git credential doesn't honor git config precedence rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello everyone,

I think I found a bug with git credential: this tool doesn't call
the configured credential helper following the configuration rules.

It calls the system configured credential helper (git config --system) even if another one
is configured (ie: at the global level : git config --global).

The problem I encountered is that the configured system one (manager-core
in my case) answers a wrong value instead of giving up. The globally
configured (wincred in my case) is then not called at all and my
authentication just fail without any way to manually enter login & pass.

Here is some details to reproduce what I think is a bug.

> What did you do before the bug happened? (Steps to reproduce your issue)

# Setup phase

# The purpose is to show that "git credential" & friends don't honor the
# config precedence rule when launching the credential helper

# I set the system credential helper to a nonexistent credential helper
# to provoke an error message later
$ git config --replace-all --system credential.helper "bla"
$ git config --get --system credential.helper
bla
# The global (per account) credential helper is an existing one
$ git config --get --global credential.helper
wincred
# this is the computed one based on the precedence rules
$ git config --get credential.helper
wincred

# Bug phase

$ git credential fill << EOF
> protocol=http
> host=<some internal host>
> path=<some internal path>
> EOF


> What did you expect to happen? (Expected behavior)

protocol=http
host=<some internal host>
username=<some local user>
password=<the password>

> What happened instead? (Actual behavior)

git: 'credential-bla' is not a git command. See 'git --help'.
protocol=http
host=<some internal host>
username=<some local user>
password=<the password>

> What's different between what you expected and what actually happened?

In this example, the "bla" credential helper is called
even if the wincred should have been the only one to be
called.

The result is OK since the "bla" credential returned a non
zero return code, then the global credential helper (wincred) was called.

Let's see what happened with a "zero returning" credential
helper :

> Anything else you want to add:

Let's replay the same scenario with the real "manager-core" credential helper

> What did you do before the bug happened? (Steps to reproduce your issue)

# Setup phase

$ git config --replace-all --system credential.helper manager-core
$ git config --get --system credential.helper
manager-core
# The global (per account) credential helper is still an existing one
$ git config --get --global credential.helper
wincred
$ git config --get credential.helper
wincred

# Bug phase

$ git credential fill << EOF
> protocol=http
> host=<some internal host>
> path=<some internal path>
> EOF


> What did you expect to happen? (Expected behavior)

protocol=http
host=<some internal host>
username=<some local user>
password=<the password>

# wincred would have been called and had returned what it learned before

> What happened instead? (Actual behavior)

protocol=http
host=<some internal host>
username=
password=

$ echo $?
0

# username and password are left empty, but the system credential helper
# didn't returned a non-zero return value, not triggering the global
# credential helper.

> What's different between what you expected and what actually happened?

Two problems :
- the manager-core credential manager didn't answer some login or
  password nor prompted the user for anything. I'm not sure this
  should be the good behavior, but it's not our concern here.
- the manager-core has been called despite the fact the global configuration
  should have been used, letting only wincred filling the request.


[System Info]
git version:
git version 2.37.3.windows.1
cpu: x86_64
built from commit: c4992d4fecabd7d111726ecb37e33a3ccb51d6f1
sizeof-long: 4
sizeof-size_t: 8
shell-path: /bin/sh
feature: fsmonitor--daemon
uname: Windows 10.0 19045
compiler info: gnuc: 12.2
libc info: no libc information available
$SHELL (typically, interactive shell): C:\Developpement\Git\usr\bin\bash.exe


[Enabled Hooks]
(none)


Best regards,

--
Emmanuel Coirier


Interne
Ce message et toutes les pièces jointes (ci-après le «message») sont confidentiels et établis à l’intention exclusive de ses destinataires. Toute utilisation de ce message non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. Si vous recevez ce message par erreur, merci de le détruire sans en conserver de copie et d’en avertir immédiatement l’expéditeur. Internet ne permettant pas de garantir l’intégrité de ce message, la Caisse des Dépôts et Consignations décline toute responsabilité au titre de ce message s’il a été modifié, altéré, déformé ou falsifié. Par ailleurs et malgré toutes les précautions prises pour éviter la présence de virus dans nos envois, nous vous recommandons de prendre, de votre côté, les mesures permettant d'assurer la non-introduction de virus dans votre système informatique. This email message and any attachments (“the email”) are confidential and intended only for the recipient(s) indicated. If you are not an intended recipient, please be advised that any use, dissemination, forwarding or copying of this email whatsoever is prohibited without prior written consent of Caisse des Depots et Consignations. If you have received this email in error, please delete it without saving a copy and notify the sender immediately. Internet emails are not necessarily secure, and Caisse des Depots et Consignations declines responsibility for any changes that may have been made to this email after it was sent. While we take all reasonable precautions to ensure that viruses are not transmitted via emails, we recommend that you take your own measures to prevent viruses from entering your computer system.




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux