diff options
| author |  Junio C Hamano <gitster@pobox.com> | 2020-03-05 10:43:02 -0800 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2020-03-05 10:43:02 -0800 |
| commit | 2cbb0586697585995908c325a0c70aad37602274 (patch) | |
| tree | 829da1f1b35211523f214783fc6350a37f62d38d | |
| parent | Merge branch 'mr/bisect-in-c-1' (diff) | |
| parent | credential: allow wildcard patterns when matching config (diff) | |
| download | tgif-2cbb0586697585995908c325a0c70aad37602274.tar.xz | |
Merge branch 'bc/wildcard-credential'
A configuration element used for credential subsystem can now use
wildcard pattern to specify for which set of URLs the entry
applies.
* bc/wildcard-credential:
credential: allow wildcard patterns when matching config
credential: use the last matching username in the config
t0300: add tests for some additional cases
t1300: add test for urlmatch with multiple wildcards
mailmap: add an additional email address for brian m. carlson
| -rw-r--r-- | .mailmap | 1 | ||||
| -rw-r--r-- | Documentation/gitcredentials.txt | 4 | ||||
| -rw-r--r-- | credential.c | 75 | ||||
| -rw-r--r-- | credential.h | 3 | ||||
| -rw-r--r-- | strbuf.c | 15 | ||||
| -rw-r--r-- | strbuf.h | 6 | ||||
| -rwxr-xr-x | t/t0300-credentials.sh | 128 | ||||
| -rwxr-xr-x | t/t1300-config.sh | 6 | ||||
| -rw-r--r-- | urlmatch.c | 4 | ||||
| -rw-r--r-- | urlmatch.h | 9 |
10 files changed, 228 insertions, 23 deletions
@@ -31,6 +31,7 @@ Brandon Casey <drafnel@gmail.com> <casey@nrlssc.navy.mil> Brandon Williams <bwilliams.eng@gmail.com> <bmwill@google.com> brian m. carlson <sandals@crustytoothpaste.net> brian m. carlson <sandals@crustytoothpaste.net> <sandals@crustytoothpaste.ath.cx> +brian m. carlson <sandals@crustytoothpaste.net> <bk2204@github.com> Bryan Larsen <bryan@larsen.st> <bryan.larsen@gmail.com> Bryan Larsen <bryan@larsen.st> <bryanlarsen@yahoo.com> Cheng Renquan <crquan@gmail.com> diff --git a/Documentation/gitcredentials.txt b/Documentation/gitcredentials.txt index 5b9d14fb1f..1814d2d23c 100644 --- a/Documentation/gitcredentials.txt +++ b/Documentation/gitcredentials.txt @@ -131,7 +131,9 @@ context would not match: because the hostnames differ. Nor would it match `foo.example.com`; Git compares hostnames exactly, without considering whether two hosts are part of the same domain. Likewise, a config entry for `http://example.com` would not -match: Git compares the protocols exactly. +match: Git compares the protocols exactly. However, you may use wildcards in +the domain name and other pattern matching techniques as with the `http.<url>.*` +options. If the "pattern" URL does include a path component, then this too must match exactly: the context `https://example.com/bar/baz.git` will match a config diff --git a/credential.c b/credential.c index 62be651b03..77dfde44e3 100644 --- a/credential.c +++ b/credential.c @@ -6,6 +6,7 @@ #include "url.h" #include "prompt.h" #include "sigchain.h" +#include "urlmatch.h" void credential_init(struct credential *c) { @@ -40,7 +41,7 @@ static int credential_config_callback(const char *var, const char *value, void *data) { struct credential *c = data; - const char *key, *dot; + const char *key; if (!skip_prefix(var, "credential.", &key)) return 0; @@ -48,31 +49,16 @@ static int credential_config_callback(const char *var, const char *value, if (!value) return config_error_nonbool(var); - dot = strrchr(key, '.'); - if (dot) { - struct credential want = CREDENTIAL_INIT; - char *url = xmemdupz(key, dot - key); - int matched; - - credential_from_url(&want, url); - matched = credential_match(&want, c); - - credential_clear(&want); - free(url); - - if (!matched) - return 0; - key = dot + 1; - } - if (!strcmp(key, "helper")) { if (*value) string_list_append(&c->helpers, value); else string_list_clear(&c->helpers, 0); } else if (!strcmp(key, "username")) { - if (!c->username) + if (!c->username_from_proto) { + free(c->username); c->username = xstrdup(value); + } } else if (!strcmp(key, "usehttppath")) c->use_http_path = git_config_bool(var, value); @@ -87,11 +73,38 @@ static int proto_is_http(const char *s) return !strcmp(s, "https") || !strcmp(s, "http"); } +static void credential_describe(struct credential *c, struct strbuf *out); +static void credential_format(struct credential *c, struct strbuf *out); + +static int select_all(const struct urlmatch_item *a, + const struct urlmatch_item *b) +{ + return 0; +} + static void credential_apply_config(struct credential *c) { + char *normalized_url; + struct urlmatch_config config = { STRING_LIST_INIT_DUP }; + struct strbuf url = STRBUF_INIT; + if (c->configured) return; - git_config(credential_config_callback, c); + + config.section = "credential"; + config.key = NULL; + config.collect_fn = credential_config_callback; + config.cascade_fn = NULL; + config.select_fn = select_all; + config.cb = c; + + credential_format(c, &url); + normalized_url = url_normalize(url.buf, &config.url); + + git_config(urlmatch_config_entry, &config); + free(normalized_url); + strbuf_release(&url); + c->configured = 1; if (!c->use_http_path && proto_is_http(c->protocol)) { @@ -112,6 +125,23 @@ static void credential_describe(struct credential *c, struct strbuf *out) strbuf_addf(out, "/%s", c->path); } +static void credential_format(struct credential *c, struct strbuf *out) +{ + if (!c->protocol) + return; + strbuf_addf(out, "%s://", c->protocol); + if (c->username && *c->username) { + strbuf_add_percentencode(out, c->username); + strbuf_addch(out, '@'); + } + if (c->host) + strbuf_addstr(out, c->host); + if (c->path) { + strbuf_addch(out, '/'); + strbuf_add_percentencode(out, c->path); + } +} + static char *credential_ask_one(const char *what, struct credential *c, int flags) { @@ -163,6 +193,7 @@ int credential_read(struct credential *c, FILE *fp) if (!strcmp(key, "username")) { free(c->username); c->username = xstrdup(value); + c->username_from_proto = 1; } else if (!strcmp(key, "password")) { free(c->password); c->password = xstrdup(value); @@ -349,10 +380,14 @@ void credential_from_url(struct credential *c, const char *url) else if (!colon || at <= colon) { /* Case (2) */ c->username = url_decode_mem(cp, at - cp); + if (c->username && *c->username) + c->username_from_proto = 1; host = at + 1; } else { /* Case (3) */ c->username = url_decode_mem(cp, colon - cp); + if (c->username && *c->username) + c->username_from_proto = 1; c->password = url_decode_mem(colon + 1, at - (colon + 1)); host = at + 1; } diff --git a/credential.h b/credential.h index a5a3ee9bb8..fec7815dd0 100644 --- a/credential.h +++ b/credential.h @@ -118,7 +118,8 @@ struct credential { unsigned approved:1, configured:1, quit:1, - use_http_path:1; + use_http_path:1, + username_from_proto:1; char *username; char *password; @@ -479,6 +479,21 @@ void strbuf_addbuf_percentquote(struct strbuf *dst, const struct strbuf *src) } } +#define URL_UNSAFE_CHARS " <>\"%{}|\\^`:/?#[]@!$&'()*+,;=" + +void strbuf_add_percentencode(struct strbuf *dst, const char *src) +{ + size_t i, len = strlen(src); + + for (i = 0; i < len; i++) { + unsigned char ch = src[i]; + if (ch <= 0x1F || ch >= 0x7F || strchr(URL_UNSAFE_CHARS, ch)) + strbuf_addf(dst, "%%%02X", (unsigned char)ch); + else + strbuf_addch(dst, ch); + } +} + size_t strbuf_fread(struct strbuf *sb, size_t size, FILE *f) { size_t res; @@ -379,6 +379,12 @@ size_t strbuf_expand_dict_cb(struct strbuf *sb, void strbuf_addbuf_percentquote(struct strbuf *dst, const struct strbuf *src); /** + * Append the contents of a string to a strbuf, percent-encoding any characters + * that are needed to be encoded for a URL. + */ +void strbuf_add_percentencode(struct strbuf *dst, const char *src); + +/** * Append the given byte size as a human-readable string (i.e. 12.23 KiB, * 3.50 MiB). */ diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh index 82eaaea0f4..39f097ea9e 100755 --- a/t/t0300-credentials.sh +++ b/t/t0300-credentials.sh @@ -240,6 +240,57 @@ test_expect_success 'do not match configured credential' ' EOF ' +test_expect_success 'match multiple configured helpers' ' + test_config credential.helper "verbatim \"\" \"\"" && + test_config credential.https://example.com.helper "$HELPER" && + check fill <<-\EOF + protocol=https + host=example.com + path=repo.git + -- + protocol=https + host=example.com + username=foo + password=bar + -- + verbatim: get + verbatim: protocol=https + verbatim: host=example.com + EOF +' + +test_expect_success 'match multiple configured helpers with URLs' ' + test_config credential.https://example.com/repo.git.helper "verbatim \"\" \"\"" && + test_config credential.https://example.com.helper "$HELPER" && + check fill <<-\EOF + protocol=https + host=example.com + path=repo.git + -- + protocol=https + host=example.com + username=foo + password=bar + -- + verbatim: get + verbatim: protocol=https + verbatim: host=example.com + EOF +' + +test_expect_success 'match percent-encoded values' ' + test_config credential.https://example.com/%2566.git.helper "$HELPER" && + check fill <<-\EOF + url=https://example.com/%2566.git + -- + protocol=https + host=example.com + username=foo + password=bar + -- + EOF +' + test_expect_success 'pull username from config' ' test_config credential.https://example.com.username foo && check fill <<-\EOF @@ -255,6 +306,63 @@ test_expect_success 'pull username from config' ' EOF ' +test_expect_success 'honors username