From: Junio C Hamano <gitster@pobox.com>
Date: Mon, 28 Aug 2023 16:51:16 +0000 (-0700)
Subject: Merge branch 'mh/credential-erase-improvements-more'
X-Git-Tag: v2.43.0-rc0~129
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bc92d2c7ac6bd85f2447dbc37c886a4e72076005;p=thirdparty%2Fgit.git

Merge branch 'mh/credential-erase-improvements-more'

Update two credential helpers to correctly match which credential
to erase; they dropped not the ones with stale password.

* mh/credential-erase-improvements-more:
  credential/wincred: erase matching creds only
  credential/libsecret: erase matching creds only
---

bc92d2c7ac6bd85f2447dbc37c886a4e72076005
diff --cc contrib/credential/libsecret/git-credential-libsecret.c
index 31cf32ad96,9110714601..215a81d8ba
--- a/contrib/credential/libsecret/git-credential-libsecret.c
+++ b/contrib/credential/libsecret/git-credential-libsecret.c
@@@ -54,27 -52,10 +54,29 @@@ struct credential_operation 
  
  #define CREDENTIAL_OP_END { NULL, NULL }
  
+ static void credential_clear(struct credential *c);
+ 
  /* ----------------- Secret Service functions ----------------- */
  
 +static const SecretSchema schema = {
 +	"org.git.Password",
 +	/* Ignore schema name during search for backwards compatibility */
 +	SECRET_SCHEMA_DONT_MATCH_NAME,
 +	{
 +		/*
 +		 * libsecret assumes attribute values are non-confidential and
 +		 * unchanging, so we can't include oauth_refresh_token or
 +		 * password_expiry_utc.
 +		 */
 +		{  "user", SECRET_SCHEMA_ATTRIBUTE_STRING },
 +		{  "object", SECRET_SCHEMA_ATTRIBUTE_STRING },
 +		{  "protocol", SECRET_SCHEMA_ATTRIBUTE_STRING },
 +		{  "port", SECRET_SCHEMA_ATTRIBUTE_INTEGER },
 +		{  "server", SECRET_SCHEMA_ATTRIBUTE_STRING },
 +		{  NULL, 0 },
 +	}
 +};
 +
  static char *make_label(struct credential *c)
  {
  	if (c->port)
@@@ -249,8 -200,22 +252,22 @@@ static int keyring_erase(struct credent
  	if (!c->protocol && !c->host && !c->path && !c->username)
  		return EXIT_FAILURE;
  
+ 	if (c->password) {
+ 		existing.host = g_strdup(c->host);
+ 		existing.path = g_strdup(c->path);
+ 		existing.port = c->port;
+ 		existing.protocol = g_strdup(c->protocol);
+ 		existing.username = g_strdup(c->username);
+ 		keyring_get(&existing);
+ 		if (existing.password && strcmp(c->password, existing.password)) {
+ 			credential_clear(&existing);
+ 			return EXIT_SUCCESS;
+ 		}
+ 		credential_clear(&existing);
+ 	}
+ 
  	attributes = make_attr_list(c);
 -	secret_password_clearv_sync(SECRET_SCHEMA_COMPAT_NETWORK,
 +	secret_password_clearv_sync(&schema,
  				    attributes,
  				    NULL,
  				    &error);