From: Junio C Hamano <gitster@pobox.com>
To: Aditya Garg <gargaditya08@live.com>
Cc: Julian Swagemakers <julian@swagemakers.org>,
git@vger.kernel.org, M Hickford <mirth.hickford@gmail.com>,
sandals@crustytoothpaste.net, Shengyu Qu <wiagn233@outlook.com>
Subject: Re: [PATCH v4 3/3] send-email: add option to generate passswords like OAuth2 tokens
Date: Wed, 23 Apr 2025 12:03:50 -0700 [thread overview]
Message-ID: <xmqqwmbaya21.fsf@gitster.g> (raw)
In-Reply-To: <PN3PR01MB9597B50EF69AD097C594F844B8BA2@PN3PR01MB9597.INDPRD01.PROD.OUTLOOK.COM> (Aditya Garg's message of "Wed, 23 Apr 2025 12:19:47 +0000")
Aditya Garg <gargaditya08@live.com> writes:
> @@ -230,6 +230,14 @@ or on the command line. If a username has been specified (with
> specified (with `--smtp-pass` or `sendemail.smtpPass`), then
> a password is obtained using 'git-credential'.
>
> +--smtp-passeval[=<command>]::
Lose the pair of [] that marks the value optional. Compare it with,
say, --smtp-user that is described as:
--smtp-user=<user>::
Username for SMTP-AUTH. Default is ...
because they are defined in %options (below) in a similar way, like
so:
> "smtp-user=s" => \$smtp_authuser,
> "smtp-pass:s" => \$smtp_authpass,
> + "smtp-passeval=s" => \$smtp_authpasseval,
> "smtp-ssl" => sub { $smtp_encryption = 'ssl' },
taking a string value =s that is not optional.
> + Generate password like OAuth2 token for SMTP AUTH. If specified,
> + it will use the output of the command specified as a password for
> + authentication.
> ++
> diff --git a/git-send-email.perl b/git-send-email.perl
> index a18e978e22..cafb9aa43b 100755
> --- a/git-send-email.perl
> +++ b/git-send-email.perl
> @@ -59,6 +59,8 @@ sub usage {
> --smtp-server-port <int> * Outgoing SMTP server port.
> --smtp-user <str> * Username for SMTP-AUTH.
> --smtp-pass <str> * Password for SMTP-AUTH; not necessary.
> + --smtp-passeval <str> * Path to script or a command to generate
> + password like OAuth2 token for SMTP-AUTH.
> --smtp-encryption <str> * tls or ssl; anything else disables.
> --smtp-ssl * Deprecated. Use '--smtp-encryption ssl'.
> --smtp-ssl-cert-path <str> * Path to ca-certificates (either directory or file).
Looking good.
> + # If smtpPassEval is set, run the user specified command to get the password
> + if (defined $smtp_authpasseval) {
> + printf __("Executing token generating script: %s\n"), $smtp_authpasseval;
> + chomp(my $generated_password = `$smtp_authpasseval 2>&1`);
How careful do we need to protect ourselves against a bad value in
this variable (like "rm -rf $HOME; password-command") ? Are we OK
with trusting that the command line and the configuration file are
not under control of an attacker? I am assuming it is OK, but you
folks have thought about this code path much longer than I have, so
I thought I should ask just to make sure.
Thanks.
