proxmox-mirrors/libgit2
1
0
Fork 0
mirror of https://git.proxmox.com/git/libgit2 synced 2025-05-29 15:10:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

net: use only structs to pass information about cert

Browse Source 
Instead of spreading the data in function arguments, some of which
aren't used for ssh and having a struct only for ssh, use a struct for
both, using a common parent to pass to the callback.
This commit is contained in:
Carlos Martín Nieto 2014-09-16 01:47:30 +02:00
parent 0fef38999a
commit 0782fc43f8
6 changed files with 56 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
include/git2/transport.h
View File

@ -24,6 +24,11 @@ GIT_BEGIN_DECL
* Hostkey information taken from libssh2 * Hostkey information taken from libssh2
*/ */
typedef struct { typedef struct {
/**
* Type of certificate. Here to share the header with
* `git_cert`.
*/
git_cert_t cert_type;
/** /**
* A hostkey type from libssh2, either * A hostkey type from libssh2, either
* `LIBSSH2_HOSTKEY_HASH_MD5` or `LIBSSH2_HOSTKEY_HASH_SHA1` * `LIBSSH2_HOSTKEY_HASH_MD5` or `LIBSSH2_HOSTKEY_HASH_SHA1`
@ -36,6 +41,25 @@ typedef struct {
unsigned char hash[20]; unsigned char hash[20];
} git_cert_hostkey; } git_cert_hostkey;
/**
* X.509 certificate information
*/
typedef struct {
/**
* Type of certificate. Here to share the header with
* `git_cert`.
*/
git_cert_t cert_type;
/**
* Pointer to the X.509 certificate data
*/
void *data;
/**
* Length of the memory block pointed to by `data`.
*/
size_t len;
} git_cert_x509;
/* /*
*** Begin interface for credentials acquisition *** *** Begin interface for credentials acquisition ***
*/ */

14
include/git2/types.h
View File

@ -253,8 +253,6 @@ typedef int (*git_transfer_progress_cb)(const git_transfer_progress *stats, void
*/ */
typedef int (*git_transport_message_cb)(const char *str, int len, void *payload); typedef int (*git_transport_message_cb)(const char *str, int len, void *payload);
/** /**
* Type of host certificate structure that is passed to the check callback * Type of host certificate structure that is passed to the check callback
*/ */
@ -271,6 +269,16 @@ typedef enum git_cert_t {
GIT_CERT_HOSTKEY_LIBSSH2, GIT_CERT_HOSTKEY_LIBSSH2,
} git_cert_t; } git_cert_t;
/**
* Parent type for `git_cert_hostkey` and `git_cert_x509`.
*/
typedef struct {
/**
* Type of certificate. A `GIT_CERT_` value.
*/
git_cert_t cert_type;
} git_cert;
/** /**
* Callback for the user's custom certificate checks. * Callback for the user's custom certificate checks.
* *
@ -281,7 +289,7 @@ typedef enum git_cert_t {
* this certificate is valid * this certificate is valid
* @param payload Payload provided by the caller * @param payload Payload provided by the caller
*/ */
typedef int (*git_transport_certificate_check_cb)(git_cert_t type, void *data, size_t len, int valid, void *payload); typedef int (*git_transport_certificate_check_cb)(git_cert *cert, int valid, void *payload);
/** /**
* Opaque structure representing a submodule. * Opaque structure representing a submodule.

6
src/transports/http.c
View File

@ -552,6 +552,7 @@ static int http_connect(http_subtransport *t)
#ifdef GIT_SSL #ifdef GIT_SSL
if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL) { if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL) {
X509 *cert = SSL_get_peer_certificate(t->socket.ssl.ssl); X509 *cert = SSL_get_peer_certificate(t->socket.ssl.ssl);
git_cert_x509 cert_info;
int len, is_valid; int len, is_valid;
unsigned char *guard, *encoded_cert; unsigned char *guard, *encoded_cert;
@ -577,7 +578,10 @@ static int http_connect(http_subtransport *t)
giterr_clear(); giterr_clear();
is_valid = error != GIT_ECERTIFICATE; is_valid = error != GIT_ECERTIFICATE;
error = t->owner->certificate_check_cb(GIT_CERT_X509, encoded_cert, len, is_valid, t->owner->message_cb_payload); cert_info.cert_type = GIT_CERT_X509;
cert_info.data = encoded_cert;
cert_info.len = len;
error = t->owner->certificate_check_cb((git_cert *) &cert_info, is_valid, t->owner->message_cb_payload);
git__free(encoded_cert); git__free(encoded_cert);
if (error < 0) { if (error < 0) {

4
src/transports/ssh.c
View File

@ -484,6 +484,8 @@ static int _git_ssh_setup_conn(
const char *key; const char *key;
size_t certlen; size_t certlen;
cert.cert_type = GIT_CERT_HOSTKEY_LIBSSH2;
cert.type = LIBSSH2_HOSTKEY_HASH_SHA1; cert.type = LIBSSH2_HOSTKEY_HASH_SHA1;
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
if (key != NULL) { if (key != NULL) {
@ -504,7 +506,7 @@ static int _git_ssh_setup_conn(
/* We don't currently trust any hostkeys */ /* We don't currently trust any hostkeys */
giterr_clear(); giterr_clear();
error = t->owner->certificate_check_cb(GIT_CERT_HOSTKEY_LIBSSH2, &cert, certlen, 0, t->owner->message_cb_payload); error = t->owner->certificate_check_cb((git_cert *) &cert, 0, t->owner->message_cb_payload);
if (error < 0) { if (error < 0) {
if (!giterr_last()) if (!giterr_last())
giterr_set(GITERR_NET, "user cancelled hostkey check"); giterr_set(GITERR_NET, "user cancelled hostkey check");