from URL over helper (URL)' ' + test_config credential.https://example.com.username bob && + test_config credential.https://example.com.helper "verbatim \"\" bar" && + check fill <<-\EOF + url=https://alice@example.com + -- + protocol=https + host=example.com + username=alice + password=bar + -- + verbatim: get + verbatim: protocol=https + verbatim: host=example.com + verbatim: username=alice + EOF +' + +test_expect_success 'honors username from URL over helper (components)' ' + test_config credential.https://example.com.username bob && + test_config credential.https://example.com.helper "verbatim \"\" bar" && + check fill <<-\EOF + protocol=https + host=example.com + username=alice + -- + protocol=https + host=example.com + username=alice + password=bar + -- + verbatim: get + verbatim: protocol=https + verbatim: host=example.com + verbatim: username=alice + EOF +' + +test_expect_success 'last matching username wins' ' + test_config credential.https://example.com/path.git.username bob && + test_config credential.https://example.com.username alice && + test_config credential.https://example.com.helper "verbatim \"\" bar" && + check fill <<-\EOF + url=https://example.com/path.git + -- + protocol=https + host=example.com + username=alice + password=bar + -- + verbatim: get + verbatim: protocol=https + verbatim: host=example.com + verbatim: username=alice + EOF +' + test_expect_success 'http paths can be part of context' ' check fill "verbatim foo bar" <<-\EOF && protocol=https @@ -289,6 +397,26 @@ test_expect_success 'http paths can be part of context' ' EOF ' +test_expect_success 'context uses urlmatch' ' + test_config "credential.https://*.org.useHttpPath" true && + check fill "verbatim foo bar" <<-\EOF + protocol=https + host=example.org + path=foo.git + -- + protocol=https + host=example.org + path=foo.git + username=foo + password=bar + -- + verbatim: get + verbatim: protocol=https + verbatim: host=example.org + verbatim: path=foo.git + EOF +' + test_expect_success 'helpers can abort the process' ' test_must_fail git \ -c credential.helper="!f() { echo quit=1; }; f" \ diff --git a/t/t1300-config.sh b/t/t1300-config.sh index 5464c46c18..97ebfe1f9d 100755 --- a/t/t1300-config.sh +++ b/t/t1300-config.sh @@ -1408,6 +1408,8 @@ test_expect_success 'urlmatch favors more specific URLs' ' cookieFile = /tmp/wildcard.txt [http "https://*.example.com/wildcardwithsubdomain"] cookieFile = /tmp/wildcardwithsubdomain.txt + [http "https://*.example.*"] + cookieFile = /tmp/multiwildcard.txt [http "https://trailing.example.com"] cookieFile = /tmp/trailing.txt [http "https://user@*.example.com/"] @@ -1454,6 +1456,10 @@ test_expect_success 'urlmatch favors more specific URLs' ' echo http.cookiefile /tmp/sub.txt >expect && git config --get-urlmatch HTTP https://user@sub.example.com >actual && + test_cmp expect actual && + + echo http.cookiefile /tmp/multiwildcard.txt >expect && + git config --get-urlmatch HTTP https://wildcard.example.org >actual && test_cmp expect actual ' diff --git a/urlmatch.c b/urlmatch.c index 3e42bd7504..29272a5c4f 100644 --- a/urlmatch.c +++ b/urlmatch.c @@ -557,6 +557,8 @@ int urlmatch_config_entry(const char *var, const char *value, void *cb) const char *key, *dot; struct strbuf synthkey = STRBUF_INIT; int retval; + int (*select_fn)(const struct urlmatch_item *a, const struct urlmatch_item *b) = + collect->select_fn ? collect->select_fn : cmp_matches; if (!skip_prefix(var, collect->section, &key) || *(key++) != '.') { if (collect->cascade_fn) @@ -587,7 +589,7 @@ int urlmatch_config_entry(const char *var, const char *value, void *cb) if (!item->util) { item->util = xcalloc(1, sizeof(matched)); } else { - if (cmp_matches(&matched, item->util) < 0) + if (select_fn(&matched, item->util) < 0) /* * Our match is worse than the old one, * we cannot use it. diff --git a/urlmatch.h b/urlmatch.h index eed5f29235..2407520731 100644 --- a/urlmatch.h +++ b/urlmatch.h @@ -50,6 +50,15 @@ struct urlmatch_config { void *cb; int (*collect_fn)(const char *var, const char *value, void *cb); int (*cascade_fn)(const char *var, const char *value, void *cb); + /* + * Compare the two matches, the one just discovered and the existing + * best match and return a negative value if the found item is to be + * rejected or a non-negative value if it is to be accepted. If this + * field is set to NULL, use the default comparison technique, which + * checks to ses if found is better (according to the urlmatch + * specificity rules) than existing. + */ + int (*select_fn)(const struct urlmatch_item *found, const struct urlmatch_item *existing); }; int urlmatch_config_entry(const char *var, const char *value, void *cb); |