Message ID | 20181022175248.3940-1-JPEWhacker@gmail.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [v2] send-email: explicitly disable authentication | expand |
On Mon, Oct 22, 2018 at 12:52 PM Joshua Watt <jpewhacker@gmail.com> wrote: > > It can be necessary to disable SMTP authentication by a mechanism other > than sendemail.smtpuser being undefined. For example, if the user has > sendemail.smtpuser set globally but wants to disable authentication > locally in one repository. > > --smtp-auth and sendemail.smtpauth now understand the value 'none' which > means to disable authentication completely, even if an authentication > user is specified. > > The value 'none' is lower case to avoid conflicts with any RFC 4422 > authentication mechanisms. > > The user may also specify the command line argument --no-smtp-auth as a > shorthand for --smtp-auth=none > > Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> > --- > Documentation/git-send-email.txt | 7 ++++++- > git-send-email.perl | 8 ++++++-- > 2 files changed, 12 insertions(+), 3 deletions(-) > > diff --git a/Documentation/git-send-email.txt b/Documentation/git-send-email.txt > index 465a4ecbe..17993e3c9 100644 > --- a/Documentation/git-send-email.txt > +++ b/Documentation/git-send-email.txt > @@ -190,7 +190,9 @@ $ git send-email --smtp-auth="PLAIN LOGIN GSSAPI" ... > If at least one of the specified mechanisms matches the ones advertised by the > SMTP server and if it is supported by the utilized SASL library, the mechanism > is used for authentication. If neither 'sendemail.smtpAuth' nor `--smtp-auth` > -is specified, all mechanisms supported by the SASL library can be used. > +is specified, all mechanisms supported by the SASL library can be used. The > +special value 'none' maybe specified to completely disable authentication > +independently of `--smtp-user` > > --smtp-pass[=<password>]:: > Password for SMTP-AUTH. The argument is optional: If no > @@ -204,6 +206,9 @@ or on the command line. If a username has been specified (with > specified (with `--smtp-pass` or `sendemail.smtpPass`), then > a password is obtained using 'git-credential'. > > +--no-smtp-auth:: > + Disable SMTP authentication. Short hand for `--smtp-auth=none` > + > --smtp-server=<host>:: > If set, specifies the outgoing SMTP server to use (e.g. > `smtp.example.com` or a raw IP address). Alternatively it can > diff --git a/git-send-email.perl b/git-send-email.perl > index 2be5dac33..7d7e69581 100755 > --- a/git-send-email.perl > +++ b/git-send-email.perl > @@ -82,8 +82,11 @@ sub usage { > Pass an empty string to disable certificate > verification. > --smtp-domain <str> * The domain name sent to HELO/EHLO handshake > - --smtp-auth <str> * Space-separated list of allowed AUTH mechanisms. > + --smtp-auth <str> * Space-separated list of allowed AUTH mechanisms, or > + "none" to disable authentication. > This setting forces to use one of the listed mechanisms. > + --no-smtp-auth Disable SMTP authentication. Shorthand for > + `--smtp-auth=none` > --smtp-debug <0|1> * Disable, enable Net::SMTP debug. > > --batch-size <int> * send max <int> message per connection. > @@ -341,6 +344,7 @@ sub signal_handler { > "smtp-debug:i" => \$debug_net_smtp, > "smtp-domain:s" => \$smtp_domain, > "smtp-auth=s" => \$smtp_auth, > + "no-smtp-auth" => sub {$smtp_auth = 'none'}, > "identity=s" => \$identity, > "annotate!" => \$annotate, > "no-annotate" => sub {$annotate = 0}, > @@ -1241,7 +1245,7 @@ sub smtp_host_string { > # (smtp_user was not specified), and 0 otherwise. > > sub smtp_auth_maybe { > - if (!defined $smtp_authuser || $auth) { > + if (!defined $smtp_authuser || $auth || $smtp_auth eq "none") { Oops, this generates a warning when no smtp auth argument is supplied (comparison to undefined value). Version 3 will be along shortly. > return 1; > } > > -- > 2.19.1.543.g99a77c85e.dirty >
Joshua Watt <jpewhacker@gmail.com> writes: > It can be necessary to disable SMTP authentication by a mechanism other > than sendemail.smtpuser being undefined. For example, if the user has > sendemail.smtpuser set globally but wants to disable authentication > locally in one repository. I wonder if it would be more productive to introduce a mechanism that can be used to address that use case more directly. For example, would it help to teach "git send-email" that sendemail.smtpuser set to a particular value (say '!', or empty string if you prefer) is equivalent to the variable unset at all?
