credential: stop using `the_repository` · freshlybakedca.ke/git@6c27d22

Git fork

credential: stop using `the_repository`

Stop using `the_repository` in the "credential" subsystem by passing in
a repository when filling, approving or rejecting credentials.

Adjust callers accordingly by using `the_repository`. While there may be
some callers that have a repository available in their context, this
trivial conversion allows for easier verification and bubbles up the use
of `the_repository` by one level.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

authored by

Patrick Steinhardt and committed by

Junio C Hamano 1 year ago 6c27d222 71e5afee

+46 -43

6 changed files

expand all

unified split

builtin

credential.c

credential.h

http.c

imap-send.c

remote-curl.c

+3 -3

builtin/credential.c

··· 32 32 die("unable to read credential from stdin"); 33 33 34 34 if (!strcmp(op, "fill")) { 35 - credential_fill(&c, 0); 35 + credential_fill(the_repository, &c, 0); 36 36 credential_next_state(&c); 37 37 credential_write(&c, stdout, CREDENTIAL_OP_RESPONSE); 38 38 } else if (!strcmp(op, "approve")) { 39 39 credential_set_all_capabilities(&c, CREDENTIAL_OP_HELPER); 40 - credential_approve(&c); 40 + credential_approve(the_repository, &c); 41 41 } else if (!strcmp(op, "reject")) { 42 42 credential_set_all_capabilities(&c, CREDENTIAL_OP_HELPER); 43 - credential_reject(&c); 43 + credential_reject(the_repository, &c); 44 44 } else { 45 45 usage(usage_msg); 46 46 }

+17 -17

credential.c

··· 1 - #define USE_THE_REPOSITORY_VARIABLE 2 1 #define DISABLE_SIGN_COMPARE_WARNINGS 3 2 4 3 #include "git-compat-util.h" ··· 166 165 return matches; 167 166 } 168 167 169 - static void credential_apply_config(struct credential *c) 168 + static void credential_apply_config(struct repository *r, struct credential *c) 170 169 { 171 170 char *normalized_url; 172 171 struct urlmatch_config config = URLMATCH_CONFIG_INIT; ··· 191 190 credential_format(c, &url); 192 191 normalized_url = url_normalize(url.buf, &config.url); 193 192 194 - git_config(urlmatch_config_entry, &config); 193 + repo_config(r, urlmatch_config_entry, &config); 195 194 string_list_clear(&config.vars, 1); 196 195 free(normalized_url); 197 196 urlmatch_config_release(&config); ··· 254 253 return xstrdup(r); 255 254 } 256 255 257 - static int credential_getpass(struct credential *c) 256 + static int credential_getpass(struct repository *r, struct credential *c) 258 257 { 259 258 int interactive; 260 259 char *value; 261 - if (!git_config_get_maybe_bool("credential.interactive", &interactive) && 260 + if (!repo_config_get_maybe_bool(r, "credential.interactive", &interactive) && 262 261 !interactive) { 263 - trace2_data_intmax("credential", the_repository, 262 + trace2_data_intmax("credential", r, 264 263 "interactive/skipped", 1); 265 264 return -1; 266 265 } 267 - if (!git_config_get_string("credential.interactive", &value)) { 266 + if (!repo_config_get_string(r, "credential.interactive", &value)) { 268 267 int same = !strcmp(value, "never"); 269 268 free(value); 270 269 if (same) { 271 - trace2_data_intmax("credential", the_repository, 270 + trace2_data_intmax("credential", r, 272 271 "interactive/skipped", 1); 273 272 return -1; 274 273 } 275 274 } 276 275 277 - trace2_region_enter("credential", "interactive", the_repository); 276 + trace2_region_enter("credential", "interactive", r); 278 277 if (!c->username) 279 278 c->username = credential_ask_one("Username", c, 280 279 PROMPT_ASKPASS|PROMPT_ECHO); 281 280 if (!c->password) 282 281 c->password = credential_ask_one("Password", c, 283 282 PROMPT_ASKPASS); 284 - trace2_region_leave("credential", "interactive", the_repository); 283 + trace2_region_leave("credential", "interactive", r); 285 284 286 285 return 0; 287 286 } ··· 489 488 return r; 490 489 } 491 490 492 - void credential_fill(struct credential *c, int all_capabilities) 491 + void credential_fill(struct repository *r, 492 + struct credential *c, int all_capabilities) 493 493 { 494 494 int i; 495 495 ··· 499 499 credential_next_state(c); 500 500 c->multistage = 0; 501 501 502 - credential_apply_config(c); 502 + credential_apply_config(r, c); 503 503 if (all_capabilities) 504 504 credential_set_all_capabilities(c, CREDENTIAL_OP_INITIAL); 505 505 ··· 526 526 c->helpers.items[i].string); 527 527 } 528 528 529 - if (credential_getpass(c) || 529 + if (credential_getpass(r, c) || 530 530 (!c->username && !c->password && !c->credential)) 531 531 die("unable to get password from user"); 532 532 } 533 533 534 - void credential_approve(struct credential *c) 534 + void credential_approve(struct repository *r, struct credential *c) 535 535 { 536 536 int i; 537 537 ··· 542 542 543 543 credential_next_state(c); 544 544 545 - credential_apply_config(c); 545 + credential_apply_config(r, c); 546 546 547 547 for (i = 0; i < c->helpers.nr; i++) 548 548 credential_do(c, c->helpers.items[i].string, "store"); 549 549 c->approved = 1; 550 550 } 551 551 552 - void credential_reject(struct credential *c) 552 + void credential_reject(struct repository *r, struct credential *c) 553 553 { 554 554 int i; 555 555 556 556 credential_next_state(c); 557 557 558 - credential_apply_config(c); 558 + credential_apply_config(r, c); 559 559 560 560 for (i = 0; i < c->helpers.nr; i++) 561 561 credential_do(c, c->helpers.items[i].string, "erase");

