rugged 0.28.5 → 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/ext/rugged/extconf.rb +3 -1
- data/ext/rugged/rugged.c +35 -31
- data/ext/rugged/rugged.h +13 -0
- data/ext/rugged/rugged_blob.c +11 -9
- data/ext/rugged/rugged_commit.c +18 -16
- data/ext/rugged/rugged_config.c +1 -1
- data/ext/rugged/rugged_diff.c +4 -26
- data/ext/rugged/rugged_index.c +4 -2
- data/ext/rugged/rugged_note.c +5 -3
- data/ext/rugged/rugged_object.c +57 -10
- data/ext/rugged/rugged_rebase.c +3 -1
- data/ext/rugged/rugged_remote.c +32 -8
- data/ext/rugged/rugged_repo.c +232 -17
- data/ext/rugged/rugged_tag.c +8 -6
- data/ext/rugged/rugged_tree.c +18 -16
- data/lib/rugged/commit.rb +17 -4
- data/lib/rugged/repository.rb +5 -6
- data/lib/rugged/submodule_collection.rb +4 -4
- data/lib/rugged/version.rb +1 -1
- data/vendor/libgit2/CMakeLists.txt +57 -75
- data/vendor/libgit2/COPYING +28 -0
- data/vendor/libgit2/cmake/{Modules/AddCFlagIfSupported.cmake → AddCFlagIfSupported.cmake} +0 -0
- data/vendor/libgit2/cmake/{Modules/EnableWarnings.cmake → EnableWarnings.cmake} +5 -1
- data/vendor/libgit2/cmake/{Modules/FindCoreFoundation.cmake → FindCoreFoundation.cmake} +2 -2
- data/vendor/libgit2/cmake/{Modules/FindGSSAPI.cmake → FindGSSAPI.cmake} +1 -1
- data/vendor/libgit2/cmake/FindGSSFramework.cmake +28 -0
- data/vendor/libgit2/cmake/{Modules/FindHTTP_Parser.cmake → FindHTTP_Parser.cmake} +0 -0
- data/vendor/libgit2/cmake/{Modules/FindIconv.cmake → FindIconv.cmake} +0 -0
- data/vendor/libgit2/cmake/FindPCRE.cmake +38 -0
- data/vendor/libgit2/cmake/FindPCRE2.cmake +37 -0
- data/vendor/libgit2/cmake/{Modules/FindPkgLibraries.cmake → FindPkgLibraries.cmake} +0 -0
- data/vendor/libgit2/cmake/{Modules/FindSecurity.cmake → FindSecurity.cmake} +2 -2
- data/vendor/libgit2/cmake/{Modules/FindStatNsec.cmake → FindStatNsec.cmake} +6 -0
- data/vendor/libgit2/cmake/{Modules/FindmbedTLS.cmake → FindmbedTLS.cmake} +0 -0
- data/vendor/libgit2/cmake/{Modules/IdeSplitSources.cmake → IdeSplitSources.cmake} +0 -0
- data/vendor/libgit2/cmake/PkgBuildConfig.cmake +77 -0
- data/vendor/libgit2/cmake/SanitizeBool.cmake +20 -0
- data/vendor/libgit2/cmake/SelectGSSAPI.cmake +48 -0
- data/vendor/libgit2/cmake/SelectHTTPSBackend.cmake +120 -0
- data/vendor/libgit2/cmake/SelectHashes.cmake +61 -0
- data/vendor/libgit2/deps/http-parser/CMakeLists.txt +4 -3
- data/vendor/libgit2/deps/http-parser/http_parser.c +11 -6
- data/vendor/libgit2/deps/ntlmclient/CMakeLists.txt +25 -0
- data/vendor/libgit2/deps/ntlmclient/compat.h +28 -0
- data/vendor/libgit2/deps/ntlmclient/crypt.h +64 -0
- data/vendor/libgit2/deps/ntlmclient/crypt_commoncrypto.c +120 -0
- data/vendor/libgit2/deps/ntlmclient/crypt_commoncrypto.h +18 -0
- data/vendor/libgit2/deps/ntlmclient/crypt_mbedtls.c +145 -0
- data/vendor/libgit2/deps/ntlmclient/crypt_mbedtls.h +18 -0
- data/vendor/libgit2/deps/ntlmclient/crypt_openssl.c +130 -0
- data/vendor/libgit2/deps/ntlmclient/crypt_openssl.h +21 -0
- data/vendor/libgit2/deps/ntlmclient/ntlm.c +1419 -0
- data/vendor/libgit2/deps/ntlmclient/ntlm.h +174 -0
- data/vendor/libgit2/deps/ntlmclient/ntlmclient.h +320 -0
- data/vendor/libgit2/deps/ntlmclient/unicode.h +36 -0
- data/vendor/libgit2/deps/ntlmclient/unicode_builtin.c +445 -0
- data/vendor/libgit2/deps/ntlmclient/unicode_iconv.c +201 -0
- data/vendor/libgit2/deps/ntlmclient/utf8.h +1257 -0
- data/vendor/libgit2/deps/ntlmclient/util.c +35 -0
- data/vendor/libgit2/deps/ntlmclient/util.h +15 -0
- data/vendor/libgit2/deps/pcre/CMakeLists.txt +140 -0
- data/vendor/libgit2/deps/pcre/COPYING +5 -0
- data/vendor/libgit2/deps/pcre/LICENCE +93 -0
- data/vendor/libgit2/deps/pcre/cmake/COPYING-CMAKE-SCRIPTS +22 -0
- data/vendor/libgit2/deps/pcre/cmake/FindEditline.cmake +17 -0
- data/vendor/libgit2/deps/pcre/cmake/FindPackageHandleStandardArgs.cmake +58 -0
- data/vendor/libgit2/deps/pcre/cmake/FindReadline.cmake +29 -0
- data/vendor/libgit2/deps/pcre/config.h.in +57 -0
- data/vendor/libgit2/deps/pcre/pcre.h +641 -0
- data/vendor/libgit2/deps/pcre/pcre_byte_order.c +319 -0
- data/vendor/libgit2/deps/pcre/pcre_chartables.c +198 -0
- data/vendor/libgit2/deps/pcre/pcre_compile.c +9812 -0
- data/vendor/libgit2/deps/pcre/pcre_config.c +190 -0
- data/vendor/libgit2/deps/pcre/pcre_dfa_exec.c +3676 -0
- data/vendor/libgit2/deps/pcre/pcre_exec.c +7173 -0
- data/vendor/libgit2/deps/pcre/pcre_fullinfo.c +245 -0
- data/vendor/libgit2/deps/pcre/pcre_get.c +669 -0
- data/vendor/libgit2/deps/pcre/pcre_globals.c +86 -0
- data/vendor/libgit2/deps/pcre/pcre_internal.h +2787 -0
- data/vendor/libgit2/deps/pcre/pcre_jit_compile.c +11913 -0
- data/vendor/libgit2/deps/pcre/pcre_maketables.c +156 -0
- data/vendor/libgit2/deps/pcre/pcre_newline.c +210 -0
- data/vendor/libgit2/deps/pcre/pcre_ord2utf8.c +94 -0
- data/vendor/libgit2/deps/pcre/pcre_printint.c +834 -0
- data/vendor/libgit2/deps/pcre/pcre_refcount.c +92 -0
- data/vendor/libgit2/deps/pcre/pcre_string_utils.c +211 -0
- data/vendor/libgit2/deps/pcre/pcre_study.c +1686 -0
- data/vendor/libgit2/deps/pcre/pcre_tables.c +727 -0
- data/vendor/libgit2/deps/pcre/pcre_ucd.c +3644 -0
- data/vendor/libgit2/deps/pcre/pcre_valid_utf8.c +301 -0
- data/vendor/libgit2/deps/pcre/pcre_version.c +98 -0
- data/vendor/libgit2/deps/pcre/pcre_xclass.c +268 -0
- data/vendor/libgit2/deps/pcre/pcreposix.c +420 -0
- data/vendor/libgit2/deps/pcre/pcreposix.h +117 -0
- data/vendor/libgit2/deps/pcre/ucp.h +224 -0
- data/vendor/libgit2/deps/zlib/CMakeLists.txt +6 -5
- data/vendor/libgit2/deps/zlib/adler32.c +0 -7
- data/vendor/libgit2/deps/zlib/crc32.c +0 -7
- data/vendor/libgit2/deps/zlib/deflate.c +1 -0
- data/vendor/libgit2/include/git2.h +2 -0
- data/vendor/libgit2/include/git2/annotated_commit.h +1 -1
- data/vendor/libgit2/include/git2/apply.h +24 -2
- data/vendor/libgit2/include/git2/attr.h +23 -13
- data/vendor/libgit2/include/git2/blame.h +4 -2
- data/vendor/libgit2/include/git2/blob.h +61 -13
- data/vendor/libgit2/include/git2/branch.h +74 -57
- data/vendor/libgit2/include/git2/buffer.h +20 -14
- data/vendor/libgit2/include/git2/cert.h +135 -0
- data/vendor/libgit2/include/git2/checkout.h +46 -14
- data/vendor/libgit2/include/git2/cherrypick.h +3 -3
- data/vendor/libgit2/include/git2/clone.h +2 -2
- data/vendor/libgit2/include/git2/commit.h +23 -1
- data/vendor/libgit2/include/git2/common.h +34 -8
- data/vendor/libgit2/include/git2/config.h +13 -13
- data/vendor/libgit2/include/git2/cred_helpers.h +4 -42
- data/vendor/libgit2/include/git2/credential.h +314 -0
- data/vendor/libgit2/include/git2/credential_helpers.h +52 -0
- data/vendor/libgit2/include/git2/deprecated.h +362 -4
- data/vendor/libgit2/include/git2/describe.h +4 -4
- data/vendor/libgit2/include/git2/diff.h +17 -15
- data/vendor/libgit2/include/git2/errors.h +5 -2
- data/vendor/libgit2/include/git2/filter.h +8 -0
- data/vendor/libgit2/include/git2/index.h +5 -5
- data/vendor/libgit2/include/git2/indexer.h +49 -4
- data/vendor/libgit2/include/git2/merge.h +6 -10
- data/vendor/libgit2/include/git2/net.h +0 -5
- data/vendor/libgit2/include/git2/object.h +2 -14
- data/vendor/libgit2/include/git2/odb.h +18 -22
- data/vendor/libgit2/include/git2/odb_backend.h +5 -4
- data/vendor/libgit2/include/git2/oid.h +11 -6
- data/vendor/libgit2/include/git2/pack.h +13 -2
- data/vendor/libgit2/include/git2/proxy.h +6 -4
- data/vendor/libgit2/include/git2/rebase.h +46 -2
- data/vendor/libgit2/include/git2/refs.h +22 -3
- data/vendor/libgit2/include/git2/remote.h +40 -15
- data/vendor/libgit2/include/git2/repository.h +124 -58
- data/vendor/libgit2/include/git2/revert.h +1 -1
- data/vendor/libgit2/include/git2/revwalk.h +7 -3
- data/vendor/libgit2/include/git2/stash.h +4 -4
- data/vendor/libgit2/include/git2/status.h +25 -16
- data/vendor/libgit2/include/git2/strarray.h +6 -10
- data/vendor/libgit2/include/git2/submodule.h +20 -3
- data/vendor/libgit2/include/git2/sys/alloc.h +9 -9
- data/vendor/libgit2/include/git2/sys/cred.h +15 -0
- data/vendor/libgit2/include/git2/sys/credential.h +90 -0
- data/vendor/libgit2/include/git2/sys/index.h +4 -2
- data/vendor/libgit2/include/git2/sys/mempack.h +2 -1
- data/vendor/libgit2/include/git2/sys/merge.h +1 -1
- data/vendor/libgit2/include/git2/sys/odb_backend.h +48 -4
- data/vendor/libgit2/include/git2/sys/refdb_backend.h +164 -21
- data/vendor/libgit2/include/git2/sys/repository.h +17 -6
- data/vendor/libgit2/include/git2/sys/transport.h +4 -4
- data/vendor/libgit2/include/git2/tag.h +11 -2
- data/vendor/libgit2/include/git2/trace.h +2 -2
- data/vendor/libgit2/include/git2/transport.h +11 -340
- data/vendor/libgit2/include/git2/tree.h +7 -3
- data/vendor/libgit2/include/git2/types.h +4 -89
- data/vendor/libgit2/include/git2/version.h +5 -5
- data/vendor/libgit2/include/git2/worktree.h +5 -5
- data/vendor/libgit2/src/CMakeLists.txt +147 -272
- data/vendor/libgit2/src/alloc.c +2 -14
- data/vendor/libgit2/src/{stdalloc.c → allocators/stdalloc.c} +3 -4
- data/vendor/libgit2/src/{stdalloc.h → allocators/stdalloc.h} +4 -4
- data/vendor/libgit2/src/allocators/win32_crtdbg.c +118 -0
- data/vendor/libgit2/src/{transports/cred.h → allocators/win32_crtdbg.h} +5 -4
- data/vendor/libgit2/src/apply.c +36 -16
- data/vendor/libgit2/src/assert_safe.h +58 -0
- data/vendor/libgit2/src/attr.c +70 -64
- data/vendor/libgit2/src/attr_file.c +197 -99
- data/vendor/libgit2/src/attr_file.h +9 -9
- data/vendor/libgit2/src/attrcache.c +48 -49
- data/vendor/libgit2/src/attrcache.h +2 -1
- data/vendor/libgit2/src/blame.c +34 -15
- data/vendor/libgit2/src/blame.h +1 -1
- data/vendor/libgit2/src/blame_git.c +27 -10
- data/vendor/libgit2/src/blob.c +92 -17
- data/vendor/libgit2/src/blob.h +2 -2
- data/vendor/libgit2/src/branch.c +68 -42
- data/vendor/libgit2/src/buffer.c +11 -3
- data/vendor/libgit2/src/buffer.h +1 -0
- data/vendor/libgit2/src/cache.c +34 -58
- data/vendor/libgit2/src/cache.h +1 -1
- data/vendor/libgit2/src/cc-compat.h +5 -0
- data/vendor/libgit2/src/checkout.c +73 -86
- data/vendor/libgit2/src/cherrypick.c +9 -1
- data/vendor/libgit2/src/clone.c +130 -27
- data/vendor/libgit2/src/clone.h +4 -0
- data/vendor/libgit2/src/commit.c +70 -22
- data/vendor/libgit2/src/commit.h +6 -0
- data/vendor/libgit2/src/commit_list.c +28 -76
- data/vendor/libgit2/src/commit_list.h +2 -2
- data/vendor/libgit2/src/common.h +4 -75
- data/vendor/libgit2/src/config.c +34 -47
- data/vendor/libgit2/src/config.h +7 -6
- data/vendor/libgit2/src/config_backend.h +12 -0
- data/vendor/libgit2/src/config_cache.c +42 -39
- data/vendor/libgit2/src/config_entries.c +76 -98
- data/vendor/libgit2/src/config_entries.h +1 -0
- data/vendor/libgit2/src/config_file.c +346 -380
- data/vendor/libgit2/src/config_mem.c +12 -16
- data/vendor/libgit2/src/config_parse.c +50 -30
- data/vendor/libgit2/src/config_parse.h +13 -12
- data/vendor/libgit2/src/config_snapshot.c +207 -0
- data/vendor/libgit2/src/crlf.c +14 -14
- data/vendor/libgit2/src/describe.c +26 -21
- data/vendor/libgit2/src/diff.c +53 -75
- data/vendor/libgit2/src/diff.h +4 -3
- data/vendor/libgit2/src/diff_driver.c +37 -38
- data/vendor/libgit2/src/diff_file.c +15 -11
- data/vendor/libgit2/src/diff_file.h +2 -2
- data/vendor/libgit2/src/diff_generate.c +36 -37
- data/vendor/libgit2/src/diff_generate.h +2 -2
- data/vendor/libgit2/src/diff_parse.c +3 -4
- data/vendor/libgit2/src/diff_print.c +86 -71
- data/vendor/libgit2/src/diff_stats.c +13 -12
- data/vendor/libgit2/src/diff_tform.c +15 -16
- data/vendor/libgit2/src/errors.c +23 -25
- data/vendor/libgit2/src/errors.h +81 -0
- data/vendor/libgit2/src/features.h.in +9 -2
- data/vendor/libgit2/src/fetch.c +9 -2
- data/vendor/libgit2/src/fetchhead.c +9 -9
- data/vendor/libgit2/src/filebuf.c +1 -1
- data/vendor/libgit2/src/filebuf.h +1 -1
- data/vendor/libgit2/src/filter.c +19 -11
- data/vendor/libgit2/src/{fileops.c → futils.c} +23 -20
- data/vendor/libgit2/src/{fileops.h → futils.h} +8 -8
- data/vendor/libgit2/src/global.c +3 -1
- data/vendor/libgit2/src/hash.c +61 -0
- data/vendor/libgit2/src/hash.h +19 -21
- data/vendor/libgit2/src/hash/sha1.h +38 -0
- data/vendor/libgit2/src/hash/{hash_collisiondetect.h → sha1/collisiondetect.c} +14 -17
- data/vendor/libgit2/src/{sha1_lookup.h → hash/sha1/collisiondetect.h} +8 -8
- data/vendor/libgit2/src/hash/{hash_common_crypto.h → sha1/common_crypto.c} +15 -19
- data/vendor/libgit2/src/hash/sha1/common_crypto.h +19 -0
- data/vendor/libgit2/src/hash/{hash_generic.c → sha1/generic.c} +22 -10
- data/vendor/libgit2/src/hash/{hash_generic.h → sha1/generic.h} +4 -14
- data/vendor/libgit2/src/hash/{hash_mbedtls.c → sha1/mbedtls.c} +15 -7
- data/vendor/libgit2/src/hash/{hash_mbedtls.h → sha1/mbedtls.h} +6 -11
- data/vendor/libgit2/src/hash/{hash_openssl.h → sha1/openssl.c} +14 -18
- data/vendor/libgit2/src/{refdb_fs.h → hash/sha1/openssl.h} +8 -8
- data/vendor/libgit2/src/hash/{sha1dc → sha1/sha1dc}/sha1.c +14 -3
- data/vendor/libgit2/src/hash/{sha1dc → sha1/sha1dc}/sha1.h +0 -0
- data/vendor/libgit2/src/hash/{sha1dc → sha1/sha1dc}/ubc_check.c +0 -0
- data/vendor/libgit2/src/hash/{sha1dc → sha1/sha1dc}/ubc_check.h +0 -0
- data/vendor/libgit2/src/hash/{hash_win32.c → sha1/win32.c} +34 -24
- data/vendor/libgit2/src/hash/{hash_win32.h → sha1/win32.h} +6 -19
- data/vendor/libgit2/src/hashsig.c +1 -1
- data/vendor/libgit2/src/idxmap.c +73 -69
- data/vendor/libgit2/src/idxmap.h +151 -15
- data/vendor/libgit2/src/ignore.c +26 -35
- data/vendor/libgit2/src/index.c +123 -95
- data/vendor/libgit2/src/index.h +1 -1
- data/vendor/libgit2/src/indexer.c +99 -78
- data/vendor/libgit2/src/integer.h +26 -4
- data/vendor/libgit2/src/iterator.c +36 -32
- data/vendor/libgit2/src/iterator.h +8 -8
- data/vendor/libgit2/src/map.h +1 -1
- data/vendor/libgit2/src/merge.c +93 -57
- data/vendor/libgit2/src/merge.h +2 -2
- data/vendor/libgit2/src/merge_driver.c +5 -5
