mirror of
				https://git.proxmox.com/git/libgit2
				synced 2025-10-20 20:57:42 +00:00 
			
		
		
		
	Merge pull request #2274 from libgit2/cmn/ssh-expect-username
cred: tighten username rules
This commit is contained in:
		
						commit
						3c69bebc1c
					
				| @ -11,31 +11,10 @@ | |||||||
| 
 | 
 | ||||||
| int git_cred_has_username(git_cred *cred) | int git_cred_has_username(git_cred *cred) | ||||||
| { | { | ||||||
| 	int ret = 0; | 	if (cred->credtype == GIT_CREDTYPE_DEFAULT) | ||||||
|  | 		return 0; | ||||||
| 
 | 
 | ||||||
| 	switch (cred->credtype) { | 	return 1; | ||||||
| 	case GIT_CREDTYPE_USERPASS_PLAINTEXT: { |  | ||||||
| 		git_cred_userpass_plaintext *c = (git_cred_userpass_plaintext *)cred; |  | ||||||
| 		ret = !!c->username; |  | ||||||
| 		break; |  | ||||||
| 	} |  | ||||||
| 	case GIT_CREDTYPE_SSH_KEY: { |  | ||||||
| 		git_cred_ssh_key *c = (git_cred_ssh_key *)cred; |  | ||||||
| 		ret = !!c->username; |  | ||||||
| 		break; |  | ||||||
| 	} |  | ||||||
| 	case GIT_CREDTYPE_SSH_CUSTOM: { |  | ||||||
| 		git_cred_ssh_custom *c = (git_cred_ssh_custom *)cred; |  | ||||||
| 		ret = !!c->username; |  | ||||||
| 		break; |  | ||||||
| 	} |  | ||||||
| 	case GIT_CREDTYPE_DEFAULT: { |  | ||||||
| 		ret = 0; |  | ||||||
| 		break; |  | ||||||
| 	} |  | ||||||
| 	} |  | ||||||
| 
 |  | ||||||
| 	return ret; |  | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static void plaintext_free(struct git_cred *cred) | static void plaintext_free(struct git_cred *cred) | ||||||
| @ -135,7 +114,7 @@ int git_cred_ssh_key_new( | |||||||
| { | { | ||||||
| 	git_cred_ssh_key *c; | 	git_cred_ssh_key *c; | ||||||
| 
 | 
 | ||||||
| 	assert(cred && privatekey); | 	assert(username && cred && privatekey); | ||||||
| 
 | 
 | ||||||
| 	c = git__calloc(1, sizeof(git_cred_ssh_key)); | 	c = git__calloc(1, sizeof(git_cred_ssh_key)); | ||||||
| 	GITERR_CHECK_ALLOC(c); | 	GITERR_CHECK_ALLOC(c); | ||||||
| @ -143,10 +122,8 @@ int git_cred_ssh_key_new( | |||||||
| 	c->parent.credtype = GIT_CREDTYPE_SSH_KEY; | 	c->parent.credtype = GIT_CREDTYPE_SSH_KEY; | ||||||
| 	c->parent.free = ssh_key_free; | 	c->parent.free = ssh_key_free; | ||||||
| 
 | 
 | ||||||
| 	if (username) { |  | ||||||
| 	c->username = git__strdup(username); | 	c->username = git__strdup(username); | ||||||
| 	GITERR_CHECK_ALLOC(c->username); | 	GITERR_CHECK_ALLOC(c->username); | ||||||
| 	} |  | ||||||
| 
 | 
 | ||||||
| 	c->privatekey = git__strdup(privatekey); | 	c->privatekey = git__strdup(privatekey); | ||||||
| 	GITERR_CHECK_ALLOC(c->privatekey); | 	GITERR_CHECK_ALLOC(c->privatekey); | ||||||
| @ -168,7 +145,7 @@ int git_cred_ssh_key_new( | |||||||
| int git_cred_ssh_key_from_agent(git_cred **cred, const char *username) { | int git_cred_ssh_key_from_agent(git_cred **cred, const char *username) { | ||||||
| 	git_cred_ssh_key *c; | 	git_cred_ssh_key *c; | ||||||
| 
 | 
 | ||||||
| 	assert(cred); | 	assert(username && cred); | ||||||
| 
 | 
 | ||||||
| 	c = git__calloc(1, sizeof(git_cred_ssh_key)); | 	c = git__calloc(1, sizeof(git_cred_ssh_key)); | ||||||
| 	GITERR_CHECK_ALLOC(c); | 	GITERR_CHECK_ALLOC(c); | ||||||
| @ -176,10 +153,8 @@ int git_cred_ssh_key_from_agent(git_cred **cred, const char *username) { | |||||||
| 	c->parent.credtype = GIT_CREDTYPE_SSH_KEY; | 	c->parent.credtype = GIT_CREDTYPE_SSH_KEY; | ||||||
| 	c->parent.free = ssh_key_free; | 	c->parent.free = ssh_key_free; | ||||||
| 
 | 
 | ||||||
| 	if (username) { |  | ||||||
| 	c->username = git__strdup(username); | 	c->username = git__strdup(username); | ||||||
| 	GITERR_CHECK_ALLOC(c->username); | 	GITERR_CHECK_ALLOC(c->username); | ||||||
| 	} |  | ||||||
| 
 | 
 | ||||||
| 	c->privatekey = NULL; | 	c->privatekey = NULL; | ||||||
| 
 | 
 | ||||||
| @ -197,7 +172,7 @@ int git_cred_ssh_custom_new( | |||||||
| { | { | ||||||
| 	git_cred_ssh_custom *c; | 	git_cred_ssh_custom *c; | ||||||
| 
 | 
 | ||||||
| 	assert(cred); | 	assert(username && cred); | ||||||