+7 -4

credential.h

··· 4 4 #include "string-list.h" 5 5 #include "strvec.h" 6 6 7 + struct repository; 8 + 7 9 /** 8 10 * The credentials API provides an abstracted way of gathering 9 11 * authentication credentials from the user. ··· 65 67 * // Fill in the username and password fields by contacting 66 68 * // helpers and/or asking the user. The function will die if it 67 69 * // fails. 68 - * credential_fill(&c); 70 + * credential_fill(repo, &c); 69 71 * 70 72 * // Otherwise, we have a username and password. Try to use it. 71 73 * ··· 218 220 * If all_capabilities is set, this is an internal user that is prepared 219 221 * to deal with all known capabilities, and we should advertise that fact. 220 222 */ 221 - void credential_fill(struct credential *, int all_capabilities); 223 + void credential_fill(struct repository *, struct credential *, 224 + int all_capabilities); 222 225 223 226 /** 224 227 * Inform the credential subsystem that the provided credentials ··· 227 230 * that they may store the result to be used again. Any errors 228 231 * from helpers are ignored. 229 232 */ 230 - void credential_approve(struct credential *); 233 + void credential_approve(struct repository *, struct credential *); 231 234 232 235 /** 233 236 * Inform the credential subsystem that the provided credentials ··· 239 242 * for another call to `credential_fill`). Any errors from helpers 240 243 * are ignored. 241 244 */ 242 - void credential_reject(struct credential *); 245 + void credential_reject(struct repository *, struct credential *); 243 246 244 247 /** 245 248 * Enable all of the supported credential flags in this credential.