- data/vendor/libgit2/src/merge_file.c +5 -7
- data/vendor/libgit2/src/midx.c +418 -0
- data/vendor/libgit2/src/midx.h +83 -0
- data/vendor/libgit2/src/mwindow.c +144 -74
- data/vendor/libgit2/src/mwindow.h +4 -4
- data/vendor/libgit2/src/net.c +416 -0
- data/vendor/libgit2/src/net.h +57 -0
- data/vendor/libgit2/src/netops.c +6 -222
- data/vendor/libgit2/src/netops.h +1 -37
- data/vendor/libgit2/src/notes.c +8 -5
- data/vendor/libgit2/src/object.c +5 -4
- data/vendor/libgit2/src/object.h +2 -0
- data/vendor/libgit2/src/odb.c +54 -32
- data/vendor/libgit2/src/odb.h +3 -2
- data/vendor/libgit2/src/odb_loose.c +20 -13
- data/vendor/libgit2/src/odb_mempack.c +15 -24
- data/vendor/libgit2/src/odb_pack.c +4 -5
- data/vendor/libgit2/src/offmap.c +43 -55
- data/vendor/libgit2/src/offmap.h +102 -24
- data/vendor/libgit2/src/oid.c +21 -8
- data/vendor/libgit2/src/oidmap.c +39 -57
- data/vendor/libgit2/src/oidmap.h +99 -19
- data/vendor/libgit2/src/pack-objects.c +55 -52
- data/vendor/libgit2/src/pack-objects.h +1 -1
- data/vendor/libgit2/src/pack.c +160 -149
- data/vendor/libgit2/src/pack.h +32 -18
- data/vendor/libgit2/src/parse.c +10 -0
- data/vendor/libgit2/src/parse.h +3 -3
- data/vendor/libgit2/src/patch.c +1 -1
- data/vendor/libgit2/src/patch_generate.c +2 -4
- data/vendor/libgit2/src/patch_parse.c +34 -11
- data/vendor/libgit2/src/path.c +47 -10
- data/vendor/libgit2/src/path.h +2 -0
- data/vendor/libgit2/src/pathspec.c +18 -17
- data/vendor/libgit2/src/pool.c +42 -32
- data/vendor/libgit2/src/pool.h +15 -7
- data/vendor/libgit2/src/posix.c +39 -16
- data/vendor/libgit2/src/posix.h +21 -1
- data/vendor/libgit2/src/proxy.c +9 -2
- data/vendor/libgit2/src/push.c +15 -7
- data/vendor/libgit2/src/reader.c +2 -2
- data/vendor/libgit2/src/rebase.c +89 -28
- data/vendor/libgit2/src/refdb.c +147 -0
- data/vendor/libgit2/src/refdb.h +69 -0
- data/vendor/libgit2/src/refdb_fs.c +230 -241
- data/vendor/libgit2/src/reflog.c +13 -19
- data/vendor/libgit2/src/refs.c +113 -217
- data/vendor/libgit2/src/refs.h +10 -21
- data/vendor/libgit2/src/refspec.c +57 -48
- data/vendor/libgit2/src/regexp.c +221 -0
- data/vendor/libgit2/src/regexp.h +97 -0
- data/vendor/libgit2/src/remote.c +102 -79
- data/vendor/libgit2/src/remote.h +2 -2
- data/vendor/libgit2/src/repository.c +322 -203
- data/vendor/libgit2/src/repository.h +49 -57
- data/vendor/libgit2/src/revert.c +8 -1
- data/vendor/libgit2/src/revparse.c +23 -23
- data/vendor/libgit2/src/revwalk.c +73 -37
- data/vendor/libgit2/src/revwalk.h +20 -0
- data/vendor/libgit2/src/settings.c +22 -1
- data/vendor/libgit2/src/sortedcache.c +14 -29
- data/vendor/libgit2/src/sortedcache.h +1 -1
- data/vendor/libgit2/src/stash.c +49 -67
- data/vendor/libgit2/src/status.c +19 -11
- data/vendor/libgit2/src/strarray.c +63 -0
- data/vendor/libgit2/src/streams/openssl.c +66 -8
- data/vendor/libgit2/src/streams/registry.c +5 -3
- data/vendor/libgit2/src/streams/socket.c +2 -2
- data/vendor/libgit2/src/strmap.c +37 -84
- data/vendor/libgit2/src/strmap.h +105 -33
- data/vendor/libgit2/src/submodule.c +157 -130
- data/vendor/libgit2/src/submodule.h +1 -1
- data/vendor/libgit2/src/sysdir.c +4 -20
- data/vendor/libgit2/src/sysdir.h +0 -11
- data/vendor/libgit2/src/tag.c +12 -2
- data/vendor/libgit2/src/thread-utils.h +163 -40
- data/vendor/libgit2/src/trace.c +1 -1
- data/vendor/libgit2/src/trace.h +3 -3
- data/vendor/libgit2/src/trailer.c +46 -32
- data/vendor/libgit2/src/transaction.c +5 -9
- data/vendor/libgit2/src/transports/auth.c +16 -15
- data/vendor/libgit2/src/transports/auth.h +18 -11
- data/vendor/libgit2/src/transports/auth_negotiate.c +64 -33
- data/vendor/libgit2/src/transports/auth_negotiate.h +2 -2
- data/vendor/libgit2/src/transports/auth_ntlm.c +223 -0
- data/vendor/libgit2/src/transports/auth_ntlm.h +38 -0
- data/vendor/libgit2/src/transports/credential.c +478 -0
- data/vendor/libgit2/src/transports/{cred_helpers.c → credential_helpers.c} +23 -8
- data/vendor/libgit2/src/transports/git.c +11 -16
- data/vendor/libgit2/src/transports/http.c +488 -1248
- data/vendor/libgit2/src/transports/http.h +4 -1
- data/vendor/libgit2/src/transports/httpclient.c +1552 -0
- data/vendor/libgit2/src/transports/httpclient.h +190 -0
- data/vendor/libgit2/src/transports/local.c +12 -12
- data/vendor/libgit2/src/transports/smart.c +21 -21
- data/vendor/libgit2/src/transports/smart.h +3 -3
- data/vendor/libgit2/src/transports/smart_protocol.c +40 -64
- data/vendor/libgit2/src/transports/ssh.c +77 -59
- data/vendor/libgit2/src/transports/winhttp.c +368 -285
- data/vendor/libgit2/src/tree-cache.c +14 -7
- data/vendor/libgit2/src/tree.c +16 -26
- data/vendor/libgit2/src/unix/map.c +1 -1
- data/vendor/libgit2/src/unix/posix.h +16 -11
- data/vendor/libgit2/src/userdiff.h +3 -1
- data/vendor/libgit2/src/util.c +75 -110
- data/vendor/libgit2/src/util.h +18 -23
- data/vendor/libgit2/src/wildmatch.c +320 -0
- data/vendor/libgit2/src/wildmatch.h +23 -0
- data/vendor/libgit2/src/win32/git2.rc +18 -3
- data/vendor/libgit2/src/win32/map.c +3 -5
- data/vendor/libgit2/src/win32/path_w32.c +42 -5
- data/vendor/libgit2/src/win32/path_w32.h +15 -29
- data/vendor/libgit2/src/win32/posix.h +1 -4
- data/vendor/libgit2/src/win32/posix_w32.c +117 -5
- data/vendor/libgit2/src/win32/precompiled.h +0 -2
- data/vendor/libgit2/src/win32/thread.c +5 -5
- data/vendor/libgit2/src/win32/w32_buffer.c +7 -3
- data/vendor/libgit2/src/win32/w32_common.h +39 -0
- data/vendor/libgit2/src/win32/w32_crtdbg_stacktrace.c +0 -93
- data/vendor/libgit2/src/win32/w32_crtdbg_stacktrace.h +0 -2
- data/vendor/libgit2/src/win32/w32_stack.c +4 -9
- data/vendor/libgit2/src/win32/w32_stack.h +3 -3
- data/vendor/libgit2/src/win32/w32_util.c +31 -0
- data/vendor/libgit2/src/win32/w32_util.h +6 -32
- data/vendor/libgit2/src/worktree.c +91 -50
- data/vendor/libgit2/src/xdiff/xdiffi.c +1 -1
- data/vendor/libgit2/src/xdiff/xmerge.c +12 -0
- data/vendor/libgit2/src/xdiff/xpatience.c +3 -0
- data/vendor/libgit2/src/zstream.c +5 -0
- data/vendor/libgit2/src/zstream.h +1 -0
- metadata +123 -53
- data/vendor/libgit2/cmake/Modules/CheckPrototypeDefinition.c.in +0 -29
- data/vendor/libgit2/cmake/Modules/CheckPrototypeDefinition.cmake +0 -96
- data/vendor/libgit2/deps/regex/CMakeLists.txt +0 -2
- data/vendor/libgit2/deps/regex/COPYING +0 -502
- data/vendor/libgit2/deps/regex/config.h +0 -7
- data/vendor/libgit2/deps/regex/regcomp.c +0 -3857
- data/vendor/libgit2/deps/regex/regex.c +0 -92
- data/vendor/libgit2/deps/regex/regex.h +0 -582
- data/vendor/libgit2/deps/regex/regex_internal.c +0 -1744
- data/vendor/libgit2/deps/regex/regex_internal.h +0 -819
- data/vendor/libgit2/deps/regex/regexec.c +0 -4369
- data/vendor/libgit2/include/git2/inttypes.h +0 -309
- data/vendor/libgit2/include/git2/sys/time.h +0 -31
- data/vendor/libgit2/libgit2.pc.in +0 -13
- data/vendor/libgit2/src/fnmatch.c +0 -248
