rugged 0.21.4 → 0.22.0b1

data/vendor/libgit2/src/transports/cred.h

@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+#ifndef INCLUDE_git_cred_h__
+#define INCLUDE_git_cred_h__
+
+#include "git2/transport.h"
+
+const char *git_cred__username(git_cred *cred);
+
+#endif

data/vendor/libgit2/src/transports/cred_helpers.c

@@ -41,6 +41,9 @@ int git_cred_userpass(
 	else
 		return -1;
 
+	if (GIT_CREDTYPE_USERNAME & allowed_types)
+		return git_cred_username_new(cred, effective_username);
+
 	if ((GIT_CREDTYPE_USERPASS_PLAINTEXT & allowed_types) == 0 ||
 			git_cred_userpass_plaintext_new(cred, effective_username, userpass->password) < 0)
 		return -1;

data/vendor/libgit2/src/transports/git.c

@@ -8,6 +8,7 @@
 #include "git2.h"
 #include "buffer.h"
 #include "netops.h"
+#include "git2/sys/transport.h"
 
 #define OWNING_SUBTRANSPORT(s) ((git_subtransport *)(s)->parent.subtransport)
 

data/vendor/libgit2/src/transports/http.c

@@ -11,6 +11,17 @@
 #include "buffer.h"
 #include "netops.h"
 #include "smart.h"
+#include "auth.h"
+#include "auth_negotiate.h"
+
+git_http_auth_scheme auth_schemes[] = {
+	{ GIT_AUTHTYPE_NEGOTIATE, "Negotiate", GIT_CREDTYPE_DEFAULT, git_http_auth_negotiate },
+	{ GIT_AUTHTYPE_BASIC, "Basic", GIT_CREDTYPE_USERPASS_PLAINTEXT, git_http_auth_basic },
+};
+
+#ifdef GIT_SSL
+# include <openssl/x509v3.h>
+#endif
 
 static const char *upload_pack_service = "upload-pack";
 static const char *upload_pack_ls_service_url = "/info/refs?service=git-upload-pack";
@@ -20,7 +31,6 @@ static const char *receive_pack_ls_service_url = "/info/refs?service=git-receive
 static const char *receive_pack_service_url = "/git-receive-pack";
 static const char *get_verb = "GET";
 static const char *post_verb = "POST";
-static const char *basic_authtype = "Basic";
 
 #define OWNING_SUBTRANSPORT(s) ((http_subtransport *)(s)->parent.subtransport)
 
@@ -35,10 +45,6 @@ enum last_cb {
 	VALUE
 };
 
-typedef enum {
-	GIT_HTTP_AUTH_BASIC = 1,
-} http_authmechanism_t;
-
 typedef struct {
 	git_smart_subtransport_stream parent;
 	const char *service;
@@ -58,9 +64,6 @@ typedef struct {
 	transport_smart *owner;
 	gitno_socket socket;
 	gitno_connection_data connection_data;
-	git_cred *cred;
-	git_cred *url_cred;
-	http_authmechanism_t auth_mechanism;
 	bool connected;
 
 	/* Parser structures */
@@ -76,6 +79,11 @@ typedef struct {
 	enum last_cb last_cb;
 	int parse_error;
 	unsigned parse_finished : 1;
+
+	/* Authentication */
+	git_cred *cred;
+	git_cred *url_cred;
+	git_vector auth_contexts;
 } http_subtransport;
 
 typedef struct {
@@ -88,28 +96,91 @@ typedef struct {
 	size_t *bytes_read;
 } parser_context;
 
-static int apply_basic_credential(git_buf *buf, git_cred *cred)
+static bool credtype_match(git_http_auth_scheme *scheme, void *data)
 {
-	git_cred_userpass_plaintext *c = (git_cred_userpass_plaintext *)cred;
-	git_buf raw = GIT_BUF_INIT;
-	int error = -1;
+	unsigned int credtype = *(unsigned int *)data;
 
-	git_buf_printf(&raw, "%s:%s", c->username, c->password);
+	return !!(scheme->credtypes & credtype);
+}
 
-	if (git_buf_oom(&raw) ||
-		git_buf_puts(buf, "Authorization: Basic ") < 0 ||
-		git_buf_put_base64(buf, git_buf_cstr(&raw), raw.size) < 0 ||
-		git_buf_puts(buf, "\r\n") < 0)
-		goto on_error;
+static bool challenge_match(git_http_auth_scheme *scheme, void *data)
+{
+	const char *scheme_name = scheme->name;
+	const char *challenge = (const char *)data;
+	size_t scheme_len;
 
