diff --git a/Documentation/gitcredentials.txt b/Documentation/gitcredentials.txt index ea759fdee5..12cb032352 100644 --- a/Documentation/gitcredentials.txt +++ b/Documentation/gitcredentials.txt @@ -131,7 +131,9 @@ context would not match: because the hostnames differ. Nor would it match `foo.example.com`; Git compares hostnames exactly, without considering whether two hosts are part of the same domain. Likewise, a config entry for `http://example.com` would not -match: Git compares the protocols exactly. +match: Git compares the protocols exactly. However, you may use wildcards in +the domain name and other pattern matching techniques as with the `http..*` +options. If the "pattern" URL does include a path component, then this too must match exactly: the context `https://example.com/bar/baz.git` will match a config diff --git a/credential.c b/credential.c index 5701e32792..77dfde44e3 100644 --- a/credential.c +++ b/credential.c @@ -6,6 +6,7 @@ #include "url.h" #include "prompt.h" #include "sigchain.h" +#include "urlmatch.h" void credential_init(struct credential *c) { @@ -40,7 +41,7 @@ static int credential_config_callback(const char *var, const char *value, void *data) { struct credential *c = data; - const char *key, *dot; + const char *key; if (!skip_prefix(var, "credential.", &key)) return 0; @@ -48,23 +49,6 @@ static int credential_config_callback(const char *var, const char *value, if (!value) return config_error_nonbool(var); - dot = strrchr(key, '.'); - if (dot) { - struct credential want = CREDENTIAL_INIT; - char *url = xmemdupz(key, dot - key); - int matched; - - credential_from_url(&want, url); - matched = credential_match(&want, c); - - credential_clear(&want); - free(url); - - if (!matched) - return 0; - key = dot + 1; - } - if (!strcmp(key, "helper")) { if (*value) string_list_append(&c->helpers, value); @@ -89,11 +73,38 @@ static int proto_is_http(const char *s) return !strcmp(s, "https") || !strcmp(s, "http"); } +static void credential_describe(struct credential *c, struct strbuf *out); +static void credential_format(struct credential *c, struct strbuf *out); + +static int select_all(const struct urlmatch_item *a, + const struct urlmatch_item *b) +{ + return 0; +} + static void credential_apply_config(struct credential *c) { + char *normalized_url; + struct urlmatch_config config = { STRING_LIST_INIT_DUP }; + struct strbuf url = STRBUF_INIT; + if (c->configured) return; - git_config(credential_config_callback, c); + + config.section = "credential"; + config.key = NULL; + config.collect_fn = credential_config_callback; + config.cascade_fn = NULL; + config.select_fn = select_all; + config.cb = c; + + credential_format(c, &url); + normalized_url = url_normalize(url.buf, &config.url); + + git_config(urlmatch_config_entry, &config); + free(normalized_url); + strbuf_release(&url); + c->configured = 1; if (!c->use_http_path && proto_is_http(c->protocol)) { @@ -114,6 +125,23 @@ static void credential_describe(struct credential *c, struct strbuf *out) strbuf_addf(out, "/%s", c->path); } +static void credential_format(struct credential *c, struct strbuf *out) +{ + if (!c->protocol) + return; + strbuf_addf(out, "%s://", c->protocol); + if (c->username && *c->username) { + strbuf_add_percentencode(out, c->username); + strbuf_addch(out, '@'); + } + if (c->host) + strbuf_addstr(out, c->host); + if (c->path) { + strbuf_addch(out, '/'); + strbuf_add_percentencode(out, c->path); + } +} + static char *credential_ask_one(const char *what, struct credential *c, int flags) { diff --git a/strbuf.c b/strbuf.c index f19da55b07..bb0065ccaf 100644 --- a/strbuf.c +++ b/strbuf.c @@ -479,6 +479,21 @@ void strbuf_addbuf_percentquote(struct strbuf *dst, const struct strbuf *src) } } +#define URL_UNSAFE_CHARS " <>\"%{}|\\^`:/?