From: Junio C Hamano <gitster@pobox.com>
To: Aditya Garg <gargaditya08@live.com>
Cc: Julian Swagemakers <julian@swagemakers.org>,
git@vger.kernel.org, M Hickford <mirth.hickford@gmail.com>,
sandals@crustytoothpaste.net, Shengyu Qu <wiagn233@outlook.com>
Subject: Re: [PATCH v4 3/3] send-email: add option to generate passswords like OAuth2 tokens
Date: Wed, 23 Apr 2025 12:03:50 -0700 [thread overview]
Message-ID: <xmqqwmbaya21.fsf@gitster.g> (raw)
In-Reply-To: <PN3PR01MB9597B50EF69AD097C594F844B8BA2@PN3PR01MB9597.INDPRD01.PROD.OUTLOOK.COM> (Aditya Garg's message of "Wed, 23 Apr 2025 12:19:47 +0000")
Aditya Garg <gargaditya08@live.com> writes:
> @@ -230,6 +230,14 @@ or on the command line. If a username has been specified (with
> specified (with `--smtp-pass` or `sendemail.smtpPass`), then
> a password is obtained using 'git-credential'.
>
> +--smtp-passeval[=<command>]::
Lose the pair of [] that marks the value optional. Compare it with,
say, --smtp-user that is described as:
--smtp-user=<user>::
Username for SMTP-AUTH. Default is ...
because they are defined in %options (below) in a similar way, like
so:
> "smtp-user=s" => \$smtp_authuser,
> "smtp-pass:s" => \$smtp_authpass,
> + "smtp-passeval=s" => \$smtp_authpasseval,
> "smtp-ssl" => sub { $smtp_encryption = 'ssl' },
taking a string value =s that is not optional.
> + Generate password like OAuth2 token for SMTP AUTH. If specified,
> + it will use the output of the command specified as a password for
> + authentication.
> ++
> diff --git a/git-send-email.perl b/git-send-email.perl
> index a18e978e22..cafb9aa43b 100755
> --- a/git-send-email.perl
> +++ b/git-send-email.perl
> @@ -59,6 +59,8 @@ sub usage {
> --smtp-server-port <int> * Outgoing SMTP server port.
> --smtp-user <str> * Username for SMTP-AUTH.
> --smtp-pass <str> * Password for SMTP-AUTH; not necessary.
> + --smtp-passeval <str> * Path to script or a command to generate
> + password like OAuth2 token for SMTP-AUTH.
> --smtp-encryption <str> * tls or ssl; anything else disables.
> --smtp-ssl * Deprecated. Use '--smtp-encryption ssl'.
> --smtp-ssl-cert-path <str> * Path to ca-certificates (either directory or file).
Looking good.
> + # If smtpPassEval is set, run the user specified command to get the password
> + if (defined $smtp_authpasseval) {
> + printf __("Executing token generating script: %s\n"), $smtp_authpasseval;
> + chomp(my $generated_password = `$smtp_authpasseval 2>&1`);
How careful do we need to protect ourselves against a bad value in
this variable (like "rm -rf $HOME; password-command") ? Are we OK
with trusting that the command line and the configuration file are
not under control of an attacker? I am assuming it is OK, but you
folks have thought about this code path much longer than I have, so
I thought I should ask just to make sure.
Thanks.