-	error = 0;
+	scheme_len = strlen(scheme_name);
+	return (strncmp(challenge, scheme_name, scheme_len) == 0 &&
+		(challenge[scheme_len] == '\0' || challenge[scheme_len] == ' '));
+}
 
-on_error:
-	if (raw.size)
-		memset(raw.ptr, 0x0, raw.size);
+static int auth_context_match(
+	git_http_auth_context **out,
+	http_subtransport *t,
+	bool (*scheme_match)(git_http_auth_scheme *scheme, void *data),
+	void *data)
+{
+	git_http_auth_scheme *scheme = NULL;
+	git_http_auth_context *context = NULL, *c;
+	size_t i;
+
+	*out = NULL;
+
+	for (i = 0; i < ARRAY_SIZE(auth_schemes); i++) {
+		if (scheme_match(&auth_schemes[i], data)) {
+			scheme = &auth_schemes[i];
+			break;
+		}
+	}
+
+	if (!scheme)
+		return 0;
 
-	git_buf_free(&raw);
-	return error;
+	/* See if authentication has already started for this scheme */
+	git_vector_foreach(&t->auth_contexts, i, c) {
+		if (c->type == scheme->type) {
+			context = c;
+			break;
+		}
+	}
+
+	if (!context) {
+		if (scheme->init_context(&context, &t->connection_data) < 0)
+			return -1;
+		else if (!context)
+			return 0;
+		else if (git_vector_insert(&t->auth_contexts, context) < 0)
+			return -1;
+	}
+
+	*out = context;
+
+	return 0;
+}
+
+static int apply_credentials(git_buf *buf, http_subtransport *t)
+{
+	git_cred *cred = t->cred;
+	git_http_auth_context *context;
+
+	/* Apply the credentials given to us in the URL */
+	if (!cred && t->connection_data.user && t->connection_data.pass) {
+		if (!t->url_cred &&
+			git_cred_userpass_plaintext_new(&t->url_cred,
+				t->connection_data.user, t->connection_data.pass) < 0)
+			return -1;
+
+		cred = t->url_cred;
+	}
+
+	if (!cred)
+		return 0;
+
+	/* Get or create a context for the best scheme for this cred type */
+	if (auth_context_match(&context, t, credtype_match, &cred->credtype) < 0)
+		return -1;
+
+	return context->next_token(buf, context, cred);
 }
 
 static int gen_request(
@@ -137,19 +208,9 @@ static int gen_request(
 		git_buf_puts(buf, "Accept: */*\r\n");
 
 	/* Apply credentials to the request */
-	if (t->cred && t->cred->credtype == GIT_CREDTYPE_USERPASS_PLAINTEXT &&
-		t->auth_mechanism == GIT_HTTP_AUTH_BASIC &&
-		apply_basic_credential(buf, t->cred) < 0)
+	if (apply_credentials(buf, t) < 0)
 		return -1;
 
-	/* Use url-parsed basic auth if username and password are both provided */
-	if (!t->cred && t->connection_data.user && t->connection_data.pass) {
-		if (!t->url_cred && git_cred_userpass_plaintext_new(&t->url_cred,
-					t->connection_data.user, t->connection_data.pass) < 0)
-			return -1;
-		if (apply_basic_credential(buf, t->url_cred) < 0) return -1;
-	}
-
 	git_buf_puts(buf, "\r\n");
 
 	if (git_buf_oom(buf))
@@ -158,20 +219,26 @@ static int gen_request(
 	return 0;
 }
 
-static int parse_unauthorized_response(
+static int parse_authenticate_response(
 	git_vector *www_authenticate,
-	int *allowed_types,
-	http_authmechanism_t *auth_mechanism)
+	http_subtransport *t,
+	int *allowed_types)
 {
-	unsigned i;
-	char *entry;
-
-	git_vector_foreach(www_authenticate, i, entry) {
-		if (!strncmp(entry, basic_authtype, 5) &&
-			(entry[5] == '\0' || entry[5] == ' ')) {
-			*allowed_types |= GIT_CREDTYPE_USERPASS_PLAINTEXT;
-			*auth_mechanism = GIT_HTTP_AUTH_BASIC;
-		}
+	git_http_auth_context *context;
+	char *challenge;
+	size_t i;
+
+	git_vector_foreach(www_authenticate, i, challenge) {
+		if (auth_context_match(&context, t, challenge_match, challenge) < 0)
+			return -1;
+		else if (!context)
+			continue;
+
+		if (context->set_challenge &&
+			context->set_challenge(context, challenge) < 0)
+			return -1;
+
+		*allowed_types |= context->credtypes;
 	}
 
 	return 0;
@@ -248,7 +315,7 @@ static int on_headers_complete(http_parser *parser)
 	http_subtransport *t = ctx->t;
 	http_stream *s = ctx->s;
 	git_buf buf = GIT_BUF_INIT;
-	int error = 0, no_callback = 0;
+	int error = 0, no_callback = 0, allowed_auth_types = 0;
 
