From 59b386526a6cdd0289cdf35dd8038ae1bdfd630f Mon Sep 17 00:00:00 2001 From: Jeff King Date: Wed, 3 Dec 2014 22:46:48 -0500 Subject: credential: let helpers tell us to quit When we are trying to fill a credential, we loop over the set of defined credential-helpers, then fall back to running askpass, and then finally prompt on the terminal. Helpers which cannot find a credential are free to tell us nothing, but they cannot currently ask us to stop prompting. This patch lets them provide a "quit" attribute, which asks us to stop the process entirely (avoiding running more helpers, as well as the askpass/terminal prompt). This has a few possible uses: 1. A helper which prompts the user itself (e.g., in a dialog) can provide a "cancel" button to the user to stop further prompts. 2. Some helpers may know that prompting cannot possibly work. For example, if their role is to broker a ticket from an external auth system and that auth system cannot be contacted, there is no point in continuing (we need a ticket to authenticate, and the user cannot provide one by typing it in). Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- Documentation/technical/api-credentials.txt | 5 ++++- credential.c | 5 +++++ credential.h | 1 + t/t0300-credentials.sh | 9 +++++++++ 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/Documentation/technical/api-credentials.txt b/Documentation/technical/api-credentials.txt index c1b42a40d3..e44426dd04 100644 --- a/Documentation/technical/api-credentials.txt +++ b/Documentation/technical/api-credentials.txt @@ -248,7 +248,10 @@ FORMAT` in linkgit:git-credential[7] for a detailed specification). For a `get` operation, the helper should produce a list of attributes on stdout in the same format. A helper is free to produce a subset, or even no values at all if it has nothing useful to provide. Any provided -attributes will overwrite those already known about by Git. +attributes will overwrite those already known about by Git. If a helper +outputs a `quit` attribute with a value of `true` or `1`, no further +helpers will be consulted, nor will the user be prompted (if no +credential has been provided, the operation will then fail). For a `store` or `erase` operation, the helper's output is ignored. If it fails to perform the requested operation, it may complain to diff --git a/credential.c b/credential.c index 4d79d320f8..0f974f1987 100644 --- a/credential.c +++ b/credential.c @@ -173,6 +173,8 @@ int credential_read(struct credential *c, FILE *fp) c->path = xstrdup(value); } else if (!strcmp(key, "url")) { credential_from_url(c, value); + } else if (!strcmp(key, "quit")) { + c->quit = !!git_config_bool("quit", value); } /* * Ignore other lines; we don't know what they mean, but @@ -275,6 +277,9 @@ void credential_fill(struct credential *c) credential_do(c, c->helpers.items[i].string, "get"); if (c->username && c->password) return; + if (c->quit) + die("credential helper '%s' told us to quit", + c->helpers.items[i].string); } credential_getpass(c); diff --git a/credential.h b/credential.h index 0c3e85e8e4..6b0cd16be2 100644 --- a/credential.h +++ b/credential.h @@ -7,6 +7,7 @@ struct credential { struct string_list helpers; unsigned approved:1, configured:1, + quit:1, use_http_path:1; char *username; diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh index 57ea5a10c5..d7ef44b4a2 100755 --- a/t/t0300-credentials.sh +++ b/t/t0300-credentials.sh @@ -289,4 +289,13 @@ test_expect_success 'http paths can be part of context' ' EOF ' +test_expect_success 'helpers can abort the process' ' + test_must_fail git \ + -c credential.helper="!f() { echo quit=1; }; f" \ + -c credential.helper="verbatim foo bar" \ + credential fill >stdout && + >expect && + test_cmp expect stdout +' + test_done -- cgit v1.2.3 From e652c0eb5d772076f92245c7e076bf6aaf6af223 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Wed, 3 Dec 2014 22:52:29 -0500 Subject: prompt: respect GIT_TERMINAL_PROMPT to disable terminal prompts If you run git as part of an automated system, you might prefer git to die rather than try to issue a prompt on the terminal (because there would be nobody to see it and respond, and the process would hang forever). This usually works out of the box because getpass() (and our more featureful replacements) will fail when there is no tty, but this does not cover all cases. For example, a batch system run via ssh might have a tty, even when the user does not expect it. Let's provide an environment variable the user can set to avoid even trying to touch the tty at all. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- Documentation/git.txt | 4 ++++ prompt.c | 16 ++++++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/Documentation/git.txt b/Documentation/git.txt index 5627845114..72b6a2df14 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -901,6 +901,10 @@ for further details. and read the password from its STDOUT. See also the 'core.askpass' option in linkgit:git-config[1]. +'GIT_TERMINAL_PROMPT':: + If this environment variable is set to `0`, git will not prompt + on the terminal (e.g., when asking for HTTP authentication). + 'GIT_CONFIG_NOSYSTEM':: Whether to skip reading settings from the system-wide `$(prefix)/etc/gitconfig` file. This environment variable can diff --git a/prompt.c b/prompt.c index d7bb17cb66..35ddbfab0c 100644 --- a/prompt.c +++ b/prompt.c @@ -58,11 +58,19 @@ char *git_prompt(const char *prompt, int flags) r = do_askpass(askpass, prompt); } - if (!r) - r = git_terminal_prompt(prompt, flags & PROMPT_ECHO); if (!r) { - /* prompts already contain ": " at the end */ - die("could not read %s%s", prompt, strerror(errno)); + const char *err; + + if (git_env_bool("GIT_TERMINAL_PROMPT", 1)) { + r = git_terminal_prompt(prompt, flags & PROMPT_ECHO); + err = strerror(errno); + } else { + err = "terminal prompts disabled"; + } + if (!r) { + /* prompts already contain ": " at the end */ + die("could not read %s%s", prompt, err); + } } return r; } -- cgit v1.2.3