From 12294990c90e043862be9eb7eb22c3784b526340 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Fri, 24 Apr 2020 22:35:49 +0000 Subject: credential: handle `credential..` again In the patches for CVE-2020-11008, the ability to specify credential settings in the config for partial URLs got lost. For example, it used to be possible to specify a credential helper for a specific protocol: [credential "https://"] helper = my-https-helper Likewise, it used to be possible to configure settings for a specific host, e.g.: [credential "dev.azure.com"] useHTTPPath = true Let's reinstate this behavior. While at it, increase the test coverage to document and verify the behavior with a couple other categories of partial URLs. Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- credential.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'credential.c') diff --git a/credential.c b/credential.c index b8f693fa28..4e7197d97a 100644 --- a/credential.c +++ b/credential.c @@ -37,6 +37,10 @@ int credential_match(const struct credential *want, #undef CHECK } + +static int credential_from_potentially_partial_url(struct credential *c, + const char *url); + static int credential_config_callback(const char *var, const char *value, void *data) { @@ -82,6 +86,22 @@ static int select_all(const struct urlmatch_item *a, return 0; } +static int match_partial_url(const char *url, void *cb) +{ + struct credential *c = cb; + struct credential want = CREDENTIAL_INIT; + int matches = 0; + + if (credential_from_potentially_partial_url(&want, url) < 0) + warning(_("skipping credential lookup for key: credential.%s"), + url); + else + matches = credential_match(&want, c); + credential_clear(&want); + + return matches; +} + static void credential_apply_config(struct credential *c) { char *normalized_url; @@ -101,6 +121,7 @@ static void credential_apply_config(struct credential *c) config.collect_fn = credential_config_callback; config.cascade_fn = NULL; config.select_fn = select_all; + config.fallback_match_fn = match_partial_url; config.cb = c; credential_format(c, &url); @@ -468,6 +489,12 @@ static int credential_from_url_1(struct credential *c, const char *url, return 0; } +static int credential_from_potentially_partial_url(struct credential *c, + const char *url) +{ + return credential_from_url_1(c, url, 1, 0); +} + int credential_from_url_gently(struct credential *c, const char *url, int quiet) { return credential_from_url_1(c, url, 0, quiet); -- cgit v1.2.3