rugged 1.4.4 → 1.4.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/rugged/version.rb +1 -1
- data/vendor/libgit2/CMakeLists.txt +1 -1
- data/vendor/libgit2/include/git2/version.h +2 -2
- data/vendor/libgit2/src/transports/ssh.c +326 -91
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: dd69fad6044328285033c8e2b1b4c5d55f9efc8bab4f8e2eefe854d7b3b24f0b
|
4
|
+
data.tar.gz: 4de981e42df7d71268ccd5de9570841d7f4ea328f786e4c28aa370d05c083dbe
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 94d5255852031c4ba5ef3843c1d229f3e9eba4dd76255c17cf128c2751d0258eb1b629e6d9f8a549fe7ecfa5ef21dcd97ddd8411b0691e7a34d920aee6bd6e42
|
7
|
+
data.tar.gz: 6109923550772868a369a3c8da2d12a1ff049e8661d5c99b1d5752cddc5d6e4715c4bae50840313c7cceb52d87ab0b08d7a70912a92b4ff00b4123371270724b
|
data/lib/rugged/version.rb
CHANGED
@@ -7,10 +7,10 @@
|
|
7
7
|
#ifndef INCLUDE_git_version_h__
|
8
8
|
#define INCLUDE_git_version_h__
|
9
9
|
|
10
|
-
#define LIBGIT2_VERSION "1.4.
|
10
|
+
#define LIBGIT2_VERSION "1.4.5"
|
11
11
|
#define LIBGIT2_VER_MAJOR 1
|
12
12
|
#define LIBGIT2_VER_MINOR 4
|
13
|
-
#define LIBGIT2_VER_REVISION
|
13
|
+
#define LIBGIT2_VER_REVISION 5
|
14
14
|
#define LIBGIT2_VER_PATCH 0
|
15
15
|
|
16
16
|
#define LIBGIT2_SOVERSION "1.4"
|
@@ -421,15 +421,119 @@ static int request_creds(git_credential **out, ssh_subtransport *t, const char *
|
|
421
421
|
return 0;
|
422
422
|
}
|
423
423
|
|
424
|
+
#define KNOWN_HOSTS_FILE ".ssh/known_hosts"
|
425
|
+
|
426
|
+
/*
|
427
|
+
* Load the known_hosts file.
|
428
|
+
*
|
429
|
+
* Returns success but leaves the output NULL if we couldn't find the file.
|
430
|
+
*/
|
431
|
+
static int load_known_hosts(LIBSSH2_KNOWNHOSTS **hosts, LIBSSH2_SESSION *session)
|
432
|
+
{
|
433
|
+
git_str path = GIT_STR_INIT, home = GIT_STR_INIT;
|
434
|
+
LIBSSH2_KNOWNHOSTS *known_hosts = NULL;
|
435
|
+
int error;
|
436
|
+
|
437
|
+
GIT_ASSERT_ARG(hosts);
|
438
|
+
|
439
|
+
if ((error = git__getenv(&home, "HOME")) < 0)
|
440
|
+
return error;
|
441
|
+
|
442
|
+
if ((error = git_str_joinpath(&path, git_str_cstr(&home), KNOWN_HOSTS_FILE)) < 0)
|
443
|
+
goto out;
|
444
|
+
|
445
|
+
if ((known_hosts = libssh2_knownhost_init(session)) == NULL) {
|
446
|
+
ssh_error(session, "error initializing known hosts");
|
447
|
+
error = -1;
|
448
|
+
goto out;
|
449
|
+
}
|
450
|
+
|
451
|
+
/*
|
452
|
+
* Try to read the file and consider not finding it as not trusting the
|
453
|
+
* host rather than an error.
|
454
|
+
*/
|
455
|
+
error = libssh2_knownhost_readfile(known_hosts, git_str_cstr(&path), LIBSSH2_KNOWNHOST_FILE_OPENSSH);
|
456
|
+
if (error == LIBSSH2_ERROR_FILE)
|
457
|
+
error = 0;
|
458
|
+
if (error < 0)
|
459
|
+
ssh_error(session, "error reading known_hosts");
|
460
|
+
|
461
|
+
out:
|
462
|
+
*hosts = known_hosts;
|
463
|
+
|
464
|
+
git_str_clear(&home);
|
465
|
+
git_str_clear(&path);
|
466
|
+
|
467
|
+
return error;
|
468
|
+
}
|
469
|
+
|
470
|
+
static const char *hostkey_type_to_string(int type)
|
471
|
+
{
|
472
|
+
switch (type) {
|
473
|
+
case LIBSSH2_KNOWNHOST_KEY_SSHRSA:
|
474
|
+
return "ssh-rsa";
|
475
|
+
case LIBSSH2_KNOWNHOST_KEY_SSHDSS:
|
476
|
+
return "ssh-dss";
|
477
|
+
#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_256
|
478
|
+
case LIBSSH2_KNOWNHOST_KEY_ECDSA_256:
|
479
|
+
return "ecdsa-sha2-nistp256";
|
480
|
+
case LIBSSH2_KNOWNHOST_KEY_ECDSA_384:
|
481
|
+
return "ecdsa-sha2-nistp384";
|
482
|
+
case LIBSSH2_KNOWNHOST_KEY_ECDSA_521:
|
483
|
+
return "ecdsa-sha2-nistp521";
|
484
|
+
#endif
|
485
|
+
#ifdef LIBSSH2_KNOWNHOST_KEY_ED25519
|
486
|
+
case LIBSSH2_KNOWNHOST_KEY_ED25519:
|
487
|
+
return "ssh-ed25519";
|
488
|
+
#endif
|
489
|
+
}
|
490
|
+
|
491
|
+
return NULL;
|
492
|
+
}
|
493
|
+
|
494
|
+
/*
|
495
|
+
* We figure out what kind of key we want to ask the remote for by trying to
|
496
|
+
* look it up with a nonsense key and using that mismatch to figure out what key
|
497
|
+
* we do have stored for the host.
|
498
|
+
*
|
499
|
+
* Returns the string to pass to libssh2_session_method_pref or NULL if we were
|
500
|
+
* unable to find anything or an error happened.
|
501
|
+
*/
|
502
|
+
static const char *find_hostkey_preference(LIBSSH2_KNOWNHOSTS *known_hosts, const char *hostname, int port)
|
503
|
+
{
|
504
|
+
struct libssh2_knownhost *host = NULL;
|
505
|
+
/* Specify no key type so we don't filter on that */
|
506
|
+
int type = LIBSSH2_KNOWNHOST_TYPE_PLAIN | LIBSSH2_KNOWNHOST_KEYENC_RAW;
|
507
|
+
const char key = '\0';
|
508
|
+
int error;
|
509
|
+
|
510
|
+
/*
|
511
|
+
* In case of mismatch, we can find the type of key from known_hosts in
|
512
|
+
* the returned host's information as it means that an entry was found
|
513
|
+
* but our nonsense key obviously didn't match.
|
514
|
+
*/
|
515
|
+
error = libssh2_knownhost_checkp(known_hosts, hostname, port, &key, 1, type, &host);
|
516
|
+
if (error == LIBSSH2_KNOWNHOST_CHECK_MISMATCH)
|
517
|
+
return hostkey_type_to_string(host->typemask & LIBSSH2_KNOWNHOST_KEY_MASK);
|
518
|
+
|
519
|
+
return NULL;
|
520
|
+
}
|
521
|
+
|
424
522
|
static int _git_ssh_session_create(
|
425
523
|
LIBSSH2_SESSION **session,
|
524
|
+
LIBSSH2_KNOWNHOSTS **hosts,
|
525
|
+
const char *hostname,
|
526
|
+
int port,
|
426
527
|
git_stream *io)
|
427
528
|
{
|
428
529
|
int rc = 0;
|
429
530
|
LIBSSH2_SESSION *s;
|
531
|
+
LIBSSH2_KNOWNHOSTS *known_hosts;
|
430
532
|
git_socket_stream *socket = GIT_CONTAINER_OF(io, git_socket_stream, parent);
|
533
|
+
const char *keytype = NULL;
|
431
534
|
|
432
535
|
GIT_ASSERT_ARG(session);
|
536
|
+
GIT_ASSERT_ARG(hosts);
|
433
537
|
|
434
538
|
s = libssh2_session_init();
|
435
539
|
if (!s) {
|
@@ -437,21 +541,225 @@ static int _git_ssh_session_create(
|
|
437
541
|
return -1;
|
438
542
|
}
|
439
543
|
|
544
|
+
if ((rc = load_known_hosts(&known_hosts, s)) < 0) {
|
545
|
+
ssh_error(s, "error loading known_hosts");
|
546
|
+
libssh2_session_free(s);
|
547
|
+
return -1;
|
548
|
+
}
|
549
|
+
|
550
|
+
if ((keytype = find_hostkey_preference(known_hosts, hostname, port)) != NULL) {
|
551
|
+
do {
|
552
|
+
rc = libssh2_session_method_pref(s, LIBSSH2_METHOD_HOSTKEY, keytype);
|
553
|
+
} while (LIBSSH2_ERROR_EAGAIN == rc || LIBSSH2_ERROR_TIMEOUT == rc);
|
554
|
+
if (rc != LIBSSH2_ERROR_NONE) {
|
555
|
+
ssh_error(s, "failed to set hostkey preference");
|
556
|
+
goto on_error;
|
557
|
+
}
|
558
|
+
}
|
559
|
+
|
560
|
+
|
440
561
|
do {
|
441
562
|
rc = libssh2_session_handshake(s, socket->s);
|
442
563
|
} while (LIBSSH2_ERROR_EAGAIN == rc || LIBSSH2_ERROR_TIMEOUT == rc);
|
443
564
|
|
444
565
|
if (rc != LIBSSH2_ERROR_NONE) {
|
445
566
|
ssh_error(s, "failed to start SSH session");
|
446
|
-
|
447
|
-
return -1;
|
567
|
+
goto on_error;
|
448
568
|
}
|
449
569
|
|
450
570
|
libssh2_session_set_blocking(s, 1);
|
451
571
|
|
452
572
|
*session = s;
|
573
|
+
*hosts = known_hosts;
|
453
574
|
|
454
575
|
return 0;
|
576
|
+
|
577
|
+
on_error:
|
578
|
+
libssh2_knownhost_free(known_hosts);
|
579
|
+
libssh2_session_free(s);
|
580
|
+
return -1;
|
581
|
+
}
|
582
|
+
|
583
|
+
|
584
|
+
/*
|
585
|
+
* Returns the typemask argument to pass to libssh2_knownhost_check{,p} based on
|
586
|
+
* the type of key that libssh2_session_hostkey returns.
|
587
|
+
*/
|
588
|
+
static int fingerprint_type_mask(int keytype)
|
589
|
+
{
|
590
|
+
int mask = LIBSSH2_KNOWNHOST_TYPE_PLAIN | LIBSSH2_KNOWNHOST_KEYENC_RAW;
|
591
|
+
return mask;
|
592
|
+
|
593
|
+
switch (keytype) {
|
594
|
+
case LIBSSH2_HOSTKEY_TYPE_RSA:
|
595
|
+
mask |= LIBSSH2_KNOWNHOST_KEY_SSHRSA;
|
596
|
+
break;
|
597
|
+
case LIBSSH2_HOSTKEY_TYPE_DSS:
|
598
|
+
mask |= LIBSSH2_KNOWNHOST_KEY_SSHDSS;
|
599
|
+
break;
|
600
|
+
#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_256
|
601
|
+
case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
|
602
|
+
mask |= LIBSSH2_KNOWNHOST_KEY_ECDSA_256;
|
603
|
+
break;
|
604
|
+
case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
|
605
|
+
mask |= LIBSSH2_KNOWNHOST_KEY_ECDSA_384;
|
606
|
+
break;
|
607
|
+
case LIBSSH2_HOSTKEY_TYPE_ECDSA_521:
|
608
|
+
mask |= LIBSSH2_KNOWNHOST_KEY_ECDSA_521;
|
609
|
+
break;
|
610
|
+
#endif
|
611
|
+
#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519
|
612
|
+
case LIBSSH2_HOSTKEY_TYPE_ED25519:
|
613
|
+
mask |= LIBSSH2_KNOWNHOST_KEY_ED25519;
|
614
|
+
break;
|
615
|
+
#endif
|
616
|
+
}
|
617
|
+
|
618
|
+
return mask;
|
619
|
+
}
|
620
|
+
|
621
|
+
/*
|
622
|
+
* Check the host against the user's known_hosts file.
