diff --git a/Sparkles/Git/GitRepository.cs b/Sparkles/Git/GitRepository.cs index 0049d160..560a93e3 100644 --- a/Sparkles/Git/GitRepository.cs +++ b/Sparkles/Git/GitRepository.cs @@ -247,7 +247,7 @@ namespace Sparkles.Git { string lfs_is_behind_file_path = Path.Combine (LocalPath, ".git", "lfs", "is_behind"); if (StorageType == StorageType.LargeFiles) - File.Create (lfs_is_behind_file_path); + File.Create (lfs_is_behind_file_path).Close (); var git_fetch = new GitCommand (LocalPath, "fetch --progress origin " + branch, auth_info); diff --git a/Sparkles/SSHCommand.cs b/Sparkles/SSHCommand.cs index 0a5657bf..3dd2f24b 100644 --- a/Sparkles/SSHCommand.cs +++ b/Sparkles/SSHCommand.cs @@ -25,17 +25,17 @@ namespace Sparkles { public static string SSHCommandPath { get { - return Path.Combine(SSHPath, "ssh").Replace("\\", "/"); + return Path.Combine (SSHPath, "ssh").Replace ("\\", "/"); } } - public SSHCommand(string command, string args) : this (command, args, null) + public SSHCommand (string command, string args) : this (command, args, null) { } - public SSHCommand(string command, string args, SSHAuthenticationInfo auth_info) : + public SSHCommand (string command, string args, SSHAuthenticationInfo auth_info) : base (Path.Combine (SSHPath, command), args) { } diff --git a/Sparkles/SSHFetcher.cs b/Sparkles/SSHFetcher.cs index e0ead1a7..d7950b35 100644 --- a/Sparkles/SSHFetcher.cs +++ b/Sparkles/SSHFetcher.cs @@ -25,6 +25,7 @@ namespace Sparkles { public static string SSHKeyScan = "ssh-keyscan"; + protected SSHFetcher (SparkleFetcherInfo info) : base (info) { } @@ -32,18 +33,8 @@ namespace Sparkles { public override bool Fetch () { - // Tor has special domain names called ".onion addresses". They can only be - // resolved by using a proxy via tor. While the rest of the openssh suite - // fully supports proxying, ssh-keyscan does not, so we can't use it for .onion - if (RemoteUrl.Host.EndsWith (".onion", StringComparison.InvariantCultureIgnoreCase)) { - Logger.LogInfo ("Auth", "using tor .onion address skipping ssh-keyscan"); - return true; - } - - if (RemoteUrl.Scheme.StartsWith ("http", StringComparison.InvariantCultureIgnoreCase)) - return true; - string host_key = FetchHostKey (); + bool host_key_warning = false; if (string.IsNullOrEmpty (RemoteUrl.Host) || host_key == null) { Logger.LogInfo ("Auth", "Could not fetch host key"); @@ -52,39 +43,24 @@ namespace Sparkles { return false; } - bool warn = true; - if (RequiredFingerprint != null) { - string host_fingerprint; + string host_fingerprint = DeriveFingerprint (host_key); - try { - host_fingerprint = DeriveFingerprint (host_key); - - } catch (InvalidOperationException e) { - // "Unapproved cryptographic algorithms" won't work when FIPS is enabled on Windows. - // Software like Cisco AnyConnect can demand this feature is on, so we show an error - Logger.LogInfo ("Auth", "Unable to derive fingerprint: ", e); - errors.Add ("error: Can't check fingerprint due to FIPS being enabled"); - - return false; - } - - if (host_fingerprint == null || !RequiredFingerprint.Equals (host_fingerprint)) { + if (host_fingerprint == null || RequiredFingerprint!= host_fingerprint) { Logger.LogInfo ("Auth", "Fingerprint doesn't match"); errors.Add ("error: Host fingerprint doesn't match"); - + return false; } - - warn = false; + Logger.LogInfo ("Auth", "Fingerprint matches"); - + } else { Logger.LogInfo ("Auth", "Skipping fingerprint check"); + host_key_warning = true; } - - AcceptHostKey (host_key, warn); - + + AcceptHostKey (host_key, host_key_warning); return true; } @@ -105,7 +81,7 @@ namespace Sparkles { return null; } - + string DeriveFingerprint (string public_key) { try { @@ -116,44 +92,45 @@ namespace Sparkles { byte [] sha256_bytes = sha256.ComputeHash (base64_bytes); string fingerprint = BitConverter.ToString (sha256_bytes); - Console.WriteLine( fingerprint.ToLower ().Replace ("-", ":")); - return fingerprint.ToLower ().Replace ("-", ":"); + fingerprint = fingerprint.ToLower ().Replace ("-", ":"); + + return fingerprint; } catch (Exception e) { - Logger.LogInfo ("Fetcher", "Failed to create fingerprint: " + e.Message + " " + e.StackTrace); + Logger.LogInfo ("Fetcher", "Failed to create fingerprint: ", e); return null; } } - - + + void AcceptHostKey (string host_key, bool warn) { string ssh_config_path = Path.Combine (Configuration.DefaultConfiguration.DirectoryPath, "ssh"); string known_hosts_file_path = Path.Combine (ssh_config_path, "known_hosts"); - + if (!File.Exists (known_hosts_file_path)) { if (!Directory.Exists (ssh_config_path)) Directory.CreateDirectory (ssh_config_path); - + File.Create (known_hosts_file_path).Close (); } - + string host = RemoteUrl.Host; string known_hosts = File.ReadAllText (known_hosts_file_path); string [] known_hosts_lines = File.ReadAllLines (known_hosts_file_path); - + foreach (string line in known_hosts_lines) { if (line.StartsWith (host + " ", StringComparison.InvariantCulture)) return; } - + if (known_hosts.EndsWith ("\n", StringComparison.InvariantCulture)) File.AppendAllText (known_hosts_file_path, host_key + "\n"); else File.AppendAllText (known_hosts_file_path, "\n" + host_key + "\n"); - + Logger.LogInfo ("Auth", "Accepted host key for " + host); - + if (warn) warnings.Add ("The following host key has been accepted:\n" + DeriveFingerprint (host_key)); }