rugged 0.28.4.1 → 1.1.0

data/vendor/libgit2/src/transaction.c

@@ -76,7 +76,8 @@ int git_transaction_new(git_transaction **out, git_repository *repo)
 
 	assert(out && repo);
 
-	git_pool_init(&pool, 1);
+	if ((error = git_pool_init(&pool, 1)) < 0)
+		goto on_error;
 
 	tx = git_pool_mallocz(&pool, sizeof(git_transaction));
 	if (!tx) {
@@ -84,7 +85,7 @@ int git_transaction_new(git_transaction **out, git_repository *repo)
 		goto on_error;
 	}
 
-	if ((error = git_strmap_alloc(&tx->locks)) < 0) {
+	if ((error = git_strmap_new(&tx->locks)) < 0) {
 		error = -1;
 		goto on_error;
 	}
@@ -119,8 +120,7 @@ int git_transaction_lock_ref(git_transaction *tx, const char *refname)
 	if ((error = git_refdb_lock(&node->payload, tx->db, refname)) < 0)
 		return error;
 
-	git_strmap_insert(tx->locks, node->name, node, &error);
-	if (error < 0)
+	if ((error = git_strmap_set(tx->locks, node->name, node)) < 0)
 		goto cleanup;
 
 	return 0;
@@ -134,16 +134,12 @@ cleanup:
 static int find_locked(transaction_node **out, git_transaction *tx, const char *refname)
 {
 	transaction_node *node;
-	size_t pos;
 
-	pos = git_strmap_lookup_index(tx->locks, refname);
-	if (!git_strmap_valid_index(tx->locks, pos)) {
+	if ((node = git_strmap_get(tx->locks, refname)) == NULL) {
 		git_error_set(GIT_ERROR_REFERENCE, "the specified reference is not locked");
 		return GIT_ENOTFOUND;
 	}
 
-	node = git_strmap_value_at(tx->locks, pos);
-
 	*out = node;
 	return 0;
 }
@@ -339,7 +335,13 @@ int git_transaction_commit(git_transaction *tx)
 				return error;
 		}
 
-		if (node->ref_type != GIT_REFERENCE_INVALID) {
+		if (node->ref_type == GIT_REFERENCE_INVALID) {
+			/* ref was locked but not modified */
+			if ((error = git_refdb_unlock(tx->db, node->payload, false, false, NULL, NULL, NULL)) < 0) {
+				return error;
+			}
+			node->committed = true;
+		} else {
 			if ((error = update_target(tx->db, node)) < 0)
 				return error;
 		}

data/vendor/libgit2/src/transports/auth.c

@@ -9,32 +9,31 @@
 
 #include "git2.h"
 #include "buffer.h"
+#include "git2/sys/credential.h"
 
 static int basic_next_token(
 	git_buf *out,
 	git_http_auth_context *ctx,
-	const char *header_name,
-	git_cred *c)
+	git_credential *c)
 {
-	git_cred_userpass_plaintext *cred;
+	git_credential_userpass_plaintext *cred;
 	git_buf raw = GIT_BUF_INIT;
 	int error = -1;
 
 	GIT_UNUSED(ctx);
 
-	if (c->credtype != GIT_CREDTYPE_USERPASS_PLAINTEXT) {
+	if (c->credtype != GIT_CREDENTIAL_USERPASS_PLAINTEXT) {
 		git_error_set(GIT_ERROR_INVALID, "invalid credential type for basic auth");
 		goto on_error;
 	}
 