- data/vendor/libgit2/src/fnmatch.h +0 -48
- data/vendor/libgit2/src/sha1_lookup.c +0 -35
- data/vendor/libgit2/src/transports/cred.c +0 -390
@@ -19,6 +19,7 @@
|
|
19
19
|
#include "repository.h"
|
20
20
|
#include "global.h"
|
21
21
|
#include "http.h"
|
22
|
+
#include "git2/sys/credential.h"
|
22
23
|
|
23
24
|
#include <wincrypt.h>
|
24
25
|
#include <winhttp.h>
|
@@ -40,18 +41,32 @@
|
|
40
41
|
#define WINHTTP_IGNORE_REQUEST_TOTAL_LENGTH 0
|
41
42
|
#endif
|
42
43
|
|
43
|
-
#ifndef
|
44
|
+
#ifndef WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1
|
44
45
|
# define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1 0x00000200
|
45
46
|
#endif
|
46
47
|
|
47
|
-
#ifndef
|
48
|
+
#ifndef WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2
|
48
49
|
# define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2 0x00000800
|
49
50
|
#endif
|
50
51
|
|
52
|
+
#ifndef WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3
|
53
|
+
# define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3 0x00002000
|
54
|
+
#endif
|
55
|
+
|
56
|
+
#ifndef WINHTTP_NO_CLIENT_CERT_CONTEXT
|
57
|
+
# define WINHTTP_NO_CLIENT_CERT_CONTEXT NULL
|
58
|
+
#endif
|
59
|
+
|
51
60
|
#ifndef HTTP_STATUS_PERMANENT_REDIRECT
|
52
61
|
# define HTTP_STATUS_PERMANENT_REDIRECT 308
|
53
62
|
#endif
|
54
63
|
|
64
|
+
#ifndef DWORD_MAX
|
65
|
+
# define DWORD_MAX 0xffffffff
|
66
|
+
#endif
|
67
|
+
|
68
|
+
bool git_http__expect_continue = false;
|
69
|
+
|
55
70
|
static const char *prefix_https = "https://";
|
56
71
|
static const char *upload_pack_service = "upload-pack";
|
57
72
|
static const char *upload_pack_ls_service_url = "/info/refs?service=git-upload-pack";
|
@@ -101,27 +116,48 @@ typedef struct {
|
|
101
116
|
DWORD post_body_len;
|
102
117
|
unsigned sent_request : 1,
|
103
118
|
received_response : 1,
|
104
|
-
chunked : 1
|
119
|
+
chunked : 1,
|
120
|
+
status_sending_request_reached: 1;
|
105
121
|
} winhttp_stream;
|
106
122
|
|
123
|
+
typedef struct {
|
124
|
+
git_net_url url;
|
125
|
+
git_credential *cred;
|
126
|
+
int auth_mechanisms;
|
127
|
+
bool url_cred_presented;
|
128
|
+
} winhttp_server;
|
129
|
+
|
107
130
|
typedef struct {
|
108
131
|
git_smart_subtransport parent;
|
109
132
|
transport_smart *owner;
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
git_cred *proxy_cred;
|
115
|
-
int auth_mechanisms;
|
133
|
+
|
134
|
+
winhttp_server server;
|
135
|
+
winhttp_server proxy;
|
136
|
+
|
116
137
|
HINTERNET session;
|
117
138
|
HINTERNET connection;
|
118
139
|
} winhttp_subtransport;
|
119
140
|
|
120
|
-
static int
|
141
|
+
static int apply_userpass_credentials(HINTERNET request, DWORD target, int mechanisms, git_credential *cred)
|
121
142
|
{
|
122
|
-
|
123
|
-
wchar_t *user, *pass;
|
143
|
+
git_credential_userpass_plaintext *c = (git_credential_userpass_plaintext *)cred;
|
144
|
+
wchar_t *user = NULL, *pass = NULL;
|
124
145
|
int user_len = 0, pass_len = 0, error = 0;
|
146
|
+
DWORD native_scheme;
|
147
|
+
|
148
|
+
if (mechanisms & GIT_WINHTTP_AUTH_NEGOTIATE) {
|
149
|
+
native_scheme = WINHTTP_AUTH_SCHEME_NEGOTIATE;
|
150
|
+
} else if (mechanisms & GIT_WINHTTP_AUTH_NTLM) {
|
151
|
+
native_scheme = WINHTTP_AUTH_SCHEME_NTLM;
|
152
|
+
} else if (mechanisms & GIT_WINHTTP_AUTH_DIGEST) {
|
153
|
+
native_scheme = WINHTTP_AUTH_SCHEME_DIGEST;
|
154
|
+
} else if (mechanisms & GIT_WINHTTP_AUTH_BASIC) {
|
155
|
+
native_scheme = WINHTTP_AUTH_SCHEME_BASIC;
|
156
|
+
} else {
|
157
|
+
git_error_set(GIT_ERROR_HTTP, "invalid authentication scheme");
|
158
|
+
error = -1;
|
159
|
+
goto done;
|
160
|
+
}
|
125
161
|
|
126
162
|
if ((error = user_len = git__utf8_to_16_alloc(&user, c->username)) < 0)
|
127
163
|
goto done;
|
@@ -129,7 +165,7 @@ static int _apply_userpass_credential(HINTERNET request, DWORD target, DWORD sch
|
|
129
165
|
if ((error = pass_len = git__utf8_to_16_alloc(&pass, c->password)) < 0)
|
130
166
|
goto done;
|
131
167
|
|
132
|
-
if (!WinHttpSetCredentials(request, target,
|
168
|
+
if (!WinHttpSetCredentials(request, target, native_scheme, user, pass, NULL)) {
|
133
169
|
git_error_set(GIT_ERROR_OS, "failed to set credentials");
|
134
170
|
error = -1;
|
135
171
|
}
|
@@ -147,81 +183,62 @@ done:
|
|
147
183
|
return error;
|
148
184
|
}
|
149
185
|
|
150
|
-
static int
|
186
|
+
static int apply_default_credentials(HINTERNET request, DWORD target, int mechanisms)
|
151
187
|
{
|
152
|
-
|
153
|
-
|
154
|
-
WINHTTP_AUTH_SCHEME_DIGEST, cred);
|
155
|
-
}
|
156
|
-
|
157
|
-
return _apply_userpass_credential(request, WINHTTP_AUTH_TARGET_PROXY,
|
158
|
-
WINHTTP_AUTH_SCHEME_BASIC, cred);
|
159
|
-
}
|
160
|
-
|
161
|
-
static int apply_userpass_credential(HINTERNET request, int mechanisms, git_cred *cred)
|
162
|
-
{
|
163
|
-
DWORD native_scheme;
|
188
|
+
DWORD autologon_level = WINHTTP_AUTOLOGON_SECURITY_LEVEL_LOW;
|
189
|
+
DWORD native_scheme = 0;
|
164
190
|
|
165
|
-
if ((mechanisms &
|
166
|
-
|
191
|
+
if ((mechanisms & GIT_WINHTTP_AUTH_NEGOTIATE) != 0) {
|
192
|
+
native_scheme = WINHTTP_AUTH_SCHEME_NEGOTIATE;
|
193
|
+
} else if ((mechanisms & GIT_WINHTTP_AUTH_NTLM) != 0) {
|
167
194
|
native_scheme = WINHTTP_AUTH_SCHEME_NTLM;
|
168
|
-
} else if (mechanisms & GIT_WINHTTP_AUTH_BASIC) {
|
169
|
-
native_scheme = WINHTTP_AUTH_SCHEME_BASIC;
|
170
195
|
} else {
|
171
|
-
git_error_set(
|
196
|
+
git_error_set(GIT_ERROR_HTTP, "invalid authentication scheme");
|
172
197
|
return -1;
|
173
198
|
}
|
174
199
|
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
/* Either the caller explicitly requested that default credentials be passed,
|
182
|
-
* or our fallback credential callback was invoked and checked that the target
|
183
|
-
* URI was in the appropriate Internet Explorer security zone. By setting this
|
184
|
-
* flag, we guarantee that the credentials are delivered by WinHTTP. The default
|
185
|
-
* is "medium" which applies to the intranet and sounds like it would correspond
|
186
|
-
* to Internet Explorer security zones, but in fact does not. */
|
187
|
-
DWORD data = WINHTTP_AUTOLOGON_SECURITY_LEVEL_LOW;
|
188
|
-
DWORD native_scheme = 0;
|
189
|
-
|
190
|
-
if ((mechanisms & GIT_WINHTTP_AUTH_NTLM) != 0)
|
191
|
-
native_scheme = WINHTTP_AUTH_SCHEME_NTLM;
|
192
|
-
|
193
|
-
if ((mechanisms & GIT_WINHTTP_AUTH_NEGOTIATE) != 0)
|
194
|
-
native_scheme = WINHTTP_AUTH_SCHEME_NEGOTIATE;
|
195
|
-
|
196
|
-
if (!native_scheme) {
|
197
|
-
git_error_set(GIT_ERROR_NET, "invalid authentication scheme");
|
200
|
+
/*
|
201
|
+
* Autologon policy must be "low" to use default creds.
|
202
|
+
* This is safe as the user has explicitly requested it.
|
203
|
+
*/
|
204
|
+
if (!WinHttpSetOption(request, WINHTTP_OPTION_AUTOLOGON_POLICY, &autologon_level, sizeof(DWORD))) {
|
205
|
+
git_error_set(GIT_ERROR_OS, "could not configure logon policy");
|
198
206
|
return -1;
|
199
207
|
}
|
200
208
|
|
201
|
-
if (!
