* [PATCH/RFC] Add 'git credential' plumbing command
@ 2012-06-12 14:24 Javier.Roucher-Iglesias
2012-06-12 14:31 ` Matthieu Moy
0 siblings, 1 reply; 4+ messages in thread
From: Javier.Roucher-Iglesias @ 2012-06-12 14:24 UTC (permalink / raw)
To: git; +Cc: Javier Roucher
From: Javier Roucher <jroucher@gmail.com>
Test is comming
we are working to added soon.
---
.gitignore | 1 +
Documentation/git-credential.txt | 74 ++++++++++++++++++++++++++++++++++++++++
Makefile | 1 +
builtin.h | 1 +
builtin/credential.c | 40 ++++++++++++++++++++++
git.c | 1 +
6 files changed, 118 insertions(+)
create mode 100644 Documentation/git-credential.txt
create mode 100644 builtin/credential.c
diff --git a/.gitignore b/.gitignore
index bf66648..7d1d86e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,6 +31,7 @@
/git-commit-tree
/git-config
/git-count-objects
+/git-credential
/git-credential-cache
/git-credential-cache--daemon
/git-credential-store
diff --git a/Documentation/git-credential.txt b/Documentation/git-credential.txt
new file mode 100644
index 0000000..fa05aad
--- /dev/null
+++ b/Documentation/git-credential.txt
@@ -0,0 +1,74 @@
+git-credential(7)
+=================
+
+NAME
+----
+git-credential - Provide and store user credentials.
+
+SYNOPSIS
+--------
+------------------
+git credential <fill|approve|reject>
+
+------------------
+
+DESCRIPTION
+-----------
+
+Git-credential permits to the user of the script to save:
+username, password, host, path and protocol. When the user of script
+invoke git-credential, the script can ask for a password, using the command
+'git credential fill'.
+Taking data from the standard input, the program treats each line as a
+separate data item, and the end of series of data item is signalled by a
+blank line.
+
+ username=admin\n
+ protocol=[http|https]\n
+ host=localhost\n
+ path=/dir\n\n
+
+-If git-credential system has the password already stored
+git-credential will answer with by STDOUT:
+
+ username=admin
+ password=*****
+
+-If it is not stored, the user will be prompt for a password:
+
+ > Password for '[http|https]admin@localhost':
+
+
+Then if the password is correct, (note: it's not git credential that
+decides if the password is correct or not. That part is done by the
+external system) it can be stored using command 'git crendential approve'
+by providing the structure, by STDIN.
+
+ username=admin
+ password=*****
+ protocol=[http|https]
+ host=localhost
+ path=/dir
+
+If the password is refused, it can be deleted using command
+'git credential reject' by providing the same structure.
+
+
+REQUESTING CREDENTIALS
+----------------------
+
+1. The 'git credential fill' makes the structure,
+with this structure it will be able to save your
+credentials, and if the credential is already stored,
+it will fill the password.
+
+ username=foo
+ password=****
+ protocol=[http|https]
+ localhost=url
+ path=/direction
+
+2. Then 'git credential approve' to store them.
+
+3. Otherwise, if the credential is not correct you can do
+ 'git credential reject' to delete the credential.
diff --git a/Makefile b/Makefile
index 4592f1f..3f53da8 100644
--- a/Makefile
+++ b/Makefile
@@ -827,6 +827,7 @@ BUILTIN_OBJS += builtin/commit-tree.o
BUILTIN_OBJS += builtin/commit.o
BUILTIN_OBJS += builtin/config.o
BUILTIN_OBJS += builtin/count-objects.o
+BUILTIN_OBJS += builtin/credential.o
BUILTIN_OBJS += builtin/describe.o
BUILTIN_OBJS += builtin/diff-files.o
BUILTIN_OBJS += builtin/diff-index.o
diff --git a/builtin.h b/builtin.h
index 338f540..48feddc 100644
--- a/builtin.h
+++ b/builtin.h
@@ -66,6 +66,7 @@ extern int cmd_commit(int argc, const char **argv, const char *prefix);
extern int cmd_commit_tree(int argc, const char **argv, const char *prefix);
extern int cmd_config(int argc, const char **argv, const char *prefix);
extern int cmd_count_objects(int argc, const char **argv, const char *prefix);
+extern int cmd_credential(int argc, const char **argv, const char *prefix);
extern int cmd_describe(int argc, const char **argv, const char *prefix);
extern int cmd_diff_files(int argc, const char **argv, const char *prefix);
extern int cmd_diff_index(int argc, const char **argv, const char *prefix);
diff --git a/builtin/credential.c b/builtin/credential.c
new file mode 100644
index 0000000..c8dcfbb
--- /dev/null
+++ b/builtin/credential.c
@@ -0,0 +1,40 @@
+#include <stdio.h>
+#include "cache.h"
+#include "credential.h"
+#include "string-list.h"
+
+static const char usage_msg[] =
+"credential <fill|approve|reject>";
+
+void cmd_credential (int argc, char **argv, const char *prefix) {
+ const char *op;
+ struct credential c = CREDENTIAL_INIT;
+ int i;
+
+ op = argv[1];
+ if (!op)
+ usage(usage_msg);
+
+ if (credential_read(&c, stdin) < 0)
+ die("unable to read credential from stdin");
+
+ if (!strcmp(op, "fill")) {
+ credential_fill(&c);
+ if (c.username)
+ printf("username=%s\n", c.username);
+ if (c.password)
+ printf("password=%s\n", c.password);
+ if (c.protocol)
+ printf("protocol=%s\n", c.protocol);
+ if (c.host)
+ printf("host=%s\n", c.host);
+ if (c.path)
+ printf("path=%s\n", c.path);
+ } else if (!strcmp(op, "approve")) {
