diff options
| author | Jeff King <peff@peff.net> | 2011-12-10 10:31:11 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2011-12-12 07:16:24 (GMT) |
| commit | abca927dbef2c310056b8a1a8be5561212b3243a (patch) | |
| tree | 97ca8e6995555078ba560db471d9b6a31f591f2e /t/lib-credential.sh | |
| parent | 89650285d8ef98173190a80f1d070a33092c9314 (diff) | |
| download | git-abca927dbef2c310056b8a1a8be5561212b3243a.zip git-abca927dbef2c310056b8a1a8be5561212b3243a.tar.gz git-abca927dbef2c310056b8a1a8be5561212b3243a.tar.bz2 | |
introduce credentials API
There are a few places in git that need to get a username
and password credential from the user; the most notable one
is HTTP authentication for smart-http pushing.
Right now the only choices for providing credentials are to
put them plaintext into your ~/.netrc, or to have git prompt
you (either on the terminal or via an askpass program). The
former is not very secure, and the latter is not very
convenient.
Unfortunately, there is no "always best" solution for
password management. The details will depend on the tradeoff
you want between security and convenience, as well as how
git can integrate with other security systems (e.g., many
operating systems provide a keychain or password wallet for
single sign-on).
This patch provides an abstract notion of credentials as a
data item, and provides three basic operations:
- fill (i.e., acquire from external storage or from the
user)
- approve (mark a credential as "working" for further
storage)
- reject (mark a credential as "not working", so it can
be removed from storage)
These operations can be backed by external helper processes
that interact with system- or user-specific secure storage.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't/lib-credential.sh')
| -rwxr-xr-x | t/lib-credential.sh | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/t/lib-credential.sh b/t/lib-credential.sh new file mode 100755 index 0000000..54ae1f4 --- /dev/null +++ b/t/lib-credential.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +# Try a set of credential helpers; the expected stdin, +# stdout and stderr should be provided on stdin, +# separated by "--". +check() { + read_chunk >stdin && + read_chunk >expect-stdout && + read_chunk >expect-stderr && + test-credential "$@" <stdin >stdout 2>stderr && + test_cmp expect-stdout stdout && + test_cmp expect-stderr stderr +} + +read_chunk() { + while read line; do + case "$line" in + --) break ;; + *) echo "$line" ;; + esac + done +} + + +cat >askpass <<\EOF +#!/bin/sh +echo >&2 askpass: $* +what=`echo $1 | cut -d" " -f1 | tr A-Z a-z | tr -cd a-z` +echo "askpass-$what" +EOF +chmod +x askpass +GIT_ASKPASS="$PWD/askpass" +export GIT_ASKPASS |