From patchwork Wed Jun 14 11:23:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: M Hickford X-Patchwork-Id: 13279937 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E95E3EB64DA for ; Wed, 14 Jun 2023 11:23:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235818AbjFNLXM (ORCPT ); Wed, 14 Jun 2023 07:23:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42300 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235477AbjFNLXK (ORCPT ); Wed, 14 Jun 2023 07:23:10 -0400 Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 34E26199C for ; Wed, 14 Jun 2023 04:23:09 -0700 (PDT) Received: by mail-wr1-x42b.google.com with SMTP id ffacd0b85a97d-30c4775d05bso4717655f8f.2 for ; Wed, 14 Jun 2023 04:23:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686741787; x=1689333787; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:from:to:cc:subject:date :message-id:reply-to; bh=CBv1VcAAqTx5dof3yXNidamA5vfrduJYKrzYxppl+04=; b=Xa8ZPM7MVKdaVWWWZ+ggjIL4n1JxtMIeN6utb4mA8ebvGijoNKcb4F+P4cjpuOPO0T hlc00QjTMvCL2xatARtuSI2ufdL/dmdReYtxMJlJ7fY1Ai5rJhOW3i0LzkqmebhB5zyX 1nEIZJaZBEVy15u48R2vNNBeXbR3ZNwmw8VcnwV2Y/72Qe7pxWK79dPAPZZlYZMihdzI w+Ij6BH0nBwKc070GFJ8tuxteH543rc7QHxO5z6/uiAR9B5OrW5E4chhDpmeR0TWjU/C aKMp9Kb5Yqs+DQmZR15PdYoD/eAkzJQ39Z3kyJp8/6NYBcRMV+WObWDVcHPue1WPJlpk pt7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686741787; x=1689333787; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CBv1VcAAqTx5dof3yXNidamA5vfrduJYKrzYxppl+04=; b=gZw6EHTVldnFE92b1lTHIT+e2io8JawqdWQozf2GwiJ2iq3+ssvqqJ56NTlbQ1sRdZ RLpl1VtVft0PS28zONceCnxeGsK4c1VhJQhXzhkgHw+riEO6XIZ0pqSxfzzh25vdtO03 71NPuUWQRX1zaQ4TfgJxnMyTdNdb5RNRkIb0UXRT6JuAn3cMGbU4Ea/bUKce9vmLrTfj uKE1PinkopPjR7DfWlnnuNUjw40vg+0j2LHQYK1IX9nbsHbZB4NC0jZHd13H7VjGKN2S 05Wv+/AMMo7ksyfB4pfP90GBqSGLNmjhka6UQ+XhGRtPmr84P5N6jlRlN6m5OZIMN+JV f82g== X-Gm-Message-State: AC+VfDwyGblpqYgxIOLZxqnSVb4fqZYWWb/yorJ7KMTsri6Mco6Orifn SB8rbEHLHVbbe07VMacMUGVN1TyV6NU= X-Google-Smtp-Source: ACHHUZ6Xoc+mNPYDQJurUgRnb2Ffg4sktVbrmt3BpCX1CWtEQCee3WSLICVSt8IJg8go99w7kGn5wQ== X-Received: by 2002:adf:fb4a:0:b0:311:af5:ad64 with SMTP id c10-20020adffb4a000000b003110af5ad64mr691471wrs.16.1686741787277; Wed, 14 Jun 2023 04:23:07 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id y14-20020adfdf0e000000b003063772a55bsm17904965wrl.61.2023.06.14.04.23.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Jun 2023 04:23:07 -0700 (PDT) Message-Id: <35ee1795bcdb974cdb9ca0f55ddf8f8a5bc562ae.1686741785.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Wed, 14 Jun 2023 11:23:04 +0000 Subject: [PATCH 1/2] credential: avoid erasing distinct password Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: M Hickford , M Hickford Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: M Hickford From: M Hickford Test that credential helpers do not erase a password distinct from the input. Such calls can happen when multiple credential helpers are configured. Fixes for credential-cache and credential-store. Signed-off-by: M Hickford --- builtin/credential-cache--daemon.c | 8 ++++---- builtin/credential-store.c | 18 ++++++++++-------- credential.c | 11 ++++++----- credential.h | 2 +- t/lib-credential.sh | 26 ++++++++++++++++++++++++++ 5 files changed, 47 insertions(+), 18 deletions(-) diff --git a/builtin/credential-cache--daemon.c b/builtin/credential-cache--daemon.c index 756c5f02aef..82f376d3351 100644 --- a/builtin/credential-cache--daemon.c +++ b/builtin/credential-cache--daemon.c @@ -33,12 +33,12 @@ static void cache_credential(struct credential *c, int timeout) e->expiration = time(NULL) + timeout; } -static struct credential_cache_entry *lookup_credential(const struct credential *c) +static struct credential_cache_entry *lookup_credential(const struct credential *c, int match_password) { int i; for (i = 0; i < entries_nr; i++) { struct credential *e = &entries[i].item; - if (credential_match(c, e)) + if (credential_match(c, e, match_password)) return &entries[i]; } return NULL; @@ -48,7 +48,7 @@ static void remove_credential(const struct credential *c) { struct credential_cache_entry *e; - e = lookup_credential(c); + e = lookup_credential(c, c->password != NULL); if (e) e->expiration = 0; } @@ -127,7 +127,7 @@ static void serve_one_client(FILE *in, FILE *out) if (read_request(in, &c, &action, &timeout) < 0) /* ignore error */ ; else if (!strcmp(action.buf, "get")) { - struct credential_cache_entry *e = lookup_credential(&c); + struct credential_cache_entry *e = lookup_credential(&c, 0); if (e) { fprintf(out, "username=%s\n", e->item.username); fprintf(out, "password=%s\n", e->item.password); diff --git a/builtin/credential-store.c b/builtin/credential-store.c index 30c6ccf56c0..e0ae028b1c3 100644 --- a/builtin/credential-store.c +++ b/builtin/credential-store.c @@ -13,12 +13,14 @@ static struct lock_file credential_lock; static int parse_credential_file(const char *fn, struct credential *c, void (*match_cb)(struct credential *), - void (*other_cb)(struct strbuf *)) + void (*other_cb)(struct strbuf *), + const char* op) { FILE *fh; struct strbuf line = STRBUF_INIT; struct credential entry = CREDENTIAL_INIT; int found_credential = 0; + const int match_password = !strcmp(op, "erase") && c->password != NULL; fh = fopen(fn, "r"); if (!fh) { @@ -29,8 +31,8 @@ static int parse_credential_file(const char *fn, while (strbuf_getline_lf(&line, fh) != EOF) { if (!credential_from_url_gently(&entry, line.buf, 1) && - entry.username && entry.password && - credential_match(c, &entry)) { + entry.username && entry.password && + credential_match(c, &entry, match_password)) { found_credential = 1; if (match_cb) { match_cb(&entry); @@ -60,7 +62,7 @@ static void print_line(struct strbuf *buf) } static void rewrite_credential_file(const char *fn, struct credential *c, - struct strbuf *extra) + struct strbuf *extra, const char *op) { int timeout_ms = 1000; @@ -69,7 +71,7 @@ static void rewrite_credential_file(const char *fn, struct credential *c, die_errno(_("unable to get credential storage lock in %d ms"), timeout_ms); if (extra) print_line(extra); - parse_credential_file(fn, c, NULL, print_line); + parse_credential_file(fn, c, NULL, print_line, op); if (commit_lock_file(&credential_lock) < 0) die_errno("unable to write credential store"); } @@ -91,7 +93,7 @@ static void store_credential_file(const char *fn, struct credential *c) is_rfc3986_reserved_or_unreserved); } - rewrite_credential_file(fn, c, &buf); + rewrite_credential_file(fn, c, &buf, "store"); strbuf_release(&buf); } @@ -138,7 +140,7 @@ static void remove_credential(const struct string_list *fns, struct credential * return; for_each_string_list_item(fn, fns) if (!access(fn->string, F_OK)) - rewrite_credential_file(fn->string, c, NULL); + rewrite_credential_file(fn->string, c, NULL, "erase"); } static void lookup_credential(const struct string_list *fns, struct credential *c) @@ -146,7 +148,7 @@ static void lookup_credential(const struct string_list *fns, struct credential * struct string_list_item *fn; for_each_string_list_item(fn, fns) - if (parse_credential_file(fn->string, c, print_entry, NULL)) + if (parse_credential_file(fn->string, c, print_entry, NULL, "get")) return; /* Found credential */ } diff --git a/credential.c b/credential.c index 023b59d5711..9157ff0865e 100644 --- a/credential.c +++ b/credential.c @@ -33,13 +33,14 @@ void credential_clear(struct credential *c) } int credential_match(const struct credential *want, - const struct credential *have) + const struct credential *have, int match_password) { #define CHECK(x) (!want->x || (have->x && !strcmp(want->x, have->x))) return CHECK(protocol) && - CHECK(host) && - CHECK(path) && - CHECK(username); + CHECK(host) && + CHECK(path) && + CHECK(username) && + (!match_password || CHECK(password)); #undef CHECK } @@ -102,7 +103,7 @@ static int match_partial_url(const char *url, void *cb) warning(_("skipping credential lookup for key: credential.%s"), url); else - matches = credential_match(&want, c); + matches = credential_match(&want, c, 0); credential_clear(&want); return matches; diff --git a/credential.h b/credential.h index b8e2936d1dc..acc41adf548 100644 --- a/credential.h +++ b/credential.h @@ -211,6 +211,6 @@ void credential_from_url(struct credential *, const char *url); int credential_from_url_gently(struct credential *, const char *url, int quiet); int credential_match(const struct credential *want, - const struct credential *have); + const struct credential *have, int match_password); #endif /* CREDENTIAL_H */ diff --git a/t/lib-credential.sh b/t/lib-credential.sh index f1ab92ba35c..f7e4e29c5e1 100644 --- a/t/lib-credential.sh +++ b/t/lib-credential.sh @@ -44,6 +44,7 @@ helper_test_clean() { reject $1 https example.com user1 reject $1 https example.com user2 reject $1 https example.com user4 + reject $1 https example.com user5 reject $1 http path.tld user reject $1 https timeout.tld user reject $1 https sso.tld @@ -221,6 +222,31 @@ helper_test() { EOF ' + test_expect_success "helper ($HELPER) does not erase a password distinct from input" ' + check approve $HELPER <<-\EOF && + protocol=https + host=example.com + username=user5 + password=pass1 + EOF + check reject $HELPER <<-\EOF && + protocol=https + host=example.com + username=user5 + password=pass2 + EOF + check fill $HELPER <<-\EOF + protocol=https + host=example.com + username=user5 + -- + protocol=https + host=example.com + username=user5 + password=pass1 + EOF + ' + test_expect_success "helper ($HELPER) can forget user" ' check reject $HELPER <<-\EOF && protocol=https From patchwork Wed Jun 14 11:23:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: M Hickford X-Patchwork-Id: 13279938 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 36EB5EB64D9 for ; Wed, 14 Jun 2023 11:23:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243812AbjFNLXP (ORCPT ); Wed, 14 Jun 2023 07:23:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42300 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233227AbjFNLXL (ORCPT ); Wed, 14 Jun 2023 07:23:11 -0400 Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BD1BB19B5 for ; Wed, 14 Jun 2023 04:23:09 -0700 (PDT) Received: by mail-wm1-x331.google.com with SMTP id 5b1f17b1804b1-3f8d2bfec3bso6085255e9.2 for ; Wed, 14 Jun 2023 