[PATCH/RFC] Add 'git credential' plumbing command

[PATCH/RFC] Add 'git credential' plumbing command

[Javier.Roucher-Iglesias]

From: Javier Roucher <jroucher@gmail.com>

Test is comming
we are working to added soon.

---
 .gitignore                       |  1 +
 Documentation/git-credential.txt | 74 ++++++++++++++++++++++++++++++++++++++++
 Makefile                         |  1 +
 builtin.h                        |  1 +
 builtin/credential.c             | 40 ++++++++++++++++++++++
 git.c                            |  1 +
 6 files changed, 118 insertions(+)
 create mode 100644 Documentation/git-credential.txt
 create mode 100644 builtin/credential.c

diff --git a/.gitignore b/.gitignore
index bf66648..7d1d86e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,6 +31,7 @@
 /git-commit-tree
 /git-config
 /git-count-objects
+/git-credential
 /git-credential-cache
 /git-credential-cache--daemon
 /git-credential-store
diff --git a/Documentation/git-credential.txt b/Documentation/git-credential.txt
new file mode 100644
index 0000000..fa05aad
--- /dev/null
+++ b/Documentation/git-credential.txt
@@ -0,0 +1,74 @@
+git-credential(7)
+=================
+
+NAME
+----
+git-credential - Provide and store user credentials.
+
+SYNOPSIS
+--------
+------------------
+git credential <fill|approve|reject>
+
+------------------
+
+DESCRIPTION
+-----------
+
+Git-credential permits to the user of the script to save:
+username, password, host, path and protocol. When the user of script
+invoke git-credential, the script can ask for a password, using the command
+'git credential fill'.
+Taking data from the standard input, the program treats each line as a
+separate data item, and the end of series of data item is signalled by a 
+blank line.
+
+		username=admin\n 
+		protocol=[http|https]\n
+		host=localhost\n
+		path=/dir\n\n
+
+-If git-credential system has the password already stored
+git-credential will answer with by STDOUT:
+	
+		username=admin
+		password=*****
+
+-If it is not stored, the user will be prompt for a password:
+		
+		> Password for '[http|https]admin@localhost':
+
+
+Then if the password is correct, (note: it's not git credential that
+decides if the password is correct or not. That part is done by the 
+external system) it can be stored using command 'git crendential approve' 
+by providing the structure, by STDIN.
+
+		username=admin
+		password=*****
+		protocol=[http|https]
+		host=localhost
+		path=/dir
+
+If the password is refused, it can be deleted using command
+'git credential reject' by providing the same structure.
+
+
+REQUESTING CREDENTIALS
+----------------------
+
+1. The 'git credential fill' makes the structure,
+with this structure it will be able to save your
+credentials, and if the credential is already stored,
+it will fill the password.
+
+		username=foo
+		password=****
+		protocol=[http|https]
+		localhost=url
+		path=/direction
+
+2. Then 'git credential approve' to store them.
+
+3. Otherwise, if the credential is not correct you can do
+  'git credential reject' to delete the credential.
diff --git a/Makefile b/Makefile
index 4592f1f..3f53da8 100644
--- a/Makefile
+++ b/Makefile
@@ -827,6 +827,7 @@ BUILTIN_OBJS += builtin/commit-tree.o
 BUILTIN_OBJS += builtin/commit.o
 BUILTIN_OBJS += builtin/config.o
 BUILTIN_OBJS += builtin/count-objects.o
+BUILTIN_OBJS += builtin/credential.o
 BUILTIN_OBJS += builtin/describe.o
 BUILTIN_OBJS += builtin/diff-files.o
 BUILTIN_OBJS += builtin/diff-index.o
diff --git a/builtin.h b/builtin.h
index 338f540..48feddc 100644
--- a/builtin.h
+++ b/builtin.h
@@ -66,6 +66,7 @@ extern int cmd_commit(int argc, const char **argv, const char *prefix);
 extern int cmd_commit_tree(int argc, const char **argv, const char *prefix);
 extern int cmd_config(int argc, const char **argv, const char *prefix);
 extern int cmd_count_objects(int argc, const char **argv, const char *prefix);
+extern int cmd_credential(int argc, const char **argv, const char *prefix);
 extern int cmd_describe(int argc, const char **argv, const char *prefix);
 extern int cmd_diff_files(int argc, const char **argv, const char *prefix);
 extern int cmd_diff_index(int argc, const char **argv, const char *prefix);
diff --git a/builtin/credential.c b/builtin/credential.c
new file mode 100644
index 0000000..c8dcfbb
--- /dev/null
+++ b/builtin/credential.c
@@ -0,0 +1,40 @@
+#include <stdio.h>
+#include "cache.h"
+#include "credential.h"
+#include "string-list.h"
+
+static const char usage_msg[] =
+"credential <fill|approve|reject>";
+
+void cmd_credential (int argc, char **argv, const char *prefix) {
+	const char *op;
+	struct credential c = CREDENTIAL_INIT;
+	int i;
+
+	op = argv[1];
+	if (!op)
+		usage(usage_msg);
+
+	if (credential_read(&c, stdin) < 0)
+		die("unable to read credential from stdin");
+
+	if (!strcmp(op, "fill")) {
+		credential_fill(&c);
+		if (c.username)
+			printf("username=%s\n", c.username);
+		if (c.password)
+			printf("password=%s\n", c.password);
+		if (c.protocol)
+			printf("protocol=%s\n", c.protocol);
+		if (c.host)
+			printf("host=%s\n", c.host);
+		if (c.path)
+			printf("path=%s\n", c.path);
+	} else if (!strcmp(op, "approve")) {
+		credential_approve(&c);
+	} else if (!strcmp(op, "reject")) {
+		credential_reject(&c);
+	} else {
+		usage(usage_msg);
+	}
+}
diff --git a/git.c b/git.c
index d232de9..660c926 100644
--- a/git.c
+++ b/git.c
@@ -353,6 +353,7 @@ static void handle_internal_command(int argc, const char **argv)
 		{ "commit-tree", cmd_commit_tree, RUN_SETUP },
 		{ "config", cmd_config, RUN_SETUP_GENTLY },
 		{ "count-objects", cmd_count_objects, RUN_SETUP },
+		{ "credential", cmd_credential, RUN_SETUP_GENTLY },
 		{ "describe", cmd_describe, RUN_SETUP },
 		{ "diff", cmd_diff },
 		{ "diff-files", cmd_diff_files, RUN_SETUP | NEED_WORK_TREE },
-- 
1.7.10.2.573.ged8bfa6