next prev parent reply other threads:[~2025-04-23 19:03 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-23 12:19 [PATCH v4 0/3] send-email: add oauth2 support and fix outlook breaking threads Aditya Garg
2025-04-23 12:19 ` [PATCH v4 1/3] send-email: implement SMTP bearer authentication Aditya Garg
2025-04-23 18:04 ` Junio C Hamano
2025-04-23 18:33 ` Aditya Garg
2025-04-24 6:36 ` Greg Kroah-Hartman
2025-04-24 8:23 ` Aditya Garg
2025-04-23 12:19 ` [PATCH v4 2/3] send-email: retrieve Message-ID from outlook SMTP server Aditya Garg
2025-04-23 18:54 ` Junio C Hamano
2025-04-23 22:52 ` brian m. carlson
2025-04-24 3:42 ` Aditya Garg
2025-04-23 12:19 ` [PATCH v4 3/3] send-email: add option to generate passswords like OAuth2 tokens Aditya Garg
2025-04-23 19:03 ` Junio C Hamano [this message]
2025-04-24 3:29 ` Aditya Garg
2025-04-24 12:43 ` Junio C Hamano
2025-04-23 20:50 ` [PATCH v4 0/3] send-email: add oauth2 support and fix outlook breaking threads M Hickford
2025-04-24 3:44 ` Aditya Garg
2025-04-24 7:53 ` [PATCH v5 " Aditya Garg
2025-04-24 7:53 ` [PATCH v5 1/3] send-email: implement SMTP bearer authentication Aditya Garg
2025-04-24 12:12 ` Julian Swagemakers
[not found] ` <CACOoB6jE=DgpYYaudhqTVDRd2SCz++aog7QYwTQs6-MAD8dBuw@mail.gmail.com>
2025-04-24 18:22 ` Aditya Garg
2025-04-24 19:20 ` Erik Huelsmann
2025-04-25 6:19 ` Julian Swagemakers
2025-04-25 6:25 ` Aditya Garg
2025-04-25 9:45 ` Aditya Garg
2025-04-25 10:17 ` Erik Hulsmann
2025-04-24 18:23 ` Aditya Garg
2025-04-24 7:53 ` [PATCH v5 2/3] send-email: retrieve Message-ID from outlook SMTP server Aditya Garg
2025-04-24 13:09 ` Greg Kroah-Hartman
2025-04-26 18:11 ` Yao Zi
2025-04-27 20:05 ` Aditya Garg
2025-04-28 4:16 ` Yao Zi
2025-04-27 19:44 ` Aditya Garg
2025-04-24 7:53 ` [PATCH v5 3/3] send-email: add option to generate passswords like OAuth2 tokens Aditya Garg
2025-04-24 12:28 ` Julian Swagemakers
2025-04-24 12:53 ` Aditya Garg
2025-04-24 15:20 ` Junio C Hamano
2025-04-24 15:46 ` Aditya Garg
2025-04-24 16:58 ` Junio C Hamano
2025-04-25 10:09 ` [PATCH v6 0/1] send-email: add oauth2 support and fix outlook breaking threads Aditya Garg
2025-04-25 10:09 ` [PATCH v6 1/1] send-email: retrieve Message-ID from outlook SMTP server Aditya Garg
2025-04-25 15:04 ` Aditya Garg
2025-04-25 16:22 ` Erik Huelsmann
2025-04-25 17:08 ` Junio C Hamano
2025-04-25 19:05 ` Erik Huelsmann
2025-04-25 19:08 ` Aditya Garg
2025-04-25 17:23 ` Junio C Hamano
2025-04-25 19:05 ` Aditya Garg
2025-04-26 8:36 ` Aditya Garg
2025-04-26 9:03 ` Eric Sunshine
2025-04-26 17:40 ` Aditya Garg
2025-04-28 16:52 ` Junio C Hamano
2025-04-28 17:52 ` [PATCH] send-email: add --smtp-outlook-id-tweak option Aditya Garg
2025-04-28 17:57 ` [PATCH v2] " Aditya Garg
2025-04-28 20:47 ` Junio C Hamano
2025-04-29 3:44 ` Aditya Garg
2025-04-29 10:52 ` [PATCH v3] send-email: add --[no-]outlook-id-fix option Aditya Garg
2025-04-29 11:00 ` Aditya Garg
2025-04-29 15:57 ` Junio C Hamano
2025-04-29 16:24 ` Junio C Hamano
2025-04-29 16:26 ` Aditya Garg
2025-04-29 16:37 ` [PATCH v4] " Aditya Garg
2025-04-29 23:08 ` Junio C Hamano
2025-04-30 8:31 ` Aditya Garg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqwmbaya21.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=gargaditya08@live.com \
--cc=git@vger.kernel.org \
--cc=julian@swagemakers.org \
--cc=mirth.hickford@gmail.com \
--cc=sandals@crustytoothpaste.net \
--cc=wiagn233@outlook.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.