* [PATCH v2 2/3] git-core: Support retrieving passwords with GIT_ASKPASS
@ 2010-02-26 0:12 Frank Li
2010-02-26 0:50 ` Miklos Vajna
2010-02-26 7:34 ` Johannes Sixt
0 siblings, 2 replies; 8+ messages in thread
From: Frank Li @ 2010-02-26 0:12 UTC (permalink / raw)
To: git; +Cc: gitster, Frank Li
imap-send and authority http connect reads passwords from an interactive
terminal. This behavious cause GUIs to hang waiting for git complete.
Fix this problem by allowing a password-retrieving command
to be specified in GIT_ASKPASS
Signed-off-by: Frank Li <lznuaa@gmail.com>
---
connect.c | 40 ++++++++++++++++++++++++++++++++++++++++
http.c | 4 ++--
imap-send.c | 2 +-
3 files changed, 43 insertions(+), 3 deletions(-)
diff --git a/connect.c b/connect.c
index a37cf6a..6a8e3ab 100644
--- a/connect.c
+++ b/connect.c
@@ -647,3 +647,43 @@ int finish_connect(struct child_process *conn)
free(conn);
return code;
}
+
+char *git_getpass(char *prompt)
+{
+ char *askpass;
+ struct child_process pass;
+ const char *args[3];
+ struct strbuf buffer = STRBUF_INIT;
+ int i = 0;
+
+ askpass = getenv("GIT_ASKPASS");
+ if (askpass && strlen(askpass) != 0) {
+ args[0] = getenv("GIT_ASKPASS");
+ args[1] = prompt;
+ args[2] = NULL;
+
+ memset(&pass, 0, sizeof(pass));
+ pass.argv = args;
+ pass.out = -1;
+ pass.no_stdin = 1;
+ pass.no_stderr = 1;
+
+ if (start_command(&pass)) {
+ error("could not run %s\n", askpass);
+ return getpass(prompt);
+ }
+
+ strbuf_read(&buffer, pass.out, 20);
+ close(pass.out);
+ for (i = 0; i < buffer.len; i++)
+ if (buffer.buf[i] == '\n' || buffer.buf[i] == '\r') {
+ buffer.buf[i] = '\0';
+ buffer.len = i;
+ }
+ return strbuf_detach(&buffer, NULL);
+
+ } else {
+ return getpass(prompt);
+ }
+ return NULL;
+}
diff --git a/http.c b/http.c
index deab595..4814217 100644
--- a/http.c
+++ b/http.c
@@ -204,7 +204,7 @@ static void init_curl_http_auth(CURL *result)
if (user_name) {
struct strbuf up = STRBUF_INIT;
if (!user_pass)
- user_pass = xstrdup(getpass("Password: "));
+ user_pass = xstrdup(git_getpass("Password: "));
strbuf_addf(&up, "%s:%s", user_name, user_pass);
curl_easy_setopt(result, CURLOPT_USERPWD,
strbuf_detach(&up, NULL));
@@ -219,7 +219,7 @@ static int has_cert_password(void)
return 0;
/* Only prompt the user once. */
ssl_cert_password_required = -1;
- ssl_cert_password = getpass("Certificate Password: ");
+ ssl_cert_password = git_getpass("Certificate Password: ");
if (ssl_cert_password != NULL) {
ssl_cert_password = xstrdup(ssl_cert_password);
return 1;
diff --git a/imap-send.c b/imap-send.c
index 5631930..5254b2a 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -1107,7 +1107,7 @@ static struct store *imap_open_store(struct imap_server_conf *srvc)
if (!srvc->pass) {
char prompt[80];
sprintf(prompt, "Password (%s@%s): ", srvc->user, srvc->host);
- arg = getpass(prompt);
+ arg = git_getpass(prompt);
if (!arg) {
perror("getpass");
exit(1);
--
1.7.0.85.g37fda.dirty
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH v2 2/3] git-core: Support retrieving passwords with GIT_ASKPASS
2010-02-26 0:12 [PATCH v2 2/3] git-core: Support retrieving passwords with GIT_ASKPASS Frank Li
@ 2010-02-26 0:50 ` Miklos Vajna
2010-02-26 2:17 ` Frank Li
2010-02-26 7:34 ` Johannes Sixt
1 sibling, 1 reply; 8+ messages in thread
From: Miklos Vajna @ 2010-02-26 0:50 UTC (permalink / raw)
To: Frank Li; +Cc: git, gitster
[-- Attachment #1: Type: text/plain, Size: 608 bytes --]
On Fri, Feb 26, 2010 at 08:12:34AM +0800, Frank Li <lznuaa@gmail.com> wrote:
> + for (i = 0; i < buffer.len; i++)
> + if (buffer.buf[i] == '\n' || buffer.buf[i] == '\r') {
> + buffer.buf[i] = '\0';
> + buffer.len = i;
> + }
> + return strbuf_detach(&buffer, NULL);
> +
> + } else {
