[PATCH] send-email: report host and port separately when calling git credential

[PATCH] send-email: report host and port separately when calling git credential

[Michal Nazarewicz]

When git-send-email uses git-credential to get SMTP password, it will
communicate SMTP host and port (if both are provided) as a single entry
‘host=<host>:<port>’.  This trips the ‘git-credential-store’ helper
which expects those values as separate keys (‘host’ and ‘port’).

Send the values as separate pieces of information so things work
smoothly.

Signed-off-by: Michał Nazarewicz <mina86@mina86.com>
---
 git-send-email.perl | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/git-send-email.perl b/git-send-email.perl
index 2fa7818ca..2a9f89a58 100755
--- a/git-send-email.perl
+++ b/git-send-email.perl
@@ -1229,14 +1229,6 @@ sub maildomain {
 	return maildomain_net() || maildomain_mta() || 'localhost.localdomain';
 }
 
-sub smtp_host_string {
-	if (defined $smtp_server_port) {
-		return "$smtp_server:$smtp_server_port";
-	} else {
-		return $smtp_server;
-	}
-}
-
 # Returns 1 if authentication succeeded or was not necessary
 # (smtp_user was not specified), and 0 otherwise.
 
@@ -1263,7 +1255,8 @@ sub smtp_auth_maybe {
 	# reject credentials.
 	$auth = Git::credential({
 		'protocol' => 'smtp',
-		'host' => smtp_host_string(),
+		'host' => $smtp_server,
+		'port' => $smtp_server_port,
 		'username' => $smtp_authuser,
 		# if there's no password, "git credential fill" will
 		# give us one, otherwise it'll just pass this one.
-- 
2.16.2

Re: [PATCH] send-email: report host and port separately when calling git credential

[Junio C Hamano]

Michal Nazarewicz <mina86@mina86.com> writes:

> When git-send-email uses git-credential to get SMTP password, it will
> communicate SMTP host and port (if both are provided) as a single entry
> ‘host=<host>:<port>’.  This trips the ‘git-credential-store’ helper
> which expects those values as separate keys (‘host’ and ‘port’).
>
> Send the values as separate pieces of information so things work
> smoothly.
>
> Signed-off-by: Michał Nazarewicz <mina86@mina86.com>
> ---
>  git-send-email.perl | 11 ++---------
>  1 file changed, 2 insertions(+), 9 deletions(-)

"git help credential" mentions protocol, host, path, username and
password (and also url which is a short-hand for setting protocol
and host), but not "port".  And common sense tells me, when a system
allows setting host but not port, that it would expect host:port to
be given when the service is running a non-standard port, so from
that point of view, I suspect that the current code is working as
expected.  In fact, credential.h, which defines the API, does not
have any "port" field, either, so I am not sure how this is expected
to change anything without touching the back-end that talks over the
pipe via _credential_run-->credential_write callchain.

Now, it is a separate matter if it were a better design if the
credential API had 'host' and 'port' defined as separate keys to the
authentication information.  Such an alternative design would have
made certain things harder while some other things easier (e.g. "use
this credential to the host no matter what port the service runs"
may be easier to implement if 'host' and 'port' are separate).


> diff --git a/git-send-email.perl b/git-send-email.perl
> index 2fa7818ca..2a9f89a58 100755
> --- a/git-send-email.perl
> +++ b/git-send-email.perl
> @@ -1229,14 +1229,6 @@ sub maildomain {
>  	return maildomain_net() || maildomain_mta() || 'localhost.localdomain';
>  }
>  
> -sub smtp_host_string {
> -	if (defined $smtp_server_port) {
> -		return "$smtp_server:$smtp_server_port";
> -	} else {
> -		return $smtp_server;
> -	}
> -}
> -
>  # Returns 1 if authentication succeeded or was not necessary
>  # (smtp_user was not specified), and 0 otherwise.
>  
> @@ -1263,7 +1255,8 @@ sub smtp_auth_maybe {
>  	# reject credentials.
>  	$auth = Git::credential({
>  		'protocol' => 'smtp',
> -		'host' => smtp_host_string(),
> +		'host' => $smtp_server,
> +		'port' => $smtp_server_port,
>  		'username' => $smtp_authuser,
>  		# if there's no password, "git credential fill" will
>  		# give us one, otherwise it'll just pass this one.

[PATCH] send-email: fix docs regarding storing password with git credential

[Michal Nazarewicz]

First of all, ‘git credential fill’ does not store credentials
but is used to *read* them.  The command which adds credentials
to the helper’s store is ‘git credential approve’.

Second of all, git-send-email will include port number in host
parameter when getting the password so it has to be set when
storing the password as well.

Apply the two above to fix the Gmail example in git-send-email
documentation.

Signed-off-by: Michał Nazarewicz <mina86@mina86.com>
---
 Documentation/git-send-email.txt | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/Documentation/git-send-email.txt b/Documentation/git-send-email.txt
index 71ef97ba9..172c7b344 100644
--- a/Documentation/git-send-email.txt
+++ b/Documentation/git-send-email.txt
@@ -477,13 +477,12 @@ https://security.google.com/settings/security/apppasswords to setup an
 app-specific password.  Once setup, you can store it with the credentials
 helper:
 
-	$ git credential fill
+	$ git credential approve
 	protocol=smtp
-	host=smtp.gmail.com
+	host=smtp.gmail.com:587
 	username=youname@gmail.com
 	password=app-password
 
-
 Once your commits are ready to be sent to the mailing list, run the
 following commands:
 
-- 
2.16.2

Re: [PATCH] send-email: fix docs regarding storing password with git credential

[Jeff King]

On Tue, Apr 03, 2018 at 12:23:48AM +0100, Michal Nazarewicz wrote:

> First of all, ‘git credential fill’ does not store credentials
> but is used to *read* them.  The command which adds credentials
> to the helper’s store is ‘git credential approve’.