-	cred = (git_cred_userpass_plaintext *)c;
+	cred = (git_credential_userpass_plaintext *)c;
 
 	git_buf_printf(&raw, "%s:%s", cred->username, cred->password);
 
 	if (git_buf_oom(&raw) ||
-		git_buf_printf(out, "%s: Basic ", header_name) < 0 ||
-		git_buf_encode_base64(out, git_buf_cstr(&raw), raw.size) < 0 ||
-		git_buf_puts(out, "\r\n") < 0)
+		git_buf_puts(out, "Basic ") < 0 ||
+		git_buf_encode_base64(out, git_buf_cstr(&raw), raw.size) < 0)
 		goto on_error;
 
 	error = 0;
@@ -48,28 +47,30 @@ on_error:
 }
 
 static git_http_auth_context basic_context = {
-	GIT_AUTHTYPE_BASIC,
-	GIT_CREDTYPE_USERPASS_PLAINTEXT,
+	GIT_HTTP_AUTH_BASIC,
+	GIT_CREDENTIAL_USERPASS_PLAINTEXT,
+	0,
 	NULL,
 	basic_next_token,
+	NULL,
 	NULL
 };
 
 int git_http_auth_basic(
-	git_http_auth_context **out, const gitno_connection_data *connection_data)
+	git_http_auth_context **out, const git_net_url *url)
 {
-	GIT_UNUSED(connection_data);
+	GIT_UNUSED(url);
 
 	*out = &basic_context;
 	return 0;
 }
 
 int git_http_auth_dummy(
-	git_http_auth_context **out, const gitno_connection_data *connection_data)
+	git_http_auth_context **out, const git_net_url *url)
 {
-	GIT_UNUSED(connection_data);
+	GIT_UNUSED(url);
 
 	*out = NULL;
-	return 0;
+	return GIT_PASSTHROUGH;
 }
 

data/vendor/libgit2/src/transports/auth.h

@@ -14,24 +14,31 @@
 #include "netops.h"
 
 typedef enum {
-	GIT_AUTHTYPE_BASIC = 1,
-	GIT_AUTHTYPE_NEGOTIATE = 2,
-} git_http_authtype_t;
+	GIT_HTTP_AUTH_BASIC = 1,
+	GIT_HTTP_AUTH_NEGOTIATE = 2,
+	GIT_HTTP_AUTH_NTLM = 4,
+} git_http_auth_t;
 
 typedef struct git_http_auth_context git_http_auth_context;
 
 struct git_http_auth_context {
 	/** Type of scheme */
-	git_http_authtype_t type;
+	git_http_auth_t type;
 
 	/** Supported credentials */
-	git_credtype_t credtypes;
+	git_credential_t credtypes;
+
+	/** Connection affinity or request affinity */
+	unsigned connection_affinity : 1;
 
 	/** Sets the challenge on the authentication context */
 	int (*set_challenge)(git_http_auth_context *ctx, const char *challenge);
 
 	/** Gets the next authentication token from the context */
-	int (*next_token)(git_buf *out, git_http_auth_context *ctx, const char *header_name, git_cred *cred);
+	int (*next_token)(git_buf *out, git_http_auth_context *ctx, git_credential *cred);
+
+	/** Examines if all tokens have been presented. */
+	int (*is_complete)(git_http_auth_context *ctx);
 
 	/** Frees the authentication context */
 	void (*free)(git_http_auth_context *ctx);
@@ -39,26 +46,26 @@ struct git_http_auth_context {
 
 typedef struct {
 	/** Type of scheme */
-	git_http_authtype_t type;
+	git_http_auth_t type;
 
 	/** Name of the scheme (as used in the Authorization header) */
 	const char *name;
 
 	/** Credential types this scheme supports */
-	git_credtype_t credtypes;
+	git_credential_t credtypes;
 
 	/** Function to initialize an authentication context */
 	int (*init_context)(
 		git_http_auth_context **out,
-		const gitno_connection_data *connection_data);
+		const git_net_url *url);
 } git_http_auth_scheme;
 
 int git_http_auth_dummy(
 	git_http_auth_context **out,
-	const gitno_connection_data *connection_data);
+	const git_net_url *url);
 
 int git_http_auth_basic(
 	git_http_auth_context **out,
-	const gitno_connection_data *connection_data);
+	const git_net_url *url);
 
 #endif

data/vendor/libgit2/src/transports/auth_negotiate.c

@@ -7,14 +7,19 @@
 
 #include "auth_negotiate.h"
 
-#ifdef GIT_GSSAPI
+#if defined(GIT_GSSAPI) || defined(GIT_GSSFRAMEWORK)
 
