diff options
Diffstat (limited to 'credential.c')
| -rw-r--r-- | credential.c | 51 |
1 files changed, 32 insertions, 19 deletions
diff --git a/credential.c b/credential.c index a995031c5f..6e6e81c4cb 100644 --- a/credential.c +++ b/credential.c @@ -13,7 +13,7 @@ #include "sigchain.h" #include "strbuf.h" #include "urlmatch.h" -#include "git-compat-util.h" +#include "environment.h" #include "trace2.h" #include "repository.h" @@ -130,6 +130,10 @@ static int credential_config_callback(const char *var, const char *value, } else if (!strcmp(key, "usehttppath")) c->use_http_path = git_config_bool(var, value); + else if (!strcmp(key, "sanitizeprompt")) + c->sanitize_prompt = git_config_bool(var, value); + else if (!strcmp(key, "protectprotocol")) + c->protect_protocol = git_config_bool(var, value); return 0; } @@ -227,7 +231,8 @@ static void credential_format(struct credential *c, struct strbuf *out) strbuf_addch(out, '@'); } if (c->host) - strbuf_addstr(out, c->host); + strbuf_add_percentencode(out, c->host, + STRBUF_ENCODE_HOST_AND_PORT); if (c->path) { strbuf_addch(out, '/'); strbuf_add_percentencode(out, c->path, 0); @@ -241,7 +246,10 @@ static char *credential_ask_one(const char *what, struct credential *c, struct strbuf prompt = STRBUF_INIT; char *r; - credential_describe(c, &desc); + if (c->sanitize_prompt) + credential_format(c, &desc); + else + credential_describe(c, &desc); if (desc.len) strbuf_addf(&prompt, "%s for '%s': ", what, desc.buf); else @@ -382,7 +390,8 @@ int credential_read(struct credential *c, FILE *fp, return 0; } -static void credential_write_item(FILE *fp, const char *key, const char *value, +static void credential_write_item(const struct credential *c, + FILE *fp, const char *key, const char *value, int required) { if (!value && required) @@ -391,6 +400,10 @@ static void credential_write_item(FILE *fp, const char *key, const char *value, return; if (strchr(value, '\n')) die("credential value for %s contains newline", key); + if (c->protect_protocol && strchr(value, '\r')) + die("credential value for %s contains carriage return\n" + "If this is intended, set `credential.protectProtocol=false`", + key); fprintf(fp, "%s=%s\n", key, value); } @@ -398,34 +411,34 @@ void credential_write(const struct credential *c, FILE *fp, enum credential_op_type op_type) { if (credential_has_capability(&c->capa_authtype, op_type)) - credential_write_item(fp, "capability[]", "authtype", 0); + credential_write_item(c, fp, "capability[]", "authtype", 0); if (credential_has_capability(&c->capa_state, op_type)) - credential_write_item(fp, "capability[]", "state", 0); + credential_write_item(c, fp, "capability[]", "state", 0); if (credential_has_capability(&c->capa_authtype, op_type)) { - credential_write_item(fp, "authtype", c->authtype, 0); - credential_write_item(fp, "credential", c->credential, 0); + credential_write_item(c, fp, "authtype", c->authtype, 0); + credential_write_item(c, fp, "credential", c->credential, 0); if (c->ephemeral) - credential_write_item(fp, "ephemeral", "1", 0); + credential_write_item(c, fp, "ephemeral", "1", 0); } - credential_write_item(fp, "protocol", c->protocol, 1); - credential_write_item(fp, "host", c->host, 1); - credential_write_item(fp, "path", c->path, 0); - credential_write_item(fp, "username", c->username, 0); - credential_write_item(fp, "password", c->password, 0); - credential_write_item(fp, "oauth_refresh_token", c->oauth_refresh_token, 0); + credential_write_item(c, fp, "protocol", c->protocol, 1); + credential_write_item(c, fp, "host", c->host, 1); + credential_write_item(c, fp, "path", c->path, 0); + credential_write_item(c, fp, "username", c->username, 0); + credential_write_item(c, fp, "password", c->password, 0); + credential_write_item(c, fp, "oauth_refresh_token", c->oauth_refresh_token, 0); if (c->password_expiry_utc != TIME_MAX) { char *s = xstrfmt("%"PRItime, c->password_expiry_utc); - credential_write_item(fp, "password_expiry_utc", s, 0); + credential_write_item(c, fp, "password_expiry_utc", s, 0); free(s); } for (size_t i = 0; i < c->wwwauth_headers.nr; i++) - credential_write_item(fp, "wwwauth[]", c->wwwauth_headers.v[i], 0); + credential_write_item(c, fp, "wwwauth[]", c->wwwauth_headers.v[i], 0); if (credential_has_capability(&c->capa_state, op_type)) { if (c->multistage) - credential_write_item(fp, "continue", "1", 0); + credential_write_item(c, fp, "continue", "1", 0); for (size_t i = 0; i < c->state_headers_to_send.nr; i++) - credential_write_item(fp, "state[]", c->state_headers_to_send.v[i], 0); + credential_write_item(c, fp, "state[]", c->state_headers_to_send.v[i], 0); } } |