|
202
|
-
|
203
|
-
|
204
|
-
if (!WinHttpSetCredentials(request, WINHTTP_AUTH_TARGET_SERVER, native_scheme, NULL, NULL, NULL))
|
209
|
+
if (!WinHttpSetCredentials(request, target, native_scheme, NULL, NULL, NULL)) {
|
210
|
+
git_error_set(GIT_ERROR_OS, "could not configure credentials");
|
205
211
|
return -1;
|
212
|
+
}
|
206
213
|
|
207
214
|
return 0;
|
208
215
|
}
|
209
216
|
|
210
|
-
static int
|
211
|
-
|
212
|
-
const char *url,
|
213
|
-
const char *username_from_url,
|
217
|
+
static int acquire_url_cred(
|
218
|
+
git_credential **cred,
|
214
219
|
unsigned int allowed_types,
|
215
|
-
|
220
|
+
const char *username,
|
221
|
+
const char *password)
|
216
222
|
{
|
217
|
-
|
223
|
+
if (allowed_types & GIT_CREDENTIAL_USERPASS_PLAINTEXT)
|
224
|
+
return git_credential_userpass_plaintext_new(cred, username, password);
|
225
|
+
|
226
|
+
if ((allowed_types & GIT_CREDENTIAL_DEFAULT) && *username == '\0' && *password == '\0')
|
227
|
+
return git_credential_default_new(cred);
|
218
228
|
|
219
|
-
|
220
|
-
|
229
|
+
return 1;
|
230
|
+
}
|
231
|
+
|
232
|
+
static int acquire_fallback_cred(
|
233
|
+
git_credential **cred,
|
234
|
+
const char *url,
|
235
|
+
unsigned int allowed_types)
|
236
|
+
{
|
237
|
+
int error = 1;
|
221
238
|
|
222
239
|
/* If the target URI supports integrated Windows authentication
|
223
240
|
* as an authentication mechanism */
|
224
|
-
if (
|
241
|
+
if (GIT_CREDENTIAL_DEFAULT & allowed_types) {
|
225
242
|
wchar_t *wide_url;
|
226
243
|
HRESULT hCoInitResult;
|
227
244
|
|
@@ -245,21 +262,21 @@ static int fallback_cred_acquire_cb(
|
|
245
262
|
(URLZONE_LOCAL_MACHINE == dwZone ||
|
246
263
|
URLZONE_INTRANET == dwZone ||
|
247
264
|
URLZONE_TRUSTED == dwZone)) {
|
248
|
-
|
265
|
+
git_credential *existing = *cred;
|
249
266
|
|
250
267
|
if (existing)
|
251
268
|
existing->free(existing);
|
252
269
|
|
253
270
|
/* Then use default Windows credentials to authenticate this request */
|
254
|
-
error =
|
271
|
+
error = git_credential_default_new(cred);
|
255
272
|
}
|
256
273
|
|
257
274
|
pISM->lpVtbl->Release(pISM);
|
258
275
|
}
|
259
276
|
|
260
|
-
|
261
|
-
|
262
|
-
|
277
|
+
/* Only unitialize if the call to CoInitializeEx was successful. */
|
278
|
+
if (SUCCEEDED(hCoInitResult))
|
279
|
+
CoUninitialize();
|
263
280
|
}
|
264
281
|
|
265
282
|
git__free(wide_url);
|
@@ -279,12 +296,12 @@ static int certificate_check(winhttp_stream *s, int valid)
|
|
279
296
|
/* If there is no override, we should fail if WinHTTP doesn't think it's fine */
|
280
297
|
if (t->owner->certificate_check_cb == NULL && !valid) {
|
281
298
|
if (!git_error_last())
|
282
|
-
git_error_set(
|
299
|
+
git_error_set(GIT_ERROR_HTTP, "unknown certificate check failure");
|
283
300
|
|
284
301
|
return GIT_ECERTIFICATE;
|
285
302
|
}
|
286
303
|
|
287
|
-
if (t->owner->certificate_check_cb == NULL ||
|
304
|
+
if (t->owner->certificate_check_cb == NULL || git__strcmp(t->server.url.scheme, "https") != 0)
|
288
305
|
return 0;
|
289
306
|
|
290
307
|
if (!WinHttpQueryOption(s->request, WINHTTP_OPTION_SERVER_CERT_CONTEXT, &cert_ctx, &cert_ctx_size)) {
|
@@ -296,14 +313,14 @@ static int certificate_check(winhttp_stream *s, int valid)
|
|
296
313
|
cert.parent.cert_type = GIT_CERT_X509;
|
297
314
|
cert.data = cert_ctx->pbCertEncoded;
|
298
315
|
cert.len = cert_ctx->cbCertEncoded;
|
299
|
-
error = t->owner->certificate_check_cb((git_cert *) &cert, valid, t->
|
316
|
+
error = t->owner->certificate_check_cb((git_cert *) &cert, valid, t->server.url.host, t->owner->message_cb_payload);
|
300
317
|
CertFreeCertificateContext(cert_ctx);
|
301
318
|
|
302
319
|
if (error == GIT_PASSTHROUGH)
|
303
320
|
error = valid ? 0 : GIT_ECERTIFICATE;
|
304
321
|
|
305
322
|
if (error < 0 && !git_error_last())
|
306
|
-
git_error_set(
|
323
|
+
git_error_set(GIT_ERROR_HTTP, "user cancelled certificate check");
|
307
324
|
|
308
325
|
return error;
|
309
326
|
}
|
@@ -333,8 +350,25 @@ static void winhttp_stream_close(winhttp_stream *s)
|
|
333
350
|
s->sent_request = 0;
|
334
351
|
}
|
335
352
|
|
336
|
-
|
337
|
-
|
353
|
+
static int apply_credentials(
|
354
|
+
HINTERNET request,
|
355
|
+
git_net_url *url,
|
356
|
+
int target,
|
357
|
+
git_credential *creds,
|
358
|
+
int mechanisms)
|
359
|
+
{
|
360
|
+
int error = 0;
|
361
|
+
|
362
|
+
GIT_UNUSED(url);
|
363
|
+
|
364
|
+
/* If we have creds, just apply them */
|
365
|
+
if (creds && creds->credtype == GIT_CREDENTIAL_USERPASS_PLAINTEXT)
|
366
|
+
error = apply_userpass_credentials(request, target, mechanisms, creds);
|
367
|
+
else if (creds && creds->credtype == GIT_CREDENTIAL_DEFAULT)
|
368
|
+
error = apply_default_credentials(request, target, mechanisms);
|
369
|
+
|
370
|
+
return error;
|
371
|
+
}
|
338
372
|
|
339
373
|
static int winhttp_stream_connect(winhttp_stream *s)
|
340
374
|
{
|
@@ -348,11 +382,17 @@ static int winhttp_stream_connect(winhttp_stream *s)
|
|
348
382
|
unsigned long disable_redirects = WINHTTP_DISABLE_REDIRECTS;
|
349
383
|
int default_timeout = TIMEOUT_INFINITE;
|
350
384
|
int default_connect_timeout = DEFAULT_CONNECT_TIMEOUT;
|
385
|
+
DWORD autologon_policy = WINHTTP_AUTOLOGON_SECURITY_LEVEL_HIGH;
|
386
|
+
|
387
|
+
const char *service_url = s->service_url;
|
351
388
|
size_t i;
|
352
389
|
const git_proxy_options *proxy_opts;
|
353
390
|
|
391
|
+
/* If path already ends in /, remove the leading slash from service_url */
|
392
|
+
if ((git__suffixcmp(t->server.url.path, "/") == 0) && (git__prefixcmp(service_url, "/") == 0))
|
393
|
+
service_url++;
|
354
394
|
/* Prepare URL */
|
355
|
-
git_buf_printf(&buf, "%s%s", t->
|
395
|
+
git_buf_printf(&buf, "%s%s", t->server.url.path, service_url);
|
356
396
|
|
357
397
|
if (git_buf_oom(&buf))
|
358
398
|
return -1;
|
@@ -371,13 +411,17 @@ static int winhttp_stream_connect(winhttp_stream *s)
|
|
371
411
|
NULL,
|
372
412
|
WINHTTP_NO_REFERER,
|
373
413
|
types,
|
374
|
-
t->
|
414
|
+
git__strcmp(t->server.url.scheme, "https") == 0 ? WINHTTP_FLAG_SECURE : 0);
|
375
415
|
|
376
416
|
if (!s->request) {
|
377
417
|
git_error_set(GIT_ERROR_OS, "failed to open request");
|
378
418
|
goto on_error;
|
379
419
|
}
|
380
420
|
|
421
|
+
/* Never attempt default credentials; we'll provide them explicitly. */
|
422
|
+
if (!WinHttpSetOption(s->request, WINHTTP_OPTION_AUTOLOGON_POLICY, &autologon_policy, sizeof(DWORD)))
|
423
|
+
return -1;
|
424
|
+
|
381
425
|
if (!WinHttpSetTimeouts(s->request, default_timeout, default_connect_timeout, default_timeout, default_timeout)) {
|
382
426
|
git_error_set(GIT_ERROR_OS, "failed to set timeouts for WinHTTP");
|
383
427
|
goto on_error;
|
@@ -386,7 +430,7 @@ static int winhttp_stream_connect(winhttp_stream *s)
|
|
386
430
|
proxy_opts = &t->owner->proxy;
|
387
431
|
if (proxy_opts->type == GIT_PROXY_AUTO) {
|
388
432
|
/* Set proxy if necessary */
|
389
|
-
if (git_remote__get_http_proxy(t->owner->owner,
|
433
|
+
if (git_remote__get_http_proxy(t->owner->owner, (strcmp(t->server.url.scheme, "https") == 0), &proxy_url) < 0)
|
390
434
|
goto on_error;
|
391
435
|
}
|
392
436
|
else if (proxy_opts->type == GIT_PROXY_SPECIFIED) {
|
@@ -399,38 +443,24 @@ static int winhttp_stream_connect(winhttp_stream *s)
|
|
399
443
|
WINHTTP_PROXY_INFO proxy_info;
|
400
444
|
wchar_t *proxy_wide;
|
401
445
|
|
402
|
-
|
403
|
-
t->proxy_connection_data.use_ssl = false;
|
404
|
-
} else if (!git__prefixcmp(proxy_url, SCHEME_HTTPS)) {
|
405
|
-
t->proxy_connection_data.use_ssl = true;
|
406
|
-
} else {
|
407
|
-
git_error_set(GIT_ERROR_NET, "invalid URL: '%s'", proxy_url);
|
408
|
-
return -1;
|
409
|
-
}
|
410
|
-
|
411
|
-
gitno_connection_data_free_ptrs(&t->proxy_connection_data);
|
446
|
+
git_net_url_dispose(&t->proxy.url);
|
412
447
|
|
413
|
-
if ((error =
|
414
|
-
&t->proxy_connection_data.user, &t->proxy_connection_data.pass, proxy_url, NULL)) < 0)
|
448
|
+
if ((error = git_net_url_parse(&t->proxy.url, proxy_url)) < 0)
|
415
449
|
goto on_error;
|
416
450
|
|
417
|
-
if (t->
|
418
|
-
|
419
|
-
|
420
|
-
|
421
|
-
|
422
|
-
if ((error = git_cred_userpass_plaintext_new(&t->proxy_cred, t->proxy_connection_data.user, t->proxy_connection_data.pass)) < 0)
|
423
|
-
goto on_error;
|
451
|
+
if (strcmp(t->proxy.url.scheme, "http") != 0 && strcmp(t->proxy.url.scheme, "https") != 0) {
|
452
|
+
git_error_set(GIT_ERROR_HTTP, "invalid URL: '%s'", proxy_url);
|
453
|
+
error = -1;
|
454
|
+
goto on_error;
|
424
455
|
}
|
425
456
|
|
426
|
-
|
427
|
-
|
428
|
-
|
429
|
-
|
457
|
+
git_buf_puts(&processed_url, t->proxy.url.scheme);
|
458
|
+
git_buf_PUTS(&processed_url, "://");
|
459
|
+
|
460
|
+
git_buf_puts(&processed_url, t->proxy.url.host);
|
430
461
|
|
431
|
-
|
432
|
-
|
433
|
-
git_buf_printf(&processed_url, ":%s", t->proxy_connection_data.port);
|
462
|
+
if (!git_net_url_is_default_port(&t->proxy.url))
|
463
|
+
git_buf_printf(&processed_url, ":%s", t->proxy.url.port);
|
434
464
|
|
435
465
|
if (git_buf_oom(&processed_url)) {
|
436
466
|
error = -1;
|
@@ -458,13 +488,8 @@ static int winhttp_stream_connect(winhttp_stream *s)
|
|
458
488
|
|
459
489
|
git__free(proxy_wide);
|
460
490
|
|
461
|
-
if (t->
|
462
|
-
|
463
|
-
if ((error = apply_userpass_credential_proxy(s->request, t->proxy_cred, t->auth_mechanisms)) < 0)
|
464
|
-
goto on_error;
|
465
|
-
}
|
466
|
-
}
|
467
|
-
|
491
|
+
if ((error = apply_credentials(s->request, &t->proxy.url, WINHTTP_AUTH_TARGET_PROXY, t->proxy.cred, t->proxy.auth_mechanisms)) < 0)
|
492
|
+
goto on_error;
|
468
493
|
}
|
469
494
|
|
470
495
|
/* Disable WinHTTP redirects so we can handle them manually. Why, you ask?