next prev parent reply other threads:[~2025-04-23 19:03 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-23 12:19 [PATCH v4 0/3] send-email: add oauth2 support and fix outlook breaking threads Aditya Garg
2025-04-23 12:19 ` [PATCH v4 1/3] send-email: implement SMTP bearer authentication Aditya Garg
2025-04-23 18:04 ` Junio C Hamano
2025-04-23 18:33 ` Aditya Garg
2025-04-24 6:36 ` Greg Kroah-Hartman
2025-04-24 8:23 ` Aditya Garg
2025-04-23 12:19 ` [PATCH v4 2/3] send-email: retrieve Message-ID from outlook SMTP server Aditya Garg
2025-04-23 18:54 ` Junio C Hamano
2025-04-23 22:52 ` brian m. carlson
2025-04-24 3:42 ` Aditya Garg
2025-04-23 12:19 ` [PATCH v4 3/3] send-email: add option to generate passswords like OAuth2 tokens Aditya Garg
2025-04-23 19:03 ` Junio C Hamano [this message]
2025-04-24 3:29 ` Aditya Garg
2025-04-24 12:43 ` Junio C Hamano
2025-04-23 20:50 ` [PATCH v4 0/3] send-email: add oauth2 support and fix outlook breaking threads M Hickford
2025-04-24 3:44 ` Aditya Garg
2025-04-24 7:53 ` [PATCH v5 " Aditya Garg
2025-04-24 7:53 ` [PATCH v5 1/3] send-email: implement SMTP bearer authentication Aditya Garg
2025-04-24 12:12 ` Julian Swagemakers
[not found] ` <CACOoB6jE=DgpYYaudhqTVDRd2SCz++aog7QYwTQs6-MAD8dBuw@mail.gmail.com>
2025-04-24 18:22 ` Aditya Garg
2025-04-24 19:20 ` Erik Huelsmann
2025-04-25 6:19 ` Julian Swagemakers
2025-04-25 6:25 ` Aditya Garg
2025-04-25 9:45 ` Aditya Garg
2025-04-25 10:17 ` Erik Hulsmann
2025-04-24 18:23 ` Aditya Garg
2025-04-24 7:53 ` [PATCH v5 2/3] send-email: retrieve Message-ID from outlook SMTP server Aditya Garg
2025-04-24 13:09 ` Greg Kroah-Hartman
2025-04-26 18:11 ` Yao Zi
2025-04-27 20:05 ` Aditya Garg
2025-04-28 4:16 ` Yao Zi
2025-04-27 19:44 ` Aditya Garg
2025-04-24 7:53 ` [PATCH v5 3/3] send-email: add option to generate passswords like OAuth2 tokens Aditya Garg
2025-04-24 12:28 ` Julian Swagemakers
2025-04-24 12:53 ` Aditya Garg
2025-04-24 15:20 ` Junio C Hamano
2025-04-24 15:46 ` Aditya Garg
2025-04-24 16:58 ` Junio C Hamano
2025-04-25 10:09 ` [PATCH v6 0/1] send-email: add oauth2 support and fix outlook breaking threads Aditya Garg
2025-04-25 10:09 ` [PATCH v6 1/1] send-email: retrieve Message-ID from outlook SMTP server Aditya Garg
2025-04-25 15:04 ` Aditya Garg
2025-04-25 16:22 ` Erik Huelsmann
2025-04-25 17:08 ` Junio C Hamano
2025-04-25 19:05 ` Erik Huelsmann
2025-04-25 19:08 ` Aditya Garg
2025-04-25 17:23 ` Junio C Hamano
2025-04-25 19:05 ` Aditya Garg
2025-04-26 8:36 ` Aditya Garg
2025-04-26 9:03 ` Eric Sunshine
2025-04-26 17:40 ` Aditya Garg
2025-04-28 16:52 ` Junio C Hamano
2025-04-28 17:52 ` [PATCH] send-email: add --smtp-outlook-id-tweak option Aditya Garg
2025-04-28 17:57 ` [PATCH v2] " Aditya Garg
2025-04-28 20:47 ` Junio C Hamano
2025-04-29 3:44 ` Aditya Garg
2025-04-29 10:52 ` [PATCH v3] send-email: add --[no-]outlook-id-fix option Aditya Garg
2025-04-29 11:00 ` Aditya Garg
2025-04-29 15:57 ` Junio C Hamano
2025-04-29 16:24 ` Junio C Hamano
2025-04-29 16:26 ` Aditya Garg
2025-04-29 16:37 ` [PATCH v4] " Aditya Garg
2025-04-29 23:08 ` Junio C Hamano
2025-04-30 8:31 ` Aditya Garg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqwmbaya21.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=gargaditya08@live.com \
--cc=git@vger.kernel.org \
--cc=julian@swagemakers.org \
--cc=mirth.hickford@gmail.com \
--cc=sandals@crustytoothpaste.net \
--cc=wiagn233@outlook.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).