diff options
| author |  Miika Turkia <miika.turkia@gmail.com> | 2016-04-25 19:56:16 +0300 |
|---|---|---|
| committer |  Dirk Hohndel <dirk@hohndel.org> | 2016-04-25 12:34:24 -0700 |
| commit | 21ad9ac62cd9837ab556027d4f8cda0807a063dd (patch) | |
| tree | 9c4b5a8ca863cda6f7067f0e155f1a61610ce2b2 | |
| parent | 4ef2ef15408d1cf2c1f024f568b508a8f98e900b (diff) | |
| download | subsurface-21ad9ac62cd9837ab556027d4f8cda0807a063dd.tar.gz | |
Abort git authentication attempt
If we have incorrect cloud credentials, we need to return an error on
git authentication call back in order to avoid endless authentication
loop. This might well happen e.g. when changing the password on desktop
and then on laptop Subsurface still thinks the credentials are validated
and ends up in the authentication loop.
The authentication call back on libgit is intended to be used to ask for
user credentials, and as we handle credentials elsewhere, we just need
to fail the authentication attempts. (The threshold for bail out could
have been 1 attempt...)
Signed-off-by: Miika Turkia <miika.turkia@gmail.com>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
| -rw-r--r-- | git-access.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/git-access.c b/git-access.c index 607789f98..5982e560a 100644 --- a/git-access.c +++ b/git-access.c @@ -188,8 +188,23 @@ int credential_ssh_cb(git_cred **out, unsigned int allowed_types, void *payload) { + (void) url; + (void) allowed_types; + (void) payload; + static int attempt = 0; + const char *priv_key = format_string("%s/%s", system_default_directory(), "ssrf_remote.key"); const char *passphrase = prefs.cloud_storage_password ? strdup(prefs.cloud_storage_password) : strdup(""); + + /* Bail out from libgit authentication loop when credentials are + * incorrect */ + + if (attempt++ > 2) { + report_error("Authentication to cloud storage failed."); + attempt = 0; + return GIT_EUSER; + } + return git_cred_ssh_key_new(out, username_from_url, NULL, priv_key, passphrase); } @@ -199,8 +214,22 @@ int credential_https_cb(git_cred **out, unsigned int allowed_types, void *payload) { + (void) url; + (void) username_from_url; + (void) payload; + (void) allowed_types; + static int attempt = 0; const char *username = prefs.cloud_storage_email_encoded; const char *password = prefs.cloud_storage_password ? strdup(prefs.cloud_storage_password) : strdup(""); + + /* Bail out from libgit authentication loop when credentials are + * incorrect */ + + if (attempt++ > 2) { + report_error("Authentication to cloud storage failed."); + attempt = 0; + return GIT_EUSER; + } return git_cred_userpass_plaintext_new(out, username, password); } |