 #include "git2.h"
 #include "buffer.h"
 #include "auth.h"
+#include "git2/sys/credential.h"
 
+#ifdef GIT_GSSFRAMEWORK
+#import <GSS/GSS.h>
+#elif defined(GIT_GSSAPI)
 #include <gssapi.h>
 #include <krb5.h>
+#endif
 
 static gss_OID_desc negotiate_oid_spnego =
 	{ 6, (void *) "\x2b\x06\x01\x05\x05\x02" };
@@ -70,11 +75,26 @@ static int negotiate_set_challenge(
 	return 0;
 }
 
+static void negotiate_context_dispose(http_auth_negotiate_context *ctx)
+{
+	OM_uint32 status_minor;
+
+	if (ctx->gss_context != GSS_C_NO_CONTEXT) {
+		gss_delete_sec_context(
+		    &status_minor, &ctx->gss_context, GSS_C_NO_BUFFER);
+		ctx->gss_context = GSS_C_NO_CONTEXT;
+	}
+
+	git_buf_dispose(&ctx->target);
+
+	git__free(ctx->challenge);
+	ctx->challenge = NULL;
+}
+
 static int negotiate_next_token(
 	git_buf *buf,
 	git_http_auth_context *c,
-	const char *header_name,
-	git_cred *cred)
+	git_credential *cred)
 {
 	http_auth_negotiate_context *ctx = (http_auth_negotiate_context *)c;
 	OM_uint32 status_major, status_minor;
@@ -88,7 +108,7 @@ static int negotiate_next_token(
 	size_t challenge_len;
 	int error = 0;
 
-	assert(buf && ctx && ctx->configured && cred && cred->credtype == GIT_CREDTYPE_DEFAULT);
+	assert(buf && ctx && ctx->configured && cred && cred->credtype == GIT_CREDENTIAL_DEFAULT);
 
 	if (ctx->complete)
 		return 0;
@@ -101,18 +121,20 @@ static int negotiate_next_token(
 
 	if (GSS_ERROR(status_major)) {
 		negotiate_err_set(status_major, status_minor,
-			"Could not parse principal");
+			"could not parse principal");
 		error = -1;
 		goto done;
 	}
 
 	challenge_len = ctx->challenge ? strlen(ctx->challenge) : 0;
 
-	if (challenge_len < 9) {
-		git_error_set(GIT_ERROR_NET, "no negotiate challenge sent from server");
+	if (challenge_len < 9 || memcmp(ctx->challenge, "Negotiate", 9) != 0) {
+		git_error_set(GIT_ERROR_NET, "server did not request negotiate");
 		error = -1;
 		goto done;
-	} else if (challenge_len > 9) {
+	}
+
+	if (challenge_len > 9) {
 		if (git_buf_decode_base64(&input_buf,
 				ctx->challenge + 10, challenge_len - 10) < 0) {
 			git_error_set(GIT_ERROR_NET, "invalid negotiate challenge from server");
@@ -124,14 +146,12 @@ static int negotiate_next_token(
 		input_token.length = input_buf.size;
 		input_token_ptr = &input_token;
 	} else if (ctx->gss_context != GSS_C_NO_CONTEXT) {
-		git_error_set(GIT_ERROR_NET, "could not restart authentication");
-		error = -1;
-		goto done;
+		negotiate_context_dispose(ctx);
 	}
 
 	mech = &negotiate_oid_spnego;
 
-	if (GSS_ERROR(status_major = gss_init_sec_context(
+	status_major = gss_init_sec_context(
 		&status_minor,
 		GSS_C_NO_CREDENTIAL,
 		&ctx->gss_context,
@@ -144,21 +164,29 @@ static int negotiate_next_token(
 		NULL,
 		&output_token,
 		NULL,
-		NULL))) {
-		negotiate_err_set(status_major, status_minor, "Negotiate failure");
+		NULL);
+
+	if (GSS_ERROR(status_major)) {
+		negotiate_err_set(status_major, status_minor, "negotiate failure");
 		error = -1;
 		goto done;
 	}
 
