kernel
/
git
mirror of https://git.kernel.org/pub/scm/git/git.git
1
0
Fork 0
Code Releases Activity

credential: avoid erasing distinct password 

Test that credential helpers do not erase a password distinct from the
input. Such calls can happen when multiple credential helpers are
configured.

Fixes for credential-cache and credential-store.

Signed-off-by: M Hickford <mirth.hickford@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
maint
M Hickford 2023-06-15 19:19:32 +00:00 committed by Junio C Hamano
parent fe86abd751
commit aeb21ce22e
5 changed files with 90 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
builtin/credential-cache--daemon.c
View File

@ -33,22 +33,22 @@ static void cache_credential(struct credential *c, int timeout)
e->expiration = time(NULL) + timeout; e->expiration = time(NULL) + timeout;
} }


static struct credential_cache_entry *lookup_credential(const struct credential *c) static struct credential_cache_entry *lookup_credential(const struct credential *c, int match_password)
{ {
int i; int i;
for (i = 0; i < entries_nr; i++) { for (i = 0; i < entries_nr; i++) {
struct credential *e = &entries[i].item; struct credential *e = &entries[i].item;
if (credential_match(c, e)) if (credential_match(c, e, match_password))
return &entries[i]; return &entries[i];
} }
return NULL; return NULL;
} }


static void remove_credential(const struct credential *c) static void remove_credential(const struct credential *c, int match_password)
{ {
struct credential_cache_entry *e; struct credential_cache_entry *e;


e = lookup_credential(c); e = lookup_credential(c, match_password);
if (e) if (e)
e->expiration = 0; e->expiration = 0;
} }
@ -127,7 +127,7 @@ static void serve_one_client(FILE *in, FILE *out)
if (read_request(in, &c, &action, &timeout) < 0) if (read_request(in, &c, &action, &timeout) < 0)
/* ignore error */ ; /* ignore error */ ;
else if (!strcmp(action.buf, "get")) { else if (!strcmp(action.buf, "get")) {
struct credential_cache_entry *e = lookup_credential(&c); struct credential_cache_entry *e = lookup_credential(&c, 0);
if (e) { if (e) {
fprintf(out, "username=%s\n", e->item.username); fprintf(out, "username=%s\n", e->item.username);
fprintf(out, "password=%s\n", e->item.password); fprintf(out, "password=%s\n", e->item.password);
@ -151,14 +151,14 @@ static void serve_one_client(FILE *in, FILE *out)
exit(0); exit(0);
} }
else if (!strcmp(action.buf, "erase")) else if (!strcmp(action.buf, "erase"))
remove_credential(&c); remove_credential(&c, 1);
else if (!strcmp(action.buf, "store")) { else if (!strcmp(action.buf, "store")) {
if (timeout < 0) if (timeout < 0)
warning("cache client didn't specify a timeout"); warning("cache client didn't specify a timeout");
else if (!c.username || !c.password) else if (!c.username || !c.password)
warning("cache client gave us a partial credential"); warning("cache client gave us a partial credential");
else { else {
remove_credential(&c); remove_credential(&c, 0);
cache_credential(&c, timeout); cache_credential(&c, timeout);
} }
} }

15
builtin/credential-store.c
View File

@ -13,7 +13,8 @@ static struct lock_file credential_lock;
static int parse_credential_file(const char *fn, static int parse_credential_file(const char *fn,
struct credential *c, struct credential *c,
void (*match_cb)(struct credential *), void (*match_cb)(struct credential *),
void (*other_cb)(struct strbuf *)) void (*other_cb)(struct strbuf *),
int match_password)
{ {
FILE *fh; FILE *fh;
struct strbuf line = STRBUF_INIT; struct strbuf line = STRBUF_INIT;
@ -30,7 +31,7 @@ static int parse_credential_file(const char *fn,
while (strbuf_getline_lf(&line, fh) != EOF) { while (strbuf_getline_lf(&line, fh) != EOF) {
if (!credential_from_url_gently(&entry, line.buf, 1) && if (!credential_from_url_gently(&entry, line.buf, 1) &&
entry.username && entry.password && entry.username && entry.password &&
credential_match(c, &entry)) { credential_match(c, &entry, match_password)) {
found_credential = 1; found_credential = 1;
if (match_cb) { if (match_cb) {
match_cb(&entry); match_cb(&entry);
@ -60,7 +61,7 @@ static void print_line(struct strbuf *buf)
} }


static void rewrite_credential_file(const char *fn, struct credential *c, static void rewrite_credential_file(const char *fn, struct credential *c,
struct strbuf *extra) struct strbuf *extra, int match_password)
{ {
int timeout_ms = 1000; int timeout_ms = 1000;


@ -69,7 +70,7 @@ static void rewrite_credential_file(const char *fn, struct credential *c,
die_errno(_("unable to get credential storage lock in %d ms"), timeout_ms); die_errno(_("unable to get credential storage lock in %d ms"), timeout_ms);
if (extra) if (extra)
print_line(extra); print_line(extra);
parse_credential_file(fn, c, NULL, print_line); parse_credential_file(fn, c, NULL, print_line, match_password);
if (commit_lock_file(&credential_lock) < 0) if (commit_lock_file(&credential_lock) < 0)
die_errno("unable to write credential store"); die_errno("unable to write credential store");
} }
@ -91,7 +92,7 @@ static void store_credential_file(const char *fn, struct credential *c)
is_rfc3986_reserved_or_unreserved); is_rfc3986_reserved_or_unreserved);
} }


rewrite_credential_file(fn, c, &buf); rewrite_credential_file(fn, c, &buf, 0);
strbuf_release(&buf); strbuf_release(&buf);
} }


