[PATCH v3] add 'git credential' plumbing command

[PATCH v3] add 'git credential' plumbing command

[Javier.Roucher-Iglesias]

From: Javier Roucher <jroucher@gmail.com>

The credential API is in C, and not available to scripting languages.
Expose the functionalities of the API by wrapping them into a new
plumbing command "git credentials".

Changes in the version2 vs version1:
· Doc have been changed.
· Correction of git.c:
	{ "credential", cmd_credential, RUN_SETUP_GENTLY },
· Delete a few lines of code in builtin/credential.c
	for (i = 2; i < argc; i++)
		string_list_append(&c.helpers, argv[i]);
· Correction of the name of the PATCH v2 vs PATCH_v1
· Code style correction

If i miss some correction, please remember me. Thanks.

Adding to the next patch, version3:
· Tests files

Signed-off-by: Pavel Volek <Pavel.Volek@ensimag.imag.fr>
Signed-off-by: NGUYEN Kim Thuat <Kim-Thuat.Nguyen@ensimag.imag.fr>
Signed-off-by: ROUCHER IGLESIAS Javier <roucherj@ensimag.imag.fr>
Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr>

---
 .gitignore                       |  1 +
 Documentation/git-credential.txt | 74 ++++++++++++++++++++++++++++++++++++++++
 Makefile                         |  1 +
 builtin.h                        |  1 +
 builtin/credential.c             | 37 ++++++++++++++++++++
 git.c                            |  1 +
 6 files changed, 115 insertions(+)
 create mode 100644 Documentation/git-credential.txt
 create mode 100644 builtin/credential.c

