From dd0e3d36f764f28edfcc361f5d183bec9cb06e5e Mon Sep 17 00:00:00 2001 From: Hylke Bons Date: Sat, 10 Mar 2018 12:25:44 +0000 Subject: [PATCH 1/6] git repo: Make sure to close file stream --- Sparkles/Git/GitRepository.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sparkles/Git/GitRepository.cs b/Sparkles/Git/GitRepository.cs index 0049d160..560a93e3 100644 --- a/Sparkles/Git/GitRepository.cs +++ b/Sparkles/Git/GitRepository.cs @@ -247,7 +247,7 @@ namespace Sparkles.Git { string lfs_is_behind_file_path = Path.Combine (LocalPath, ".git", "lfs", "is_behind"); if (StorageType == StorageType.LargeFiles) - File.Create (lfs_is_behind_file_path); + File.Create (lfs_is_behind_file_path).Close (); var git_fetch = new GitCommand (LocalPath, "fetch --progress origin " + branch, auth_info); From 45f91bbacdb614005cbcb40d50356e30d851dde1 Mon Sep 17 00:00:00 2001 From: Hylke Bons Date: Sat, 10 Mar 2018 12:26:24 +0000 Subject: [PATCH 2/6] ssh: Fix whitespace --- Sparkles/SSHCommand.cs | 6 +++--- Sparkles/SSHFetcher.cs | 28 +++++++++++++++------------- 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/Sparkles/SSHCommand.cs b/Sparkles/SSHCommand.cs index 0a5657bf..3dd2f24b 100644 --- a/Sparkles/SSHCommand.cs +++ b/Sparkles/SSHCommand.cs @@ -25,17 +25,17 @@ namespace Sparkles { public static string SSHCommandPath { get { - return Path.Combine(SSHPath, "ssh").Replace("\\", "/"); + return Path.Combine (SSHPath, "ssh").Replace ("\\", "/"); } } - public SSHCommand(string command, string args) : this (command, args, null) + public SSHCommand (string command, string args) : this (command, args, null) { } - public SSHCommand(string command, string args, SSHAuthenticationInfo auth_info) : + public SSHCommand (string command, string args, SSHAuthenticationInfo auth_info) : base (Path.Combine (SSHPath, command), args) { } diff --git a/Sparkles/SSHFetcher.cs b/Sparkles/SSHFetcher.cs index e0ead1a7..874c0e16 100644 --- a/Sparkles/SSHFetcher.cs +++ b/Sparkles/SSHFetcher.cs @@ -25,6 +25,7 @@ namespace Sparkles { public static string SSHKeyScan = "ssh-keyscan"; + protected SSHFetcher (SparkleFetcherInfo info) : base (info) { } @@ -105,7 +106,7 @@ namespace Sparkles { return null; } - + string DeriveFingerprint (string public_key) { try { @@ -116,44 +117,45 @@ namespace Sparkles { byte [] sha256_bytes = sha256.ComputeHash (base64_bytes); string fingerprint = BitConverter.ToString (sha256_bytes); - Console.WriteLine( fingerprint.ToLower ().Replace ("-", ":")); - return fingerprint.ToLower ().Replace ("-", ":"); + fingerprint = fingerprint.ToLower ().Replace ("-", ":"); + + return fingerprint; } catch (Exception e) { - Logger.LogInfo ("Fetcher", "Failed to create fingerprint: " + e.Message + " " + e.StackTrace); + Logger.LogInfo ("Fetcher", "Failed to create fingerprint: ", e); return null; } } - - + + void AcceptHostKey (string host_key, bool warn) { string ssh_config_path = Path.Combine (Configuration.DefaultConfiguration.DirectoryPath, "ssh"); string known_hosts_file_path = Path.Combine (ssh_config_path, "known_hosts"); - + if (!File.Exists (known_hosts_file_path)) { if (!Directory.Exists (ssh_config_path)) Directory.CreateDirectory (ssh_config_path); - + File.Create (known_hosts_file_path).Close (); } - + string host = RemoteUrl.Host; string known_hosts = File.ReadAllText (known_hosts_file_path); string [] known_hosts_lines = File.ReadAllLines (known_hosts_file_path); - + foreach (string line in known_hosts_lines) { if (line.StartsWith (host + " ", StringComparison.InvariantCulture)) return; } - + if (known_hosts.EndsWith ("\n", StringComparison.InvariantCulture)) File.AppendAllText (known_hosts_file_path, host_key + "\n"); else File.AppendAllText (known_hosts_file_path, "\n" + host_key + "\n"); - + Logger.LogInfo ("Auth", "Accepted host key for " + host); - + if (warn) warnings.Add ("The following host key has been accepted:\n" + DeriveFingerprint (host_key)); } From 05b5a3602d50004895941b357b99c76c9d15dfc7 Mon Sep 17 00:00:00 2001 From: Hylke Bons Date: Sat, 10 Mar 2018 12:31:29 +0000 Subject: [PATCH 3/6] ssh fetcher: Remove broken .onion support --- Sparkles/SSHFetcher.cs | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/Sparkles/SSHFetcher.cs b/Sparkles/SSHFetcher.cs index 874c0e16..19931553 100644 --- a/Sparkles/SSHFetcher.cs +++ b/Sparkles/SSHFetcher.cs @@ -33,17 +33,6 @@ namespace Sparkles { public override bool Fetch () { - // Tor has special domain names called ".onion addresses". They can only be - // resolved by using a proxy via tor. While the rest of the openssh suite - // fully supports proxying, ssh-keyscan does not, so we can't use it for .onion - if (RemoteUrl.Host.EndsWith (".onion", StringComparison.InvariantCultureIgnoreCase)) { - Logger.LogInfo ("Auth", "using tor .onion address skipping ssh-keyscan"); - return true; - } - - if (RemoteUrl.Scheme.StartsWith ("http", StringComparison.InvariantCultureIgnoreCase)) - return true; - string host_key = FetchHostKey (); if (string.IsNullOrEmpty (RemoteUrl.Host) || host_key == null) { From 30fce55d38907974a52482bf9e2f2f991abec2d5 Mon Sep 17 00:00:00 2001 From: Hylke Bons Date: Sat, 10 Mar 2018 12:32:33 +0000 Subject: [PATCH 4/6] ssh fetcher: Readability --- Sparkles/SSHFetcher.cs | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/Sparkles/SSHFetcher.cs b/Sparkles/SSHFetcher.cs index 19931553..9f3d609f 100644 --- a/Sparkles/SSHFetcher.cs +++ b/Sparkles/SSHFetcher.cs @@ -34,6 +34,7 @@ namespace Sparkles { public override bool Fetch () { string host_key = FetchHostKey (); + bool host_key_warning; if (string.IsNullOrEmpty (RemoteUrl.Host) || host_key == null) { Logger.LogInfo ("Auth", "Could not fetch host key"); @@ -42,8 +43,6 @@ namespace Sparkles { return false; } - bool warn = true; - if (RequiredFingerprint != null) { string host_fingerprint; @@ -59,22 +58,21 @@ namespace Sparkles { return false; } - if (host_fingerprint == null || !RequiredFingerprint.Equals (host_fingerprint)) { + if (host_fingerprint == null || RequiredFingerprint!= host_fingerprint) { Logger.LogInfo ("Auth", "Fingerprint doesn't match"); errors.Add ("error: Host fingerprint doesn't match"); - + return false; } - - warn = false; + Logger.LogInfo ("Auth", "Fingerprint matches"); - + } else { Logger.LogInfo ("Auth", "Skipping fingerprint check"); + host_key_warning = true; } - - AcceptHostKey (host_key, warn); - + + AcceptHostKey (host_key, host_key_warning); return true; } From dfa2cc4fff78f3472dde1be61c432c7191af7590 Mon Sep 17 00:00:00 2001 From: Hylke Bons Date: Sat, 10 Mar 2018 12:34:18 +0000 Subject: [PATCH 5/6] ssh fetcher: Since MD5 -> SHA256 move Windows FIPS warning is no longer needed --- Sparkles/SSHFetcher.cs | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/Sparkles/SSHFetcher.cs b/Sparkles/SSHFetcher.cs index 9f3d609f..b86bef1e 100644 --- a/Sparkles/SSHFetcher.cs +++ b/Sparkles/SSHFetcher.cs @@ -44,19 +44,7 @@ namespace Sparkles { } if (RequiredFingerprint != null) { - string host_fingerprint; - - try { - host_fingerprint = DeriveFingerprint (host_key); - - } catch (InvalidOperationException e) { - // "Unapproved cryptographic algorithms" won't work when FIPS is enabled on Windows. - // Software like Cisco AnyConnect can demand this feature is on, so we show an error - Logger.LogInfo ("Auth", "Unable to derive fingerprint: ", e); - errors.Add ("error: Can't check fingerprint due to FIPS being enabled"); - - return false; - } + string host_fingerprint = DeriveFingerprint (host_key); if (host_fingerprint == null || RequiredFingerprint!= host_fingerprint) { Logger.LogInfo ("Auth", "Fingerprint doesn't match"); From 5bf34b0db48aed1f2bbb8dc038c68dc5eb9235c7 Mon Sep 17 00:00:00 2001 From: Hylke Bons Date: Sat, 10 Mar 2018 12:35:17 +0000 Subject: [PATCH 6/6] ssh fetcher: Fix build --- Sparkles/SSHFetcher.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sparkles/SSHFetcher.cs b/Sparkles/SSHFetcher.cs index b86bef1e..d7950b35 100644 --- a/Sparkles/SSHFetcher.cs +++ b/Sparkles/SSHFetcher.cs @@ -34,7 +34,7 @@ namespace Sparkles { public override bool Fetch () { string host_key = FetchHostKey (); - bool host_key_warning; + bool host_key_warning = false; if (string.IsNullOrEmpty (RemoteUrl.Host) || host_key == null) { Logger.LogInfo ("Auth", "Could not fetch host key");