summaryrefslogtreecommitdiff
path: root/Assistant/Pairing
Commit message (Collapse)AuthorAge
* avoid the dashed ssh hostname class of security holesGravatar Joey Hess2017-08-17
| | | | | | | | | | | | | | | | | | | | | | | | Security fix: Disallow hostname starting with a dash, which would get passed to ssh and be treated an option. This could be used by an attacker who provides a crafted ssh url (for eg a git remote) to execute arbitrary code via ssh -oProxyCommand. No CVE has yet been assigned for this hole. The same class of security hole recently affected git itself, CVE-2017-1000117. Method: Identified all places where ssh is run, by git grep '"ssh"' Converted them all to use a SshHost, if they did not already, for specifying the hostname. SshHost was made a data type with a smart constructor, which rejects hostnames starting with '-'. Note that git-annex already contains extensive use of Utility.SafeCommand, which fixes a similar class of problem where a filename starting with a dash gets passed to a program which treats it as an option. This commit was sponsored by Jochen Bartl on Patreon.
* switch away from deprecated interfaceGravatar Joey Hess2016-09-05
| | | | | Again the new stuff works back to network-2.4, so no need to adjust cabal bounds.
* basic gitlab support in webappGravatar Joey Hess2015-07-22
| | | | | | | This works, but needs more testing and work on cases like encrypted repos, enabling existing repositories, etc. This commit was sponsored by Shaun Westmacott.
* assistant: Fix ANNEX_SHELL_DIR written to ~/.ssh/authorized_keys in local ↵Gravatar Joey Hess2015-07-02
| | | | | | | | | | pairing to be the absolute path to the repository, not "." This was a reversion caused by the relative path changes in 5.20150113. Other uses of addAuthorizedKeys seem to be ok. If the user enters a directory like ~/annex, it writes GIT_ANNEX_SHELL_DIRECTORY=annex, and git-annex-shell assumes that's relative to HOME.
* avoid using now deprecated PortNum constructorGravatar Joey Hess2015-05-10
|
* removed all uses of undefined from code baseGravatar Joey Hess2015-04-19
| | | | It's a code smell, can lead to hard to diagnose error messages.
* assistant: Fix local pairing when ssh pubkey comment contains spaces.Gravatar Joey Hess2015-02-04
|
* update my email address and homepage urlGravatar Joey Hess2015-01-21
|
* unify exception handling into Utility.ExceptionGravatar Joey Hess2014-08-07
| | | | | | | | | | | | | | | | | | | | Removed old extensible-exceptions, only needed for very old ghc. Made webdav use Utility.Exception, to work after some changes in DAV's exception handling. Removed Annex.Exception. Mostly this was trivial, but note that tryAnnex is replaced with tryNonAsync and catchAnnex replaced with catchNonAsync. In theory that could be a behavior change, since the former caught all exceptions, and the latter don't catch async exceptions. However, in practice, nothing in the Annex monad uses async exceptions. Grepping for throwTo and killThread only find stuff in the assistant, which does not seem related. Command.Add.undo is changed to accept a SomeException, and things that use it for rollback now catch non-async exceptions, rather than only IOExceptions.
* external special remotes mostly implemented (untested)Gravatar Joey Hess2013-12-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This has not been tested at all. It compiles! The only known missing things are support for encryption, and for get/set of special remote configuration, and of key state. (The latter needs separate work to add a new per-key log file to store that state.) Only thing I don't much like is that initremote needs to be passed both type=external and externaltype=foo. It would be better to have just type=foo Most of this is quite straightforward code, that largely wrote itself given the types. The only tricky parts were: * Need to lock the remote when using it to eg make a request, because in theory git-annex could have multiple threads that each try to use a remote at the same time. I don't think that git-annex ever does that currently, but better safe than sorry. * Rather than starting up every external special remote program when git-annex starts, they are started only on demand, when first used. This will avoid slowdown, especially when running fast git-annex query commands. Once started, they keep running until git-annex stops, currently, which may not be ideal, but it's hard to know a better time to stop them. * Bit of a chicken and egg problem with caching the cost of the remote, because setting annex-cost in the git config needs the remote to already be set up. Managed to finesse that. This commit was sponsored by Lukas Anzinger.