Re: [PATCH/RFC] Add 'git credential' plumbing command

[Matthieu Moy]

Javier.Roucher-Iglesias@ensimag.imag.fr writes:

> +git credential <fill|approve|reject>

You didn't take Jeff's suggestions into account:

http://thread.gmane.org/gmane.comp.version-control.git/199552/focus=199591

It's clearly too late to implement the whole suggested API, but I do
like the suggestion of allowing either a URL as argument or individual
fields on stdin, or both combined, by using the --stdin argument.

To allow further patches to implement this without breaking backward
compatibility, your implementation could require the use of --stdin on
the command-line.

-- 
Matthieu Moy
http://www-verimag.imag.fr/~moy/

Re: [PATCH/RFC] Add 'git credential' plumbing command

[Jeff King]

On Tue, Jun 12, 2012 at 04:31:33PM +0200, Matthieu Moy wrote:

> Javier.Roucher-Iglesias@ensimag.imag.fr writes:
> 
> > +git credential <fill|approve|reject>
> 
> You didn't take Jeff's suggestions into account:
> 
> http://thread.gmane.org/gmane.comp.version-control.git/199552/focus=199591
> 
> It's clearly too late to implement the whole suggested API, but I do
> like the suggestion of allowing either a URL as argument or individual
> fields on stdin, or both combined, by using the --stdin argument.
> 
> To allow further patches to implement this without breaking backward
> compatibility, your implementation could require the use of --stdin on
> the command-line.

Actually, after further discussion, I think that --stdin is unnecessary.
If you are providing a URL, you should always provide it via stdin
because of the password-disclosure issue. It's tempting to provide a
command-line alternative because it's easier, but I think it would just
encourage lazy developers to do the wrong thing.

I do still think respecting "url=" when reading a credential makes
sense, but that is easy to add later.

-Peff

Re: [PATCH/RFC] Add 'git credential' plumbing command

[Matthieu Moy]

Jeff King <peff@peff.net> writes:

> On Tue, Jun 12, 2012 at 04:31:33PM +0200, Matthieu Moy wrote:
>
>> Javier.Roucher-Iglesias@ensimag.imag.fr writes:
>> 
>> > +git credential <fill|approve|reject>
>> 
>> You didn't take Jeff's suggestions into account:
>> 
>> http://thread.gmane.org/gmane.comp.version-control.git/199552/focus=199591
>> 
>> It's clearly too late to implement the whole suggested API, but I do
>> like the suggestion of allowing either a URL as argument or individual
>> fields on stdin, or both combined, by using the --stdin argument.
>> 
>> To allow further patches to implement this without breaking backward
>> compatibility, your implementation could require the use of --stdin on
>> the command-line.
>
> Actually, after further discussion, I think that --stdin is unnecessary.
> If you are providing a URL, you should always provide it via stdin
> because of the password-disclosure issue. It's tempting to provide a
> command-line alternative because it's easier, but I think it would just
> encourage lazy developers to do the wrong thing.

OK, that makes sense.

> I do still think respecting "url=" when reading a credential makes
> sense, but that is easy to add later.

OK, so in short: Javier, you can ignore my comment.

-- 
Matthieu Moy
http://www-verimag.imag.fr/~moy/