[PATCH] Abort git authentication attempt

Sat, 23 Apr 2016 08:54:17 -0700 

If we have incorrect cloud credentials, we need to return an error on
git authentication call back in order to avoid endless authentication
loop. This might well happen e.g. when changing the password on desktop
and then on laptop Subsurface still thinks the credentials are validated
and ends up in the authentication loop.

The authentication call back on libgit is intended to be used to ask for
user credentials, and as we handle credentials elsewhere, we just need
to fail the authentication attempts. (The threshold for bail out could
have been 1 attempt...)

Signed-off-by: Miika Turkia <[email protected]>
---
 core/git-access.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/core/git-access.c b/core/git-access.c
index 2b7fa0c..3564669 100644
--- a/core/git-access.c
+++ b/core/git-access.c
@@ -194,9 +194,21 @@ int credential_ssh_cb(git_cred **out,
        (void) url;
        (void) allowed_types;
        (void) payload;
+       static int attempt = 0;
 
        const char *priv_key = format_string("%s/%s", 
system_default_directory(), "ssrf_remote.key");
        const char *passphrase = prefs.cloud_storage_password ? 
strdup(prefs.cloud_storage_password) : strdup("");
+
+       /* Bail out from libgit authentication loop when credentials are
+        * incorrect */
+
+       if (attempt++ > 2) {
+               if (verbose)
+                       fprintf(stderr, "Authentication failed in libgit: 
GIT_EUSER\n");
+               attempt = 0;
+               return GIT_EUSER;
+       }
+
        return git_cred_ssh_key_new(out, username_from_url, NULL, priv_key, 
passphrase);
 }
 
@@ -210,8 +222,19 @@ int credential_https_cb(git_cred **out,
        (void) username_from_url;
        (void) payload;
        (void) allowed_types;
+       static int attempt = 0;
        const char *username = prefs.cloud_storage_email_encoded;
        const char *password = prefs.cloud_storage_password ? 
strdup(prefs.cloud_storage_password) : strdup("");
+
+       /* Bail out from libgit authentication loop when credentials are
+        * incorrect */
+
+       if (attempt++ > 2) {
+               if (verbose)
+                       fprintf(stderr, "Authentication failed in libgit: 
GIT_EUSER\n");
+               attempt = 0;
+               return GIT_EUSER;
+       }
        return git_cred_userpass_plaintext_new(out, username, password);
 }
 
-- 
2.5.0

_______________________________________________
subsurface mailing list
[email protected]
http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface

Reply via email to