04:23:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686741788; x=1689333788; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:from:to:cc:subject:date :message-id:reply-to; bh=C4jP1ZRgeOJVTJBG1rvcJe7IZrjN7oK4Tus1E8ygicI=; b=gLX0P6JK4gVFRwnz8TRJex7QOG7aRluN+++ZBzynQ52/GjWI2c0WRLN4VOE/GVbLT0 fCTDlLGvyQxg39g7VBDgkdSXahX1Q94Qo9c0AmxcCsRn6vxScFm0U2dQtVHK5L70qwvr UFqCHZbdg9ysAExGUOqTTQx5MYpIcsNP9iKQbGjXu5NFXCTJze59L4/vOs8Qi14dFLXD 9k9BZIUSduPmzKTu3HI07/C2/0dyaDYrGtoz5HF9fKO7AubmN18dfVvKhk7qsG6JKWo/ 6xZ7IwKIV5AcWslkTaex7cCuatbh1atKHg8/J5M2/DJ6XKZOo7VnnHkc9vHTk7P45YLS HleA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686741788; x=1689333788; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=C4jP1ZRgeOJVTJBG1rvcJe7IZrjN7oK4Tus1E8ygicI=; b=XN2VJY5zlbEzUUJvN8j9vCeeQVAw/vjzmiURwqs423DIJKBi1teS49IgThPruDLoeQ QPJXdYMn2qD2GC6ZM2PeEnD1kmKWhYW1KRENKw/aAkH0V56Q0XILuV01flZ33CEv9Mw2 4q1P2A24naSOhSd2YDqQF04o9g5IjrcAfSMgKb/xL5HkOLWkI9kWo9ntRiLtt+pVzttv lccT5788GGAxPyDL64Ap01vCLbV6qY+9srzuDkzesyMIU6rxSLTn9lTtse6jV/096C8j fuCKdQzDkan3VATynP7o/W9zdug1iRvbcb7k9ArRZogO3wUM6ub+gtboKw063z5+Nomw Ak3w== X-Gm-Message-State: AC+VfDytYRihZt3SXZM3tVExt+oiuC4RgtYOH/EfLEHgu+asznDygckv 4sjiNiCkuK+zP7xx3fLw01Dk8x52pW4= X-Google-Smtp-Source: ACHHUZ4s4i9723qtUDkb7jTDpUNJb24r+423qV9fl4ebbckxGIk6MXGH15NSsW7LJBSwCW+wyiFwLQ== X-Received: by 2002:a1c:ed06:0:b0:3f5:fff8:d4f3 with SMTP id l6-20020a1ced06000000b003f5fff8d4f3mr12734201wmh.7.1686741787949; Wed, 14 Jun 2023 04:23:07 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id p17-20020a1c7411000000b003f7e4639aabsm17167668wmc.10.2023.06.14.04.23.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Jun 2023 04:23:07 -0700 (PDT) Message-Id: In-Reply-To: References: Date: Wed, 14 Jun 2023 11:23:05 +0000 Subject: [PATCH 2/2] credential: erase all matching credentials Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: M Hickford , M Hickford Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: M Hickford From: M Hickford Users expect that `echo "url=https://example.com" | git credential reject` or `echo "url=https://example.com\nusername=tim" | git credential reject` erase all matching credentials. Fixes for credential-cache and credential-store. Signed-off-by: M Hickford --- Documentation/git-credential.txt | 4 ++-- Documentation/gitcredentials.txt | 2 +- builtin/credential-cache--daemon.c | 15 ++++++++------ builtin/credential-store.c | 3 ++- t/lib-credential.sh | 33 ++++++++++++++++++++++++++++++ 5 files changed, 47 insertions(+), 10 deletions(-) diff --git a/Documentation/git-credential.txt b/Documentation/git-credential.txt index 0e6d9e85ec7..04bfb918de6 100644 --- a/Documentation/git-credential.txt +++ b/Documentation/git-credential.txt @@ -38,8 +38,8 @@ to any configured credential helpers, which may store the credential for later use. If the action is `reject`, git-credential will send the description to -any configured credential helpers, which may erase any stored -credential matching the description. +any configured credential helpers, which may erase stored credentials +matching the description. If the action is `approve` or `reject`, no output should be emitted. diff --git a/Documentation/gitcredentials.txt b/Documentation/gitcredentials.txt index 100f045bb1a..65d652dc40e 100644 --- a/Documentation/gitcredentials.txt +++ b/Documentation/gitcredentials.txt @@ -260,7 +260,7 @@ appended to its command line, which is one of: `erase`:: - Remove a matching credential, if