diff --git a/.gitignore b/.gitignore
index bf66648..7d1d86e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,6 +31,7 @@
 /git-commit-tree
 /git-config
 /git-count-objects
+/git-credential
 /git-credential-cache
 /git-credential-cache--daemon
 /git-credential-store
diff --git a/Documentation/git-credential.txt b/Documentation/git-credential.txt
new file mode 100644
index 0000000..ad4e6c7
--- /dev/null
+++ b/Documentation/git-credential.txt
@@ -0,0 +1,74 @@
+git-credential(7)
+=================
+
+NAME
+----
+git-credential - Provides and store user credentials to git
+
+SYNOPSIS
+--------
+------------------
+git credential <fill|approve|reject>
+
+------------------
+
+DESCRIPTION
+-----------
+
+Git-credential permits to the user of the script to save:
+username, password, host, path and protocol. When the user of script
+invoke git-credential, the script can ask for a password, using the command
+'git credential fill'.
+Taking data from the standard input, the program treats each line as a
+separate data item, and the end of series of data item is signalled by a 
+blank line.
+
+		username=admin\n 
+		protocol=[http|https]\n
+		host=localhost\n
+		path=/dir\n\n
+
+-If git-credential system has the password already stored
+git-credential will answer with by STDOUT:
+	
+		username=admin
+		password=*****
+
+-If it is not stored, the user will be prompt for a password:
+		
+		> Password for '[http|https]admin@localhost':
+
+
+Then if the password is correct, (note: it's not git credential that
+decides if the password is correct or not. That part is done by the 
+external system) it can be stored using command 'git crendential approve' 
+by providing the structure, by STDIN.
+
+		username=admin
+		password=*****
+		protocol=[http|https]
+		host=localhost
+		path=/dir
+
+If the password is refused, it can be deleted using command
+'git credential reject' by providing the same structure.
+
+
+REQUESTING CREDENTIALS
+----------------------
+
+1. The 'git credential fill' makes the structure,
+with this structure it will be able to save your
+credentials, and if the credential is already stored,
+it will fill the password.
+
+		username=foo
+		password=****
+		protocol=[http|https]
+		localhost=url
+		path=/direction
+
+2. Then 'git credential approve' to store them.
+
+3. Otherwise, if the credential is not correct you can do
+  'git credential reject' to delete the credential.
diff --git a/Makefile b/Makefile
index 4592f1f..3f53da8 100644
--- a/Makefile
+++ b/Makefile
@@ -827,6 +827,7 @@ BUILTIN_OBJS += builtin/commit-tree.o
 BUILTIN_OBJS += builtin/commit.o
 BUILTIN_OBJS += builtin/config.o
 BUILTIN_OBJS += builtin/count-objects.o
+BUILTIN_OBJS += builtin/credential.o
 BUILTIN_OBJS += builtin/describe.o
 BUILTIN_OBJS += builtin/diff-files.o
 BUILTIN_OBJS += builtin/diff-index.o
diff --git a/builtin.h b/builtin.h
index 338f540..48feddc 100644
--- a/builtin.h
+++ b/builtin.h
@@ -66,6 +66,7 @@ extern int cmd_commit(int argc, const char **argv, const char *prefix);
 extern int cmd_commit_tree(int argc, const char **argv, const char *prefix);
 extern int cmd_config(int argc, const char **argv, const char *prefix);
 extern int cmd_count_objects(int argc, const char **argv, const char *prefix);
+extern int cmd_credential(int argc, const char **argv, const char *prefix);
 extern int cmd_describe(int argc, const char **argv, const char *prefix);
 extern int cmd_diff_files(int argc, const char **argv, const char *prefix);
 extern int cmd_diff_index(int argc, const char **argv, const char *prefix);
diff --git a/builtin/credential.c b/builtin/credential.c
new file mode 100644
index 0000000..a6b6962
--- /dev/null
+++ b/builtin/credential.c
@@ -0,0 +1,37 @@
+#include <stdio.h>
+#include "cache.h"
+#include "credential.h"
+#include "string-list.h"
+
+static const char usage_msg[] =
+"credential <fill|approve|reject>";
+
+void cmd_credential (int argc, char **argv, const char *prefix) {
+	const char *op;
+	struct credential c = CREDENTIAL_INIT;
+	int i;
+
+	op = argv[1];
+	if (!op)
+		usage(usage_msg);
+
+	if (credential_read(&c, stdin) < 0)
+		die("unable to read credential from stdin");
+
+	if (!strcmp(op, "fill")) {
+		credential_fill(&c);
+		if (c.username)
+			printf("username=%s\n", c.username);
+		if (c.password)
+			printf("password=%s\n", c.password);
+	}
+	else if (!strcmp(op, "approve")) {
+		credential_approve(&c);
+	}
+	else if (!strcmp(op, "reject")) {
+		credential_reject(&c);
+	}
+	else {
+		usage(usage_msg);
+	}
+}
diff --git a/git.c b/git.c
index d232de9..660c926 100644
--- a/git.c
+++ b/git.c
@@ -353,6 +353,7 @@ static void handle_internal_command(int argc, const char **argv)
 		{ "commit-tree", cmd_commit_tree, RUN_SETUP },
 		{ "config", cmd_config, RUN_SETUP_GENTLY },
 		{ "count-objects", cmd_count_objects, RUN_SETUP },
+		{ "credential", cmd_credential, RUN_SETUP_GENTLY },
 		{ "describe", cmd_describe, RUN_SETUP },
 		{ "diff", cmd_diff },
 		{ "diff-files", cmd_diff_files, RUN_SETUP | NEED_WORK_TREE },
-- 
1.7.11.rc2.4.gfbe8a84.dirty

Re: [PATCH v3] add 'git credential' plumbing command

[Matthieu Moy]

> Subject: Re: [PATCH v3] add 'git credential' plumbing command

I guess you mean v2.

Javier.Roucher-Iglesias@ensimag.imag.fr writes:

> Changes in the version2 vs version1:

These should not go to the commit message, but below the --- below (and
before the diffstat).

> Adding to the next patch, version3:
> · Tests files

If the todo-list isn't empty, then mark your patch as "RFC".

> --- /dev/null
> +++ b/Documentation/git-credential.txt
> @@ -0,0 +1,74 @@
> +git-credential(7)
> +=================
> +
> +NAME
> +----
> +git-credential - Provides and store user credentials to git

Provides -> Provide

I'd remove the "to git" part.

