf = GIT_BUF_INIT;
+	gss_name_t server = NULL;
+	gss_OID mech;
+	size_t challenge_len;
+	int error = 0;
+
+	assert(buf && ctx && ctx->configured && cred && cred->credtype == GIT_CREDTYPE_DEFAULT);
+
+	if (ctx->complete)
+		return 0;
+
+	target_buffer.value = (void *)ctx->target.ptr;
+	target_buffer.length = ctx->target.size;
+
+	status_major = gss_import_name(&status_minor, &target_buffer,
+		GSS_C_NT_HOSTBASED_SERVICE, &server);
+
+	if (GSS_ERROR(status_major)) {
+		negotiate_err_set(status_major, status_minor,
+			"Could not parse principal");
+		error = -1;
+		goto done;
+	}
+
+	challenge_len = ctx->challenge ? strlen(ctx->challenge) : 0;
+
+	if (challenge_len < 9) {
+		giterr_set(GITERR_NET, "No negotiate challenge sent from server");
+		error = -1;
+		goto done;
+	} else if (challenge_len > 9) {
+		if (git_buf_decode_base64(&input_buf,
+				ctx->challenge + 10, challenge_len - 10) < 0) {
+			giterr_set(GITERR_NET, "Invalid negotiate challenge from server");
+			error = -1;
+			goto done;
+		}
+
+		input_token.value = input_buf.ptr;
+		input_token.length = input_buf.size;
+		input_token_ptr = &input_token;
+	} else if (ctx->gss_context != GSS_C_NO_CONTEXT) {
+		giterr_set(GITERR_NET, "Could not restart authentication");
+		error = -1;
+		goto done;
+	}
+
+	mech = &negotiate_oid_spnego;
+
+	if (GSS_ERROR(status_major = gss_init_sec_context(
+		&status_minor,
+		GSS_C_NO_CREDENTIAL,
+		&ctx->gss_context,
+		server,
+		mech,
+		GSS_C_DELEG_FLAG | GSS_C_MUTUAL_FLAG,
+		GSS_C_INDEFINITE,
+		GSS_C_NO_CHANNEL_BINDINGS,
+		input_token_ptr,
+		NULL,
+		&output_token,
+		NULL,
+		NULL))) {
+		negotiate_err_set(status_major, status_minor, "Negotiate failure");
+		error = -1;
+		goto done;
+	}
+
+	/* This message merely told us auth was complete; we do not respond. */
+	if (status_major == GSS_S_COMPLETE) {
+		ctx->complete = 1;
+		goto done;
+	}
+
+	git_buf_puts(buf, "Authorization: Negotiate ");
+	git_buf_encode_base64(buf, output_token.value, output_token.length);
+	git_buf_puts(buf, "\r\n");
+
+	if (git_buf_oom(buf))
+		error = -1;
+
+done:
+	gss_release_name(&status_minor, &server);
+	gss_release_buffer(&status_minor, (gss_buffer_t) &output_token);
+	git_buf_free(&input_buf);
+	return error;
+}
+
+static void negotiate_context_free(git_http_auth_context *c)
+{
+	http_auth_negotiate_context *ctx = (http_auth_negotiate_context *)c;
+	OM_uint32 status_minor;
+
+	if (ctx->gss_context != GSS_C_NO_CONTEXT) {
+		gss_delete_sec_context(
+			&status_minor, &ctx->gss_context, GSS_C_NO_BUFFER);
+		ctx->gss_context = GSS_C_NO_CONTEXT;
+	}
+
+	git_buf_free(&ctx->target);
+
+	git__free(ctx->challenge);
+
+	ctx->configured = 0;
+	ctx->complete = 0;
+	ctx->oid = NULL;
+
+	git__free(ctx);
+}
+
+static int negotiate_init_context(
+	http_auth_negotiate_context *ctx,
+	const gitno_connection_data *connection_data)
+{
+	OM_uint32 status_major, status_minor;
+	gss_OID item, *oid;
+	gss_OID_set mechanism_list;
+	size_t i;
+
+	/* Query supported mechanisms looking for SPNEGO) */
+	if (GSS_ERROR(status_major =
+		gss_indicate_mechs(&status_minor, &mechanism_list))) {
+		negotiate_err_set(status_major, status_minor,
+			"could not query mechanisms");
+		return -1;
+	}
+
+	if (mechanism_list) {
+		for (oid = negotiate_oids; *oid; oid++) {
+			for (i = 0; i < mechanism_list->count; i++) {
+				item = &mechanism_list->elements[i];
+
+				if (item->length == (*oid)->length &&
+					memcmp(item->elements, (*oid)->elements, item->length) == 0) {
+					ctx->oid = *oid;
+					break;
+				}
+
+			}
+
+			if (ctx->oid)
+				break;
+		}
+	}
+
+	gss_release_oid_set(&status_minor, &mechanism_list);
+
+	if (!ctx->oid) {
+		giterr_set(GITERR_NET, "Negotiate authentication is not supported");
+		return -1;
+	}
+
+	git_buf_puts(&ctx->target, "HTTP@");
+	git_buf_puts(&ctx->target, connection_data->host);
+
+	if (git_buf_oom(&ctx->target))
+		return -1;
+
+	ctx->gss_context = GSS_C_NO_CONTEXT;
+	ctx->configured = 1;
+
+	return 0;
+}
+
+int git_http_auth_negotiate(
+	git_http_auth_context **out,
+	const gitno_connection_data *connection_data)
+{
+	http_auth_negotiate_context *ctx;
+
+	*out = NULL;
+
+	ctx = git__calloc(1, sizeof(http_auth_negotiate_context));
+	GITERR_CHECK_ALLOC(ctx);
+
+	if (negotiate_init_context(ctx, connection_data) < 0) {
+		git__free(ctx);
+		return -1;
+	}
+
+	ctx->parent.type = GIT_AUTHTYPE_NEGOTIATE;
+	ctx->parent.credtypes = GIT_CREDTYPE_DEFAULT;
+	ctx->parent.set_challenge = negotiate_set_challenge;
+	ctx->parent.next_token = negotiate_next_token;
+	ctx->parent.free = negotiate_context_free;
+
+	*out = (git_http_auth_context *)ctx;
+
+	return 0;
+}
+
+#endif /* GIT_GSSAPI */
+

