def get_credentials(args):
if args.password:
credentials = UserPass(args.username, args.password)
elif args.ssh_agent:
log.info('Using SSH agent with remote user: %s', args.ssh_user)
credentials = KeypairFromAgent(args.ssh_user)
else:
log.info('Using SSH user: %s, key: %s', args.ssh_user, args.ssh_key)
credentials = Keypair(args.ssh_user, args.ssh_key + ".pub",
args.ssh_key, "")
return RemoteCallbacks(credentials=credentials)
def git_push(self, repo):
if not pygit2.features & pygit2.GIT_FEATURE_SSH:
print("libgit2/pygit2 cant use SSH")
if repo in self.ahead:
repo_obj = self.repos[repo]['repo']
origin = repo_obj.remotes['origin']
print(repo_obj.remotes["origin"].url)
credentials = KeypairFromAgent(self.push_user)
origin.credentials = credentials
callbacks = RemoteCallbacks(credentials=credentials)
try:
origin.push([repo_obj.head.name], callbacks=callbacks)
return True
except GitError as e:
return e
return False
def credentials(self, url, username_from_url, allowed_types):
"""
The callback to return a suitable authentication method.
it supports GIT_CREDTYPE_SSH_KEY and GIT_CREDTYPE_USERPASS_PLAINTEXT
GIT_CREDTYPE_SSH_KEY with an ssh agent configured in the env variable SSH_AUTH_SOCK
or with id_rsa and id_rsa.pub in ~/.ssh (password must be the empty string)
GIT_CREDTYPE_USERPASS_PLAINTEXT from the env variables GIT_USERNAME and GIT_PASSWORD
"""
if credentials.GIT_CREDTYPE_SSH_KEY & allowed_types:
if "SSH_AUTH_SOCK" in environ:
# Use ssh agent for authentication
return KeypairFromAgent(username_from_url)
else:
ssh = join(expanduser('~'), '.ssh')
if "QUIT_SSH_KEY_HOME" in environ:
ssh = environ["QUIT_SSH_KEY_HOME"]
# public key is still needed because:
# _pygit2.GitError: Failed to authenticate SSH session:
# Unable to extract public key from private key file:
# Method unimplemented in libgcrypt backend
pubkey = join(ssh, 'id_rsa.pub')
privkey = join(ssh, 'id_rsa')
# check if ssh key is available in the directory
if isfile(pubkey) and isfile(privkey):
return Keypair(username_from_url, pubkey, privkey, "")
else:
raise Exception(
"No SSH keys could be found, please specify SSH_AUTH_SOCK or add keys to "
+ "your ~/.ssh/")
elif credentials.GIT_CREDTYPE_USERPASS_PLAINTEXT & allowed_types:
if "GIT_USERNAME" in environ and "GIT_PASSWORD" in environ:
return UserPass(environ["GIT_USERNAME"],
environ["GIT_PASSWORD"])
else:
raise Exception(
"Remote requested plaintext username and password authentication but "
+ "GIT_USERNAME or GIT_PASSWORD are not set.")
else:
raise Exception(
"Only unsupported credential types allowed by remote end")
def test_ssh_agent():
username = "******"
cred = KeypairFromAgent(username)
assert (username, None, None, None) == cred.credential_tuple
def test_ssh_agent(self):
username = "******"
cred = KeypairFromAgent(username)
self.assertEqual((username, None, None, None), cred.credential_tuple)
def credentials(self, url, username_from_url, allowed_types):
global credential_lock
credential_lock.acquire()
msg("@{cf}Fetching@|: %s\n" % escape(textify(url)))
try:
if url not in self.urls:
retry = 0
else:
retry = self.urls[url]
u = urlsplit(url)
query = "protocol=%s\nhost=%s\n" % (u[0], u[1])
while True:
retry += 1
self.urls[url] = retry
if retry == 1:
if allowed_types & GIT_CREDTYPE_SSH_KEY:
return KeypairFromAgent(username_from_url)
if allowed_types & GIT_CREDTYPE_USERPASS_PLAINTEXT:
private_token = self.get_private_token(url)
if private_token:
return UserPass("rosrepo", private_token)
if retry == 2:
if allowed_types & GIT_CREDTYPE_SSH_KEY:
self.record_permanent_failure(
query, "SSH agent has no acceptable key")
if allowed_types & GIT_CREDTYPE_USERPASS_PLAINTEXT:
username, password = self.get_cached_credentials(query)
if username is None:
exitcode, stdout, _ = call_process(
["git", "credential", "fill"],
input_data=query,
stdin=PIPE,
stdout=PIPE)
if exitcode != 0:
self.record_permanent_failure(
query, "git credential helper failed")
for line in stdout.split("\n"):
if "=" in line:
key, value = line.split("=", 1)
if key == "username":
username = value
if key == "password":
password = value
if username is not None and password is not None:
exitcode, stdout, _ = call_process(
["git", "credential", "approve"],
input_data=stdout,
stdin=PIPE,
stdout=PIPE)
if username is not None and password is not None:
self.save_working_credentials(
query, username, password)
return UserPass(username, password)
if retry == 3:
if allowed_types & GIT_CREDTYPE_USERPASS_PLAINTEXT:
exitcode, stdout, _ = call_process(
["git", "credential", "reject"],
input_data=query,
stdin=PIPE,
stdout=PIPE)
self.record_permanent_failure(
query, "invalid username or password")
if retry > 3:
self.record_permanent_failure(
query,
"cannot handle requested authorization credentials")
finally:
credential_lock.release()