 	/* Both parse_header_name and parse_header_value are populated
 	 * and ready for consumption. */
@@ -256,26 +323,26 @@ static int on_headers_complete(http_parser *parser)
 		if (on_header_ready(t) < 0)
 			return t->parse_error = PARSE_ERROR_GENERIC;
 
-	/* Check for an authentication failure. */
+	/* Capture authentication headers which may be a 401 (authentication
+	 * is not complete) or a 200 (simply informing us that auth *is*
+	 * complete.)
+	 */
+	if (parse_authenticate_response(&t->www_authenticate, t,
+			&allowed_auth_types) < 0)
+		return t->parse_error = PARSE_ERROR_GENERIC;
 
-	if (parser->status_code == 401 &&
-	    get_verb == s->verb) {
+	/* Check for an authentication failure. */
+	if (parser->status_code == 401 && get_verb == s->verb) {
 		if (!t->owner->cred_acquire_cb) {
 			no_callback = 1;
 		} else {
-			int allowed_types = 0;
-
-			if (parse_unauthorized_response(&t->www_authenticate,
-							&allowed_types, &t->auth_mechanism) < 0)
-				return t->parse_error = PARSE_ERROR_GENERIC;
-
-			if (allowed_types &&
-			    (!t->cred || 0 == (t->cred->credtype & allowed_types))) {
+			if (allowed_auth_types &&
+			    (!t->cred || 0 == (t->cred->credtype & allowed_auth_types))) {
 
 				error = t->owner->cred_acquire_cb(&t->cred,
 								  t->owner->url,
 								  t->connection_data.user,
-								  allowed_types,
+								  allowed_auth_types,
 								  t->owner->cred_acquire_payload);
 
 				if (error == GIT_PASSTHROUGH) {
@@ -286,7 +353,8 @@ static int on_headers_complete(http_parser *parser)
 					assert(t->cred);
 
 					/* Successfully acquired a credential. */
-					return t->parse_error = PARSE_ERROR_REPLAY;
+					t->parse_error = PARSE_ERROR_REPLAY;
+					return 0;
 				}
 			}
 		}
@@ -324,7 +392,8 @@ static int on_headers_complete(http_parser *parser)
 		t->connected = 0;
 		s->redirect_count++;
 
-		return t->parse_error = PARSE_ERROR_REPLAY;
+		t->parse_error = PARSE_ERROR_REPLAY;
+		return 0;
 	}
 
 	/* Check for a 200 HTTP status code. */
@@ -382,6 +451,13 @@ static int on_body_fill_buffer(http_parser *parser, const char *str, size_t len)
 	parser_context *ctx = (parser_context *) parser->data;
 	http_subtransport *t = ctx->t;
 
+	/* If our goal is to replay the request (either an auth failure or
+	 * a redirect) then don't bother buffering since we're ignoring the
+	 * content anyway.
+	 */
+	if (t->parse_error == PARSE_ERROR_REPLAY)
+		return 0;
+
 	if (ctx->buf_size < len) {
 		giterr_set(GITERR_NET, "Can't fit data in the buffer");
 		return t->parse_error = PARSE_ERROR_GENERIC;
@@ -452,11 +528,11 @@ static int write_chunk(gitno_socket *socket, const char *buffer, size_t len)
 
 static int http_connect(http_subtransport *t)
 {
-	int flags = 0;
+	int flags = 0, error;
 
 	if (t->connected &&
 		http_should_keep_alive(&t->parser) &&
-		http_body_is_final(&t->parser))
+		t->parse_finished)
 		return 0;
 
 	if (t->socket.socket)
@@ -469,13 +545,58 @@ static int http_connect(http_subtransport *t)
 			return -1;
 
 		flags |= GITNO_CONNECT_SSL;
-
-		if (GIT_TRANSPORTFLAGS_NO_CHECK_CERT & tflags)
-			flags |= GITNO_CONNECT_SSL_NO_CHECK_CERT;
 	}
 
