-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revamp credential storage system to allow for smarter searching #162
Commits on Sep 17, 2020
-
credstore: update credstore API to allow better search
Update the ICredentialStore and ICredential API to allow for smarter searching of stored credentials. The new API exposes filtering by "service name" and "account" separately. Service name will typically be the URL the credential is stored against, and the account will be the username associated with the credential.
Configuration menu - View commit details
-
Copy full SHA for 1425412 - Browse repository at this point
Copy the full SHA 1425412View commit details -
macoskeychain: update macOS Keychain to match new interface
Update the macOS Keychain component implementation to match the new ICredentialStore interface. We now use the `SecItemCopyMatching` to perform a general query for items, and return a specialised credential object including all relevant attributes.
Configuration menu - View commit details
-
Copy full SHA for 469a453 - Browse repository at this point
Copy the full SHA 469a453View commit details -
wincredmgr: update Windows CredManager to impl new interface
Update the Windows Credential Manager component to implement the new ICredentialStore interface, including credential enumeration and matching by account/user as well as 'service name' (target).
Configuration menu - View commit details
-
Copy full SHA for bf9f51d - Browse repository at this point
Copy the full SHA bf9f51dView commit details -
wincredmgr: recover the correct service name
Recover the correct service name from the target name. Since the target name may contain a userinfo component (for example https://alice_domain.com@example.com/path), and the only place we store the service name is in the target name, we need to strip out any userinfo component. We do this by looking for the "://" and the first '@' character before the first '/', which act as the start and end of the userinfo component.
Configuration menu - View commit details
-
Copy full SHA for 094ab39 - Browse repository at this point
Copy the full SHA 094ab39View commit details -
libsecret: update libsecret interop to match new interface
Update the SecretServiceCollection credential store (backed by libsecret) to match the new ICredentialStore interface and access model.
Configuration menu - View commit details
-
Copy full SHA for d4a1696 - Browse repository at this point
Copy the full SHA d4a1696View commit details -
inputargs: update remote URI generation to support ports
Update the remote URI generation from the program InputArguments to support port numbers, and special characters in usernames.
Configuration menu - View commit details
-
Copy full SHA for bac549c - Browse repository at this point
Copy the full SHA bac549cView commit details -
hostprovider: update host prvdr base to use service name
Update the HostProvider base class to use the new 'service name' abstraction rather than the simple 'unique credential key' one. With this model we can better issue credential storage queries where the username may not be specified explicitly in a get request (often the case as the username is not always included in the remote URL for many services).
Configuration menu - View commit details
-
Copy full SHA for a8e2125 - Browse repository at this point
Copy the full SHA a8e2125View commit details -
genericprovider: update the generic provider for new APIs
Update the generic host provider to support the new credential storage model and HostProvider base class APIs.
Configuration menu - View commit details
-
Copy full SHA for 9ab036d - Browse repository at this point
Copy the full SHA 9ab036dView commit details -
basic: update basic auth to match new cred interface
Update the Basic authentication component to match the new ICredential interface.
Configuration menu - View commit details
-
Copy full SHA for 860ec54 - Browse repository at this point
Copy the full SHA 860ec54View commit details -
bitbucket: update BB provider to implement new cred APIs
Update the BitBucket provider to support and implement the new credential storage/recall model and APIs.
Configuration menu - View commit details
-
Copy full SHA for e925512 - Browse repository at this point
Copy the full SHA e925512View commit details -
github: update GitHub provider to impl new cred model
Update the GitHub provider to implement and follow the new credential storage/recall/matching model and ICredentialStore APIs.
Configuration menu - View commit details
-
Copy full SHA for f8cd76e - Browse repository at this point
Copy the full SHA f8cd76eView commit details -
azrepos: update azrepos to new credential model/APIs
Update the Azure Repos provider to support the new credential storage API/model, as well as support remote URLs with explicit port numbers.
Configuration menu - View commit details
-
Copy full SHA for fada973 - Browse repository at this point
Copy the full SHA fada973View commit details -
azrepos: workaround org@ user hackery
Now that we support multiple user accounts for each host/service/remote, we have hit an interesting issue with Azure Repos. With the introduction of the dev.azure.com-style URLs for Azure Repos there was an unfortunate hack or workaround invented to add the AzDevOps org name to the userinfo part of the remote URL, for example: org@dev.azure.com/org/blah. Since GCM for Windows (and older versions of GCM Core that initially followed the same model) always uses the value "PersonalAccessToken" for the username field when storing credentials it was free to ignore the user part of the input. The problem now is that since we support multiple user accounts, and will perform an exact match against the credential (with user) if a username is specified in the remote URL, we never find the credential we now store (we now always store with the actual, real users' UPN). To workaround this workaround (yuck) we ignore the username IF AND ONLY IF the host is dev.azure.com, and return the first matching dev.azure.com/org credential. The upshot of this is that dev.azure.com-style URLs do NOT support multiple users OR full paths, however vs.com-style URLs will.
Configuration menu - View commit details
-
Copy full SHA for 05b04ba - Browse repository at this point
Copy the full SHA 05b04baView commit details -
credstore: add support for custom cred namespaces
Add support for customising the namespace/prefix used to store credentials in the OS credential store. By default we use "git:{service}". Users can use GCM_NAMESPACE or credential.namespace to set this to something different. These configuration options are the same as in GCM for Windows to help with migration.
Configuration menu - View commit details
-
Copy full SHA for 43e0f4d - Browse repository at this point
Copy the full SHA 43e0f4dView commit details -
docs: update documentation to reflect changes
Update the GCM Core Host Provider spec document and architecture document to reflect the changes made to the abstract HostProvider class; replacing GetCredentialKey with GetServiceName.
Configuration menu - View commit details
-
Copy full SHA for 2e631df - Browse repository at this point
Copy the full SHA 2e631dfView commit details -
environment: fix environment process locator
Fix a bug in the WindowsEnvironment implementation of the LocateExectuable method. On .NET Core the UseShellExecute property of ProcessStartInfo defaults to false, whereas on .NET Framework (the runtime that we target on Windows) defaults to true. You must set this to false if you want to redirect standard streams (which we want to do). The .NET Framework-targeting build on Windows was throwing an exception here(!)
Configuration menu - View commit details
-
Copy full SHA for fd6df7c - Browse repository at this point
Copy the full SHA fd6df7cView commit details