Yep, makes sense (I wish we had just called these consistently "get",
"store", and "erase" as they are in the git<->helper interface).

> Second of all, git-send-email will include port number in host
> parameter when getting the password so it has to be set when
> storing the password as well.
> 
> Apply the two above to fix the Gmail example in git-send-email
> documentation.

Makes sense. This is an interesting counter-example to my earlier "well,
it usually works out in the long run" statement. Because usually you're
relying on some part of Git to issue the "fill" and the "approve", so
whatever it uses, it will be the same. But here we're trying to
pre-seed, so we have to match what the tool will do.

On the other hand, I'm not sure why we need to pre-seed here. Wouldn't
it be sufficient to just issue a "git send-email", which would then
prompt for the password? And then you'd input your generated token,
which would get saved via the approve mechanism?

-Peff

[PATCH] send-email: simplify Gmail example in the documentation

[Michal Nazarewicz]

There is no need for use to manually call ‘git credential’ especially
as the interface isn’t super user-friendly and a bit confusing.  ‘git
send-email’ will do that for them at the first execution and if the
password matches, it will be saved in the store.

Simplify the documentaion so it dosn’t include the ‘git credential’
invocation (which was incorrect anyway as it should use ‘approve’
instead of ‘fill’) and instead just mentions that credentials helper
must be set up.

Signed-off-by: Michał Nazarewicz <mina86@mina86.com>
---
 Documentation/git-send-email.txt | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/Documentation/git-send-email.txt b/Documentation/git-send-email.txt
index 71ef97ba9..af07840b4 100644
--- a/Documentation/git-send-email.txt
+++ b/Documentation/git-send-email.txt
@@ -473,16 +473,7 @@ edit ~/.gitconfig to specify your account settings:

 If you have multifactor authentication setup on your gmail account, you will
 need to generate an app-specific password for use with 'git send-email'. Visit
-https://security.google.com/settings/security/apppasswords to setup an
-app-specific password.  Once setup, you can store it with the credentials
-helper:
-
-	$ git credential fill
-	protocol=smtp
-	host=smtp.gmail.com
-	username=youname@gmail.com
-	password=app-password
-
+https://security.google.com/settings/security/apppasswords to create it.

 Once your commits are ready to be sent to the mailing list, run the
 following commands:
@@ -491,7 +482,11 @@ following commands:
 	$ edit outgoing/0000-*
 	$ git send-email outgoing/*

+The first time you run it, you will be prompted for your credentials.  Enter the
+app-specific or your regular password as appropriate.  If you have credential
+helper configured (see linkgit:git-credential[1]), the password will be saved in
+the credential store so you won't have to type it the next time.
+
 Note: the following perl modules are required
       Net::SMTP::SSL, MIME::Base64 and Authen::SASL

-- 
2.16.2

Re: [PATCH] send-email: fix docs regarding storing password with git credential

[Michał Nazarewicz]

2018-04-04 22:14 GMT+01:00 Jeff King <peff@peff.net>:
> On the other hand, I'm not sure why we need to pre-seed here. Wouldn't
> it be sufficient to just issue a "git send-email", which would then
> prompt for the password? And then you'd input your generated token,
> which would get saved via the approve mechanism?

Yeah, this is precisely what I’ve figured as well.  As long as the credentials
helper is configured git-send-email will approve the password and it’ll be
stored then. New patch sent.

Re: [PATCH] send-email: report host and port separately when calling git credential

[Jeff King]

On Mon, Apr 02, 2018 at 03:05:35PM -0700, Junio C Hamano wrote:

> "git help credential" mentions protocol, host, path, username and
> password (and also url which is a short-hand for setting protocol
> and host), but not "port".  And common sense tells me, when a system
> allows setting host but not port, that it would expect host:port to
> be given when the service is running a non-standard port, so from
> that point of view, I suspect that the current code is working as
> expected.  In fact, credential.h, which defines the API, does not
> have any "port" field, either, so I am not sure how this is expected
> to change anything without touching the back-end that talks over the
> pipe via _credential_run-->credential_write callchain.
> 
> Now, it is a separate matter if it were a better design if the
> credential API had 'host' and 'port' defined as separate keys to the
> authentication information.  Such an alternative design would have
> made certain things harder while some other things easier (e.g. "use
> this credential to the host no matter what port the service runs"
> may be easier to implement if 'host' and 'port' are separate).

I don't recall giving a huge amount of thought to alternate ports when
writing the credential code. But at least the osxkeychain helper does
parse "host:port" from the host field and feed it to the appropriate
keychain arguments. And I think more oblivious helpers like
credential-cache would just treat the "host" field as an opaque blob,
making the port part of the matching.

I suspect there are some corner cases, though. Reading the osxkeychain
code, I think that asking for "http://example.com:80" and
"http://example.com" would probably not get you to the same key, as we
feed port==0 in the second case. In practice, it's probably not a _huge_
deal to be overly picky, as the worst case is that you get prompted and
store the credential in a second slot (which then works going forward).

So in general I think it's OK for the whole system to err on the side of
being picky about whether two things are "the same" (which in this case
is including the port). It usually works itself out in the long run, and
we would not surprise the user with "example.com:8080 is the same as
example.com:80".

-Peff