def get_credentials(args): if args.password: credentials = UserPass(args.username, args.password) elif args.ssh_agent: log.info('Using SSH agent with remote user: %s', args.ssh_user) credentials = KeypairFromAgent(args.ssh_user) else: log.info('Using SSH user: %s, key: %s', args.ssh_user, args.ssh_key) credentials = Keypair(args.ssh_user, args.ssh_key + ".pub", args.ssh_key, "") return RemoteCallbacks(credentials=credentials)
def git_push(self, repo): if not pygit2.features & pygit2.GIT_FEATURE_SSH: print("libgit2/pygit2 cant use SSH") if repo in self.ahead: repo_obj = self.repos[repo]['repo'] origin = repo_obj.remotes['origin'] print(repo_obj.remotes["origin"].url) credentials = KeypairFromAgent(self.push_user) origin.credentials = credentials callbacks = RemoteCallbacks(credentials=credentials) try: origin.push([repo_obj.head.name], callbacks=callbacks) return True except GitError as e: return e return False
def credentials(self, url, username_from_url, allowed_types): """ The callback to return a suitable authentication method. it supports GIT_CREDTYPE_SSH_KEY and GIT_CREDTYPE_USERPASS_PLAINTEXT GIT_CREDTYPE_SSH_KEY with an ssh agent configured in the env variable SSH_AUTH_SOCK or with id_rsa and id_rsa.pub in ~/.ssh (password must be the empty string) GIT_CREDTYPE_USERPASS_PLAINTEXT from the env variables GIT_USERNAME and GIT_PASSWORD """ if credentials.GIT_CREDTYPE_SSH_KEY & allowed_types: if "SSH_AUTH_SOCK" in environ: # Use ssh agent for authentication return KeypairFromAgent(username_from_url) else: ssh = join(expanduser('~'), '.ssh') if "QUIT_SSH_KEY_HOME" in environ: ssh = environ["QUIT_SSH_KEY_HOME"] # public key is still needed because: # _pygit2.GitError: Failed to authenticate SSH session: # Unable to extract public key from private key file: # Method unimplemented in libgcrypt backend pubkey = join(ssh, 'id_rsa.pub') privkey = join(ssh, 'id_rsa') # check if ssh key is available in the directory if isfile(pubkey) and isfile(privkey): return Keypair(username_from_url, pubkey, privkey, "") else: raise Exception( "No SSH keys could be found, please specify SSH_AUTH_SOCK or add keys to " + "your ~/.ssh/") elif credentials.GIT_CREDTYPE_USERPASS_PLAINTEXT & allowed_types: if "GIT_USERNAME" in environ and "GIT_PASSWORD" in environ: return UserPass(environ["GIT_USERNAME"], environ["GIT_PASSWORD"]) else: raise Exception( "Remote requested plaintext username and password authentication but " + "GIT_USERNAME or GIT_PASSWORD are not set.") else: raise Exception( "Only unsupported credential types allowed by remote end")
def test_ssh_agent(): username = "******" cred = KeypairFromAgent(username) assert (username, None, None, None) == cred.credential_tuple
def test_ssh_agent(self): username = "******" cred = KeypairFromAgent(username) self.assertEqual((username, None, None, None), cred.credential_tuple)
def credentials(self, url, username_from_url, allowed_types): global credential_lock credential_lock.acquire() msg("@{cf}Fetching@|: %s\n" % escape(textify(url))) try: if url not in self.urls: retry = 0 else: retry = self.urls[url] u = urlsplit(url) query = "protocol=%s\nhost=%s\n" % (u[0], u[1]) while True: retry += 1 self.urls[url] = retry if retry == 1: if allowed_types & GIT_CREDTYPE_SSH_KEY: return KeypairFromAgent(username_from_url) if allowed_types & GIT_CREDTYPE_USERPASS_PLAINTEXT: private_token = self.get_private_token(url) if private_token: return UserPass("rosrepo", private_token) if retry == 2: if allowed_types & GIT_CREDTYPE_SSH_KEY: self.record_permanent_failure( query, "SSH agent has no acceptable key") if allowed_types & GIT_CREDTYPE_USERPASS_PLAINTEXT: username, password = self.get_cached_credentials(query) if username is None: exitcode, stdout, _ = call_process( ["git", "credential", "fill"], input_data=query, stdin=PIPE, stdout=PIPE) if exitcode != 0: self.record_permanent_failure( query, "git credential helper failed") for line in stdout.split("\n"): if "=" in line: key, value = line.split("=", 1) if key == "username": username = value if key == "password": password = value if username is not None and password is not None: exitcode, stdout, _ = call_process( ["git", "credential", "approve"], input_data=stdout, stdin=PIPE, stdout=PIPE) if username is not None and password is not None: self.save_working_credentials( query, username, password) return UserPass(username, password) if retry == 3: if allowed_types & GIT_CREDTYPE_USERPASS_PLAINTEXT: exitcode, stdout, _ = call_process( ["git", "credential", "reject"], input_data=query, stdin=PIPE, stdout=PIPE) self.record_permanent_failure( query, "invalid username or password") if retry > 3: self.record_permanent_failure( query, "cannot handle requested authorization credentials") finally: credential_lock.release()