Other than that, I prefer Jeff's version sent yesterday. Any reason not
to use it?

The command still isn't listed in "man git", aka Documentation/git.txt
(I already mentionned it)

> +	if (!strcmp(op, "fill")) {
> +		credential_fill(&c);
> +		if (c.username)
> +			printf("username=%s\n", c.username);
> +		if (c.password)
> +			printf("password=%s\n", c.password);
> +	}

See Jeff's remarks. It makes sense to output all fields here
(protocol, path, ...).

-- 
Matthieu Moy
http://www-verimag.imag.fr/~moy/

Re: [PATCH v3] add 'git credential' plumbing command

[konglu]

Javier.Roucher-Iglesias@ensimag.imag.fr a écrit :

> +Git-credential permits to the user of the script to save:
> +username, password, host, path and protocol. When the user of script
> +invoke git-credential, the script can ask for a password, using the command
> +'git credential fill'.
> +Taking data from the standard input, the program treats each line as a
> +separate data item, and the end of series of data item is signalled by a
> +blank line.
> +
> +		username=admin\n
> +		protocol=[http|https]\n
> +		host=localhost\n
> +		path=/dir\n\n
> +
> +-If git-credential system has the password already stored
> +git-credential will answer with by STDOUT:
> +
> +		username=admin
> +		password=*****
> +
> +-If it is not stored, the user will be prompt for a password:
> +
> +		> Password for '[http|https]admin@localhost':

Whitespaces detected (and also some more after in the doc)

> diff --git a/builtin/credential.c b/builtin/credential.c
> new file mode 100644
> index 0000000..a6b6962
> --- /dev/null
> +++ b/builtin/credential.c
> @@ -0,0 +1,37 @@
> +#include <stdio.h>
> +#include "cache.h"
> +#include "credential.h"
> +#include "string-list.h"
> +
> +static const char usage_msg[] =
> +"credential <fill|approve|reject>";
> +
> +void cmd_credential (int argc, char **argv, const char *prefix) {
> +	const char *op;
> +	struct credential c = CREDENTIAL_INIT;
> +	int i;
> +
> +	op = argv[1];
> +	if (!op)
> +		usage(usage_msg);
> +
> +	if (credential_read(&c, stdin) < 0)
> +		die("unable to read credential from stdin");
> +
> +	if (!strcmp(op, "fill")) {
> +		credential_fill(&c);
> +		if (c.username)
> +			printf("username=%s\n", c.username);
> +		if (c.password)
> +			printf("password=%s\n", c.password);
> +	}
> +	else if (!strcmp(op, "approve")) {
> +		credential_approve(&c);
> +	}
> +	else if (!strcmp(op, "reject")) {
> +		credential_reject(&c);
> +	}
> +	else {
> +		usage(usage_msg);
> +	}
> +}

Structure:

	if (!strcmp(op, "fill")) {
		credential_fill(&c);
		if (c.username)
			printf("username=%s\n", c.username);
		if (c.password)
			printf("password=%s\n", c.password);
	} else if (!strcmp(op, "approve")) {
		credential_approve(&c);
	} else if (!strcmp(op, "reject")) {
		credential_reject(&c);
	} else {
		usage(usage_msg);
	}

Re: [PATCH v3] add 'git credential' plumbing command

[roucherj]

On Mon, 11 Jun 2012 21:04:39 +0200, Matthieu Moy wrote:
>> Subject: Re: [PATCH v3] add 'git credential' plumbing command
>
> I guess you mean v2.
>

Sorry is a miss typing.