> + return getpass(prompt);
> + }
According to Documentation/CodingGuidelines, this would be:
for (i = 0; i < buffer.len; i++)
if (buffer.buf[i] == '\n' || buffer.buf[i] == '\r') {
buffer.buf[i] = '\0';
buffer.len = i;
}
return strbuf_detach(&buffer, NULL);
} else
return getpass(prompt);
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 2/3] git-core: Support retrieving passwords with GIT_ASKPASS
2010-02-26 0:50 ` Miklos Vajna
@ 2010-02-26 2:17 ` Frank Li
0 siblings, 0 replies; 8+ messages in thread
From: Frank Li @ 2010-02-26 2:17 UTC (permalink / raw)
To: Miklos Vajna; +Cc: git, gitster
> According to Documentation/CodingGuidelines, this would be:
>
>
> for (i = 0; i < buffer.len; i++)
> if (buffer.buf[i] == '\n' || buffer.buf[i] == '\r') {
> buffer.buf[i] = '\0';
> buffer.len = i;
> }
> return strbuf_detach(&buffer, NULL);
>
> } else
> return getpass(prompt);
>
Okay, I will change it.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 2/3] git-core: Support retrieving passwords with GIT_ASKPASS
2010-02-26 0:12 [PATCH v2 2/3] git-core: Support retrieving passwords with GIT_ASKPASS Frank Li
2010-02-26 0:50 ` Miklos Vajna
@ 2010-02-26 7:34 ` Johannes Sixt
2010-02-26 7:50 ` Junio C Hamano
2010-02-26 10:01 ` Frank Li
1 sibling, 2 replies; 8+ messages in thread
From: Johannes Sixt @ 2010-02-26 7:34 UTC (permalink / raw)
To: Frank Li; +Cc: git, gitster
Frank Li schrieb:
> connect.c | 40 ++++++++++++++++++++++++++++++++++++++++
> http.c | 4 ++--
> imap-send.c | 2 +-
I don't see any header file changes. Don't you get warnings about an
undeclared function git_getpass() at the call sites?
> +char *git_getpass(char *prompt)
char *git_getpass(const char *prompt)
> + askpass = getenv("GIT_ASKPASS");
> + if (askpass && strlen(askpass) != 0) {
> + args[0] = getenv("GIT_ASKPASS");
if (askpass && *askpass) {
args[0] = askpass;
BTW, to save a level of indentation, you could handle the "trivial" case
early like this:
if (!askpass || !*askpass)
return get_pass(prompt);
and continue without an 'else' branch.
> + args[1] = prompt;
> + args[2] = NULL;
> +
> + memset(&pass, 0, sizeof(pass));
> + pass.argv = args;
> + pass.out = -1;
> + pass.no_stdin = 1;
> + pass.no_stderr = 1;
Is it such a good idea to redirect stdin and stderr to /dev/null? What if
my password prompt program depends on them? I think it should not matter
for your use-case, where a GUI is invoked, to just inherit all channels.
OTOH, it may be worthwhile to set
pass.use_shell = 1;
to allow commands that are not just a single plain word. But perhaps this
has security implications - I don't know.
> +
> + if (start_command(&pass)) {
> + error("could not run %s\n", askpass);
> + return getpass(prompt);
I don't think this is a good idea. The user instructed to use GIT_ASKPASS,
and you fall back to asking a password from the terminal. I think the most
sensible thing to do here is to 'exit(1)' (start_command has already
printed an error message that included the command), because there are
callers that do not expect NULL.
> + }
> +
> + strbuf_read(&buffer, pass.out, 20);
> + close(pass.out);
> + for (i = 0; i < buffer.len; i++)
> + if (buffer.buf[i] == '\n' || buffer.buf[i] == '\r') {
> + buffer.buf[i] = '\0';
> + buffer.len = i;
> + }
> + return strbuf_detach(&buffer, NULL);
You don't call finish_command() anywhere. Call it after the close() call.
> +
> + } else {
> + return getpass(prompt);
You handle the return value in different ways. getpass() returns a pointer
to a static buffer, but in the 'then' branch you return an allocated
buffer. Not that it matters a lot, though. You could add a comment that
you are aware that the memory is leaked.
> + }
> + return NULL;
What is this good for?