data/vendor/libgit2/src/transports/auth_negotiate.h

@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+
+#ifndef INCLUDE_auth_negotiate_h__
+#define INCLUDE_auth_negotiate_h__
+
+#include "git2.h"
+#include "auth.h"
+
+#ifdef GIT_GSSAPI
+
+extern int git_http_auth_negotiate(
+	git_http_auth_context **out,
+	const gitno_connection_data *connection_data);
+
+#else
+
+#define git_http_auth_negotiate git_http_auth_dummy
+
+#endif /* GIT_GSSAPI */
+
+#endif
+

data/vendor/libgit2/src/transports/cred.c

@@ -17,6 +17,40 @@ int git_cred_has_username(git_cred *cred)
 	return 1;
 }
 
+const char *git_cred__username(git_cred *cred)
+{
+	switch (cred->credtype) {
+	case GIT_CREDTYPE_USERNAME:
+	{
+		git_cred_username *c = (git_cred_username *) cred;
+		return c->username;
+	}
+	case GIT_CREDTYPE_USERPASS_PLAINTEXT:
+	{
+		git_cred_userpass_plaintext *c = (git_cred_userpass_plaintext *) cred;
+		return c->username;
+	}
+	case GIT_CREDTYPE_SSH_KEY:
+	{
+		git_cred_ssh_key *c = (git_cred_ssh_key *) cred;
+		return c->username;
+	}
+	case GIT_CREDTYPE_SSH_CUSTOM:
+	{
+		git_cred_ssh_custom *c = (git_cred_ssh_custom *) cred;
+		return c->username;
+	}
+	case GIT_CREDTYPE_SSH_INTERACTIVE:
+	{
+		git_cred_ssh_interactive *c = (git_cred_ssh_interactive *) cred;
+		return c->username;
+	}
+
+	default:
+		return NULL;
+	}
+}
+
 static void plaintext_free(struct git_cred *cred)
 {
 	git_cred_userpass_plaintext *c = (git_cred_userpass_plaintext *)cred;
@@ -129,6 +163,11 @@ static void default_free(struct git_cred *cred)
 	git__free(c);
 }
 
+static void username_free(struct git_cred *cred)
+{
+	git__free(cred);
+}
+
 int git_cred_ssh_key_new(
 	git_cred **cred,
 	const char *username,
@@ -263,3 +302,22 @@ int git_cred_default_new(git_cred **cred)
 	*cred = c;
 	return 0;
 }
+
+int git_cred_username_new(git_cred **cred, const char *username)
+{
+	git_cred_username *c;
+	size_t len;
+
+	assert(cred);
+
+	len = strlen(username);
+	c = git__malloc(sizeof(git_cred_username) + len + 1);
+	GITERR_CHECK_ALLOC(c);
+
+	c->parent.credtype = GIT_CREDTYPE_USERNAME;
+	c->parent.free = username_free;
+	memcpy(c->username, username, len + 1);
+
+	*cred = (git_cred *) c;
+	return 0;
+}