 	/* This message merely told us auth was complete; we do not respond. */
 	if (status_major == GSS_S_COMPLETE) {
+		negotiate_context_dispose(ctx);
 		ctx->complete = 1;
 		goto done;
 	}
 
-	git_buf_printf(buf, "%s: Negotiate ", header_name);
+	if (output_token.length == 0) {
+		git_error_set(GIT_ERROR_NET, "GSSAPI did not return token");
+		error = -1;
+		goto done;
+	}
+
+	git_buf_puts(buf, "Negotiate ");
 	git_buf_encode_base64(buf, output_token.value, output_token.length);
-	git_buf_puts(buf, "\r\n");
 
 	if (git_buf_oom(buf))
 		error = -1;
@@ -170,20 +198,20 @@ done:
 	return error;
 }
 
-static void negotiate_context_free(git_http_auth_context *c)
+static int negotiate_is_complete(git_http_auth_context *c)
 {
 	http_auth_negotiate_context *ctx = (http_auth_negotiate_context *)c;
-	OM_uint32 status_minor;
 
-	if (ctx->gss_context != GSS_C_NO_CONTEXT) {
-		gss_delete_sec_context(
-			&status_minor, &ctx->gss_context, GSS_C_NO_BUFFER);
-		ctx->gss_context = GSS_C_NO_CONTEXT;
-	}
+	assert(ctx);
 
-	git_buf_dispose(&ctx->target);
+	return (ctx->complete == 1);
+}
 
-	git__free(ctx->challenge);
+static void negotiate_context_free(git_http_auth_context *c)
+{
+	http_auth_negotiate_context *ctx = (http_auth_negotiate_context *)c;
+
+	negotiate_context_dispose(ctx);
 
 	ctx->configured = 0;
 	ctx->complete = 0;
@@ -194,7 +222,7 @@ static void negotiate_context_free(git_http_auth_context *c)
 
 static int negotiate_init_context(
 	http_auth_negotiate_context *ctx,
-	const gitno_connection_data *connection_data)
+	const git_net_url *url)
 {
 	OM_uint32 status_major, status_minor;
 	gss_OID item, *oid;
@@ -202,8 +230,9 @@ static int negotiate_init_context(
 	size_t i;
 
 	/* Query supported mechanisms looking for SPNEGO) */
-	if (GSS_ERROR(status_major =
-		gss_indicate_mechs(&status_minor, &mechanism_list))) {
+	status_major = gss_indicate_mechs(&status_minor, &mechanism_list);
+
+	if (GSS_ERROR(status_major)) {
 		negotiate_err_set(status_major, status_minor,
 			"could not query mechanisms");
 		return -1;
@@ -235,7 +264,7 @@ static int negotiate_init_context(
 	}
 
 	git_buf_puts(&ctx->target, "HTTP@");
-	git_buf_puts(&ctx->target, connection_data->host);
+	git_buf_puts(&ctx->target, url->host);
 
 	if (git_buf_oom(&ctx->target))
 		return -1;
@@ -248,7 +277,7 @@ static int negotiate_init_context(
 
 int git_http_auth_negotiate(
 	git_http_auth_context **out,
-	const gitno_connection_data *connection_data)
+	const git_net_url *url)
 {
 	http_auth_negotiate_context *ctx;
 
@@ -257,15 +286,17 @@ int git_http_auth_negotiate(
 	ctx = git__calloc(1, sizeof(http_auth_negotiate_context));
 	GIT_ERROR_CHECK_ALLOC(ctx);
 
-	if (negotiate_init_context(ctx, connection_data) < 0) {
+	if (negotiate_init_context(ctx, url) < 0) {
 		git__free(ctx);
 		return -1;
 	}
 
-	ctx->parent.type = GIT_AUTHTYPE_NEGOTIATE;
-	ctx->parent.credtypes = GIT_CREDTYPE_DEFAULT;
+	ctx->parent.type = GIT_HTTP_AUTH_NEGOTIATE;
+	ctx->parent.credtypes = GIT_CREDENTIAL_DEFAULT;
+	ctx->parent.connection_affinity = 1;
 	ctx->parent.set_challenge = negotiate_set_challenge;
 	ctx->parent.next_token = negotiate_next_token;
+	ctx->parent.is_complete = negotiate_is_complete;
 	ctx->parent.free = negotiate_context_free;
 