-- Hannes
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 2/3] git-core: Support retrieving passwords with GIT_ASKPASS
2010-02-26 7:34 ` Johannes Sixt
@ 2010-02-26 7:50 ` Junio C Hamano
2010-02-26 9:32 ` Johannes Sixt
2010-02-26 10:01 ` Frank Li
1 sibling, 1 reply; 8+ messages in thread
From: Junio C Hamano @ 2010-02-26 7:50 UTC (permalink / raw)
To: Johannes Sixt; +Cc: Frank Li, git, gitster
Johannes Sixt <j.sixt@viscovery.net> writes:
> BTW, to save a level of indentation, you could handle the "trivial" case
> early like this:
>
> if (!askpass || !*askpass)
> return get_pass(prompt);
>
> and continue without an 'else' branch.
That is a good advice in general.
Also, when you have a way unbalanced if ... else ... where else clause is
very small, it usually is much easier to read if you invert the logic to
make if part smaller.
> OTOH, it may be worthwhile to set
>
> pass.use_shell = 1;
>
> to allow commands that are not just a single plain word. But perhaps this
> has security implications - I don't know.
How does SSH_ASKPASS gets interpreted by other programs? I think we
should follow that example.
Other than that, I agree with everything you said in your review. Thanks.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 2/3] git-core: Support retrieving passwords with GIT_ASKPASS
2010-02-26 7:50 ` Junio C Hamano
@ 2010-02-26 9:32 ` Johannes Sixt
2010-02-26 17:50 ` Junio C Hamano
0 siblings, 1 reply; 8+ messages in thread
From: Johannes Sixt @ 2010-02-26 9:32 UTC (permalink / raw)
To: Junio C Hamano; +Cc: Frank Li, git
Junio C Hamano schrieb:
> Johannes Sixt <j.sixt@viscovery.net> writes:
>> OTOH, it may be worthwhile to set
>>
>> pass.use_shell = 1;
>>
>> to allow commands that are not just a single plain word. But perhaps this
>> has security implications - I don't know.
>
> How does SSH_ASKPASS gets interpreted by other programs? I think we
> should follow that example.
openssh treats SSH_ASKPASS as a command name and uses execlp, i.e., does a
PATH search; no shell tricks are possible. Hence, we should *not* set
use_shell.
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/readpass.c?rev=1.47
Of course, we could define that GIT_ASKPASS is different from SSH_ASKPASS
in this regard, but I haven't followed the discussion to know whether this
is necessary.
-- Hannes
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 2/3] git-core: Support retrieving passwords with GIT_ASKPASS
2010-02-26 7:34 ` Johannes Sixt
2010-02-26 7:50 ` Junio C Hamano
@ 2010-02-26 10:01 ` Frank Li
1 sibling, 0 replies; 8+ messages in thread
From: Frank Li @ 2010-02-26 10:01 UTC (permalink / raw)
To: Johannes Sixt; +Cc: git, gitster
>
> You handle the return value in different ways. getpass() returns a pointer
> to a static buffer, but in the 'then' branch you return an allocated
> buffer. Not that it matters a lot, though. You could add a comment that
> you are aware that the memory is leaked.
>
How about my branch also use static buffer, so there are not memory leak.
best regards
Frank Li
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 2/3] git-core: Support retrieving passwords with GIT_ASKPASS
2010-02-26 9:32 ` Johannes Sixt
@ 2010-02-26 17:50 ` Junio C Hamano
0 siblings, 0 replies; 8+ messages in thread
From: Junio C Hamano @ 2010-02-26 17:50 UTC (permalink / raw)
To: Johannes Sixt; +Cc: Frank Li, git
Johannes Sixt <j.sixt@viscovery.net> writes:
> openssh treats SSH_ASKPASS as a command name and uses execlp, i.e., does a
> PATH search; no shell tricks are possible. Hence, we should *not* set
> use_shell.
>
> http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/readpass.c?rev=1.47
>
> Of course, we could define that GIT_ASKPASS is different from SSH_ASKPASS
> in this regard, but I haven't followed the discussion to know whether this
> is necessary.
It is sad that they do exec*p() on that one; it means that the users
cannot supply leading set of options with CMD="cmd --initial-option".
But we should do the same as others do.
It is doubly sad that I earlier was hoping that we can run external
programs specified via GIT_* uniformly via shell.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2010-02-26 17:50 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-02-26 0:12 [PATCH v2 2/3] git-core: Support retrieving passwords with GIT_ASKPASS Frank Li
2010-02-26 0:50 ` Miklos Vajna
2010-02-26 2:17 ` Frank Li
2010-02-26 7:34 ` Johannes Sixt
2010-02-26 7:50 ` Junio C Hamano
2010-02-26 9:32 ` Johannes Sixt
2010-02-26 17:50 ` Junio C Hamano
2010-02-26 10:01 ` Frank Li
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.