From: Junio C Hamano <gitster@pobox.com>
To: Aditya Garg <gargaditya08@live.com>
Cc: "git@vger.kernel.org" <git@vger.kernel.org>,
Eric Sunshine <sunshine@sunshineco.com>,
Zi Yao <ziyao@disroot.org>,
brian m carlson <sandals@crustytoothpaste.net>,
Jeff King <peff@peff.net>, Ben Knoble <ben.knoble@gmail.com>,
Phillip Wood <phillip.wood123@gmail.com>
Subject: Re: [PATCH v13 02/10] imap-send: add support for OAuth2.0 authentication
Date: Fri, 06 Jun 2025 09:38:14 -0700 [thread overview]
Message-ID: <xmqqmsak3jwp.fsf@gitster.g> (raw)
In-Reply-To: <PN3PR01MB95974F9ED808F60A915D054CB86EA@PN3PR01MB9597.INDPRD01.PROD.OUTLOOK.COM> (Aditya Garg's message of "Fri, 6 Jun 2025 06:59:12 +0000")
Aditya Garg <gargaditya08@live.com> writes:
> Ok so I was wrong here. The warning actually comes when we compile
> WITHOUT NO_OPENSSL, since auth_oauthbearer is a function there, and
> will attract waddress warnings,
But the patch in this thread, when compiled with NO_OPENSSL, gives
"-Wunreachable".
--- * ------ * ------ * ------ * ------ * ---
$ make V=1 CC=clang DEVELOPER=YesPlease CFLAGS=-Waddress NO_OPENSSL=NoThanks imap-send.o
* new build flags
clang -o imap-send.o -c -MF ./.depend/imap-send.o.d -MQ imap-send.o -MMD -MP -Werror -Wall -pedantic -Wpedantic -std=gnu99 -Wdeclaration-after-statement -Wformat-security -Wold-style-definition -Woverflow -Wpointer-arith -Wstrict-prototypes -Wunused -Wvla -Wwrite-strings -fno-common -Wunreachable-code -Wcomma -Wtautological-constant-out-of-range-compare -Wextra -Wmissing-prototypes -Wno-empty-body -Wno-missing-field-initializers -Waddress -I. -DGIT_HOST_CPU="\"x86_64\"" -DHAVE_ALLOCA_H -DUSE_CURL_FOR_IMAP_SEND -DNO_OPENSSL -DSUPPORTS_SIMPLE_IPC -DSHA1_DC -DSHA1DC_NO_STANDARD_INCLUDES -DSHA1DC_INIT_SAFE_HASH_DEFAULT=0 -DSHA1DC_CUSTOM_INCLUDE_SHA1_C="\"git-compat-util.h\"" -DSHA1DC_CUSTOM_INCLUDE_UBC_CHECK_C="\"git-compat-util.h\"" -DSHA256_BLK -DHAVE_PATHS_H -DHAVE_DEV_TTY -DHAVE_CLOCK_GETTIME -DHAVE_CLOCK_MONOTONIC -DHAVE_SYNC_FILE_RANGE -DHAVE_SYSINFO -DHAVE_GETDELIM -DHAVE_GETRANDOM -DFREAD_READS_DIRECTORIES -DNO_STRLCPY -DSHELL_PATH='"/bin/sh"' imap-send.c
imap-send.c:1344:5: error: code will never be executed [-Werror,-Wunreachable-code]
1344 | memset(&cb, 0, sizeof(cb));
| ^~~~~~
imap-send.c:1322:5: error: code will never be executed [-Werror,-Wunreachable-code]
1322 | memset(&cb, 0, sizeof(cb));
| ^~~~~~
imap-send.c:1300:5: error: code will never be executed [-Werror,-Wunreachable-code]
1300 | memset(&cb, 0, sizeof(cb));
| ^~~~~~
imap-send.c:1278:5: error: code will never be executed [-Werror,-Wunreachable-code]
1278 | memset(&cb, 0, sizeof(cb));
| ^~~~~~
4 errors generated.
make: *** [Makefile:2820: imap-send.o] Error 1
--- * ------ * ------ * ------ * ------ * ---
See the patch attached at the end [*] that you can apply to 'seen'
to try out; the result compiles with all combinations of gcc/clang
and with and without NO_OPENSSL.