|
623
|
+
*
|
624
|
+
* Returns 1/0 for valid/''not-valid or <0 for an error
|
625
|
+
*/
|
626
|
+
static int check_against_known_hosts(
|
627
|
+
LIBSSH2_SESSION *session,
|
628
|
+
LIBSSH2_KNOWNHOSTS *known_hosts,
|
629
|
+
const char *hostname,
|
630
|
+
int port,
|
631
|
+
const char *key,
|
632
|
+
size_t key_len,
|
633
|
+
int key_type)
|
634
|
+
{
|
635
|
+
int check, typemask, ret = 0;
|
636
|
+
struct libssh2_knownhost *host = NULL;
|
637
|
+
|
638
|
+
if (known_hosts == NULL)
|
639
|
+
return 0;
|
640
|
+
|
641
|
+
typemask = fingerprint_type_mask(key_type);
|
642
|
+
check = libssh2_knownhost_checkp(known_hosts, hostname, port, key, key_len, typemask, &host);
|
643
|
+
if (check == LIBSSH2_KNOWNHOST_CHECK_FAILURE) {
|
644
|
+
ssh_error(session, "error checking for known host");
|
645
|
+
return -1;
|
646
|
+
}
|
647
|
+
|
648
|
+
ret = check == LIBSSH2_KNOWNHOST_CHECK_MATCH ? 1 : 0;
|
649
|
+
|
650
|
+
return ret;
|
651
|
+
}
|
652
|
+
|
653
|
+
/*
|
654
|
+
* Perform the check for the session's certificate against known hosts if
|
655
|
+
* possible and then ask the user if they have a callback.
|
656
|
+
*
|
657
|
+
* Returns 1/0 for valid/not-valid or <0 for an error
|
658
|
+
*/
|
659
|
+
static int check_certificate(
|
660
|
+
LIBSSH2_SESSION *session,
|
661
|
+
LIBSSH2_KNOWNHOSTS *known_hosts,
|
662
|
+
git_transport_certificate_check_cb check_cb,
|
663
|
+
void *check_cb_payload,
|
664
|
+
const char *host,
|
665
|
+
int port)
|
666
|
+
{
|
667
|
+
git_cert_hostkey cert = {{ 0 }};
|
668
|
+
const char *key;
|
669
|
+
size_t cert_len;
|
670
|
+
int cert_type, cert_valid = 0, error = 0;
|
671
|
+
|
672
|
+
if ((key = libssh2_session_hostkey(session, &cert_len, &cert_type)) == NULL) {
|
673
|
+
ssh_error(session, "failed to retrieve hostkey");
|
674
|
+
return -1;
|
675
|
+
}
|
676
|
+
|
677
|
+
if ((cert_valid = check_against_known_hosts(session, known_hosts, host, port, key, cert_len, cert_type)) < 0)
|
678
|
+
return -1;
|
679
|
+
|
680
|
+
cert.parent.cert_type = GIT_CERT_HOSTKEY_LIBSSH2;
|
681
|
+
if (key != NULL) {
|
682
|
+
cert.type |= GIT_CERT_SSH_RAW;
|
683
|
+
cert.hostkey = key;
|
684
|
+
cert.hostkey_len = cert_len;
|
685
|
+
switch (cert_type) {
|
686
|
+
case LIBSSH2_HOSTKEY_TYPE_RSA:
|
687
|
+
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_RSA;
|
688
|
+
break;
|
689
|
+
case LIBSSH2_HOSTKEY_TYPE_DSS:
|
690
|
+
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_DSS;
|
691
|
+
break;
|
692
|
+
|
693
|
+
#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_256
|
694
|
+
case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
|
695
|
+
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_256;
|
696
|
+
break;
|
697
|
+
case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
|
698
|
+
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_384;
|
699
|
+
break;
|
700
|
+
case LIBSSH2_KNOWNHOST_KEY_ECDSA_521:
|
701
|
+
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_521;
|
702
|
+
break;
|
703
|
+
#endif
|
704
|
+
|
705
|
+
#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519
|
706
|
+
case LIBSSH2_HOSTKEY_TYPE_ED25519:
|
707
|
+
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ED25519;
|
708
|
+
break;
|
709
|
+
#endif
|
710
|
+
default:
|
711
|
+
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_UNKNOWN;
|
712
|
+
}
|
713