+ credential_approve(&c);
+ } else if (!strcmp(op, "reject")) {
+ credential_reject(&c);
+ } else {
+ usage(usage_msg);
+ }
+}
diff --git a/git.c b/git.c
index d232de9..660c926 100644
--- a/git.c
+++ b/git.c
@@ -353,6 +353,7 @@ static void handle_internal_command(int argc, const char **argv)
{ "commit-tree", cmd_commit_tree, RUN_SETUP },
{ "config", cmd_config, RUN_SETUP_GENTLY },
{ "count-objects", cmd_count_objects, RUN_SETUP },
+ { "credential", cmd_credential, RUN_SETUP_GENTLY },
{ "describe", cmd_describe, RUN_SETUP },
{ "diff", cmd_diff },
{ "diff-files", cmd_diff_files, RUN_SETUP | NEED_WORK_TREE },
--
1.7.10.2.573.ged8bfa6
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH/RFC] Add 'git credential' plumbing command
2012-06-12 14:24 [PATCH/RFC] Add 'git credential' plumbing command Javier.Roucher-Iglesias
@ 2012-06-12 14:31 ` Matthieu Moy
2012-06-12 14:34 ` Jeff King
0 siblings, 1 reply; 4+ messages in thread
From: Matthieu Moy @ 2012-06-12 14:31 UTC (permalink / raw)
To: Javier.Roucher-Iglesias; +Cc: git, Javier Roucher, Jeff King
Javier.Roucher-Iglesias@ensimag.imag.fr writes:
> +git credential <fill|approve|reject>
You didn't take Jeff's suggestions into account:
http://thread.gmane.org/gmane.comp.version-control.git/199552/focus=199591
It's clearly too late to implement the whole suggested API, but I do
like the suggestion of allowing either a URL as argument or individual
fields on stdin, or both combined, by using the --stdin argument.
To allow further patches to implement this without breaking backward
compatibility, your implementation could require the use of --stdin on
the command-line.
--
Matthieu Moy
http://www-verimag.imag.fr/~moy/
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH/RFC] Add 'git credential' plumbing command
2012-06-12 14:31 ` Matthieu Moy
@ 2012-06-12 14:34 ` Jeff King
2012-06-12 14:36 ` Matthieu Moy
0 siblings, 1 reply; 4+ messages in thread
From: Jeff King @ 2012-06-12 14:34 UTC (permalink / raw)
To: Matthieu Moy; +Cc: Javier.Roucher-Iglesias, git, Javier Roucher
On Tue, Jun 12, 2012 at 04:31:33PM +0200, Matthieu Moy wrote:
> Javier.Roucher-Iglesias@ensimag.imag.fr writes:
>
> > +git credential <fill|approve|reject>
>
> You didn't take Jeff's suggestions into account:
>
> http://thread.gmane.org/gmane.comp.version-control.git/199552/focus=199591
>
> It's clearly too late to implement the whole suggested API, but I do
> like the suggestion of allowing either a URL as argument or individual
> fields on stdin, or both combined, by using the --stdin argument.
>
> To allow further patches to implement this without breaking backward
> compatibility, your implementation could require the use of --stdin on
> the command-line.
Actually, after further discussion, I think that --stdin is unnecessary.
If you are providing a URL, you should always provide it via stdin
because of the password-disclosure issue. It's tempting to provide a
command-line alternative because it's easier, but I think it would just
encourage lazy developers to do the wrong thing.
I do still think respecting "url=" when reading a credential makes
sense, but that is easy to add later.
-Peff
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH/RFC] Add 'git credential' plumbing command
2012-06-12 14:34 ` Jeff King
@ 2012-06-12 14:36 ` Matthieu Moy
0 siblings, 0 replies; 4+ messages in thread
From: Matthieu Moy @ 2012-06-12 14:36 UTC (permalink / raw)
To: Jeff King; +Cc: Javier.Roucher-Iglesias, git, Javier Roucher
Jeff King <peff@peff.net> writes:
> On Tue, Jun 12, 2012 at 04:31:33PM +0200, Matthieu Moy wrote:
>
>> Javier.Roucher-Iglesias@ensimag.imag.fr writes:
>>
>> > +git credential <fill|approve|reject>
>>
>> You didn't take Jeff's suggestions into account:
>>
>> http://thread.gmane.org/gmane.comp.version-control.git/199552/focus=199591
>>
>> It's clearly too late to implement the whole suggested API, but I do
>> like the suggestion of allowing either a URL as argument or individual
>> fields on stdin, or both combined, by using the --stdin argument.
>>
>> To allow further patches to implement this without breaking backward
>> compatibility, your implementation could require the use of --stdin on
>> the command-line.
>
> Actually, after further discussion, I think that --stdin is unnecessary.
> If you are providing a URL, you should always provide it via stdin
> because of the password-disclosure issue. It's tempting to provide a
> command-line alternative because it's easier, but I think it would just
> encourage lazy developers to do the wrong thing.
OK, that makes sense.
> I do still think respecting "url=" when reading a credential makes
> sense, but that is easy to add later.
OK, so in short: Javier, you can ignore my comment.
--
Matthieu Moy
http://www-verimag.imag.fr/~moy/
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-06-12 14:36 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-06-12 14:24 [PATCH/RFC] Add 'git credential' plumbing command Javier.Roucher-Iglesias
2012-06-12 14:31 ` Matthieu Moy
2012-06-12 14:34 ` Jeff King
2012-06-12 14:36 ` Matthieu Moy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.