credential/libsecret: erase matching creds only

Message ID	pull.1527.git.git.1687591293705.gitgitgadget@gmail.com (mailing list archive)
State	Accepted
Commit	7144dee3ec233674ba534797e41fa399708c8313
Headers	show Return-Path: <git-owner@vger.kernel.org> Message-Id: <pull.1527.git.git.1687591293705.gitgitgadget@gmail.com> Date: Sat, 24 Jun 2023 07:21:33 +0000 Subject: [PATCH] credential/libsecret: erase matching creds only Fcc: Sent Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit MIME-Version: 1.0 To: git@vger.kernel.org Cc: Jeff King <peff@peff.net>, Taylor Blau <me@ttaylorr.com>, M Hickford <mirth.hickford@gmail.com>, M Hickford <mirth.hickford@gmail.com> Precedence: bulk From: M Hickford <mirth.hickford@gmail.com>
Series	credential/libsecret: erase matching creds only \| expand credential/libsecret: erase matching creds only

Message ID

pull.1527.git.git.1687591293705.gitgitgadget@gmail.com (mailing list archive)

State

Accepted

Commit

7144dee3ec233674ba534797e41fa399708c8313

Headers

Message-Id: <pull.1527.git.git.1687591293705.gitgitgadget@gmail.com>
Date: Sat, 24 Jun 2023 07:21:33 +0000
Subject: [PATCH] credential/libsecret: erase matching creds only
Fcc: Sent
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
To: git@vger.kernel.org
Cc: Jeff King <peff@peff.net>, Taylor Blau <me@ttaylorr.com>,
        M Hickford <mirth.hickford@gmail.com>,
        M Hickford <mirth.hickford@gmail.com>
Precedence: bulk
From: M Hickford <mirth.hickford@gmail.com>

Series

credential/libsecret: erase matching creds only | expand

Commit Message

M Hickford June 24, 2023, 7:21 a.m. UTC

From: M Hickford <mirth.hickford@gmail.com>

Fix test "helper ... does not erase a password distinct from input"
introduced in aeb21ce22e (credential: avoid erasing distinct password,
2023-06-13)

Signed-off-by: M Hickford <mirth.hickford@gmail.com>
---
    credential/libsecret: erase more carefully

Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-git-1527%2Fhickford%2Ffix-libsecret-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-1527/hickford/fix-libsecret-v1
Pull-Request: https://github.com/git/git/pull/1527

 .../libsecret/git-credential-libsecret.c        | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)


base-commit: 6ff334181cfb6485d3ba50843038209a2a253907

diff --git a/contrib/credential/libsecret/git-credential-libsecret.c b/contrib/credential/libsecret/git-credential-libsecret.c
index ef681f29d5b..9110714601e 100644
--- a/contrib/credential/libsecret/git-credential-libsecret.c
+++ b/contrib/credential/libsecret/git-credential-libsecret.c
@@ -52,6 +52,8 @@  struct credential_operation {
 
 #define CREDENTIAL_OP_END { NULL, NULL }
 
+static void credential_clear(struct credential *c);
+
 /* ----------------- Secret Service functions ----------------- */
 
 static char *make_label(struct credential *c)
@@ -185,6 +187,7 @@  static int keyring_erase(struct credential *c)
 {
 	GHashTable *attributes = NULL;
 	GError *error = NULL;
+	struct credential existing = CREDENTIAL_INIT;
 
 	/*
 	 * Sanity check that we actually have something to match
@@ -197,6 +200,20 @@  static int keyring_erase(struct credential *c)
 	if (!c->protocol && !c->host && !c->path && !c->username)
 		return EXIT_FAILURE;
 
+	if (c->password) {
+		existing.host = g_strdup(c->host);
+		existing.path = g_strdup(c->path);
+		existing.port = c->port;
+		existing.protocol = g_strdup(c->protocol);
+		existing.username = g_strdup(c->username);
+		keyring_get(&existing);
+		if (existing.password && strcmp(c->password, existing.password)) {
+			credential_clear(&existing);
+			return EXIT_SUCCESS;
+		}
+		credential_clear(&existing);
+	}
+
 	attributes = make_attr_list(c);
 	secret_password_clearv_sync(SECRET_SCHEMA_COMPAT_NETWORK,
 				    attributes,

credential/libsecret: erase matching creds only

Commit Message

Patch