|
+
}
|
714
|
+
|
715
|
+
#ifdef LIBSSH2_HOSTKEY_HASH_SHA256
|
716
|
+
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA256);
|
717
|
+
if (key != NULL) {
|
718
|
+
cert.type |= GIT_CERT_SSH_SHA256;
|
719
|
+
memcpy(&cert.hash_sha256, key, 32);
|
720
|
+
}
|
721
|
+
#endif
|
722
|
+
|
723
|
+
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
|
724
|
+
if (key != NULL) {
|
725
|
+
cert.type |= GIT_CERT_SSH_SHA1;
|
726
|
+
memcpy(&cert.hash_sha1, key, 20);
|
727
|
+
}
|
728
|
+
|
729
|
+
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
|
730
|
+
if (key != NULL) {
|
731
|
+
cert.type |= GIT_CERT_SSH_MD5;
|
732
|
+
memcpy(&cert.hash_md5, key, 16);
|
733
|
+
}
|
734
|
+
|
735
|
+
if (cert.type == 0) {
|
736
|
+
git_error_set(GIT_ERROR_SSH, "unable to get the host key");
|
737
|
+
return -1;
|
738
|
+
}
|
739
|
+
|
740
|
+
git_error_clear();
|
741
|
+
error = 0;
|
742
|
+
if (!cert_valid) {
|
743
|
+
git_error_set(GIT_ERROR_SSH, "invalid or unknown remote ssh hostkey");
|
744
|
+
error = GIT_ECERTIFICATE;
|
745
|
+
}
|
746
|
+
|
747
|
+
if (check_cb != NULL) {
|
748
|
+
git_cert_hostkey *cert_ptr = &cert;
|
749
|
+
git_error_state previous_error = {0};
|
750
|
+
|
751
|
+
git_error_state_capture(&previous_error, error);
|
752
|
+
error = check_cb((git_cert *) cert_ptr, cert_valid, host, check_cb_payload);
|
753
|
+
if (error == GIT_PASSTHROUGH) {
|
754
|
+
error = git_error_state_restore(&previous_error);
|
755
|
+
} else if (error < 0 && !git_error_last()) {
|
756
|
+
git_error_set(GIT_ERROR_NET, "user canceled hostkey check");
|
757
|
+
}
|
758
|
+
|
759
|
+
git_error_state_free(&previous_error);
|
760
|
+
}
|
761
|
+
|
762
|
+
return error;
|
455
763
|
}
|
456
764
|
|
457
765
|
#define SSH_DEFAULT_PORT "22"
|
@@ -462,11 +770,12 @@ static int _git_ssh_setup_conn(
|
|
462
770
|
const char *cmd,
|
463
771
|
git_smart_subtransport_stream **stream)
|
464
772
|
{
|
465
|
-
int auth_methods, error = 0;
|
773
|
+
int auth_methods, error = 0, port;
|
466
774
|
ssh_stream *s;
|
467
775
|
git_credential *cred = NULL;
|
468
776
|
LIBSSH2_SESSION *session=NULL;
|
469
777
|
LIBSSH2_CHANNEL *channel=NULL;
|
778
|
+
LIBSSH2_KNOWNHOSTS *known_hosts = NULL;
|
470
779
|
|
471
780
|
t->current_stream = NULL;
|
472
781
|
|
@@ -490,96 +799,20 @@ static int _git_ssh_setup_conn(
|
|
490
799
|
(error = git_stream_connect(s->io)) < 0)
|
491
800
|
goto done;
|
492
801
|
|
493
|
-
|
494
|
-
|
495
|
-
|
496
|
-
|
497
|
-
|
498
|
-
|
499
|
-
|
500
|
-
|
501
|
-
|
502
|
-
cert.parent.cert_type = GIT_CERT_HOSTKEY_LIBSSH2;
|
503
|
-
|
504
|
-
key = libssh2_session_hostkey(session, &cert_len, &cert_type);
|
505
|
-
if (key != NULL) {
|
506
|
-
cert.type |= GIT_CERT_SSH_RAW;
|
507
|
-
cert.hostkey = key;
|
508
|
-
cert.hostkey_len = cert_len;
|
509
|
-
switch (cert_type) {
|
510
|
-
case LIBSSH2_HOSTKEY_TYPE_RSA:
|
511
|
-
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_RSA;
|
512
|
-
break;
|
513
|
-
case LIBSSH2_HOSTKEY_TYPE_DSS:
|
514
|
-
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_DSS;
|
515
|
-
break;
|
516
|
-
|
517
|
-
#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_256
|
518
|
-
case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
|
519
|
-
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_256;
|
520
|
-
break;
|
521
|
-
case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
