signed push: add "pushee" header to push certificate
Record the URL of the intended recipient for a push (after anonymizing it if it has authentication material) on a new "pushee URL" header. Because the networking configuration (SSH-tunnels, proxies, etc.) on the pushing user's side varies, the receiving repository may not know the single canonical URL all the pushing users would refer it as (besides, many sites allow pushing over ssh://host/path and https://host/path protocols to the same repository but with different local part of the path). So this value may not be reliably used for replay-attack prevention purposes, but this will still serve as a human readable hint to identify the repository the certificate refers to. Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
parent
4adf569dea
commit
9be89160e7
@ -484,6 +484,7 @@ references.
|
||||
push-cert = PKT-LINE("push-cert" NUL capability-list LF)
|
||||
PKT-LINE("certificate version 0.1" LF)
|
||||
PKT-LINE("pusher" SP ident LF)
|
||||
PKT-LINE("pushee" SP url LF)
|
||||
PKT-LINE(LF)
|
||||
*PKT-LINE(command LF)
|
||||
*PKT-LINE(gpg-signature-lines LF)
|
||||
@ -527,6 +528,11 @@ Currently, the following header fields are defined:
|
||||
Identify the GPG key in "Human Readable Name <email@address>"
|
||||
format.
|
||||
|
||||
`pushee` url::
|
||||
The repository URL (anonymized, if the URL contains
|
||||
authentication material) the user who ran `git push`
|
||||
intended to push into.
|
||||
|
||||
The GPG signature lines are a detached signature for the contents
|
||||
recorded in the push certificate before the signature block begins.
|
||||
The detached signature is used to certify that the commands were
|
||||
|
@ -240,6 +240,11 @@ static int generate_push_cert(struct strbuf *req_buf,
|
||||
datestamp(stamp, sizeof(stamp));
|
||||
strbuf_addf(&cert, "certificate version 0.1\n");
|
||||
strbuf_addf(&cert, "pusher %s %s\n", signing_key, stamp);
|
||||
if (args->url && *args->url) {
|
||||
char *anon_url = transport_anonymize_url(args->url);
|
||||
strbuf_addf(&cert, "pushee %s\n", anon_url);
|
||||
free(anon_url);
|
||||
}
|
||||
strbuf_addstr(&cert, "\n");
|
||||
|
||||
for (ref = remote_refs; ref; ref = ref->next) {
|
||||
|
@ -2,6 +2,7 @@
|
||||
#define SEND_PACK_H
|
||||
|
||||
struct send_pack_args {
|
||||
const char *url;
|
||||
unsigned verbose:1,
|
||||
quiet:1,
|
||||
porcelain:1,
|
||||
|
@ -827,6 +827,7 @@ static int git_transport_push(struct transport *transport, struct ref *remote_re
|
||||
args.dry_run = !!(flags & TRANSPORT_PUSH_DRY_RUN);
|
||||
args.porcelain = !!(flags & TRANSPORT_PUSH_PORCELAIN);
|
||||
args.push_cert = !!(flags & TRANSPORT_PUSH_CERT);
|
||||
args.url = transport->url;
|
||||
|
||||
ret = send_pack(&args, data->fd, data->conn, remote_refs,
|
||||
&data->extra_have);
|
||||
|
Loading…
Reference in New Issue
Block a user