Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[JENKINS-43931] support private keys w/passphrase in Windows dirs wit…
…h spaces

The temporary file protection code (correctly) prefers to place
sensitive temporary files near the workspace rather than placing them
in the system temporary directory.  The Windows git implementation
(through at least git 2.12.2) fails to authenticate if the value of
GIT_SSH is a path which includes a space.

If the workspace temporary directory name contains a space, the system
temporary directory will be used instead.  There is already code in
the CliGitAPIImpl class which writes a warning if the system temporary
directory includes a space in its path.
  • Loading branch information
MarkEWaite committed Apr 29, 2017
1 parent 060f354 commit ab1ad21
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 2 deletions.
15 changes: 13 additions & 2 deletions src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
Expand Up @@ -1426,6 +1426,10 @@ private File createTempFileInSystemDir(String prefix, String suffix) throws IOEx
}

private File createTempFile(String prefix, String suffix) throws IOException {
return createTempFile(prefix, suffix, false);
}

private File createTempFile(String prefix, String suffix, boolean spacesForbiddenInPath) throws IOException {
if (workspace == null) {
return createTempFileInSystemDir(prefix, suffix);
}
Expand All @@ -1437,6 +1441,13 @@ private File createTempFile(String prefix, String suffix) throws IOException {
}
Path tmpPath = Paths.get(workspaceTmp.getAbsolutePath());
if (isWindows()) {
/* Windows git fails its call to GIT_SSH if its absolute
* path contains a space. Use system temp dir if path to
* workspace tmp dir contains a space.
*/
if (spacesForbiddenInPath && workspaceTmp.getAbsolutePath().contains(" ")) {
return createTempFileInSystemDir(prefix, suffix);
}
return Files.createTempFile(tmpPath, prefix, suffix).toFile();
}
Set<PosixFilePermission> ownerOnly = PosixFilePermissions.fromString("rw-------");
Expand Down Expand Up @@ -1630,7 +1641,7 @@ private String quoteUnixCredentials(String str) {
}

private File createWindowsSshAskpass(SSHUserPrivateKey sshUser) throws IOException {
File ssh = createTempFile("pass", ".bat");
File ssh = createTempFile("pass", ".bat", true);
try (PrintWriter w = new PrintWriter(ssh, Charset.defaultCharset().toString())) {
// avoid echoing command as part of the password
w.println("@echo off");
Expand Down Expand Up @@ -1799,7 +1810,7 @@ private File getSSHExeFromGitExeParentDir(String userGitExe) {
}

private File createWindowsGitSSH(File key, String user) throws IOException {
File ssh = createTempFile("ssh", ".bat");
File ssh = createTempFile("ssh", ".bat", true);

File sshexe = getSSHExecutable();

Expand Down
Expand Up @@ -122,6 +122,14 @@ public CredentialsTest(String gitImpl, String gitRepoUrl, String username, Strin
@Before
public void setUp() throws IOException, InterruptedException {
repo = tempFolder.newFolder();
if (random.nextBoolean()) {
/* Randomly use a repo with a space in name - JENKINS-43931 */
File repoParent = repo;
repo = new File(repoParent, "a space");
assertTrue(repo.mkdirs());
File repoTemp = new File(repoParent, "a space@tmp"); // allows adjacent temp directory use
assertTrue(repoTemp.mkdirs());
}
Logger logger = Logger.getLogger(this.getClass().getPackage().getName() + "-" + logCount++);
handler = new LogHandler();
handler.setLevel(Level.ALL);
Expand Down

0 comments on commit ab1ad21

Please sign in to comment.