|
522
|
-
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_384;
|
523
|
-
break;
|
524
|
-
case LIBSSH2_KNOWNHOST_KEY_ECDSA_521:
|
525
|
-
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_521;
|
526
|
-
break;
|
527
|
-
#endif
|
528
|
-
|
529
|
-
#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519
|
530
|
-
case LIBSSH2_HOSTKEY_TYPE_ED25519:
|
531
|
-
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ED25519;
|
532
|
-
break;
|
533
|
-
#endif
|
534
|
-
default:
|
535
|
-
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_UNKNOWN;
|
536
|
-
}
|
537
|
-
}
|
538
|
-
|
539
|
-
#ifdef LIBSSH2_HOSTKEY_HASH_SHA256
|
540
|
-
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA256);
|
541
|
-
if (key != NULL) {
|
542
|
-
cert.type |= GIT_CERT_SSH_SHA256;
|
543
|
-
memcpy(&cert.hash_sha256, key, 32);
|
544
|
-
}
|
545
|
-
#endif
|
546
|
-
|
547
|
-
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
|
548
|
-
if (key != NULL) {
|
549
|
-
cert.type |= GIT_CERT_SSH_SHA1;
|
550
|
-
memcpy(&cert.hash_sha1, key, 20);
|
551
|
-
}
|
552
|
-
|
553
|
-
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
|
554
|
-
if (key != NULL) {
|
555
|
-
cert.type |= GIT_CERT_SSH_MD5;
|
556
|
-
memcpy(&cert.hash_md5, key, 16);
|
557
|
-
}
|
558
|
-
|
559
|
-
if (cert.type == 0) {
|
560
|
-
git_error_set(GIT_ERROR_SSH, "unable to get the host key");
|
561
|
-
error = -1;
|
562
|
-
goto done;
|
563
|
-
}
|
564
|
-
|
565
|
-
/* We don't currently trust any hostkeys */
|
566
|
-
git_error_clear();
|
567
|
-
|
568
|
-
cert_ptr = &cert;
|
569
|
-
|
570
|
-
error = t->owner->connect_opts.callbacks.certificate_check(
|
571
|
-
(git_cert *)cert_ptr,
|
572
|
-
0,
|
573
|
-
s->url.host,
|
574
|
-
t->owner->connect_opts.callbacks.payload);
|
802
|
+
/*
|
803
|
+
* Try to parse the port as a number, if we can't then fall back to
|
804
|
+
* default. It would be nice if we could get the port that was resolved
|
805
|
+
* as part of the stream connection, but that's not something that's
|
806
|
+
* exposed.
|
807
|
+
*/
|
808
|
+
if (git__strntol32(&port, s->url.port, strlen(s->url.port), NULL, 10) < 0)
|
809
|
+
port = -1;
|
575
810
|
|
576
|
-
|
577
|
-
|
578
|
-
git_error_set(GIT_ERROR_NET, "user cancelled hostkey check");
|
811
|
+
if ((error = _git_ssh_session_create(&session, &known_hosts, s->url.host, port, s->io)) < 0)
|
812
|
+
goto done;
|
579
813
|
|
580
|
-
|
581
|
-
|
582
|
-
}
|
814
|
+
if ((error = check_certificate(session, known_hosts, t->owner->connect_opts.callbacks.certificate_check, t->owner->connect_opts.callbacks.payload, s->url.host, port)) < 0)
|
815
|
+
goto done;
|
583
816
|
|
584
817
|
/* we need the username to ask for auth methods */
|
585
818
|
if (!s->url.username) {
|
@@ -651,6 +884,8 @@ done:
|
|
651
884
|
if (error < 0) {
|
652
885
|
ssh_stream_free(*stream);
|
653
886
|
|
887
|
+
if (known_hosts)
|
888
|
+
libssh2_knownhost_free(known_hosts);
|
654
889
|
if (session)
|
655
890
|
libssh2_session_free(session);
|
656
891
|
}
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rugged
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.4.
|
4
|
+
version: 1.4.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Scott Chacon
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2023-01-21 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rake-compiler
|