#[]@!$&'()*+,;=" + +void strbuf_add_percentencode(struct strbuf *dst, const char *src) +{ + size_t i, len = strlen(src); + + for (i = 0; i < len; i++) { + unsigned char ch = src[i]; + if (ch <= 0x1F || ch >= 0x7F || strchr(URL_UNSAFE_CHARS, ch)) + strbuf_addf(dst, "%%%02X", (unsigned char)ch); + else + strbuf_addch(dst, ch); + } +} + size_t strbuf_fread(struct strbuf *sb, size_t size, FILE *f) { size_t res; diff --git a/strbuf.h b/strbuf.h index bfa66569a4..2504ae4ecb 100644 --- a/strbuf.h +++ b/strbuf.h @@ -366,6 +366,12 @@ size_t strbuf_expand_dict_cb(struct strbuf *sb, */ void strbuf_addbuf_percentquote(struct strbuf *dst, const struct strbuf *src); +/** + * Append the contents of a string to a strbuf, percent-encoding any characters + * that are needed to be encoded for a URL. + */ +void strbuf_add_percentencode(struct strbuf *dst, const char *src); + /** * Append the given byte size as a human-readable string (i.e. 12.23 KiB, * 3.50 MiB). diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh index 8f87599056..39f097ea9e 100755 --- a/t/t0300-credentials.sh +++ b/t/t0300-credentials.sh @@ -397,6 +397,26 @@ test_expect_success 'http paths can be part of context' ' EOF ' +test_expect_success 'context uses urlmatch' ' + test_config "credential.https://*.org.useHttpPath" true && + check fill "verbatim foo bar" <<-\EOF + protocol=https + host=example.org + path=foo.git + -- + protocol=https + host=example.org + path=foo.git + username=foo + password=bar + -- + verbatim: get + verbatim: protocol=https + verbatim: host=example.org + verbatim: path=foo.git + EOF +' + test_expect_success 'helpers can abort the process' ' test_must_fail git \ -c credential.helper="!f() { echo quit=1; }; f" \ diff --git a/urlmatch.c b/urlmatch.c index 3e42bd7504..29272a5c4f 100644 --- a/urlmatch.c +++ b/urlmatch.c @@ -557,6 +557,8 @@ int urlmatch_config_entry(const char *var, const char *value, void *cb) const char *key, *dot; struct strbuf synthkey = STRBUF_INIT; int retval; + int (*select_fn)(const struct urlmatch_item *a, const struct urlmatch_item *b) = + collect->select_fn ? collect->select_fn : cmp_matches; if (!skip_prefix(var, collect->section, &key) || *(key++) != '.') { if (collect->cascade_fn) @@ -587,7 +589,7 @@ int urlmatch_config_entry(const char *var, const char *value, void *cb) if (!item->util) { item->util = xcalloc(1, sizeof(matched)); } else { - if (cmp_matches(&matched, item->util) < 0) + if (select_fn(&matched, item->util) < 0) /* * Our match is worse than the old one, * we cannot use it. diff --git a/urlmatch.h b/urlmatch.h index eed5f29235..2407520731 100644 --- a/urlmatch.h +++ b/urlmatch.h @@ -50,6 +50,15 @@ struct urlmatch_config { void *cb; int (*collect_fn)(const char *var, const char *value, void *cb); int (*cascade_fn)(const char *var, const char *value, void *cb); + /* + * Compare the two matches, the one just discovered and the existing + * best match and return a negative value if the found item is to be + * rejected or a non-negative value if it is to be accepted. If this + * field is set to NULL, use the default comparison technique, which + * checks to ses if found is better (according to the urlmatch + * specificity rules) than existing. + */ + int (*select_fn)(const struct urlmatch_item *found, const struct urlmatch_item *existing); }; int urlmatch_config_entry(const char *var, const char *value, void *cb);