Having said that, I think you should first clean up the repetitions
before piling a lot of different auth_method on top.
A part of the resulting code after applying [*] to 'seen' looks like
this:
} else if (!strcmp(srvc->auth_method, "CRAM-MD5")) {
if (!CAP(AUTH_CRAM_MD5)) {
fprintf(stderr, "You specified "
"CRAM-MD5 as authentication method, "
"but %s doesn't support it.\n", srvc->host);
goto bail;
}
/* CRAM-MD5 */
memset(&cb, 0, sizeof(cb));
cb.cont = auth_cram_md5;
if (NOT_CONSTANT(!cb.cont)) {
fprintf(stderr, "If you want to use CRAM-MD5 authentication mechanism, "
"you have to build git-imap-send with OpenSSL library.");
goto bail;
}
if (imap_exec(ctx, &cb, "AUTHENTICATE CRAM-MD5") != RESP_OK) {
fprintf(stderr, "IMAP error: AUTHENTICATE CRAM-MD5 failed\n");
goto bail;
}
This pattern repeats for different auth methods as you add
copy-and-paste, which made the code way too long and too deeply
indented to be readable. Why not make the above into a single
helper function that you can reuse, so that the call site can become
something like
} else if (!strcmp(srvc->auth_method, "PLAIN")) {
if (try_auth_method(srvc, ctx, "PLAIN", AUTH_PLAIN, auth_plain))
goto bail;
} else if (!strcmp(srvc->auth_method, "CRAM-MD5")) {
if (try_auth_method(srvc, ctx, "CRAM-MD5", AUTH_CRAM_MD5, auth_cram_md5))
goto bail;
} ...
If you did it at the very beginning of the series (i.e. when you
only have CRAM_MD5 you inherited from the original before adding all
the other new ones), each addition would become a lot simpler and
main flow in the the resulting code would become quite simple like
the above.
static int try_auth_method(struct imap_server_conf *srvc,
struct imap_store *ctx,
const char *auth_method,
enum CAPABILITY cap,
int (*fn)(struct imap_store *, const char *))
{
struct imap_cmd_cb cb = {0};
if (!CAP(cap)) {
fprintf(stderr, "You specified "
"%s as authentication method, "
"but %s doesn't support it.\n",
auth_method, srvc->host);
return -1;
}
cb.cont = fn;
if (NOT_CONSTANT(!cb.cont)) {
fprintf(stderr, "If you want to use %s authentication mechanism, "
"you have to build git-imap-send with OpenSSL library.",
auth_method);
return -1;
}
if (imap_exec(ctx, &cb, "AUTHENTICATE %s", auth_method) != RESP_OK) {
fprintf(stderr, "IMAP error: AUTHENTICATE %s failed\n",
auth_method);
return -1;
}
return 0;
}
So here is that [*] patch that is incorrectly indented to avoid even
deeper nesting.
---- >8 ----
imap-send.c | 49 ++++++++++++++++++++++++-------------------------
1 file changed, 24 insertions(+), 25 deletions(-)
diff --git i/imap-send.c w/imap-send.c
index 6dbbf37125..bba2ef0cd0 100644
--- i/imap-send.c
+++ w/imap-send.c
@@ -1267,16 +1267,16 @@ static struct imap_store *imap_open_store(struct imap_server_conf *srvc, const c
goto bail;
}
- #ifdef NO_OPENSSL
+ /* PLAIN */
+ memset(&cb, 0, sizeof(cb));
+ cb.cont = auth_plain;
+
+ if (NOT_CONSTANT(!cb.cont)) {
fprintf(stderr, "You are trying to use PLAIN authentication mechanism "
"with OpenSSL library, but its support has not been compiled in.");
goto bail;
- #endif
-
- /* PLAIN */
+ }
- memset(&cb, 0, sizeof(cb));
- cb.cont = auth_plain;
if (imap_exec(ctx, &cb, "AUTHENTICATE PLAIN") != RESP_OK) {
fprintf(stderr, "IMAP error: AUTHENTICATE PLAIN failed\n");
goto bail;
