examples: honor allowed credential types when prompting user Credential callback are being passed a bitset that indicates which credential types are allowed in the current context. In our examples code, we completely ignore that field and always return username/password credentials, which doesn't necessarily make sense e.g. when only SSH keys are allowed. Refactor the code and only return username/password credentials in the case where `USERPASS_PLAINTEXT` credentials are allowed. Otherwise, return a positive error code to indicate that no credentials could be acquired.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
diff --git a/examples/common.c b/examples/common.c
index f1ee27e..ee47107 100644
--- a/examples/common.c
+++ b/examples/common.c
@@ -330,6 +330,19 @@ error:
return error;
}
+static int ask(char **out, const char *prompt)
+{
+ printf("%s ", prompt);
+ fflush(stdout);
+
+ if (!readline(out)) {
+ fprintf(stderr, "Could not read response: %s", strerror(errno));
+ return -1;
+ }
+
+ return 0;
+}
+
int cred_acquire_cb(git_cred **out,
const char *url,
const char *username_from_url,
@@ -337,31 +350,22 @@ int cred_acquire_cb(git_cred **out,
void *payload)
{
char *username = NULL, *password = NULL;
- int error;
+ int error = 1;
UNUSED(url);
UNUSED(username_from_url);
- UNUSED(allowed_types);
UNUSED(payload);
- printf("Username: ");
- if (readline(&username) < 0) {
- fprintf(stderr, "Unable to read username: %s", strerror(errno));
- return -1;
- }
+ if (allowed_types & GIT_CREDTYPE_USERPASS_PLAINTEXT) {
+ if ((error = ask(&username, "Username:")) < 0 ||
+ (error = ask(&password, "Password:")) < 0)
+ goto out;
- /* Yup. Right there on your terminal. Careful where you copy/paste output. */
- printf("Password: ");
- if (readline(&password) < 0) {
- fprintf(stderr, "Unable to read password: %s", strerror(errno));
- free(username);
- return -1;
+ error = git_cred_userpass_plaintext_new(out, username, password);
}
- error = git_cred_userpass_plaintext_new(out, username, password);
-
+out:
free(username);
free(password);
-
return error;
}