-	if (gitno_connect(&t->socket, t->connection_data.host, t->connection_data.port, flags) < 0)
-		return -1;
+	error = gitno_connect(&t->socket, t->connection_data.host, t->connection_data.port, flags);
+
+#ifdef GIT_SSL
+	if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL) {
+                X509 *cert = SSL_get_peer_certificate(t->socket.ssl.ssl);
+		git_cert_x509 cert_info, *cert_info_ptr;
+                int len, is_valid;
+		unsigned char *guard, *encoded_cert;
+
+		/* Retrieve the length of the certificate first */
+		len = i2d_X509(cert, NULL);
+		if (len < 0) {
+			giterr_set(GITERR_NET, "failed to retrieve certificate information");
+			return -1;
+		}
+
+
+		encoded_cert = git__malloc(len);
+		GITERR_CHECK_ALLOC(encoded_cert);
+		/* i2d_X509 makes 'copy' point to just after the data */
+		guard = encoded_cert;
+
+		len = i2d_X509(cert, &guard);
+		if (len < 0) {
+			git__free(encoded_cert);
+			giterr_set(GITERR_NET, "failed to retrieve certificate information");
+			return -1;
+		}
+
+		giterr_clear();
+		is_valid = error != GIT_ECERTIFICATE;
+		cert_info.cert_type = GIT_CERT_X509;
+		cert_info.data = encoded_cert;
+		cert_info.len = len;
+
+		cert_info_ptr = &cert_info;
+
+		error = t->owner->certificate_check_cb((git_cert *) cert_info_ptr, is_valid, t->connection_data.host, t->owner->message_cb_payload);
+		git__free(encoded_cert);
+
+		if (error < 0) {
+			if (!giterr_last())
+				giterr_set(GITERR_NET, "user cancelled certificate check");
+
+			return error;
+		}
+	}
+#endif
+	if (error < 0)
+		return error;
 
 	t->connected = 1;
 	return 0;
@@ -502,10 +623,8 @@ replay:
 
 		clear_parser_state(t);
 
-		if (gen_request(&request, s, 0) < 0) {
-			giterr_set(GITERR_NET, "Failed to generate request");
+		if (gen_request(&request, s, 0) < 0)
 			return -1;
-		}
 
 		if (gitno_send(&t->socket, request.ptr, request.size, 0) < 0) {
 			git_buf_free(&request);
@@ -538,6 +657,7 @@ replay:
 
 	while (!*bytes_read && !t->parse_finished) {
 		size_t data_offset;
+		int error;
 
 		/*
 		 * Make the parse_buffer think it's as full of data as
@@ -584,8 +704,8 @@ replay:
 		if (PARSE_ERROR_REPLAY == t->parse_error) {
 			s->sent_request = 0;
 
-			if (http_connect(t) < 0)
-				return -1;
+			if ((error = http_connect(t)) < 0)
+				return error;
 
 			goto replay;
 		}
@@ -620,10 +740,8 @@ static int http_stream_write_chunked(
 
 		clear_parser_state(t);
 
-		if (gen_request(&request, s, 0) < 0) {
-			giterr_set(GITERR_NET, "Failed to generate request");
+		if (gen_request(&request, s, 0) < 0)
 			return -1;
-		}
 
 		if (gitno_send(&t->socket, request.ptr, request.size, 0) < 0) {
 			git_buf_free(&request);
@@ -695,10 +813,8 @@ static int http_stream_write_single(
 
 	clear_parser_state(t);
 
-	if (gen_request(&request, s, len) < 0) {
-		giterr_set(GITERR_NET, "Failed to generate request");
+	if (gen_request(&request, s, len) < 0)
 		return -1;
-	}
 
 	if (gitno_send(&t->socket, request.ptr, request.size, 0) < 0)
 		goto on_error;
@@ -841,8 +957,8 @@ static int http_action(
 		 (ret = gitno_connection_data_from_url(&t->connection_data, url, NULL)) < 0)
 		return ret;
 
-	if (http_connect(t) < 0)
-		return -1;
+	if ((ret = http_connect(t)) < 0)
+		return ret;
 
 	switch (action) {
 	case GIT_SERVICE_UPLOADPACK_LS:
@@ -865,6 +981,8 @@ static int http_action(
 static int http_close(git_smart_subtransport *subtransport)
 {
 	http_subtransport *t = (http_subtransport *) subtransport;
+	git_http_auth_context *context;
+	size_t i;
 
 	clear_parser_state(t);
 
@@ -883,6 +1001,13 @@ static int http_close(git_smart_subtransport *subtransport)
 		t->url_cred = NULL;
 	}
 
+	git_vector_foreach(&t->auth_contexts, i, context) {
+		if (context->free)
+			context->free(context);
+	}
+
+	git_vector_clear(&t->auth_contexts);
+
 	gitno_connection_data_free_ptrs(&t->connection_data);
 
 	return 0;
@@ -894,6 +1019,7 @@ static void http_free(git_smart_subtransport *subtransport)
 
 	http_close(subtransport);
 
+	git_vector_free(&t->auth_contexts);
 	git__free(t);
 }