| 
 | 
 | ||||||
| 	c = git__calloc(1, sizeof(git_cred_ssh_custom)); | 	c = git__calloc(1, sizeof(git_cred_ssh_custom)); | ||||||
| 	GITERR_CHECK_ALLOC(c); | 	GITERR_CHECK_ALLOC(c); | ||||||
| @ -205,10 +180,8 @@ int git_cred_ssh_custom_new( | |||||||
| 	c->parent.credtype = GIT_CREDTYPE_SSH_CUSTOM; | 	c->parent.credtype = GIT_CREDTYPE_SSH_CUSTOM; | ||||||
| 	c->parent.free = ssh_custom_free; | 	c->parent.free = ssh_custom_free; | ||||||
| 
 | 
 | ||||||
| 	if (username) { |  | ||||||
| 	c->username = git__strdup(username); | 	c->username = git__strdup(username); | ||||||
| 	GITERR_CHECK_ALLOC(c->username); | 	GITERR_CHECK_ALLOC(c->username); | ||||||
| 	} |  | ||||||
| 
 | 
 | ||||||
| 	if (publickey_len > 0) { | 	if (publickey_len > 0) { | ||||||
| 		c->publickey = git__malloc(publickey_len); | 		c->publickey = git__malloc(publickey_len); | ||||||
|  | |||||||
| @ -282,7 +282,6 @@ shutdown: | |||||||
| 
 | 
 | ||||||
| static int _git_ssh_authenticate_session( | static int _git_ssh_authenticate_session( | ||||||
| 	LIBSSH2_SESSION* session, | 	LIBSSH2_SESSION* session, | ||||||
| 	const char *user, |  | ||||||
| 	git_cred* cred) | 	git_cred* cred) | ||||||
| { | { | ||||||
| 	int rc; | 	int rc; | ||||||
| @ -291,13 +290,11 @@ static int _git_ssh_authenticate_session( | |||||||
| 		switch (cred->credtype) { | 		switch (cred->credtype) { | ||||||
| 		case GIT_CREDTYPE_USERPASS_PLAINTEXT: { | 		case GIT_CREDTYPE_USERPASS_PLAINTEXT: { | ||||||
| 			git_cred_userpass_plaintext *c = (git_cred_userpass_plaintext *)cred; | 			git_cred_userpass_plaintext *c = (git_cred_userpass_plaintext *)cred; | ||||||
| 			user = c->username ? c->username : user; | 			rc = libssh2_userauth_password(session, c->username, c->password); | ||||||
| 			rc = libssh2_userauth_password(session, user, c->password); |  | ||||||
| 			break; | 			break; | ||||||
| 		} | 		} | ||||||
| 		case GIT_CREDTYPE_SSH_KEY: { | 		case GIT_CREDTYPE_SSH_KEY: { | ||||||
| 			git_cred_ssh_key *c = (git_cred_ssh_key *)cred; | 			git_cred_ssh_key *c = (git_cred_ssh_key *)cred; | ||||||
| 			user = c->username ? c->username : user; |  | ||||||
| 
 | 
 | ||||||
| 			if (c->privatekey) | 			if (c->privatekey) | ||||||
| 				rc = libssh2_userauth_publickey_fromfile( | 				rc = libssh2_userauth_publickey_fromfile( | ||||||
| @ -311,7 +308,6 @@ static int _git_ssh_authenticate_session( | |||||||
| 		case GIT_CREDTYPE_SSH_CUSTOM: { | 		case GIT_CREDTYPE_SSH_CUSTOM: { | ||||||
| 			git_cred_ssh_custom *c = (git_cred_ssh_custom *)cred; | 			git_cred_ssh_custom *c = (git_cred_ssh_custom *)cred; | ||||||
| 
 | 
 | ||||||
| 			user = c->username ? c->username : user; |  | ||||||
| 			rc = libssh2_userauth_publickey( | 			rc = libssh2_userauth_publickey( | ||||||
| 				session, c->username, (const unsigned char *)c->publickey, | 				session, c->username, (const unsigned char *)c->publickey, | ||||||
| 				c->publickey_len, c->sign_callback, &c->sign_data); | 				c->publickey_len, c->sign_callback, &c->sign_data); | ||||||
| @ -415,15 +411,10 @@ static int _git_ssh_setup_conn( | |||||||
| 	} | 	} | ||||||
| 	assert(t->cred); | 	assert(t->cred); | ||||||
| 
 | 
 | ||||||
| 	if (!user && !git_cred_has_username(t->cred)) { |  | ||||||
| 		giterr_set_str(GITERR_NET, "Cannot authenticate without a username"); |  | ||||||
| 		goto on_error; |  | ||||||
| 	} |  | ||||||
| 
 |  | ||||||
| 	if (_git_ssh_session_create(&session, s->socket) < 0) | 	if (_git_ssh_session_create(&session, s->socket) < 0) | ||||||
| 		goto on_error; | 		goto on_error; | ||||||
| 
 | 
 | ||||||
| 	if (_git_ssh_authenticate_session(session, user, t->cred) < 0) | 	if (_git_ssh_authenticate_session(session, t->cred) < 0) | ||||||
| 		goto on_error; | 		goto on_error; | ||||||
| 
 | 
 | ||||||
| 	channel = libssh2_channel_open_session(session); | 	channel = libssh2_channel_open_session(session); | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Vicent Marti
						Vicent Marti