mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

signed push: add "pushee" header to push certificate

Browse Source 
Record the URL of the intended recipient for a push (after
anonymizing it if it has authentication material) on a new "pushee
URL" header.  Because the networking configuration (SSH-tunnels,
proxies, etc.) on the pushing user's side varies, the receiving
repository may not know the single canonical URL all the pushing
users would refer it as (besides, many sites allow pushing over
ssh://host/path and https://host/path protocols to the same
repository but with different local part of the path).  So this
value may not be reliably used for replay-attack prevention
purposes, but this will still serve as a human readable hint to
identify the repository the certificate refers to.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Junio C Hamano
2014-08-22 18:15:24 -07:00
parent 4adf569dea
commit 9be89160e7
4 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Documentation/technical/pack-protocol.txt
View File

@ -484,6 +484,7 @@ references.
push-cert = PKT-LINE("push-cert" NUL capability-list LF) push-cert = PKT-LINE("push-cert" NUL capability-list LF)
PKT-LINE("certificate version 0.1" LF) PKT-LINE("certificate version 0.1" LF)
PKT-LINE("pusher" SP ident LF) PKT-LINE("pusher" SP ident LF)
PKT-LINE("pushee" SP url LF)
PKT-LINE(LF) PKT-LINE(LF)
*PKT-LINE(command LF) *PKT-LINE(command LF)
*PKT-LINE(gpg-signature-lines LF) *PKT-LINE(gpg-signature-lines LF)
@ -527,6 +528,11 @@ Currently, the following header fields are defined:
Identify the GPG key in "Human Readable Name <email@address>" Identify the GPG key in "Human Readable Name <email@address>"
format. format.
`pushee` url::
The repository URL (anonymized, if the URL contains
authentication material) the user who ran `git push`
intended to push into.
The GPG signature lines are a detached signature for the contents The GPG signature lines are a detached signature for the contents
recorded in the push certificate before the signature block begins. recorded in the push certificate before the signature block begins.
The detached signature is used to certify that the commands were The detached signature is used to certify that the commands were

5
send-pack.c
View File

@ -240,6 +240,11 @@ static int generate_push_cert(struct strbuf *req_buf,
datestamp(stamp, sizeof(stamp)); datestamp(stamp, sizeof(stamp));
strbuf_addf(&cert, "certificate version 0.1\n"); strbuf_addf(&cert, "certificate version 0.1\n");
strbuf_addf(&cert, "pusher %s %s\n", signing_key, stamp); strbuf_addf(&cert, "pusher %s %s\n", signing_key, stamp);
if (args->url && *args->url) {
char *anon_url = transport_anonymize_url(args->url);
strbuf_addf(&cert, "pushee %s\n", anon_url);
free(anon_url);
}
strbuf_addstr(&cert, "\n"); strbuf_addstr(&cert, "\n");
for (ref = remote_refs; ref; ref = ref->next) { for (ref = remote_refs; ref; ref = ref->next) {

1
send-pack.h
View File

@ -2,6 +2,7 @@
#define SEND_PACK_H #define SEND_PACK_H
struct send_pack_args { struct send_pack_args {
const char *url;
unsigned verbose:1, unsigned verbose:1,
quiet:1, quiet:1,
porcelain:1, porcelain:1,

1
transport.c
View File

@ -827,6 +827,7 @@ static int git_transport_push(struct transport *transport, struct ref *remote_re
args.dry_run = !!(flags & TRANSPORT_PUSH_DRY_RUN); args.dry_run = !!(flags & TRANSPORT_PUSH_DRY_RUN);
args.porcelain = !!(flags & TRANSPORT_PUSH_PORCELAIN); args.porcelain = !!(flags & TRANSPORT_PUSH_PORCELAIN);
args.push_cert = !!(flags & TRANSPORT_PUSH_CERT); args.push_cert = !!(flags & TRANSPORT_PUSH_CERT);
args.url = transport->url;
ret = send_pack(&args, data->fd, data->conn, remote_refs, ret = send_pack(&args, data->fd, data->conn, remote_refs,
&data->extra_have); &data->extra_have);