<feed xmlns='http://www.w3.org/2005/Atom'>
<title>git/credential.h, branch v2.31.2</title>
<subtitle>Mirror of https://git.kernel.org/pub/scm/git/git.git/
</subtitle>
<id>https://git.shady.money/git/atom?h=v2.31.2</id>
<link rel='self' href='https://git.shady.money/git/atom?h=v2.31.2'/>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/'/>
<updated>2020-05-05T05:56:33Z</updated>
<entry>
<title>credential: correct order of parameters for credential_match</title>
<updated>2020-05-05T05:56:33Z</updated>
<author>
<name>Carlo Marcelo Arenas Belón</name>
<email>carenas@gmail.com</email>
</author>
<published>2020-05-05T01:39:06Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=bb987657690b447ae9162ef3a5841d26eb82d806'/>
<id>urn:sha1:bb987657690b447ae9162ef3a5841d26eb82d806</id>
<content type='text'>
Since the beginning in 118250728e (credential: apply helper config,
2011-12-10), the declaration for that function used a different order
than the implementation.

All callers use the same order than the implementation, so update
the declaration in credential.h to match.

Reviewed-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Carlo Marcelo Arenas Belón &lt;carenas@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>credential: update description for credential_from_url_gently</title>
<updated>2020-05-05T05:56:32Z</updated>
<author>
<name>Carlo Marcelo Arenas Belón</name>
<email>carenas@gmail.com</email>
</author>
<published>2020-05-05T01:39:05Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=7f53583834f991eadcc371932e117317cb3c65c5'/>
<id>urn:sha1:7f53583834f991eadcc371932e117317cb3c65c5</id>
<content type='text'>
c44088ecc4 (credential: treat URL without scheme as invalid, 2020-04-18)
changes the implementation for this function to return -1 if protocol is
missing.

Update blurb to match implementation.

Reviewed-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Carlo Marcelo Arenas Belón &lt;carenas@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Git 2.26.1</title>
<updated>2020-03-25T20:07:47Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2020-03-25T20:07:47Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=de49261b050d9cd8ec73842356077bc5b606640f'/>
<id>urn:sha1:de49261b050d9cd8ec73842356077bc5b606640f</id>
<content type='text'>
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Git 2.25.3</title>
<updated>2020-03-18T01:12:01Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2020-03-18T01:12:01Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=67b0a24910fbb23c8f5e7a2c61c339818bc68296'/>
<id>urn:sha1:67b0a24910fbb23c8f5e7a2c61c339818bc68296</id>
<content type='text'>
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>credential: detect unrepresentable values when parsing urls</title>
<updated>2020-03-12T06:55:24Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2020-03-12T05:31:11Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=c716fe4bd917e013bf376a678b3a924447777b2d'/>
<id>urn:sha1:c716fe4bd917e013bf376a678b3a924447777b2d</id>
<content type='text'>
The credential protocol can't represent newlines in values, but URLs can
embed percent-encoded newlines in various components. A previous commit
taught the low-level writing routines to die() when encountering this,
but we can be a little friendlier to the user by detecting them earlier
and handling them gracefully.

This patch teaches credential_from_url() to notice such components,
issue a warning, and blank the credential (which will generally result
in prompting the user for a username and password). We blank the whole
credential in this case. Another option would be to blank only the
invalid component. However, we're probably better off not feeding a
partially-parsed URL result to a credential helper. We don't know how a
given helper would handle it, so we're better off to err on the side of
matching nothing rather than something unexpected.

The die() call in credential_write() is _probably_ impossible to reach
after this patch. Values should end up in credential structs only by URL
parsing (which is covered here), or by reading credential protocol input
(which by definition cannot read a newline into a value). But we should
definitely keep the low-level check, as it's our final and most accurate
line of defense against protocol injection attacks. Arguably it could
become a BUG(), but it probably doesn't matter much either way.

Note that the public interface of credential_from_url() grows a little
more than we need here. We'll use the extra flexibility in a future
patch to help fsck catch these cases.
</content>
</entry>
<entry>
<title>Merge branch 'bc/wildcard-credential'</title>
<updated>2020-03-05T18:43:02Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2020-03-05T18:43:02Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=2cbb0586697585995908c325a0c70aad37602274'/>
<id>urn:sha1:2cbb0586697585995908c325a0c70aad37602274</id>
<content type='text'>
A configuration element used for credential subsystem can now use
wildcard pattern to specify for which set of URLs the entry
applies.