On Mon, Oct 22, 2018 at 7:32 PM Junio C Hamano <gitster@pobox.com> wrote: > > Joshua Watt <jpewhacker@gmail.com> writes: > > > It can be necessary to disable SMTP authentication by a mechanism other > > than sendemail.smtpuser being undefined. For example, if the user has > > sendemail.smtpuser set globally but wants to disable authentication > > locally in one repository. > > I wonder if it would be more productive to introduce a mechanism > that can be used to address that use case more directly. For > example, would it help to teach "git send-email" that > sendemail.smtpuser set to a particular value (say '!', or empty > string if you prefer) is equivalent to the variable unset at all? > I'm a little worried that is more likely to break someone's workflow (although, I'm not sure why someone would have such simple username). Using sendemail.smtpauth = "none" is pretty much guaranteed to not break an existing setup because git send-email would previously reject any value that wasn't upper case. I suppose the one disadvantage is that it isn't backward compatible, since setting sendemail.smtpauth to "none" wouldn't work with older versions of git (due to it not being upper case), but I'm not sure how much of a concern that is. IMHO, setting "" or "!" for sendemail.smtpuser probably isn't any more clear or direct for the end user than my solution.
diff --git a/Documentation/git-send-email.txt b/Documentation/git-send-email.txt index 465a4ecbe..17993e3c9 100644 --- a/Documentation/git-send-email.txt +++ b/Documentation/git-send-email.txt @@ -190,7 +190,9 @@ $ git send-email --smtp-auth="PLAIN LOGIN GSSAPI" ... If at least one of the specified mechanisms matches the ones advertised by the SMTP server and if it is supported by the utilized SASL library, the mechanism is used for authentication. If neither 'sendemail.smtpAuth' nor `--smtp-auth` -is specified, all mechanisms supported by the SASL library can be used. +is specified, all mechanisms supported by the SASL library can be used. The +special value 'none' maybe specified to completely disable authentication +independently of `--smtp-user` --smtp-pass[=<password>]:: Password for SMTP-AUTH. The argument is optional: If no @@ -204,6 +206,9 @@ or on the command line. If a username has been specified (with specified (with `--smtp-pass` or `sendemail.smtpPass`), then a password is obtained using 'git-credential'. +--no-smtp-auth:: + Disable SMTP authentication. Short hand for `--smtp-auth=none` + --smtp-server=<host>:: If set, specifies the outgoing SMTP server to use (e.g. `smtp.example.com` or a raw IP address). Alternatively it can diff --git a/git-send-email.perl b/git-send-email.perl index 2be5dac33..7d7e69581 100755 --- a/git-send-email.perl +++ b/git-send-email.perl @@ -82,8 +82,11 @@ sub usage { Pass an empty string to disable certificate verification. --smtp-domain <str> * The domain name sent to HELO/EHLO handshake - --smtp-auth <str> * Space-separated list of allowed AUTH mechanisms. + --smtp-auth <str> * Space-separated list of allowed AUTH mechanisms, or + "none" to disable authentication. This setting forces to use one of the listed mechanisms. + --no-smtp-auth Disable SMTP authentication. Shorthand for + `--smtp-auth=none` --smtp-debug <0|1> * Disable, enable Net::SMTP debug. --batch-size <int> * send max <int> message per connection. @@ -341,6 +344,7 @@ sub signal_handler { "smtp-debug:i" => \$debug_net_smtp, "smtp-domain:s" => \$smtp_domain, "smtp-auth=s" => \$smtp_auth, + "no-smtp-auth" => sub {$smtp_auth = 'none'}, "identity=s" => \$identity, "annotate!" => \$annotate, "no-annotate" => sub {$annotate = 0}, @@ -1241,7 +1245,7 @@ sub smtp_host_string { # (smtp_user was not specified), and 0 otherwise. sub smtp_auth_maybe { - if (!defined $smtp_authuser || $auth) { + if (!defined $smtp_authuser || $auth || $smtp_auth eq "none") { return 1; }
It can be necessary to disable SMTP authentication by a mechanism other than sendemail.smtpuser being undefined. For example, if the user has sendemail.smtpuser set globally but wants to disable authentication locally in one repository. --smtp-auth and sendemail.smtpauth now understand the value 'none' which means to disable authentication completely, even if an authentication user is specified. The value 'none' is lower case to avoid conflicts with any RFC 4422 authentication mechanisms. The user may also specify the command line argument --no-smtp-auth as a shorthand for --smtp-auth=none Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> --- Documentation/git-send-email.txt | 7 ++++++- git-send-email.perl | 8 ++++++-- 2 files changed, 12 insertions(+), 3 deletions(-)