From: Jeff King <peff@peff.net>
To: Shawn Pearce <spearce@spearce.org>
Cc: git@vger.kernel.org
Subject: Re: [PATCH] credential: do not store credentials received from helpers
Date: Sat, 7 Apr 2012 01:21:10 -0400 [thread overview]
Message-ID: <20120407052110.GA12164@sigill.intra.peff.net> (raw)
In-Reply-To: <20120407045612.GA965@sigill.intra.peff.net>
On Sat, Apr 07, 2012 at 12:56:12AM -0400, Jeff King wrote:
> > So if I use the cache helper, and its set to expire at the default of
> > 15 minutes, I have to type my password in every 15 minutes, even if I
> > am doing a Git operation roughly every 8 minutes during a work day?
>
> Yes. It's less convenient, but safer and more predictable (you put your
> password in at 2:30, it's gone at 2:45). Keep in mind that you can also
> bump the cache time. And like I said, if we do want have it behave the
> other way, that's OK, but it should be explicit (and it can be optional,
> even if it defaults to auto-refresh on use).
And here's what the optional version looks like:
diff --git a/credential-cache--daemon.c b/credential-cache--daemon.c
index 390f194..1f801f7 100644
--- a/credential-cache--daemon.c
+++ b/credential-cache--daemon.c
@@ -136,6 +136,9 @@ static void serve_one_client(FILE *in, FILE *out)
else if (!strcmp(action.buf, "get")) {
struct credential_cache_entry *e = lookup_credential(&c);
if (e) {
+ int new_expiration = time(NULL) + timeout;
+ if (new_expiration > e->expiration)
+ e->expiration = new_expiration;
fprintf(out, "username=%s\n", e->item.username);
fprintf(out, "password=%s\n", e->item.password);
}
diff --git a/credential-cache.c b/credential-cache.c
index 9a03792..5751b48 100644
--- a/credential-cache.c
+++ b/credential-cache.c
@@ -87,6 +87,7 @@ int main(int argc, const char **argv)
{
char *socket_path = NULL;
int timeout = 900;
+ int refresh = 0;
const char *op;
const char * const usage[] = {
"git credential-cache [options] <action>",
@@ -97,6 +98,8 @@ int main(int argc, const char **argv)
"number of seconds to cache credentials"),
OPT_STRING(0, "socket", &socket_path, "path",
"path of cache-daemon socket"),
+ OPT_BOOL(0, "refresh-on-use", &refresh,
+ "refresh timestamp when credential is accessed"),
OPT_END()
};
@@ -112,7 +115,9 @@ int main(int argc, const char **argv)
if (!strcmp(op, "exit"))
do_cache(socket_path, op, timeout, 0);
- else if (!strcmp(op, "get") || !strcmp(op, "erase"))
+ else if (!strcmp(op, "get"))
+ do_cache(socket_path, op, refresh ? timeout : 0, FLAG_RELAY);
+ else if(!strcmp(op, "erase"))
do_cache(socket_path, op, timeout, FLAG_RELAY);
else if (!strcmp(op, "store"))
do_cache(socket_path, op, timeout, FLAG_RELAY|FLAG_SPAWN);
next prev parent reply other threads:[~2012-04-07 5:21 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-07 3:34 [PATCH] credential: do not store credentials received from helpers Jeff King
2012-04-07 4:12 ` Shawn Pearce
2012-04-07 4:56 ` Jeff King
2012-04-07 5:21 ` Jeff King [this message]
2012-04-07 4:56 ` Junio C Hamano
2012-04-07 5:09 ` Jeff King
2012-04-08 5:05 ` Junio C Hamano
2012-04-08 6:40 ` Jeff King
2012-04-08 7:07 ` Jeff King
2012-04-08 7:13 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120407052110.GA12164@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=spearce@spearce.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).