6
src/transports/winhttp.c
View File

@ -211,6 +211,7 @@ static int certificate_check(winhttp_stream *s, int valid)
winhttp_subtransport *t = OWNING_SUBTRANSPORT(s); winhttp_subtransport *t = OWNING_SUBTRANSPORT(s);
PCERT_CONTEXT cert_ctx; PCERT_CONTEXT cert_ctx;
DWORD cert_ctx_size = sizeof(cert_ctx); DWORD cert_ctx_size = sizeof(cert_ctx);
git_cert_x509 cert;
/* If there is no override, we should fail if WinHTTP doesn't think it's fine */ /* If there is no override, we should fail if WinHTTP doesn't think it's fine */
if (t->owner->certificate_check_cb == NULL && !valid) if (t->owner->certificate_check_cb == NULL && !valid)
@ -225,7 +226,10 @@ static int certificate_check(winhttp_stream *s, int valid)
} }
giterr_clear(); giterr_clear();
error = t->owner->certificate_check_cb(GIT_CERT_X509, cert_ctx->pbCertEncoded, cert_ctx->cbCertEncoded, valid, t->owner->cred_acquire_payload); cert.cert_type = GIT_CERT_X509;
cert.data = cert_ctx->pbCertEncoded;
cert.len = cert_ctx->cbCertEncoded;
error = t->owner->certificate_check_cb((git_cert *) &cert, valid, t->owner->cred_acquire_payload);
CertFreeCertificateContext(cert_ctx); CertFreeCertificateContext(cert_ctx);
if (error < 0 && !giterr_last()) if (error < 0 && !giterr_last())

21
tests/online/clone.c
View File

@ -473,13 +473,12 @@ void test_online_clone__ssh_cannot_change_username(void)
cl_git_fail(git_clone(&g_repo, "ssh://git@github.com/libgit2/TestGitRepository", "./foo", &g_options)); cl_git_fail(git_clone(&g_repo, "ssh://git@github.com/libgit2/TestGitRepository", "./foo", &g_options));
} }
int ssh_certificate_check(git_cert_t type, void *data, size_t len, int valid, void *payload) int ssh_certificate_check(git_cert *cert, int valid, void *payload)
{ {
git_cert_hostkey *key; git_cert_hostkey *key;
git_oid expected = {{0}}, actual = {{0}}; git_oid expected = {{0}}, actual = {{0}};
const char *expected_str; const char *expected_str;
GIT_UNUSED(len);
GIT_UNUSED(valid); GIT_UNUSED(valid);
GIT_UNUSED(payload); GIT_UNUSED(payload);
@ -487,10 +486,10 @@ int ssh_certificate_check(git_cert_t type, void *data, size_t len, int valid, vo
if (!expected_str) if (!expected_str)
cl_skip(); cl_skip();
cl_git_pass(git_oid_fromstr(&expected, expected_str)); cl_git_pass(git_oid_fromstrp(&expected, expected_str));
cl_assert_equal_i(GIT_CERT_HOSTKEY_LIBSSH2, type); cl_assert_equal_i(GIT_CERT_HOSTKEY_LIBSSH2, cert->cert_type);
key = (git_cert_hostkey *) data; key = (git_cert_hostkey *) cert;
git_oid_fromraw(&actual, key->hash); git_oid_fromraw(&actual, key->hash);
cl_assert(git_oid_equal(&expected, &actual)); cl_assert(git_oid_equal(&expected, &actual));
@ -511,11 +510,9 @@ void test_online_clone__url_with_no_path_returns_EINVALIDSPEC(void)
GIT_EINVALIDSPEC); GIT_EINVALIDSPEC);
} }
static int fail_certificate_check(git_cert_t type, void *data, size_t len, int valid, void *payload) static int fail_certificate_check(git_cert *cert, int valid, void *payload)
{ {
GIT_UNUSED(type); GIT_UNUSED(cert);
GIT_UNUSED(data);
GIT_UNUSED(len);
GIT_UNUSED(valid); GIT_UNUSED(valid);
GIT_UNUSED(payload); GIT_UNUSED(payload);
@ -535,11 +532,9 @@ void test_online_clone__certificate_invalid(void)
#endif #endif
} }
static int succeed_certificate_check(git_cert_t type, void *data, size_t len, int valid, void *payload) static int succeed_certificate_check(git_cert *cert, int valid, void *payload)
{ {
GIT_UNUSED(type); GIT_UNUSED(cert);
GIT_UNUSED(data);
GIT_UNUSED(len);
GIT_UNUSED(valid); GIT_UNUSED(valid);
GIT_UNUSED(payload); GIT_UNUSED(payload);