|
@@ -475,6 +500,7 @@ static int winhttp_stream_connect(winhttp_stream *s)
|
|
475
500
|
&disable_redirects,
|
476
501
|
sizeof(disable_redirects))) {
|
477
502
|
git_error_set(GIT_ERROR_OS, "failed to disable redirects");
|
503
|
+
error = -1;
|
478
504
|
goto on_error;
|
479
505
|
}
|
480
506
|
|
@@ -547,33 +573,16 @@ static int winhttp_stream_connect(winhttp_stream *s)
|
|
547
573
|
}
|
548
574
|
|
549
575
|
/* If requested, disable certificate validation */
|
550
|
-
if (t->
|
576
|
+
if (strcmp(t->server.url.scheme, "https") == 0) {
|
551
577
|
int flags;
|
552
578
|
|
553
579
|
if (t->owner->parent.read_flags(&t->owner->parent, &flags) < 0)
|
554
580
|
goto on_error;
|
555
581
|
}
|
556
582
|
|
557
|
-
|
558
|
-
if (t->cred &&
|
559
|
-
t->cred->credtype == GIT_CREDTYPE_USERPASS_PLAINTEXT &&
|
560
|
-
apply_userpass_credential(s->request, t->auth_mechanisms, t->cred) < 0)
|
561
|
-
goto on_error;
|
562
|
-
else if (t->cred &&
|
563
|
-
t->cred->credtype == GIT_CREDTYPE_DEFAULT &&
|
564
|
-
apply_default_credentials(s->request, t->auth_mechanisms) < 0)
|
583
|
+
if ((error = apply_credentials(s->request, &t->server.url, WINHTTP_AUTH_TARGET_SERVER, t->server.cred, t->server.auth_mechanisms)) < 0)
|
565
584
|
goto on_error;
|
566
585
|
|
567
|
-
/* If no other credentials have been applied and the URL has username and
|
568
|
-
* password, use those */
|
569
|
-
if (!t->cred && t->connection_data.user && t->connection_data.pass) {
|
570
|
-
if (!t->url_cred &&
|
571
|
-
git_cred_userpass_plaintext_new(&t->url_cred, t->connection_data.user, t->connection_data.pass) < 0)
|
572
|
-
goto on_error;
|
573
|
-
if (apply_userpass_credential(s->request, GIT_WINHTTP_AUTH_BASIC, t->url_cred) < 0)
|
574
|
-
goto on_error;
|
575
|
-
}
|
576
|
-
|
577
586
|
/* We've done everything up to calling WinHttpSendRequest. */
|
578
587
|
|
579
588
|
error = 0;
|
@@ -588,9 +597,9 @@ on_error:
|
|
588
597
|
}
|
589
598
|
|
590
599
|
static int parse_unauthorized_response(
|
591
|
-
HINTERNET request,
|
592
600
|
int *allowed_types,
|
593
|
-
int *allowed_mechanisms
|
601
|
+
int *allowed_mechanisms,
|
602
|
+
HINTERNET request)
|
594
603
|
{
|
595
604
|
DWORD supported, first, target;
|
596
605
|
|
@@ -606,23 +615,23 @@ static int parse_unauthorized_response(
|
|
606
615
|
}
|
607
616
|
|
608
617
|
if (WINHTTP_AUTH_SCHEME_NTLM & supported) {
|
609
|
-
*allowed_types |=
|
610
|
-
*allowed_types |=
|
618
|
+
*allowed_types |= GIT_CREDENTIAL_USERPASS_PLAINTEXT;
|
619
|
+
*allowed_types |= GIT_CREDENTIAL_DEFAULT;
|
611
620
|
*allowed_mechanisms |= GIT_WINHTTP_AUTH_NTLM;
|
612
621
|
}
|
613
622
|
|
614
623
|
if (WINHTTP_AUTH_SCHEME_NEGOTIATE & supported) {
|
615
|
-
*allowed_types |=
|
624
|
+
*allowed_types |= GIT_CREDENTIAL_DEFAULT;
|
616
625
|
*allowed_mechanisms |= GIT_WINHTTP_AUTH_NEGOTIATE;
|
617
626
|
}
|
618
627
|
|
619
628
|
if (WINHTTP_AUTH_SCHEME_BASIC & supported) {
|
620
|
-
*allowed_types |=
|
629
|
+
*allowed_types |= GIT_CREDENTIAL_USERPASS_PLAINTEXT;
|
621
630
|
*allowed_mechanisms |= GIT_WINHTTP_AUTH_BASIC;
|
622
631
|
}
|
623
632
|
|
624
633
|
if (WINHTTP_AUTH_SCHEME_DIGEST & supported) {
|
625
|
-
*allowed_types |=
|
634
|
+
*allowed_types |= GIT_CREDENTIAL_USERPASS_PLAINTEXT;
|
626
635
|
*allowed_mechanisms |= GIT_WINHTTP_AUTH_DIGEST;
|
627
636
|
}
|
628
637
|
|
@@ -703,27 +712,37 @@ static void CALLBACK winhttp_status(
|
|
703
712
|
{
|
704
713
|
DWORD status;
|
705
714
|
|
706
|
-
|
707
|
-
|
708
|
-
|
709
|
-
|
710
|
-
|
711
|
-
|
712
|
-
|
713
|
-
|
714
|
-
|
715
|
-
|
716
|
-
|
717
|
-
|
718
|
-
|
719
|
-
|
720
|
-
|
721
|
-
|
722
|
-
|
723
|
-
|
724
|
-
|
725
|
-
|
726
|
-
|
715
|
+
GIT_UNUSED(connection);
|
716
|
+
GIT_UNUSED(info_len);
|
717
|
+
|
718
|
+
switch (code) {
|
719
|
+
case WINHTTP_CALLBACK_STATUS_SECURE_FAILURE:
|
720
|
+
status = *((DWORD *)info);
|
721
|
+
|
722
|
+
if ((status & WINHTTP_CALLBACK_STATUS_FLAG_CERT_CN_INVALID))
|
723
|
+
git_error_set(GIT_ERROR_HTTP, "SSL certificate issued for different common name");
|
724
|
+
else if ((status & WINHTTP_CALLBACK_STATUS_FLAG_CERT_DATE_INVALID))
|
725
|
+
git_error_set(GIT_ERROR_HTTP, "SSL certificate has expired");
|
726
|
+
else if ((status & WINHTTP_CALLBACK_STATUS_FLAG_INVALID_CA))
|
727
|
+
git_error_set(GIT_ERROR_HTTP, "SSL certificate signed by unknown CA");
|
728
|
+
else if ((status & WINHTTP_CALLBACK_STATUS_FLAG_INVALID_CERT))
|
729
|
+
git_error_set(GIT_ERROR_HTTP, "SSL certificate is invalid");
|
730
|
+
else if ((status & WINHTTP_CALLBACK_STATUS_FLAG_CERT_REV_FAILED))
|
731
|
+
git_error_set(GIT_ERROR_HTTP, "certificate revocation check failed");
|
732
|
+
else if ((status & WINHTTP_CALLBACK_STATUS_FLAG_CERT_REVOKED))
|
733
|
+
git_error_set(GIT_ERROR_HTTP, "SSL certificate was revoked");
|
734
|
+
else if ((status & WINHTTP_CALLBACK_STATUS_FLAG_SECURITY_CHANNEL_ERROR))
|
735
|
+
git_error_set(GIT_ERROR_HTTP, "security libraries could not be loaded");
|
736
|
+
else
|
737
|
+
git_error_set(GIT_ERROR_HTTP, "unknown security error %lu", status);
|
738
|
+
|
739
|
+
break;
|
740
|
+
|
741
|
+
case WINHTTP_CALLBACK_STATUS_SENDING_REQUEST:
|
742
|
+
((winhttp_stream *) ctx)->status_sending_request_reached = 1;
|
743
|
+
|
744
|
+
break;
|
745
|
+
}
|
727
746
|
}
|
728
747
|
|
729
748
|
static int winhttp_connect(
|
@@ -739,18 +758,19 @@ static int winhttp_connect(
|
|
739
758
|
DWORD protocols =
|
740
759
|
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1 |
|
741
760
|
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1 |
|
742
|
-
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2
|
761
|
+
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2 |
|
762
|
+
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3;
|
743
763
|
|
744
764
|
t->session = NULL;
|
745
765
|
t->connection = NULL;
|
746
766
|
|
747
767
|
/* Prepare port */
|
748
|
-
if (git__strntol32(&port, t->
|
749
|
-
strlen(t->
|
768
|
+
if (git__strntol32(&port, t->server.url.port,
|
769
|
+
strlen(t->server.url.port), NULL, 10) < 0)
|
750
770
|
return -1;
|
751
771
|
|
752
772
|
/* Prepare host */
|
753
|
-
if (git__utf8_to_16_alloc(&wide_host, t->
|
773
|
+
if (git__utf8_to_16_alloc(&wide_host, t->server.url.host) < 0) {
|
754
774
|
git_error_set(GIT_ERROR_OS, "unable to convert host to wide characters");
|
755
775
|
return -1;
|
756
776
|
}
|
@@ -784,14 +804,20 @@ static int winhttp_connect(
|
|
784
804
|
}
|
785
805
|
|
786
806
|
/*
|
787
|
-
* Do a best-effort attempt to enable TLS 1.2 but allow this to
|
788
|
-
* fail; if TLS 1.2 support is not available for some reason,
|
807
|
+
* Do a best-effort attempt to enable TLS 1.3 and 1.2 but allow this to
|
808
|
+
* fail; if TLS 1.2 or 1.3 support is not available for some reason,
|
789
809
|
* ignore the failure (it will keep the default protocols).