> Javier.Roucher-Iglesias@ensimag.imag.fr writes:
>
>> Changes in the version2 vs version1:
>
> These should not go to the commit message, but below the --- below 
> (and
> before the diffstat).
>
>> Adding to the next patch, version3:
>> · Tests files
>
> If the todo-list isn't empty, then mark your patch as "RFC".
>
>> --- /dev/null
>> +++ b/Documentation/git-credential.txt
>> @@ -0,0 +1,74 @@
>> +git-credential(7)
>> +=================
>> +
>> +NAME
>> +----
>> +git-credential - Provides and store user credentials to git
>
> Provides -> Provide
>
> I'd remove the "to git" part.
>

Changed it


> Other than that, I prefer Jeff's version sent yesterday. Any reason 
> not
> to use it?
>
> The command still isn't listed in "man git", aka 
> Documentation/git.txt
> (I already mentionned it)
>
>> +	if (!strcmp(op, "fill")) {
>> +		credential_fill(&c);
>> +		if (c.username)
>> +			printf("username=%s\n", c.username);
>> +		if (c.password)
>> +			printf("password=%s\n", c.password);
>> +	}
>
> See Jeff's remarks. It makes sense to output all fields here
> (protocol, path, ...).

okay for the next patch i will add (protocol, path, ..)

Re: [PATCH v3] add 'git credential' plumbing command

[roucherj]

On Mon, 11 Jun 2012 21:07:45 +0200, konglu@minatec.inpg.fr wrote:
> Javier.Roucher-Iglesias@ensimag.imag.fr a écrit :
>
>> +Git-credential permits to the user of the script to save:
>> +username, password, host, path and protocol. When the user of 
>> script
>> +invoke git-credential, the script can ask for a password, using the 
>> command
>> +'git credential fill'.
>> +Taking data from the standard input, the program treats each line 
>> as a
>> +separate data item, and the end of series of data item is signalled 
>> by a
>> +blank line.
>> +
>> +		username=admin\n
>> +		protocol=[http|https]\n
>> +		host=localhost\n
>> +		path=/dir\n\n
>> +
>> +-If git-credential system has the password already stored
>> +git-credential will answer with by STDOUT:
>> +
>> +		username=admin
>> +		password=*****
>> +
>> +-If it is not stored, the user will be prompt for a password:
>> +
>> +		> Password for '[http|https]admin@localhost':
>
> Whitespaces detected (and also some more after in the doc)
>
>> diff --git a/builtin/credential.c b/builtin/credential.c
>> new file mode 100644
>> index 0000000..a6b6962
>> --- /dev/null
>> +++ b/builtin/credential.c
>> @@ -0,0 +1,37 @@
>> +#include <stdio.h>
>> +#include "cache.h"
>> +#include "credential.h"
>> +#include "string-list.h"
>> +
>> +static const char usage_msg[] =
>> +"credential <fill|approve|reject>";
>> +
>> +void cmd_credential (int argc, char **argv, const char *prefix) {
>> +	const char *op;
>> +	struct credential c = CREDENTIAL_INIT;
>> +	int i;
>> +
>> +	op = argv[1];
>> +	if (!op)
>> +		usage(usage_msg);
>> +
>> +	if (credential_read(&c, stdin) < 0)
>> +		die("unable to read credential from stdin");
>> +
>> +	if (!strcmp(op, "fill")) {
>> +		credential_fill(&c);
>> +		if (c.username)
>> +			printf("username=%s\n", c.username);
>> +		if (c.password)
>> +			printf("password=%s\n", c.password);
>> +	}
>> +	else if (!strcmp(op, "approve")) {
>> +		credential_approve(&c);
>> +	}
>> +	else if (!strcmp(op, "reject")) {
>> +		credential_reject(&c);
>> +	}
>> +	else {
>> +		usage(usage_msg);
>> +	}
>> +}
>
> Structure:
>
> if (!strcmp(op, "fill")) {
> 	credential_fill(&c);
> 	if (c.username)
> 		printf("username=%s\n", c.username);
> 	if (c.password)
> 		printf("password=%s\n", c.password);
> } else if (!strcmp(op, "approve")) {
> 	credential_approve(&c);
> } else if (!strcmp(op, "reject")) {
> 	credential_reject(&c);
> } else {
> 	usage(usage_msg);
> }


I will change the structure, thanks.