credential: add a field for pre-encoded credentials

At the moment, our credential code wants to find a username and password
for access, which, for HTTP, it will pass to libcurl to encode and
process.  However, many users want to use authentication schemes that
libcurl doesn't support, such as Bearer authentication.  In these
schemes, the secret is not a username and password pair, but some sort
of token that meets the production for authentication data in the RFC.

In fact, in general, it's useful to allow our credential helper to have
knowledge about what specifically to put in the protocol header.  Thus,
add a field, credential, which contains data that's preencoded to be
suitable for the protocol in question.  If we have such data, we need
neither a username nor a password, so make that adjustment as well.

It is in theory possible to reuse the password field for this.  However,
if we do so, we must know whether the credential helper supports our new
scheme before sending it data, which necessitates some sort of
capability inquiry, because otherwise an uninformed credential helper
would store our preencoded data as a password, which would fail the next
time we attempted to connect to the remote server.  This design is
substantially simpler, and we can hint to the credential helper that we
support this approach with a simple new field instead of needing to
query it first.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/credential.c b/credential.c
index 3dec433df51397cfe877beb20a35145728b7a485..c521822e5a6eddc786a230d7c49c3c23e55e0882 100644 (file)
--- a/credential.c
+++ b/credential.c
@@ -25,6 +25,7 @@ void credential_clear(struct credential *c)
        free(c->path);
        free(c->username);
        free(c->password);
+       free(c->credential);
        free(c->oauth_refresh_token);
        free(c->authtype);
        string_list_clear(&c->helpers, 0);
@@ -234,6 +235,9 @@ int credential_read(struct credential *c, FILE *fp)
                } else if (!strcmp(key, "password")) {
                        free(c->password);
                        c->password = xstrdup(value);
+               } else if (!strcmp(key, "credential")) {
+                       free(c->credential);
+                       c->credential = xstrdup(value);
                } else if (!strcmp(key, "protocol")) {
                        free(c->protocol);
                        c->protocol = xstrdup(value);
@@ -291,6 +295,7 @@ void credential_write(const struct credential *c, FILE *fp)
        credential_write_item(fp, "path", c->path, 0);
        credential_write_item(fp, "username", c->username, 0);
        credential_write_item(fp, "password", c->password, 0);
+       credential_write_item(fp, "credential", c->credential, 0);
        credential_write_item(fp, "oauth_refresh_token", c->oauth_refresh_token, 0);
        if (c->password_expiry_utc != TIME_MAX) {
                char *s = xstrfmt("%"PRItime, c->password_expiry_utc);
@@ -366,7 +371,7 @@ void credential_fill(struct credential *c)
 {
        int i;
 
-       if (c->username && c->password)
+       if ((c->username && c->password) || c->credential)
                return;
 
        credential_apply_config(c);
@@ -379,7 +384,7 @@ void credential_fill(struct credential *c)
                        /* Reset expiry to maintain consistency */
                        c->password_expiry_utc = TIME_MAX;
                }
-               if (c->username && c->password)
+               if ((c->username && c->password) || c->credential)
                        return;
                if (c->quit)
                        die("credential helper '%s' told us to quit",
@@ -387,7 +392,7 @@ void credential_fill(struct credential *c)
        }
 
        credential_getpass(c);
-       if (!c->username && !c->password)
+       if (!c->username && !c->password && !c->credential)
                die("unable to get password from user");
 }
 
@@ -397,7 +402,7 @@ void credential_approve(struct credential *c)
 
        if (c->approved)
                return;
-       if (!c->username || !c->password || c->password_expiry_utc < time(NULL))
+       if (((!c->username || !c->password) && !c->credential) || c->password_expiry_utc < time(NULL))
                return;
 
        credential_apply_config(c);
@@ -418,6 +423,7 @@ void credential_reject(struct credential *c)
 
        FREE_AND_NULL(c->username);
        FREE_AND_NULL(c->password);
+       FREE_AND_NULL(c->credential);
        FREE_AND_NULL(c->oauth_refresh_token);
        c->password_expiry_utc = TIME_MAX;
        c->approved = 0;

diff --git a/credential.h b/credential.h
index dc96ca0318267f90abec1f113dc151fcd59e9ab2..9db892cf4ddcede05e6d3886f79cfd688f15e5ab 100644 (file)
--- a/credential.h
+++ b/credential.h
@@ -138,6 +138,7 @@ struct credential {
 
        char *username;
        char *password;
+       char *credential;
        char *protocol;
        char *host;
        char *path;