@@ -1289,16 +1289,16 @@ static struct imap_store *imap_open_store(struct imap_server_conf *srvc, const c
goto bail;
}
- #ifdef NO_OPENSSL
- fprintf(stderr, "If you want to use CRAM-MD5 authentication mechanism, "
- "you have to build git-imap-send with OpenSSL library.");
- goto bail;
- #endif
/* CRAM-MD5 */
-
memset(&cb, 0, sizeof(cb));
cb.cont = auth_cram_md5;
+
+ if (NOT_CONSTANT(!cb.cont)) {
+ fprintf(stderr, "If you want to use CRAM-MD5 authentication mechanism, "
+ "you have to build git-imap-send with OpenSSL library.");
+ goto bail;
+ }
if (imap_exec(ctx, &cb, "AUTHENTICATE CRAM-MD5") != RESP_OK) {
fprintf(stderr, "IMAP error: AUTHENTICATE CRAM-MD5 failed\n");
goto bail;
@@ -1311,16 +1311,15 @@ static struct imap_store *imap_open_store(struct imap_server_conf *srvc, const c
goto bail;
}
- #ifdef NO_OPENSSL
- fprintf(stderr, "You are trying to use OAUTHBEARER authentication mechanism "
- "with OpenSSL library, but its support has not been compiled in.");
- goto bail;
- #endif
-
/* OAUTHBEARER */
-
memset(&cb, 0, sizeof(cb));
cb.cont = auth_oauthbearer;
+
+ if (NOT_CONSTANT(!cb.cont)) {
+ fprintf(stderr, "You are trying to use OAUTHBEARER authentication mechanism "
+ "with OpenSSL library, but its support has not been compiled in.");
+ goto bail;
+ }
if (imap_exec(ctx, &cb, "AUTHENTICATE OAUTHBEARER") != RESP_OK) {
fprintf(stderr, "IMAP error: AUTHENTICATE OAUTHBEARER failed\n");
goto bail;
@@ -1333,16 +1332,16 @@ static struct imap_store *imap_open_store(struct imap_server_conf *srvc, const c
goto bail;
}
- #ifdef NO_OPENSSL
+ /* XOAUTH2 */
+ memset(&cb, 0, sizeof(cb));
+ cb.cont = auth_xoauth2;
+
+ if (NOT_CONSTANT(!cb.cont)) {
fprintf(stderr, "You are trying to use XOAUTH2 authentication mechanism "
"with OpenSSL library, but its support has not been compiled in.");
goto bail;
- #endif
-
- /* XOAUTH2 */
+ }
- memset(&cb, 0, sizeof(cb));
- cb.cont = auth_xoauth2;
if (imap_exec(ctx, &cb, "AUTHENTICATE XOAUTH2") != RESP_OK) {
fprintf(stderr, "IMAP error: AUTHENTICATE XOAUTH2 failed\n");
goto bail;
next prev parent reply other threads:[~2025-06-06 16:38 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-06 6:59 [PATCH v13 02/10] imap-send: add support for OAuth2.0 authentication Aditya Garg
2025-06-06 7:16 ` Aditya Garg
2025-06-06 16:38 ` Junio C Hamano [this message]
2025-06-06 16:50 ` Aditya Garg
2025-06-06 17:03 ` Junio C Hamano
2025-06-06 17:12 ` Aditya Garg
2025-06-06 20:08 ` Aditya Garg
-- strict thread matches above, loose matches on Subject: below --
2025-06-05 8:42 [PATCH v13 00/10] imap-send: make it usable again and add OAuth2.0 support Aditya Garg
2025-06-05 8:42 ` [PATCH v13 02/10] imap-send: add support for OAuth2.0 authentication Aditya Garg
2025-06-05 16:33 ` Junio C Hamano
2025-06-05 17:16 ` Aditya Garg
2025-06-05 18:48 ` Junio C Hamano
2025-06-06 3:28 ` Aditya Garg
2025-06-06 4:04 ` Aditya Garg
2025-06-06 4:35 ` Junio C Hamano
2025-06-06 4:40 ` Aditya Garg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqmsak3jwp.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=ben.knoble@gmail.com \
--cc=gargaditya08@live.com \
--cc=git@vger.kernel.org \
--cc=peff@peff.net \
--cc=phillip.wood123@gmail.com \
--cc=sandals@crustytoothpaste.net \
--cc=sunshine@sunshineco.com \
--cc=ziyao@disroot.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.