* bc/wildcard-credential:
  credential: allow wildcard patterns when matching config
  credential: use the last matching username in the config
  t0300: add tests for some additional cases
  t1300: add test for urlmatch with multiple wildcards
  mailmap: add an additional email address for brian m. carlson
</content>
</entry>
<entry>
<title>credential: use the last matching username in the config</title>
<updated>2020-02-20T21:05:43Z</updated>
<author>
<name>brian m. carlson</name>
<email>bk2204@github.com</email>
</author>
<published>2020-02-20T02:24:12Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=82eb249853868582d8ba65e3afc5a7dcaeb620ea'/>
<id>urn:sha1:82eb249853868582d8ba65e3afc5a7dcaeb620ea</id>
<content type='text'>
Everywhere else in the codebase, we use the rule that the last matching
configuration option is the one that takes effect.  This is helpful
because it allows more specific configuration settings (e.g., per-repo
configuration) to override less specific settings (e.g., per-user
configuration).

However, in the credential code, we didn't honor this setting, and
instead picked the first setting we had, and stuck with it.  This was
likely to ensure we picked the value from the URL, which we want to
honor over the configuration.

It's possible to do both, though, so let's check if the value is the one
we've gotten over our protocol connection, which if present will have
come from the URL, and keep it if so.  Otherwise, let's overwrite the
value with the latest version we've got from the configuration, so we
keep the last configuration value.

Signed-off-by: brian m. carlson &lt;bk2204@github.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>doc: move credential helper info into gitcredentials(7)</title>
<updated>2020-02-14T22:43:16Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2020-02-14T18:54:59Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=cc4f2eb8281ab9f6f71694834ea01c93572d224a'/>
<id>urn:sha1:cc4f2eb8281ab9f6f71694834ea01c93572d224a</id>
<content type='text'>
The details of how credential helpers can be called or implemented were
originally covered in Documentation/technical/. Those are topics that
end users might care about (and we even referenced them in the
credentials manpage), but those docs typically don't ship as part of the
end user documentation, making them less useful.

This situation got slightly worse recently in f3b9055624 (credential:
move doc to credential.h, 2019-11-17), where we moved them into the C
header file, making them even harder to find.

So let's move put this information into the gitcredentials(7)
documentation, which is meant to describe the overall concepts of our
credential handling. This was already pointing to the API docs for these
concepts, so we can just include it inline instead.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>credential: move doc to credential.h</title>
<updated>2019-11-18T06:21:29Z</updated>
<author>
<name>Heba Waly</name>
<email>heba.waly@gmail.com</email>
</author>
<published>2019-11-17T21:04:53Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=f3b9055624cb797b1956f100a40104c9aceb4835'/>
<id>urn:sha1:f3b9055624cb797b1956f100a40104c9aceb4835</id>
<content type='text'>
Move the documentation from Documentation/technical/api-credentials.txt
to credential.h as it's easier for the developers to find the usage
information beside the code instead of looking for it in another doc file.

Documentation/technical/api-credentials.txt is removed because the
information it has is now redundant and it'll be hard to keep it up to
date and synchronized with the documentation in the header file.

Documentation/git-credential.txt and Documentation/gitcredentials.txt now link
to credential.h instead of Documentation/technical/api-credentials.txt for
details about the credetials API.

Signed-off-by: Heba Waly &lt;heba.waly@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>credential: let helpers tell us to quit</title>
<updated>2014-12-04T18:11:12Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2014-12-04T03:46:48Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=59b386526a6cdd0289cdf35dd8038ae1bdfd630f'/>
<id>urn:sha1:59b386526a6cdd0289cdf35dd8038ae1bdfd630f</id>
<content type='text'>
When we are trying to fill a credential, we loop over the
set of defined credential-helpers, then fall back to running
askpass, and then finally prompt on the terminal. Helpers
which cannot find a credential are free to tell us nothing,
but they cannot currently ask us to stop prompting.

This patch lets them provide a "quit" attribute, which asks
us to stop the process entirely (avoiding running more
helpers, as well as the askpass/terminal prompt).

This has a few possible uses:

  1. A helper which prompts the user itself (e.g., in a
     dialog) can provide a "cancel" button to the user to
     stop further prompts.

  2. Some helpers may know that prompting cannot possibly
     work. For example, if their role is to broker a ticket
     from an external auth system and that auth system
     cannot be contacted, there is no point in continuing
     (we need a ticket to authenticate, and the user cannot
     provide one by typing it in).

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
</feed>
