mirror of
https://github.com/git/git.git
synced 2024-05-05 17:36:18 +02:00
credential: handle `credential.<partial-URL>.<key>` again
In the patches for CVE-2020-11008, the ability to specify credential settings in the config for partial URLs got lost. For example, it used to be possible to specify a credential helper for a specific protocol: [credential "https://"] helper = my-https-helper Likewise, it used to be possible to configure settings for a specific host, e.g.: [credential "dev.azure.com"] useHTTPPath = true Let's reinstate this behavior. While at it, increase the test coverage to document and verify the behavior with a couple other categories of partial URLs. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
parent
f52b0cb418
commit
12294990c9
27
credential.c
27
credential.c
|
@ -37,6 +37,10 @@ int credential_match(const struct credential *want,
|
||||||
#undef CHECK
|
#undef CHECK
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static int credential_from_potentially_partial_url(struct credential *c,
|
||||||
|
const char *url);
|
||||||
|
|
||||||
static int credential_config_callback(const char *var, const char *value,
|
static int credential_config_callback(const char *var, const char *value,
|
||||||
void *data)
|
void *data)
|
||||||
{
|
{
|
||||||
|
@ -82,6 +86,22 @@ static int select_all(const struct urlmatch_item *a,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int match_partial_url(const char *url, void *cb)
|
||||||
|
{
|
||||||
|
struct credential *c = cb;
|
||||||
|
struct credential want = CREDENTIAL_INIT;
|
||||||
|
int matches = 0;
|
||||||
|
|
||||||
|
if (credential_from_potentially_partial_url(&want, url) < 0)
|
||||||
|
warning(_("skipping credential lookup for key: credential.%s"),
|
||||||
|
url);
|
||||||
|
else
|
||||||
|
matches = credential_match(&want, c);
|
||||||
|
credential_clear(&want);
|
||||||
|
|
||||||
|
return matches;
|
||||||
|
}
|
||||||
|
|
||||||
static void credential_apply_config(struct credential *c)
|
static void credential_apply_config(struct credential *c)
|
||||||
{
|
{
|
||||||
char *normalized_url;
|
char *normalized_url;
|
||||||
|
@ -101,6 +121,7 @@ static void credential_apply_config(struct credential *c)
|
||||||
config.collect_fn = credential_config_callback;
|
config.collect_fn = credential_config_callback;
|
||||||
config.cascade_fn = NULL;
|
config.cascade_fn = NULL;
|
||||||
config.select_fn = select_all;
|
config.select_fn = select_all;
|
||||||
|
config.fallback_match_fn = match_partial_url;
|
||||||
config.cb = c;
|
config.cb = c;
|
||||||
|
|
||||||
credential_format(c, &url);
|
credential_format(c, &url);
|
||||||
|
@ -468,6 +489,12 @@ static int credential_from_url_1(struct credential *c, const char *url,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int credential_from_potentially_partial_url(struct credential *c,
|
||||||
|
const char *url)
|
||||||
|
{
|
||||||
|
return credential_from_url_1(c, url, 1, 0);
|
||||||
|
}
|
||||||
|
|
||||||
int credential_from_url_gently(struct credential *c, const char *url, int quiet)
|
int credential_from_url_gently(struct credential *c, const char *url, int quiet)
|
||||||
{
|
{
|
||||||
return credential_from_url_1(c, url, 0, quiet);
|
return credential_from_url_1(c, url, 0, quiet);
|
||||||
|
|
|
@ -575,4 +575,42 @@ test_expect_success 'credential system refuses to work with missing protocol' '
|
||||||
test_i18ncmp expect stderr
|
test_i18ncmp expect stderr
|
||||||
'
|
'
|
||||||
|
|
||||||
|
test_expect_success 'credential config with partial URLs' '
|
||||||
|
echo "echo password=yep" | write_script git-credential-yep &&
|
||||||
|
test_write_lines url=https://user@example.com/repo.git >stdin &&
|
||||||
|
for partial in \
|
||||||
|
example.com \
|
||||||
|
user@example.com \
|
||||||
|
https:// \
|
||||||
|
https://example.com \
|
||||||
|
https://example.com/ \
|
||||||
|
https://user@example.com \
|
||||||
|
https://user@example.com/ \
|
||||||
|
https://example.com/repo.git \
|
||||||
|
https://user@example.com/repo.git \
|
||||||
|
/repo.git
|
||||||
|
do
|
||||||
|
git -c credential.$partial.helper=yep \
|
||||||
|
credential fill <stdin >stdout &&
|
||||||
|
grep yep stdout ||
|
||||||
|
return 1
|
||||||
|
done &&
|
||||||
|
|
||||||
|
for partial in \
|
||||||
|
dont.use.this \
|
||||||
|
http:// \
|
||||||
|
/repo
|
||||||
|
do
|
||||||
|
git -c credential.$partial.helper=yep \
|
||||||
|
credential fill <stdin >stdout &&
|
||||||
|
! grep yep stdout ||
|
||||||
|
return 1
|
||||||
|
done &&
|
||||||
|
|
||||||
|
git -c credential.$partial.helper=yep \
|
||||||
|
-c credential.with%0anewline.username=uh-oh \
|
||||||
|
credential fill <stdin >stdout 2>stderr &&
|
||||||
|
test_i18ngrep "skipping credential lookup for key" stderr
|
||||||
|
'
|
||||||
|
|
||||||
test_done
|
test_done
|
||||||
|
|
10
urlmatch.c
10
urlmatch.c
|
@ -572,10 +572,14 @@ int urlmatch_config_entry(const char *var, const char *value, void *cb)
|
||||||
|
|
||||||
config_url = xmemdupz(key, dot - key);
|
config_url = xmemdupz(key, dot - key);
|
||||||
norm_url = url_normalize_1(config_url, &norm_info, 1);
|
norm_url = url_normalize_1(config_url, &norm_info, 1);
|
||||||
|
if (norm_url)
|
||||||
|
retval = match_urls(url, &norm_info, &matched);
|
||||||
|
else if (collect->fallback_match_fn)
|
||||||
|
retval = collect->fallback_match_fn(config_url,
|
||||||
|
collect->cb);
|
||||||
|
else
|
||||||
|
retval = 0;
|
||||||
free(config_url);
|
free(config_url);
|
||||||
if (!norm_url)
|
|
||||||
return 0;
|
|
||||||
retval = match_urls(url, &norm_info, &matched);
|
|
||||||
free(norm_url);
|
free(norm_url);
|
||||||
if (!retval)
|
if (!retval)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
@ -59,6 +59,11 @@ struct urlmatch_config {
|
||||||
* specificity rules) than existing.
|
* specificity rules) than existing.
|
||||||
*/
|
*/
|
||||||
int (*select_fn)(const struct urlmatch_item *found, const struct urlmatch_item *existing);
|
int (*select_fn)(const struct urlmatch_item *found, const struct urlmatch_item *existing);
|
||||||
|
/*
|
||||||
|
* An optional callback to allow e.g. for partial URLs; it shall
|
||||||
|
* return 1 or 0 depending whether `url` matches or not.
|
||||||
|
*/
|
||||||
|
int (*fallback_match_fn)(const char *url, void *cb);
|
||||||
};
|
};
|
||||||
|
|
||||||
int urlmatch_config_entry(const char *var, const char *value, void *cb);
|
int urlmatch_config_entry(const char *var, const char *value, void *cb);
|
||||||
|
|
Loading…
Reference in New Issue