 	*out = (git_http_auth_context *)ctx;

data/vendor/libgit2/src/transports/auth_negotiate.h

@@ -12,11 +12,11 @@
 #include "git2.h"
 #include "auth.h"
 
-#ifdef GIT_GSSAPI
+#if defined(GIT_GSSAPI) || defined(GIT_GSSFRAMEWORK)
 
 extern int git_http_auth_negotiate(
 	git_http_auth_context **out,
-	const gitno_connection_data *connection_data);
+	const git_net_url *url);
 
 #else
 

data/vendor/libgit2/src/transports/auth_ntlm.c

@@ -0,0 +1,223 @@
+/*
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+
+#include "git2.h"
+#include "common.h"
+#include "buffer.h"
+#include "auth.h"
+#include "auth_ntlm.h"
+#include "git2/sys/credential.h"
+
+#ifdef GIT_NTLM
+
+#include "ntlm.h"
+
+typedef struct {
+	git_http_auth_context parent;
+	ntlm_client *ntlm;
+	char *challenge;
+	bool complete;
+} http_auth_ntlm_context;
+
+static int ntlm_set_challenge(
+	git_http_auth_context *c,
+	const char *challenge)
+{
+	http_auth_ntlm_context *ctx = (http_auth_ntlm_context *)c;
+
+	assert(ctx && challenge);
+
+	git__free(ctx->challenge);
+
+	ctx->challenge = git__strdup(challenge);
+	GIT_ERROR_CHECK_ALLOC(ctx->challenge);
+
+	return 0;
+}
+
+static int ntlm_set_credentials(http_auth_ntlm_context *ctx, git_credential *_cred)
+{
+	git_credential_userpass_plaintext *cred;
+	const char *sep, *username;
+	char *domain = NULL, *domainuser = NULL;
+	int error = 0;
+
+	assert(_cred->credtype == GIT_CREDENTIAL_USERPASS_PLAINTEXT);
+	cred = (git_credential_userpass_plaintext *)_cred;
+
+	if ((sep = strchr(cred->username, '\\')) != NULL) {
+		domain = git__strndup(cred->username, (sep - cred->username));
+		GIT_ERROR_CHECK_ALLOC(domain);
+
+		domainuser = git__strdup(sep + 1);
+		GIT_ERROR_CHECK_ALLOC(domainuser);
+
+		username = domainuser;
+	} else {
+		username = cred->username;
+	}
+
+	if (ntlm_client_set_credentials(ctx->ntlm,
+	    username, domain, cred->password) < 0) {
+		git_error_set(GIT_ERROR_NET, "could not set credentials: %s",
+		    ntlm_client_errmsg(ctx->ntlm));
+		error = -1;
+		goto done;
+	}
+
+done:
+	git__free(domain);
+	git__free(domainuser);
+	return error;
+}
+
+static int ntlm_next_token(
+	git_buf *buf,
+	git_http_auth_context *c,
+	git_credential *cred)
+{
+	http_auth_ntlm_context *ctx = (http_auth_ntlm_context *)c;
+	git_buf input_buf = GIT_BUF_INIT;
+	const unsigned char *msg;
+	size_t challenge_len, msg_len;
+	int error = -1;
+
+	assert(buf && ctx && ctx->ntlm);
+
+	challenge_len = ctx->challenge ? strlen(ctx->challenge) : 0;
+
+	if (ctx->complete)
+		ntlm_client_reset(ctx->ntlm);
+
+	/*
+	 * Set us complete now since it's the default case; the one
+	 * incomplete case (successfully created a client request)
+	 * will explicitly set that it requires a second step.
+	 */
+	ctx->complete = true;
+
+	if (cred && ntlm_set_credentials(ctx, cred) != 0)
+		goto done;
+