@ -138,7 +139,7 @@ static void remove_credential(const struct string_list *fns, struct credential *
return; return;
for_each_string_list_item(fn, fns) for_each_string_list_item(fn, fns)
if (!access(fn->string, F_OK)) if (!access(fn->string, F_OK))
rewrite_credential_file(fn->string, c, NULL); rewrite_credential_file(fn->string, c, NULL, 1);
} }


static void lookup_credential(const struct string_list *fns, struct credential *c) static void lookup_credential(const struct string_list *fns, struct credential *c)
@ -146,7 +147,7 @@ static void lookup_credential(const struct string_list *fns, struct credential *
struct string_list_item *fn; struct string_list_item *fn;


for_each_string_list_item(fn, fns) for_each_string_list_item(fn, fns)
if (parse_credential_file(fn->string, c, print_entry, NULL)) if (parse_credential_file(fn->string, c, print_entry, NULL, 0))
return; /* Found credential */ return; /* Found credential */
} }



7
credential.c
View File

@ -33,13 +33,14 @@ void credential_clear(struct credential *c)
} }


int credential_match(const struct credential *want, int credential_match(const struct credential *want,
const struct credential *have) const struct credential *have, int match_password)
{ {
#define CHECK(x) (!want->x || (have->x && !strcmp(want->x, have->x))) #define CHECK(x) (!want->x || (have->x && !strcmp(want->x, have->x)))
return CHECK(protocol) && return CHECK(protocol) &&
CHECK(host) && CHECK(host) &&
CHECK(path) && CHECK(path) &&
CHECK(username); CHECK(username) &&
(!match_password || CHECK(password));
#undef CHECK #undef CHECK
} }


@ -102,7 +103,7 @@ static int match_partial_url(const char *url, void *cb)
warning(_("skipping credential lookup for key: credential.%s"), warning(_("skipping credential lookup for key: credential.%s"),
url); url);
else else
matches = credential_match(&want, c); matches = credential_match(&want, c, 0);
credential_clear(&want); credential_clear(&want);


return matches; return matches;

2
credential.h
View File

@ -211,6 +211,6 @@ void credential_from_url(struct credential *, const char *url);
int credential_from_url_gently(struct credential *, const char *url, int quiet); int credential_from_url_gently(struct credential *, const char *url, int quiet);


int credential_match(const struct credential *want, int credential_match(const struct credential *want,
const struct credential *have); const struct credential *have, int match_password);


#endif /* CREDENTIAL_H */ #endif /* CREDENTIAL_H */

70
t/lib-credential.sh
View File

@ -44,6 +44,8 @@ helper_test_clean() {
reject $1 https example.com user1 reject $1 https example.com user1
reject $1 https example.com user2 reject $1 https example.com user2
reject $1 https example.com user4 reject $1 https example.com user4
reject $1 https example.com user-distinct-pass
reject $1 https example.com user-overwrite
reject $1 http path.tld user reject $1 http path.tld user
reject $1 https timeout.tld user reject $1 https timeout.tld user
reject $1 https sso.tld reject $1 https sso.tld
@ -167,6 +169,49 @@ helper_test() {
EOF EOF
' '


test_expect_success "helper ($HELPER) overwrites on store" '
check approve $HELPER <<-\EOF &&
protocol=https
host=example.com
username=user-overwrite
password=pass1
EOF
check approve $HELPER <<-\EOF &&
protocol=https
host=example.com
username=user-overwrite
password=pass2
EOF
check fill $HELPER <<-\EOF &&
protocol=https
host=example.com
username=user-overwrite
--
protocol=https
host=example.com
username=user-overwrite
password=pass2
EOF
check reject $HELPER <<-\EOF &&
protocol=https
host=example.com
username=user-overwrite
password=pass2
EOF
check fill $HELPER <<-\EOF
protocol=https
host=example.com
username=user-overwrite
--
protocol=https
host=example.com
username=user-overwrite
password=askpass-password
--
askpass: Password for '\''https://user-overwrite@example.com'\'':
EOF
'

test_expect_success "helper ($HELPER) can forget host" ' test_expect_success "helper ($HELPER) can forget host" '
check reject $HELPER <<-\EOF && check reject $HELPER <<-\EOF &&
protocol=https protocol=https
@ -221,6 +266,31 @@ helper_test() {
EOF EOF
' '


test_expect_success "helper ($HELPER) does not erase a password distinct from input" '
check approve $HELPER <<-\EOF &&
protocol=https
host=example.com
username=user-distinct-pass
password=pass1
EOF
check reject $HELPER <<-\EOF &&
protocol=https
host=example.com
username=user-distinct-pass
password=pass2
EOF
check fill $HELPER <<-\EOF
protocol=https
host=example.com
username=user-distinct-pass
--
protocol=https
host=example.com
username=user-distinct-pass
password=pass1
EOF
'

test_expect_success "helper ($HELPER) can forget user" ' test_expect_success "helper ($HELPER) can forget user" '
check reject $HELPER <<-\EOF && check reject $HELPER <<-\EOF &&
protocol=https protocol=https