|
790
810
|
*/
|
791
|
-
WinHttpSetOption(t->session,
|
811
|
+
if (WinHttpSetOption(t->session,
|
792
812
|
WINHTTP_OPTION_SECURE_PROTOCOLS,
|
793
813
|
&protocols,
|
794
|
-
sizeof(protocols))
|
814
|
+
sizeof(protocols)) == FALSE) {
|
815
|
+
protocols &= ~WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3;
|
816
|
+
WinHttpSetOption(t->session,
|
817
|
+
WINHTTP_OPTION_SECURE_PROTOCOLS,
|
818
|
+
&protocols,
|
819
|
+
sizeof(protocols));
|
820
|
+
}
|
795
821
|
|
796
822
|
if (!WinHttpSetTimeouts(t->session, default_timeout, default_connect_timeout, default_timeout, default_timeout)) {
|
797
823
|
git_error_set(GIT_ERROR_OS, "failed to set timeouts for WinHTTP");
|
@@ -811,7 +837,12 @@ static int winhttp_connect(
|
|
811
837
|
goto on_error;
|
812
838
|
}
|
813
839
|
|
814
|
-
if (WinHttpSetStatusCallback(
|
840
|
+
if (WinHttpSetStatusCallback(
|
841
|
+
t->connection,
|
842
|
+
winhttp_status,
|
843
|
+
WINHTTP_CALLBACK_FLAG_SECURE_FAILURE | WINHTTP_CALLBACK_FLAG_SEND_REQUEST,
|
844
|
+
0
|
845
|
+
) == WINHTTP_INVALID_STATUS_CALLBACK) {
|
815
846
|
git_error_set(GIT_ERROR_OS, "failed to set status callback");
|
816
847
|
goto on_error;
|
817
848
|
}
|
@@ -828,22 +859,27 @@ on_error:
|
|
828
859
|
return error;
|
829
860
|
}
|
830
861
|
|
831
|
-
static int do_send_request(winhttp_stream *s, size_t len,
|
862
|
+
static int do_send_request(winhttp_stream *s, size_t len, bool chunked)
|
832
863
|
{
|
833
864
|
int attempts;
|
834
865
|
bool success;
|
835
866
|
|
867
|
+
if (len > DWORD_MAX) {
|
868
|
+
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
|
869
|
+
return -1;
|
870
|
+
}
|
871
|
+
|
836
872
|
for (attempts = 0; attempts < 5; attempts++) {
|
837
|
-
if (
|
873
|
+
if (chunked) {
|
838
874
|
success = WinHttpSendRequest(s->request,
|
839
875
|
WINHTTP_NO_ADDITIONAL_HEADERS, 0,
|
840
876
|
WINHTTP_NO_REQUEST_DATA, 0,
|
841
|
-
WINHTTP_IGNORE_REQUEST_TOTAL_LENGTH,
|
877
|
+
WINHTTP_IGNORE_REQUEST_TOTAL_LENGTH, (DWORD_PTR)s);
|
842
878
|
} else {
|
843
879
|
success = WinHttpSendRequest(s->request,
|
844
880
|
WINHTTP_NO_ADDITIONAL_HEADERS, 0,
|
845
881
|
WINHTTP_NO_REQUEST_DATA, 0,
|
846
|
-
len,
|
882
|
+
(DWORD)len, (DWORD_PTR)s);
|
847
883
|
}
|
848
884
|
|
849
885
|
if (success || GetLastError() != (DWORD)SEC_E_BUFFER_TOO_SMALL)
|
@@ -853,44 +889,128 @@ static int do_send_request(winhttp_stream *s, size_t len, int ignore_length)
|
|
853
889
|
return success ? 0 : -1;
|
854
890
|
}
|
855
891
|
|
856
|
-
static int send_request(winhttp_stream *s, size_t len,
|
892
|
+
static int send_request(winhttp_stream *s, size_t len, bool chunked)
|
857
893
|
{
|
858
|
-
int request_failed =
|
859
|
-
DWORD ignore_flags;
|
894
|
+
int request_failed = 1, error, attempts = 0;
|
895
|
+
DWORD ignore_flags, send_request_error;
|
860
896
|
|
861
897
|
git_error_clear();
|
862
|
-
|
863
|
-
|
864
|
-
|
865
|
-
|
898
|
+
|
899
|
+
while (request_failed && attempts++ < 3) {
|
900
|
+
int cert_valid = 1;
|
901
|
+
int client_cert_requested = 0;
|
902
|
+
request_failed = 0;
|
903
|
+
|
904
|
+
if ((error = do_send_request(s, len, chunked)) < 0) {
|
905
|
+
send_request_error = GetLastError();
|
906
|
+
request_failed = 1;
|
907
|
+
|
908
|
+
switch (send_request_error) {
|
909
|
+
case ERROR_WINHTTP_SECURE_FAILURE:
|
910
|
+
cert_valid = 0;
|
911
|
+
break;
|
912
|
+
case ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED:
|
913
|
+
client_cert_requested = 1;
|
914
|
+
break;
|
915
|
+
default:
|
916
|
+
git_error_set(GIT_ERROR_OS, "failed to send request");
|
917
|
+
return -1;
|
918
|
+
}
|
866
919
|
}
|
867
920
|
|
868
|
-
|
869
|
-
|
870
|
-
|
921
|
+
/*
|
922
|
+
* Only check the certificate if we were able to reach the sending request phase, or
|
923
|
+
* received a secure failure error. Otherwise, the server certificate won't be available
|
924
|
+
* since the request wasn't able to complete (e.g. proxy auth required)
|
925
|
+
*/
|
926
|
+
if (!cert_valid ||
|
927
|
+
(!request_failed && s->status_sending_request_reached)) {
|
928
|
+
git_error_clear();
|
929
|
+
if ((error = certificate_check(s, cert_valid)) < 0) {
|
930
|
+
if (!git_error_last())
|
931
|
+
git_error_set(GIT_ERROR_OS, "user cancelled certificate check");
|
871
932
|
|
872
|
-
|
873
|
-
|
874
|
-
|
875
|
-
git_error_set(GIT_ERROR_OS, "user cancelled certificate check");
|
933
|
+
return error;
|
934
|
+
}
|
935
|
+
}
|
876
936
|
|
877
|
-
|
937
|
+
/* if neither the request nor the certificate check returned errors, we're done */
|
938
|
+
if (!request_failed)
|
939
|
+
return 0;
|
940
|
+
|
941
|
+
if (!cert_valid) {
|
942
|
+
ignore_flags = no_check_cert_flags;
|
943
|
+
if (!WinHttpSetOption(s->request, WINHTTP_OPTION_SECURITY_FLAGS, &ignore_flags, sizeof(ignore_flags))) {
|
944
|
+
git_error_set(GIT_ERROR_OS, "failed to set security options");
|
945
|
+
return -1;
|
946
|
+
}
|
947
|
+
}
|
948
|
+
|
949
|
+
if (client_cert_requested) {
|
950
|
+
/*
|
951
|
+
* Client certificates are not supported, explicitly tell the server that
|
952
|
+
* (it's possible a client certificate was requested but is not required)
|
953
|
+
*/
|
954
|
+
if (!WinHttpSetOption(s->request, WINHTTP_OPTION_CLIENT_CERT_CONTEXT, WINHTTP_NO_CLIENT_CERT_CONTEXT, 0)) {
|
955
|
+
git_error_set(GIT_ERROR_OS, "failed to set client cert context");
|
956
|
+
return -1;
|
957
|
+
}
|
958
|
+
}
|
878
959
|
}
|
879
960
|
|
880
|
-
|
881
|
-
|
882
|
-
return 0;
|
961
|
+
return error;
|
962
|
+
}
|
883
963
|
|
884
|
-
|
964
|
+
static int acquire_credentials(
|
965
|
+
HINTERNET request,
|
966
|
+
winhttp_server *server,
|
967
|
+
const char *url_str,
|
968
|
+
git_credential_acquire_cb cred_cb,
|
969
|
+
void *cred_cb_payload)
|
970
|
+
{
|
971
|
+
int allowed_types;
|
972
|
+
int error = 1;
|
885
973
|
|
886
|
-
if (
|
887
|
-
git_error_set(GIT_ERROR_OS, "failed to set security options");
|
974
|
+
if (parse_unauthorized_response(&allowed_types, &server->auth_mechanisms, request) < 0)
|
888
975
|
return -1;
|
889
|
-
}
|
890
976
|
|
891
|
-
if (
|
892
|
-
|
977
|
+
if (allowed_types) {
|
978
|
+
git_credential_free(server->cred);
|
979
|
+
server->cred = NULL;
|
980
|
+
|
981
|
+
/* Start with URL-specified credentials, if there were any. */
|
982
|
+
if (!server->url_cred_presented && server->url.username && server->url.password) {
|
983
|
+
error = acquire_url_cred(&server->cred, allowed_types, server->url.username, server->url.password);
|
984
|
+
server->url_cred_presented = 1;
|
893
985
|
|
986
|
+
if (error < 0)
|
987
|
+
return error;
|
988
|
+
}
|
989
|
+
|
990
|
+
/* Next use the user-defined callback, if there is one. */
|
991
|
+
if (error > 0 && cred_cb) {
|
992
|
+
error = cred_cb(&server->cred, url_str, server->url.username, allowed_types, cred_cb_payload);
|
993
|
+
|
994
|
+
/* Treat GIT_PASSTHROUGH as though git_credential_acquire_cb isn't set */
|
995
|
+
if (error == GIT_PASSTHROUGH)
|
996
|
+
error = 1;
|
997
|
+
else if (error < 0)
|
998
|
+
return error;
|
999
|
+
}
|
1000
|
+
|
1001
|
+
/* Finally, invoke the fallback default credential lookup. */
|
1002
|
+
if (error > 0) {
|
1003
|
+
error = acquire_fallback_cred(&server->cred, url_str, allowed_types);
|
1004
|
+
|
1005
|
+
if (error < 0)
|
1006
|
+
return error;
|
1007
|
+
}
|
1008
|
+
}
|
1009
|
+
|
1010
|
+
/*
|
1011
|
+
* No error occurred but we could not find appropriate credentials.
|
1012
|
+
* This behaves like a pass-through.
