<feed xmlns='http://www.w3.org/2005/Atom'>
<title>git/builtin/credential-cache--daemon.c, branch v2.48.2</title>
<subtitle>Mirror of https://git.kernel.org/pub/scm/git/git.git/
</subtitle>
<id>https://git.shady.money/git/atom?h=v2.48.2</id>
<link rel='self' href='https://git.shady.money/git/atom?h=v2.48.2'/>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/'/>
<updated>2024-09-13T21:32:24Z</updated>
<entry>
<title>builtin: remove USE_THE_REPOSITORY_VARIABLE from builtin.h</title>
<updated>2024-09-13T21:32:24Z</updated>
<author>
<name>John Cai</name>
<email>johncai86@gmail.com</email>
</author>
<published>2024-09-13T21:16:15Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=03eae9afb447ad4add2f18a1adb3589f050d596f'/>
<id>urn:sha1:03eae9afb447ad4add2f18a1adb3589f050d596f</id>
<content type='text'>
Instead of including USE_THE_REPOSITORY_VARIABLE by default on every
builtin, remove it from builtin.h and add it to all the builtins that
include builtin.h (by definition, that means all builtins/*.c).

Also, remove the include statement for repository.h since it gets
brought in through builtin.h.

The next step will be to migrate each builtin
from having to use the_repository.

Signed-off-by: John Cai &lt;johncai86@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>builtin: add a repository parameter for builtin functions</title>
<updated>2024-09-13T21:27:08Z</updated>
<author>
<name>John Cai</name>
<email>johncai86@gmail.com</email>
</author>
<published>2024-09-13T21:16:14Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=9b1cb5070ffb581798763eaee85cec10da969e90'/>
<id>urn:sha1:9b1cb5070ffb581798763eaee85cec10da969e90</id>
<content type='text'>
In order to reduce the usage of the global the_repository, add a
parameter to builtin functions that will get passed a repository
variable.

This commit uses UNUSED on most of the builtin functions, as subsequent
commits will modify the actual builtins to pass the repository parameter
down.

Signed-off-by: John Cai &lt;johncai86@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Merge branch 'bc/credential-scheme-enhancement'</title>
<updated>2024-05-08T17:18:44Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2024-05-08T17:18:44Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=c5c9acf77d9bced87c758e8c8aba13a438d34802'/>
<id>urn:sha1:c5c9acf77d9bced87c758e8c8aba13a438d34802</id>
<content type='text'>
The credential helper protocol, together with the HTTP layer, have
been enhanced to support authentication schemes different from
username &amp; password pair, like Bearer and NTLM.

* bc/credential-scheme-enhancement:
  credential: add method for querying capabilities
  credential-cache: implement authtype capability
  t: add credential tests for authtype
  credential: add support for multistage credential rounds
  t5563: refactor for multi-stage authentication
  docs: set a limit on credential line length
  credential: enable state capability
  credential: add an argument to keep state
  http: add support for authtype and credential
  docs: indicate new credential protocol fields
  credential: add a field called "ephemeral"
  credential: gate new fields on capability
  credential: add a field for pre-encoded credentials
  http: use new headers for each object request
  remote-curl: reset headers on new request
  credential: add an authtype field
</content>
</entry>
<entry>
<title>credential-cache: implement authtype capability</title>
<updated>2024-04-17T05:39:08Z</updated>
<author>
<name>brian m. carlson</name>
<email>sandals@crustytoothpaste.net</email>
</author>
<published>2024-04-17T00:02:39Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=40220f48b1895c7c4c824c3c33576399128fbc0f'/>
<id>urn:sha1:40220f48b1895c7c4c824c3c33576399128fbc0f</id>
<content type='text'>
Now that we have full support in Git for the authtype capability, let's
add support to the cache credential helper.

When parsing data, we always set the initial capabilities because we're
the helper, and we need both the initial and helper capabilities to be
set in order to have the helper capabilities take effect.

When emitting data, always emit the supported capability and make sure
we emit items only if we have them and they're supported by the caller.
Since we may no longer have a username or password, be sure to emit
those conditionally as well so we don't segfault on a NULL pointer.
Similarly, when comparing credentials, consider both the password and
credential fields when we're matching passwords.

Adjust the partial credential detection code so that we can store
credentials missing a username or password as long as they have an
authtype and credential.

Signed-off-by: brian m. carlson &lt;sandals@crustytoothpaste.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>credential: gate new fields on capability</title>
<updated>2024-04-17T05:39:06Z</updated>
<author>
<name>brian m. carlson</name>
<email>sandals@crustytoothpaste.net</email>
</author>
<published>2024-04-17T00:02:29Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=ca9ccbf67450ffcda235970f0693794cee912562'/>
<id>urn:sha1:ca9ccbf67450ffcda235970f0693794cee912562</id>
<content type='text'>
We support the new credential and authtype fields, but we lack a way to
indicate to a credential helper that we'd like them to be used.  Without
some sort of indication, the credential helper doesn't know if it should
try to provide us a username and password, or a pre-encoded credential.
For example, the helper might prefer a more restricted Bearer token if
pre-encoded credentials are possible, but might have to fall back to
more general username and password if not.

Let's provide a simple way to indicate whether Git (or, for that matter,
the helper) is capable of understanding the authtype and credential
fields.  We send this capability when we generate a request, and the
other side may reply to indicate to us that it does, too.

For now, don't enable sending capabilities for the HTTP code.  In a
future commit, we'll introduce appropriate handling for that code,
which requires more in-depth work.

The logic for determining whether a capability is supported may seem
complex, but it is not.  At each stage, we emit the capability to the
following stage if all preceding stages have declared it.  Thus, if the
caller to git credential fill didn't declare it, then we won't send it
to the helper, and if fill's caller did send but the helper doesn't
understand it, then we won't send it on in the response.  If we're an
internal user, then we know about all capabilities and will request
them.

For "git credential approve" and "git credential reject", we set the
helper capability before calling the helper, since we assume that the
input we're getting from the external program comes from a previous call
to "git credential fill", and thus we'll invoke send a capability to the
helper if and only if we got one from the standard input, which is the
correct behavior.

Signed-off-by: brian m. carlson &lt;sandals@crustytoothpaste.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Win32: detect unix socket support at runtime</title>
<updated>2024-04-03T21:54:28Z</updated>
<author>
<name>Matthias Aßhauer</name>
<email>mha1993@live.de</email>
</author>
<published>2024-04-03T15:42:02Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=2406bf5fc5fbaa042e05fc0001ba72beb888d60f'/>
<id>urn:sha1:2406bf5fc5fbaa042e05fc0001ba72beb888d60f</id>
<content type='text'>
Windows 10 build 17063 introduced support for unix sockets to Windows.
bb390b1 (git-compat-util: include declaration for unix sockets in
windows, 2021-09-14) introduced a way to build git with unix socket
support on Windows, but you still had to decide at build time which
Windows version the compiled executable was supposed to run on.

We can detect at runtime wether the operating system supports unix
sockets and act accordingly for all supported Windows versions.

This fixes https://github.com/git-for-windows/git/issues/3892

Signed-off-by: Matthias Aßhauer &lt;mha1993@live.de&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>git-compat-util: move alloc macros to git-compat-util.h</title>
<updated>2023-07-05T18:42:31Z</updated>
<author>
<name>Calvin Wan</name>
<email>calvinwan@google.com</email>
</author>
<published>2023-07-05T17:09:24Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=91c080dff511b7a81f91d1cc79589b49e16a2b7a'/>
<id>urn:sha1:91c080dff511b7a81f91d1cc79589b49e16a2b7a</id>
<content type='text'>
alloc_nr, ALLOC_GROW, and ALLOC_GROW_BY are commonly used macros for
dynamic array allocation. Moving these macros to git-compat-util.h with
the other alloc macros focuses alloc.[ch] to allocation for Git objects
and additionally allows us to remove inclusions to alloc.h from files
that solely used the above macros.

Signed-off-by: Calvin Wan &lt;calvinwan@google.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>credential: erase all matching credentials</title>
<updated>2023-06-15T20:26:41Z</updated>
<author>
<name>M Hickford</name>
<email>mirth.hickford@gmail.com</email>
</author>
<published>2023-06-15T19:19:33Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=6c26da8404c8acfed62fa4775b7b591f099bcd33'/>
<id>urn:sha1:6c26da8404c8acfed62fa4775b7b591f099bcd33</id>
<content type='text'>
`credential reject` sends the erase action to each helper, but the
exact behaviour of erase isn't specified in documentation or tests.
Some helpers (such as credential-store and credential-libsecret) delete
all matching credentials, others (such as credential-cache) delete at
most one matching credential.

Test that helpers erase all matching credentials. This behaviour is
easiest to reason about. Users expect that `echo
"url=https://example.com" | git credential reject` or `echo
"url=https://example.com\nusername=tim" | git credential reject` erase
all matching credentials.

Fix credential-cache.

Signed-off-by: M Hickford &lt;mirth.hickford@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>credential: avoid erasing distinct password</title>
<updated>2023-06-15T20:26:39Z</updated>
<author>
<name>M Hickford</name>
<email>mirth.hickford@gmail.com</email>
</author>
<published>2023-06-15T19:19:32Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=aeb21ce22eec112b37975443a160cb5418c6ec22'/>
<id>urn:sha1:aeb21ce22eec112b37975443a160cb5418c6ec22</id>
<content type='text'>
Test that credential helpers do not erase a password distinct from the
input. Such calls can happen when multiple credential helpers are
configured.

Fixes for credential-cache and credential-store.

Signed-off-by: M Hickford &lt;mirth.hickford@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Merge branch 'mh/credential-oauth-refresh-token'</title>
<updated>2023-05-10T17:23:29Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2023-05-10T17:23:28Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=2ca91d1ee07f934fa7f57ba34c397b150eef023f'/>
<id>urn:sha1:2ca91d1ee07f934fa7f57ba34c397b150eef023f</id>
<content type='text'>
The credential subsystem learns to help OAuth framework.

* mh/credential-oauth-refresh-token:
  credential: new attribute oauth_refresh_token
</content>
</entry>
</feed>
