Re: [PATCH] credential: do not store credentials received from helpers

Jeff King <peff@xxxxxxxx> · Sat, 7 Apr 2012 01:21:10 -0400

On Sat, Apr 07, 2012 at 12:56:12AM -0400, Jeff King wrote:

> > So if I use the cache helper, and its set to expire at the default of
> > 15 minutes, I have to type my password in every 15 minutes, even if I
> > am doing a Git operation roughly every 8 minutes during a work day?
> 
> Yes. It's less convenient, but safer and more predictable (you put your
> password in at 2:30, it's gone at 2:45). Keep in mind that you can also
> bump the cache time. And like I said, if we do want have it behave the
> other way, that's OK, but it should be explicit (and it can be optional,
> even if it defaults to auto-refresh on use).

And here's what the optional version looks like:

diff --git a/credential-cache--daemon.c b/credential-cache--daemon.c
index 390f194..1f801f7 100644
--- a/credential-cache--daemon.c
+++ b/credential-cache--daemon.c
@@ -136,6 +136,9 @@ static void serve_one_client(FILE *in, FILE *out)
 	else if (!strcmp(action.buf, "get")) {
 		struct credential_cache_entry *e = lookup_credential(&c);
 		if (e) {
+			int new_expiration = time(NULL) + timeout;
+			if (new_expiration > e->expiration)
+				e->expiration = new_expiration;
 			fprintf(out, "username=%s\n", e->item.username);
 			fprintf(out, "password=%s\n", e->item.password);
 		}
diff --git a/credential-cache.c b/credential-cache.c
index 9a03792..5751b48 100644
--- a/credential-cache.c
+++ b/credential-cache.c
@@ -87,6 +87,7 @@ int main(int argc, const char **argv)
 {
 	char *socket_path = NULL;
 	int timeout = 900;
+	int refresh = 0;
 	const char *op;
 	const char * const usage[] = {
 		"git credential-cache [options] <action>",
@@ -97,6 +98,8 @@ int main(int argc, const char **argv)
 			    "number of seconds to cache credentials"),
 		OPT_STRING(0, "socket", &socket_path, "path",
 			   "path of cache-daemon socket"),
+		OPT_BOOL(0, "refresh-on-use", &refresh,
+			   "refresh timestamp when credential is accessed"),
 		OPT_END()
 	};
 
@@ -112,7 +115,9 @@ int main(int argc, const char **argv)
 
 	if (!strcmp(op, "exit"))
 		do_cache(socket_path, op, timeout, 0);
-	else if (!strcmp(op, "get") || !strcmp(op, "erase"))
+	else if (!strcmp(op, "get"))
+		do_cache(socket_path, op, refresh ? timeout : 0, FLAG_RELAY);
+	else if(!strcmp(op, "erase"))
 		do_cache(socket_path, op, timeout, FLAG_RELAY);
 	else if (!strcmp(op, "store"))
 		do_cache(socket_path, op, timeout, FLAG_RELAY|FLAG_SPAWN);
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html