|
1013
|
+
*/
|
894
1014
|
return error;
|
895
1015
|
}
|
896
1016
|
|
@@ -909,7 +1029,7 @@ static int winhttp_stream_read(
|
|
909
1029
|
replay:
|
910
1030
|
/* Enforce a reasonable cap on the number of replays */
|
911
1031
|
if (replay_count++ >= GIT_HTTP_REPLAY_MAX) {
|
912
|
-
git_error_set(
|
1032
|
+
git_error_set(GIT_ERROR_HTTP, "too many redirects or authentication replays");
|
913
1033
|
return -1;
|
914
1034
|
}
|
915
1035
|
|
@@ -924,7 +1044,7 @@ replay:
|
|
924
1044
|
|
925
1045
|
if (!s->sent_request) {
|
926
1046
|
|
927
|
-
if ((error = send_request(s, s->post_body_len,
|
1047
|
+
if ((error = send_request(s, s->post_body_len, false)) < 0)
|
928
1048
|
return error;
|
929
1049
|
|
930
1050
|
s->sent_request = 1;
|
@@ -960,6 +1080,7 @@ replay:
|
|
960
1080
|
}
|
961
1081
|
|
962
1082
|
buffer = git__malloc(CACHED_POST_BODY_BUF_SIZE);
|
1083
|
+
GIT_ERROR_CHECK_ALLOC(buffer);
|
963
1084
|
|
964
1085
|
while (len > 0) {
|
965
1086
|
DWORD bytes_written;
|
@@ -1067,7 +1188,7 @@ replay:
|
|
1067
1188
|
|
1068
1189
|
if (!git__prefixcmp_icase(location8, prefix_https)) {
|
1069
1190
|
/* Upgrade to secure connection; disconnect and start over */
|
1070
|
-
if (
|
1191
|
+
if (git_net_url_apply_redirect(&t->server.url, location8, s->service_url) < 0) {
|
1071
1192
|
git__free(location8);
|
1072
1193
|
return -1;
|
1073
1194
|
}
|
@@ -1082,72 +1203,39 @@ replay:
|
|
1082
1203
|
goto replay;
|
1083
1204
|
}
|
1084
1205
|
|
1085
|
-
/* Handle proxy authentication failures */
|
1086
|
-
if (status_code == HTTP_STATUS_PROXY_AUTH_REQ) {
|
1087
|
-
int allowed_types;
|
1088
|
-
|
1089
|
-
if (parse_unauthorized_response(s->request, &allowed_types, &t->auth_mechanisms) < 0)
|
1090
|
-
return -1;
|
1091
|
-
|
1092
|
-
/* TODO: extract the username from the url, no payload? */
|
1093
|
-
if (t->owner->proxy.credentials) {
|
1094
|
-
int cred_error = 1;
|
1095
|
-
cred_error = t->owner->proxy.credentials(&t->proxy_cred, t->owner->proxy.url, NULL, allowed_types, t->owner->proxy.payload);
|
1096
|
-
|
1097
|
-
if (cred_error < 0)
|
1098
|
-
return cred_error;
|
1099
|
-
}
|
1100
|
-
|
1101
|
-
winhttp_stream_close(s);
|
1102
|
-
goto replay;
|
1103
|
-
}
|
1104
|
-
|
1105
1206
|
/* Handle authentication failures */
|
1106
|
-
if (
|
1107
|
-
int
|
1108
|
-
|
1109
|
-
|
1110
|
-
|
1111
|
-
|
1112
|
-
|
1113
|
-
|
1114
|
-
|
1115
|
-
|
1116
|
-
t->cred
|
1117
|
-
|
1118
|
-
|
1119
|
-
|
1120
|
-
|
1121
|
-
|
1122
|
-
|
1123
|
-
|
1124
|
-
|
1125
|
-
|
1126
|
-
|
1127
|
-
|
1128
|
-
|
1129
|
-
|
1130
|
-
|
1131
|
-
|
1132
|
-
|
1133
|
-
|
1134
|
-
if (cred_error < 0)
|
1135
|
-
return cred_error;
|
1136
|
-
}
|
1137
|
-
|
1138
|
-
if (!cred_error) {
|
1139
|
-
assert(t->cred);
|
1140
|
-
|
1141
|
-
winhttp_stream_close(s);
|
1142
|
-
|
1143
|
-
/* Successfully acquired a credential */
|
1144
|
-
goto replay;
|
1145
|
-
}
|
1207
|
+
if (status_code == HTTP_STATUS_DENIED) {
|
1208
|
+
int error = acquire_credentials(s->request,
|
1209
|
+
&t->server,
|
1210
|
+
t->owner->url,
|
1211
|
+
t->owner->cred_acquire_cb,
|
1212
|
+
t->owner->cred_acquire_payload);
|
1213
|
+
|
1214
|
+
if (error < 0) {
|
1215
|
+
return error;
|
1216
|
+
} else if (!error) {
|
1217
|
+
assert(t->server.cred);
|
1218
|
+
winhttp_stream_close(s);
|
1219
|
+
goto replay;
|
1220
|
+
}
|
1221
|
+
} else if (status_code == HTTP_STATUS_PROXY_AUTH_REQ) {
|
1222
|
+
int error = acquire_credentials(s->request,
|
1223
|
+
&t->proxy,
|
1224
|
+
t->owner->proxy.url,
|
1225
|
+
t->owner->proxy.credentials,
|
1226
|
+
t->owner->proxy.payload);
|
1227
|
+
|
1228
|
+
if (error < 0) {
|
1229
|
+
return error;
|
1230
|
+
} else if (!error) {
|
1231
|
+
assert(t->proxy.cred);
|
1232
|
+
winhttp_stream_close(s);
|
1233
|
+
goto replay;
|
1146
1234
|
}
|
1147
1235
|
}
|
1148
1236
|
|
1149
1237
|
if (HTTP_STATUS_OK != status_code) {
|
1150
|
-
git_error_set(
|
1238
|
+
git_error_set(GIT_ERROR_HTTP, "request failed with status code: %lu", status_code);
|
1151
1239
|
return -1;
|
1152
1240
|
}
|
1153
1241
|
|
@@ -1174,7 +1262,7 @@ replay:
|
|
1174
1262
|
}
|
1175
1263
|
|
1176
1264
|
if (wcscmp(expected_content_type, content_type)) {
|
1177
|
-
git_error_set(
|
1265
|
+
git_error_set(GIT_ERROR_HTTP, "received unexpected content-type");
|
1178
1266
|
return -1;
|
1179
1267
|
}
|
1180
1268
|
|
@@ -1209,11 +1297,11 @@ static int winhttp_stream_write_single(
|
|
1209
1297
|
|
1210
1298
|
/* This implementation of write permits only a single call. */
|
1211
1299
|
if (s->sent_request) {
|
1212
|
-
git_error_set(
|
1300
|
+
git_error_set(GIT_ERROR_HTTP, "subtransport configured for only one write");
|
1213
1301
|
return -1;
|
1214
1302
|
}
|
1215
1303
|
|
1216
|
-
if ((error = send_request(s, len,
|
1304
|
+
if ((error = send_request(s, len, false)) < 0)
|
1217
1305
|
return error;
|
1218
1306
|
|
1219
1307
|
s->sent_request = 1;
|
@@ -1240,12 +1328,12 @@ static int put_uuid_string(LPWSTR buffer, size_t buffer_len_cch)
|
|
1240
1328
|
if (RPC_S_OK != status &&
|
1241
1329
|
RPC_S_UUID_LOCAL_ONLY != status &&
|
1242
1330
|
RPC_S_UUID_NO_ADDRESS != status) {
|
1243
|
-
git_error_set(
|
1331
|
+
git_error_set(GIT_ERROR_HTTP, "unable to generate name for temp file");
|
1244
1332
|
return -1;
|
1245
1333
|
}
|
1246
1334
|
|
1247
1335
|
if (buffer_len_cch < UUID_LENGTH_CCH + 1) {
|
1248
|
-
git_error_set(
|
1336
|
+
git_error_set(GIT_ERROR_HTTP, "buffer too small for name of temp file");
|
1249
1337
|
return -1;
|
1250
1338
|
}
|
1251
1339
|
|
@@ -1352,7 +1440,7 @@ static int winhttp_stream_write_chunked(
|
|
1352
1440
|
return -1;
|
1353
1441
|
}
|
1354
1442
|
|
1355
|
-
if ((error = send_request(s, 0,
|
1443
|
+
if ((error = send_request(s, 0, true)) < 0)
|
1356
1444
|
return error;
|
1357
1445
|
|
1358
1446
|
s->sent_request = 1;
|
@@ -1375,8 +1463,10 @@ static int winhttp_stream_write_chunked(
|
|
1375
1463
|
/* Append as much to the buffer as we can */
|
1376
1464
|
int count = (int)min(CACHED_POST_BODY_BUF_SIZE - s->chunk_buffer_len, len);
|
1377
1465
|
|
1378
|
-
if (!s->chunk_buffer)
|
1466
|
+
if (!s->chunk_buffer) {
|
1379
1467
|
s->chunk_buffer = git__malloc(CACHED_POST_BODY_BUF_SIZE);
|
1468
|
+
GIT_ERROR_CHECK_ALLOC(s->chunk_buffer);
|
1469
|
+
}
|
1380
1470
|
|
1381
1471
|
memcpy(s->chunk_buffer + s->chunk_buffer_len, buffer, count);
|
1382
1472
|
s->chunk_buffer_len += count;
|
@@ -1501,7 +1591,7 @@ static int winhttp_action(
|
|
1501
1591
|
int ret = -1;
|
1502
1592
|
|
1503
1593
|
if (!t->connection)
|
1504
|
-
if ((ret =
|
1594
|
+
if ((ret = git_net_url_parse(&t->server.url, url)) < 0 ||
|
1505
1595
|
(ret = winhttp_connect(t)) < 0)
|
1506
1596
|
return ret;
|
1507
1597
|
|
@@ -1543,24 +1633,17 @@ static int winhttp_close(git_smart_subtransport *subtransport)
|
|
1543
1633
|
{
|
1544
1634
|
winhttp_subtransport *t = (winhttp_subtransport *)subtransport;
|
1545
1635
|
|
1546
|
-
|
1547
|
-
|
1548
|
-
gitno_connection_data_free_ptrs(&t->proxy_connection_data);
|
1549
|
-
memset(&t->proxy_connection_data, 0x0, sizeof(gitno_connection_data));
|
1550
|
-
|
1551
|
-
if (t->cred) {
|
1552
|
-
t->cred->free(t->cred);
|
1553
|
-
t->cred = NULL;
|
1554
|
-
}
|
1636
|
+
git_net_url_dispose(&t->server.url);
|
1637
|
+
git_net_url_dispose(&t->proxy.url);
|
1555
1638
|
|
1556
|
-
if (t->
|
1557
|
-
t->
|
1558
|
-
t->
|
1639
|
+
if (t->server.cred) {
|
1640
|
+
t->server.cred->free(t->server.cred);
|
1641
|
+
t->server.cred = NULL;
|
1559
1642
|
}
|
1560
1643
|
|
1561
|
-
if (t->
|
1562
|
-
t->
|
1563
|
-
t->
|
1644
|
+
if (t->proxy.cred) {
|
1645
|
+
t->proxy.cred->free(t->proxy.cred);
|
1646
|
+
t->proxy.cred = NULL;
|
1564
1647
|
}
|
1565
1648
|
|
1566
1649
|
return winhttp_close_connection(t);
|