diff options
| author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2020-04-24 22:35:49 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2020-04-24 22:53:46 (GMT) |
| commit | 12294990c90e043862be9eb7eb22c3784b526340 (patch) | |
| tree | e258d311efe37e9a942b4927323270a806bf3e86 /credential.c | |
| parent | f52b0cb4184362b2f88ebbf9ea20016914ce469d (diff) | |
| download | git-12294990c90e043862be9eb7eb22c3784b526340.zip git-12294990c90e043862be9eb7eb22c3784b526340.tar.gz git-12294990c90e043862be9eb7eb22c3784b526340.tar.bz2 | |
credential: handle `credential.<partial-URL>.<key>` again
In the patches for CVE-2020-11008, the ability to specify credential
settings in the config for partial URLs got lost. For example, it used
to be possible to specify a credential helper for a specific protocol:
[credential "https://"]
helper = my-https-helper
Likewise, it used to be possible to configure settings for a specific
host, e.g.:
[credential "dev.azure.com"]
useHTTPPath = true
Let's reinstate this behavior.
While at it, increase the test coverage to document and verify the
behavior with a couple other categories of partial URLs.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'credential.c')
| -rw-r--r-- | credential.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/credential.c b/credential.c index b8f693f..4e7197d 100644 --- a/credential.c +++ b/credential.c @@ -37,6 +37,10 @@ int credential_match(const struct credential *want, #undef CHECK } + +static int credential_from_potentially_partial_url(struct credential *c, + const char *url); + static int credential_config_callback(const char *var, const char *value, void *data) { @@ -82,6 +86,22 @@ static int select_all(const struct urlmatch_item *a, return 0; } +static int match_partial_url(const char *url, void *cb) +{ + struct credential *c = cb; + struct credential want = CREDENTIAL_INIT; + int matches = 0; + + if (credential_from_potentially_partial_url(&want, url) < 0) + warning(_("skipping credential lookup for key: credential.%s"), + url); + else + matches = credential_match(&want, c); + credential_clear(&want); + + return matches; +} + static void credential_apply_config(struct credential *c) { char *normalized_url; @@ -101,6 +121,7 @@ static void credential_apply_config(struct credential *c) config.collect_fn = credential_config_callback; config.cascade_fn = NULL; config.select_fn = select_all; + config.fallback_match_fn = match_partial_url; config.cb = c; credential_format(c, &url); @@ -468,6 +489,12 @@ static int credential_from_url_1(struct credential *c, const char *url, return 0; } +static int credential_from_potentially_partial_url(struct credential *c, + const char *url) +{ + return credential_from_url_1(c, url, 1, 0); +} + int credential_from_url_gently(struct credential *c, const char *url, int quiet) { return credential_from_url_1(c, url, 0, quiet); |