any, from the helper's storage. + Remove matching credentials, if any, from the helper's storage. The details of the credential will be provided on the helper's stdin stream. The exact format is the same as the input/output format of the diff --git a/builtin/credential-cache--daemon.c b/builtin/credential-cache--daemon.c index 82f376d3351..5e3a766e42d 100644 --- a/builtin/credential-cache--daemon.c +++ b/builtin/credential-cache--daemon.c @@ -33,12 +33,12 @@ static void cache_credential(struct credential *c, int timeout) e->expiration = time(NULL) + timeout; } -static struct credential_cache_entry *lookup_credential(const struct credential *c, int match_password) +static struct credential_cache_entry *lookup_credential(const struct credential *c) { int i; for (i = 0; i < entries_nr; i++) { struct credential *e = &entries[i].item; - if (credential_match(c, e, match_password)) + if (credential_match(c, e, 0)) return &entries[i]; } return NULL; @@ -48,9 +48,12 @@ static void remove_credential(const struct credential *c) { struct credential_cache_entry *e; - e = lookup_credential(c, c->password != NULL); - if (e) - e->expiration = 0; + int i; + for (i = 0; i < entries_nr; i++) { + e = &entries[i]; + if (credential_match(c, &e->item, c->password != NULL)) + e->expiration = 0; + } } static timestamp_t check_expirations(void) @@ -127,7 +130,7 @@ static void serve_one_client(FILE *in, FILE *out) if (read_request(in, &c, &action, &timeout) < 0) /* ignore error */ ; else if (!strcmp(action.buf, "get")) { - struct credential_cache_entry *e = lookup_credential(&c, 0); + struct credential_cache_entry *e = lookup_credential(&c); if (e) { fprintf(out, "username=%s\n", e->item.username); fprintf(out, "password=%s\n", e->item.password); diff --git a/builtin/credential-store.c b/builtin/credential-store.c index e0ae028b1c3..85b147e460f 100644 --- a/builtin/credential-store.c +++ b/builtin/credential-store.c @@ -36,7 +36,8 @@ static int parse_credential_file(const char *fn, found_credential = 1; if (match_cb) { match_cb(&entry); - break; + if (strcmp(op, "erase")) + break; } } else if (other_cb) diff --git a/t/lib-credential.sh b/t/lib-credential.sh index f7e4e29c5e1..3f4100b6ce2 100644 --- a/t/lib-credential.sh +++ b/t/lib-credential.sh @@ -45,6 +45,8 @@ helper_test_clean() { reject $1 https example.com user2 reject $1 https example.com user4 reject $1 https example.com user5 + reject $1 https example.com user6 + reject $1 https example.com user7 reject $1 http path.tld user reject $1 https timeout.tld user reject $1 https sso.tld @@ -298,6 +300,37 @@ helper_test() { EOF ' + test_expect_success "helper ($HELPER) erases all matching credentials" ' + check approve $HELPER <<-\EOF && + protocol=https + host=example.com + username=user6 + password=pass1 + EOF + check approve $HELPER <<-\EOF && + protocol=https + host=example.com + username=user7 + password=pass1 + EOF + check reject $HELPER <<-\EOF && + protocol=https + host=example.com + EOF + check fill $HELPER <<-\EOF + protocol=https + host=example.com + -- + protocol=https + host=example.com + username=askpass-username + password=askpass-password + -- + askpass: Username for '\''https://example.com'\'': + askpass: Password for '\''https://askpass-username@example.com'\'': + EOF + ' + : ${GIT_TEST_LONG_CRED_BUFFER:=1024} # 23 bytes accounts for "wwwauth[]=basic realm=" plus NUL LONG_VALUE_LEN=$((GIT_TEST_LONG_CRED_BUFFER - 23))