+	if (challenge_len < 4) {
+		git_error_set(GIT_ERROR_NET, "no ntlm challenge sent from server");
+		goto done;
+	} else if (challenge_len == 4) {
+		if (memcmp(ctx->challenge, "NTLM", 4) != 0) {
+			git_error_set(GIT_ERROR_NET, "server did not request NTLM");
+			goto done;
+		}
+
+		if (ntlm_client_negotiate(&msg, &msg_len, ctx->ntlm) != 0) {
+			git_error_set(GIT_ERROR_NET, "ntlm authentication failed: %s",
+				ntlm_client_errmsg(ctx->ntlm));
+			goto done;
+		}
+
+		ctx->complete = false;
+	} else {
+		if (memcmp(ctx->challenge, "NTLM ", 5) != 0) {
+			git_error_set(GIT_ERROR_NET, "challenge from server was not NTLM");
+			goto done;
+		}
+
+		if (git_buf_decode_base64(&input_buf,
+		    ctx->challenge + 5, challenge_len - 5) < 0) {
+			git_error_set(GIT_ERROR_NET, "invalid NTLM challenge from server");
+			goto done;
+		}
+
+		if (ntlm_client_set_challenge(ctx->ntlm,
+		    (const unsigned char *)input_buf.ptr, input_buf.size) != 0) {
+			git_error_set(GIT_ERROR_NET, "ntlm challenge failed: %s",
+				ntlm_client_errmsg(ctx->ntlm));
+			goto done;
+		}
+
+		if (ntlm_client_response(&msg, &msg_len, ctx->ntlm) != 0) {
+			git_error_set(GIT_ERROR_NET, "ntlm authentication failed: %s",
+				ntlm_client_errmsg(ctx->ntlm));
+			goto done;
+		}
+	}
+
+	git_buf_puts(buf, "NTLM ");
+	git_buf_encode_base64(buf, (const char *)msg, msg_len);
+
+	if (git_buf_oom(buf))
+		goto done;
+
+	error = 0;
+
+done:
+	git_buf_dispose(&input_buf);
+	return error;
+}
+
+static int ntlm_is_complete(git_http_auth_context *c)
+{
+	http_auth_ntlm_context *ctx = (http_auth_ntlm_context *)c;
+
+	assert(ctx);
+	return (ctx->complete == true);
+}
+
+static void ntlm_context_free(git_http_auth_context *c)
+{
+	http_auth_ntlm_context *ctx = (http_auth_ntlm_context *)c;
+
+	ntlm_client_free(ctx->ntlm);
+	git__free(ctx->challenge);
+	git__free(ctx);
+}
+
+static int ntlm_init_context(
+	http_auth_ntlm_context *ctx,
+	const git_net_url *url)
+{
+	GIT_UNUSED(url);
+
+	if ((ctx->ntlm = ntlm_client_init(NTLM_CLIENT_DEFAULTS)) == NULL) {
+		git_error_set_oom();
+		return -1;
+	}
+
+	return 0;
+}
+
+int git_http_auth_ntlm(
+	git_http_auth_context **out,
+	const git_net_url *url)
+{
+	http_auth_ntlm_context *ctx;
+
+	GIT_UNUSED(url);
+
+	*out = NULL;
+
+	ctx = git__calloc(1, sizeof(http_auth_ntlm_context));
+	GIT_ERROR_CHECK_ALLOC(ctx);
+
+	if (ntlm_init_context(ctx, url) < 0) {
+		git__free(ctx);
+		return -1;
+	}
+
+	ctx->parent.type = GIT_HTTP_AUTH_NTLM;
+	ctx->parent.credtypes = GIT_CREDENTIAL_USERPASS_PLAINTEXT;
+	ctx->parent.connection_affinity = 1;
+	ctx->parent.set_challenge = ntlm_set_challenge;
+	ctx->parent.next_token = ntlm_next_token;
+	ctx->parent.is_complete = ntlm_is_complete;
+	ctx->parent.free = ntlm_context_free;
+
+	*out = (git_http_auth_context *)ctx;
+
+	return 0;
+}
+
+#endif /* GIT_NTLM */