+12 -12

http.c

··· 609 609 } 610 610 } 611 611 612 - credential_fill(&http_auth, 1); 612 + credential_fill(the_repository, &http_auth, 1); 613 613 614 614 if (http_auth.password) { 615 615 if (always_auth_proactively()) { ··· 652 652 { 653 653 if (proxy_auth.username) { 654 654 if (!proxy_auth.password && !proxy_auth.credential) 655 - credential_fill(&proxy_auth, 1); 655 + credential_fill(the_repository, &proxy_auth, 1); 656 656 set_proxyauth_name_password(result); 657 657 } 658 658 ··· 686 686 cert_auth.host = xstrdup(""); 687 687 cert_auth.username = xstrdup(""); 688 688 cert_auth.path = xstrdup(ssl_cert); 689 - credential_fill(&cert_auth, 0); 689 + credential_fill(the_repository, &cert_auth, 0); 690 690 } 691 691 return 1; 692 692 } ··· 700 700 proxy_cert_auth.host = xstrdup(""); 701 701 proxy_cert_auth.username = xstrdup(""); 702 702 proxy_cert_auth.path = xstrdup(http_proxy_ssl_cert); 703 - credential_fill(&proxy_cert_auth, 0); 703 + credential_fill(the_repository, &proxy_cert_auth, 0); 704 704 } 705 705 return 1; 706 706 } ··· 1784 1784 curl_errorstr, sizeof(curl_errorstr)); 1785 1785 1786 1786 if (results->curl_result == CURLE_OK) { 1787 - credential_approve(&http_auth); 1788 - credential_approve(&proxy_auth); 1789 - credential_approve(&cert_auth); 1787 + credential_approve(the_repository, &http_auth); 1788 + credential_approve(the_repository, &proxy_auth); 1789 + credential_approve(the_repository, &cert_auth); 1790 1790 return HTTP_OK; 1791 1791 } else if (results->curl_result == CURLE_SSL_CERTPROBLEM) { 1792 1792 /* ··· 1795 1795 * with the certificate. So we reject the credential to 1796 1796 * avoid caching or saving a bad password. 1797 1797 */ 1798 - credential_reject(&cert_auth); 1798 + credential_reject(the_repository, &cert_auth); 1799 1799 return HTTP_NOAUTH; 1800 1800 } else if (results->curl_result == CURLE_SSL_PINNEDPUBKEYNOTMATCH) { 1801 1801 return HTTP_NOMATCHPUBLICKEY; ··· 1808 1808 credential_clear_secrets(&http_auth); 1809 1809 return HTTP_REAUTH; 1810 1810 } 1811 - credential_reject(&http_auth); 1811 + credential_reject(the_repository, &http_auth); 1812 1812 if (always_auth_proactively()) 1813 1813 http_proactive_auth = PROACTIVE_AUTH_NONE; 1814 1814 return HTTP_NOAUTH; ··· 1822 1822 } 1823 1823 } else { 1824 1824 if (results->http_connectcode == 407) 1825 - credential_reject(&proxy_auth); 1825 + credential_reject(the_repository, &proxy_auth); 1826 1826 if (!curl_errorstr[0]) 1827 1827 strlcpy(curl_errorstr, 1828 1828 curl_easy_strerror(results->curl_result), ··· 2210 2210 int ret; 2211 2211 2212 2212 if (always_auth_proactively()) 2213 - credential_fill(&http_auth, 1); 2213 + credential_fill(the_repository, &http_auth, 1); 2214 2214 2215 2215 ret = http_request(url, result, target, options); 2216 2216 ··· 2251 2251 BUG("Unknown http_request target"); 2252 2252 } 2253 2253 2254 - credential_fill(&http_auth, 1); 2254 + credential_fill(the_repository, &http_auth, 1); 2255 2255 2256 2256 ret = http_request(url, result, target, options); 2257 2257 }

+5 -5

imap-send.c

··· 922 922 cred->username = xstrdup_or_null(srvc->user); 923 923 cred->password = xstrdup_or_null(srvc->pass); 924 924 925 - credential_fill(cred, 1); 925 + credential_fill(the_repository, cred, 1); 926 926 927 927 if (!srvc->user) 928 928 srvc->user = xstrdup(cred->username); ··· 1123 1123 } /* !preauth */ 1124 1124 1125 1125 if (cred.username) 1126 - credential_approve(&cred); 1126 + credential_approve(the_repository, &cred); 1127 1127 credential_clear(&cred); 1128 1128 1129 1129 /* check the target mailbox exists */ ··· 1150 1150 1151 1151 bail: 1152 1152 if (cred.username) 1153 - credential_reject(&cred); 1153 + credential_reject(the_repository, &cred); 1154 1154 credential_clear(&cred); 1155 1155 1156 1156 out: ··· 1492 1492 1493 1493 if (cred.username) { 1494 1494 if (res == CURLE_OK) 1495 - credential_approve(&cred); 1495 + credential_approve(the_repository, &cred); 1496 1496 else if (res == CURLE_LOGIN_DENIED) 1497 - credential_reject(&cred); 1497 + credential_reject(the_repository, &cred); 1498 1498 } 1499 1499 1500 1500 credential_clear(&cred);

+2 -2

remote-curl.c

··· 942 942 do { 943 943 err = probe_rpc(rpc, &results); 944 944 if (err == HTTP_REAUTH) 945 - credential_fill(&http_auth, 0); 945 + credential_fill(the_repository, &http_auth, 0); 946 946 } while (err == HTTP_REAUTH); 947 947 if (err != HTTP_OK) 948 948 return -1; ··· 1064 1064 rpc->any_written = 0; 1065 1065 err = run_slot(slot, NULL); 1066 1066 if (err == HTTP_REAUTH && !large_request) { 1067 - credential_fill(&http_auth, 0); 1067 + credential_fill(the_repository, &http_auth, 0); 1068 1068 curl_slist_free_all(headers); 1069 1069 goto retry; 1070 1070 }