diff options
| author | Junio C Hamano <gitster@pobox.com> | 2014-08-22 18:15:24 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2014-09-15 13:23:28 -0700 |
| commit | 9be89160e7382a88e56a02bcf38f4694dd6542d6 (patch) | |
| tree | d321807664e8398eb5c99c1dc7a08cccdfd82c77 | |
| parent | 4adf569dea052dac88121d822e11c249986b3398 (diff) | |
| download | git-9be89160e7382a88e56a02bcf38f4694dd6542d6.tar.gz | |
signed push: add "pushee" header to push certificate
Record the URL of the intended recipient for a push (after
anonymizing it if it has authentication material) on a new "pushee
URL" header. Because the networking configuration (SSH-tunnels,
proxies, etc.) on the pushing user's side varies, the receiving
repository may not know the single canonical URL all the pushing
users would refer it as (besides, many sites allow pushing over
ssh://host/path and https://host/path protocols to the same
repository but with different local part of the path). So this
value may not be reliably used for replay-attack prevention
purposes, but this will still serve as a human readable hint to
identify the repository the certificate refers to.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | Documentation/technical/pack-protocol.txt | 6 | ||||
| -rw-r--r-- | send-pack.c | 5 | ||||
| -rw-r--r-- | send-pack.h | 1 | ||||
| -rw-r--r-- | transport.c | 1 |
4 files changed, 13 insertions, 0 deletions
diff --git a/Documentation/technical/pack-protocol.txt b/Documentation/technical/pack-protocol.txt index 4a5c2e8636..7b543dc311 100644 --- a/Documentation/technical/pack-protocol.txt +++ b/Documentation/technical/pack-protocol.txt @@ -484,6 +484,7 @@ references. push-cert = PKT-LINE("push-cert" NUL capability-list LF) PKT-LINE("certificate version 0.1" LF) PKT-LINE("pusher" SP ident LF) + PKT-LINE("pushee" SP url LF) PKT-LINE(LF) *PKT-LINE(command LF) *PKT-LINE(gpg-signature-lines LF) @@ -527,6 +528,11 @@ Currently, the following header fields are defined: Identify the GPG key in "Human Readable Name <email@address>" format. +`pushee` url:: + The repository URL (anonymized, if the URL contains + authentication material) the user who ran `git push` + intended to push into. + The GPG signature lines are a detached signature for the contents recorded in the push certificate before the signature block begins. The detached signature is used to certify that the commands were diff --git a/send-pack.c b/send-pack.c index 857beb393d..9c2c64966d 100644 --- a/send-pack.c +++ b/send-pack.c @@ -240,6 +240,11 @@ static int generate_push_cert(struct strbuf *req_buf, datestamp(stamp, sizeof(stamp)); strbuf_addf(&cert, "certificate version 0.1\n"); strbuf_addf(&cert, "pusher %s %s\n", signing_key, stamp); + if (args->url && *args->url) { + char *anon_url = transport_anonymize_url(args->url); + strbuf_addf(&cert, "pushee %s\n", anon_url); + free(anon_url); + } strbuf_addstr(&cert, "\n"); for (ref = remote_refs; ref; ref = ref->next) { diff --git a/send-pack.h b/send-pack.h index 3555d8e8ad..5635457746 100644 --- a/send-pack.h +++ b/send-pack.h @@ -2,6 +2,7 @@ #define SEND_PACK_H struct send_pack_args { + const char *url; unsigned verbose:1, quiet:1, porcelain:1, diff --git a/transport.c b/transport.c index 07fdf86494..1df13753a6 100644 --- a/transport.c +++ b/transport.c @@ -827,6 +827,7 @@ static int git_transport_push(struct transport *transport, struct ref *remote_re args.dry_run = !!(flags & TRANSPORT_PUSH_DRY_RUN); args.porcelain = !!(flags & TRANSPORT_PUSH_PORCELAIN); args.push_cert = !!(flags & TRANSPORT_PUSH_CERT); + args.url = transport->url; ret = send_pack(&args, data->fd, data->conn, remote_refs, &data->extra_have); |