Skip to content
Permalink
Browse files
[JENKINS-43931] support private keys w/passphrase in Windows dirs wit…
…h spaces

The temporary file protection code (correctly) prefers to place
sensitive temporary files near the workspace rather than placing them
in the system temporary directory.  The Windows git implementation
(through at least git 2.12.2) fails to authenticate if the value of
GIT_SSH is a path which includes a space.

If the workspace temporary directory name contains a space, the system
temporary directory will be used instead.  There is already code in
the CliGitAPIImpl class which writes a warning if the system temporary
directory includes a space in its path.
  • Loading branch information
MarkEWaite committed Apr 29, 2017
1 parent 060f354 commit ab1ad21e4bbab4f03fca23f3f331493769370c20
Showing with 21 additions and 2 deletions.
  1. +13 −2 src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
  2. +8 −0 src/test/java/org/jenkinsci/plugins/gitclient/CredentialsTest.java
@@ -1426,6 +1426,10 @@ private File createTempFileInSystemDir(String prefix, String suffix) throws IOEx
}

private File createTempFile(String prefix, String suffix) throws IOException {
return createTempFile(prefix, suffix, false);
}

private File createTempFile(String prefix, String suffix, boolean spacesForbiddenInPath) throws IOException {
if (workspace == null) {
return createTempFileInSystemDir(prefix, suffix);
}
@@ -1437,6 +1441,13 @@ private File createTempFile(String prefix, String suffix) throws IOException {
}
Path tmpPath = Paths.get(workspaceTmp.getAbsolutePath());
if (isWindows()) {
/* Windows git fails its call to GIT_SSH if its absolute
* path contains a space. Use system temp dir if path to
* workspace tmp dir contains a space.
*/
if (spacesForbiddenInPath && workspaceTmp.getAbsolutePath().contains(" ")) {
return createTempFileInSystemDir(prefix, suffix);
}
return Files.createTempFile(tmpPath, prefix, suffix).toFile();
}
Set<PosixFilePermission> ownerOnly = PosixFilePermissions.fromString("rw-------");
@@ -1630,7 +1641,7 @@ private String quoteUnixCredentials(String str) {
}

private File createWindowsSshAskpass(SSHUserPrivateKey sshUser) throws IOException {
File ssh = createTempFile("pass", ".bat");
File ssh = createTempFile("pass", ".bat", true);
try (PrintWriter w = new PrintWriter(ssh, Charset.defaultCharset().toString())) {
// avoid echoing command as part of the password
w.println("@echo off");
@@ -1799,7 +1810,7 @@ private File getSSHExeFromGitExeParentDir(String userGitExe) {
}

private File createWindowsGitSSH(File key, String user) throws IOException {
File ssh = createTempFile("ssh", ".bat");
File ssh = createTempFile("ssh", ".bat", true);

File sshexe = getSSHExecutable();

@@ -122,6 +122,14 @@ public CredentialsTest(String gitImpl, String gitRepoUrl, String username, Strin
@Before
public void setUp() throws IOException, InterruptedException {
repo = tempFolder.newFolder();
if (random.nextBoolean()) {
/* Randomly use a repo with a space in name - JENKINS-43931 */
File repoParent = repo;
repo = new File(repoParent, "a space");
assertTrue(repo.mkdirs());
File repoTemp = new File(repoParent, "a space@tmp"); // allows adjacent temp directory use
assertTrue(repoTemp.mkdirs());
}
Logger logger = Logger.getLogger(this.getClass().getPackage().getName() + "-" + logCount++);
handler = new LogHandler();
handler.setLevel(Level.ALL);

0 comments on commit ab1ad21

Please sign in to comment.