Andrew's git / gitweb.git / diff
?
signed push: add "pushee" header to push certificate
authorJunio C Hamano <gitster@pobox.com>
Sat, 23 Aug 2014 01:15:24 +0000 (18:15 -0700)
committerJunio C Hamano <gitster@pobox.com>
Mon, 15 Sep 2014 20:23:28 +0000 (13:23 -0700)
Record the URL of the intended recipient for a push (after
anonymizing it if it has authentication material) on a new "pushee
URL" header. Because the networking configuration (SSH-tunnels,
proxies, etc.) on the pushing user's side varies, the receiving
repository may not know the single canonical URL all the pushing
users would refer it as (besides, many sites allow pushing over
ssh://host/path and https://host/path protocols to the same
repository but with different local part of the path). So this
value may not be reliably used for replay-attack prevention
purposes, but this will still serve as a human readable hint to
identify the repository the certificate refers to.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
Documentation/technical/pack-protocol.txt patch | blob | history
send-pack.c patch | blob | history
send-pack.h patch | blob | history
transport.c patch | blob | history
diff --git a/Documentation/technical/pack-protocol.txt b/Documentation/technical/pack-protocol.txt
index 4a5c2e863601875ec1dfbf7e42525ee0e6039884..7b543dc311709d58d7613331dc482adc26d0e818 100644 (file)
--- a/Documentation/technical/pack-protocol.txt
+++ b/Documentation/technical/pack-protocol.txt
@@ -484,6 +484,7 @@ references.
   push-cert         = PKT-LINE("push-cert" NUL capability-list LF)
                      PKT-LINE("certificate version 0.1" LF)
                      PKT-LINE("pusher" SP ident LF)
   push-cert         = PKT-LINE("push-cert" NUL capability-list LF)
                      PKT-LINE("certificate version 0.1" LF)
                      PKT-LINE("pusher" SP ident LF)
+                     PKT-LINE("pushee" SP url LF)
                      PKT-LINE(LF)
                      *PKT-LINE(command LF)
                      *PKT-LINE(gpg-signature-lines LF)
                      PKT-LINE(LF)
                      *PKT-LINE(command LF)
                      *PKT-LINE(gpg-signature-lines LF)
@@ -527,6 +528,11 @@ Currently, the following header fields are defined:
        Identify the GPG key in "Human Readable Name <email@address>"
        format.
 
        Identify the GPG key in "Human Readable Name <email@address>"
        format.
 
+`pushee` url::
+       The repository URL (anonymized, if the URL contains
+       authentication material) the user who ran `git push`
+       intended to push into.
+
 The GPG signature lines are a detached signature for the contents
 recorded in the push certificate before the signature block begins.
 The detached signature is used to certify that the commands were
 The GPG signature lines are a detached signature for the contents
 recorded in the push certificate before the signature block begins.
 The detached signature is used to certify that the commands were
diff --git a/send-pack.c b/send-pack.c
index 857beb393d5e1f9dba6fb528ae9dc9b8c1db421e..9c2c64966d0d3967d0ea4a3f6ae16eed8e1bda9c 100644 (file)
--- a/send-pack.c
+++ b/send-pack.c
@@ -240,6 +240,11 @@ static int generate_push_cert(struct strbuf *req_buf,
        datestamp(stamp, sizeof(stamp));
        strbuf_addf(&cert, "certificate version 0.1\n");
        strbuf_addf(&cert, "pusher %s %s\n", signing_key, stamp);
        datestamp(stamp, sizeof(stamp));
        strbuf_addf(&cert, "certificate version 0.1\n");
        strbuf_addf(&cert, "pusher %s %s\n", signing_key, stamp);
+       if (args->url && *args->url) {
+               char *anon_url = transport_anonymize_url(args->url);
+               strbuf_addf(&cert, "pushee %s\n", anon_url);
+               free(anon_url);
+       }
        strbuf_addstr(&cert, "\n");
 
        for (ref = remote_refs; ref; ref = ref->next) {
        strbuf_addstr(&cert, "\n");
 
        for (ref = remote_refs; ref; ref = ref->next) {
diff --git a/send-pack.h b/send-pack.h
index 3555d8e8adde814207e72630c0d193291d4e6c39..56354577467acfe1bf98652f6bfad9ad7e5db851 100644 (file)
--- a/send-pack.h
+++ b/send-pack.h
@@ -2,6 +2,7 @@
 #define SEND_PACK_H
 
 struct send_pack_args {
 #define SEND_PACK_H
 
 struct send_pack_args {
+       const char *url;
        unsigned verbose:1,
                quiet:1,
                porcelain:1,
        unsigned verbose:1,
                quiet:1,
                porcelain:1,
diff --git a/transport.c b/transport.c
index 07fdf864941879cc4836db2e4f7812736992facc..1df13753a6be3673efa9d9a5ba1c8a226be669a9 100644 (file)
--- a/transport.c
+++ b/transport.c
@@ -827,6 +827,7 @@ static int git_transport_push(struct transport *transport, struct ref *remote_re
        args.dry_run = !!(flags & TRANSPORT_PUSH_DRY_RUN);
        args.porcelain = !!(flags & TRANSPORT_PUSH_PORCELAIN);
        args.push_cert = !!(flags & TRANSPORT_PUSH_CERT);
        args.dry_run = !!(flags & TRANSPORT_PUSH_DRY_RUN);
        args.porcelain = !!(flags & TRANSPORT_PUSH_PORCELAIN);
        args.push_cert = !!(flags & TRANSPORT_PUSH_CERT);
+       args.url = transport->url;
 
        ret = send_pack(&args, data->fd, data->conn, remote_refs,
                        &data->extra_have);
 
        ret = send_pack(&args, data->fd, data->conn, remote_refs,
                        &data->extra_have);