* webapp can now set up gcrypt repos on ssh serversGravatar Joey Hess2013-10-01
|
* UI for making encrypted ssh remotes with gcryptGravatar Joey Hess2013-09-29
| | | | | | | | | | | | Improved probing the remote server, so it gathers a list of the capabilities it has. From that list, we can determine which types of remotes are supported, and display an appropriate UI. The new buttons for making gcrypt repos don't work yet, but the old buttons for unencrypted git repo and encrypted rsync repo have been adapted to the new data types and are working. This commit was sponsored by David Schmitt.
* proof of concept remote reordering UI (needs to be changed to use drag and drop)Gravatar Joey Hess2013-03-13
|
* split cost out into its own moduleGravatar Joey Hess2013-03-13
| | | | | Added a function to insert a new cost into a list, which could be used to asjust costs after a drag and drop.
* webapp: Set locally paired repositories to a lower cost than other network ↵Gravatar Joey Hess2013-03-13
| | | | remotes.
* webapp: Display any error message from git init if it fails to create a ↵Gravatar Joey Hess2013-02-26
| | | | repository.
* crippled filesystem support, probing and initial supportGravatar Joey Hess2013-02-14
| | | | | | | | | | | | git annex init probes for crippled filesystems, and sets direct mode, as well as `annex.crippledfilesystem`. Avoid manipulating permissions of files on crippled filesystems. That would likely cause an exception to be thrown. Very basic support in Command.Add for cripped filesystems; avoids the lock down entirely since doing it needs both permissions and hard links. Will make this better soon.
* webapp: Allow user to specify the ssh port when setting up a remote.Gravatar Joey Hess2012-12-06
|
* finished XMPP pairing!Gravatar Joey Hess2012-11-05
| | | | | This includes keeping track of which buddies we're pairing with, to know which PairAck are legitimate.
* webapp: When setting up authorized_keys, use GIT_ANNEX_SHELL_DIRECTORY.Gravatar Joey Hess2012-11-05
|
* where indentationGravatar Joey Hess2012-10-31
|
* finished pushing Assistant monad into all relevant filesGravatar Joey Hess2012-10-30
| | | | All temporary and old functions are removed.
* pushed Assistant monad down into DaemonStatus codeGravatar Joey Hess2012-10-30
| | | | | | Currently have three old versions of functions that more reworking is needed to remove: getDaemonStatusOld, modifyDaemonStatusOld_, and modifyDaemonStatusOld
* lifted Assistant.Sync into Assistant monadGravatar Joey Hess2012-10-29
| | | | lots of nice cleanups
* Assistant monad, stage 3Gravatar Joey Hess2012-10-29
| | | | | | All toplevel named threads are converted to the Assistant monad. Some utility functions still need to be converted.
* webapp: Switched to using the same multicast IP address that avahi uses.Gravatar Joey Hess2012-10-22
|
* webapp automatic groupingGravatar Joey Hess2012-10-09
| | | | | | | | webapp: Adds newly created repositories to one of these groups: clients, drives, servers This is heuristic, but it's a pretty good heuristic, and can always be configured.
* flip catchDefaultIOGravatar Joey Hess2012-09-17
|
* hlintGravatar Joey Hess2012-09-13
|
* fixed the multicast socket fd leakGravatar Joey Hess2012-09-12
| | | | | | | | | | | Turns out sClose was working fine.. but it was not being run on every opened socket. The upstream bug is that multicastSender can crash on an invalid (or ipv6) address and when this happens it's already opened a socket, which just goes missing with no way to close it. A simple fix to the library can avoid this, as I describe here: https://github.com/audreyt/network-multicast/issues/2 In the meantime, just skipping ipv6 addresses will fix the fd leak.
* pairing works!!Gravatar Joey Hess2012-09-11
| | | | | | | | | Finally. Last bug fixes here: Send PairResp with same UUID in the PairReq. Fix off-by-one in code that filters out our own pairing messages. Also reworked the pairing alerts, which are still slightly buggy.
* keep track of the stage we're at in pairingGravatar Joey Hess2012-09-11
| | | | | This avoids us responding to our own pairing messages, as well as ignoring any out of order messages that might be received somehow.
* clean up authorized_keys handlingGravatar Joey Hess2012-09-11
| | | | | Including rollback of adding the key when a pairing response gets canceled by the user.
* pairing probably works now (untested)Gravatar Joey Hess2012-09-10
|
* responding to pair requests *almost* worksGravatar Joey Hess2012-09-10
|
* add an alert while a locally initiated pairing request is in progressGravatar Joey Hess2012-09-09
| | | | Has a button to cancel the request.
* fix build without pairing supportGravatar Joey Hess2012-09-08