commit - 34d7c970d4bd3a5832ecded86f2c28e83dbba2ba
commit + 55286da2a584fd52fba19447ba11921f6c3eff17
blob - 6b1e63e34c2c42b7aeff0c238e2a303c5efa7c2a
blob + a346ab5981dac6f616103dfdb281f5c2785c60a2
--- gotd/gotd.conf.5
+++ gotd/gotd.conf.5
and
.Ic port
directives can be used to specify a different SMTP server address and port.
-.It Ic url Ar URL Oo Ic user Ar user Ic password Ar password Oc
+.It Ic url Ar URL Oo Ic user Ar user Ic password Ar password Oo Ic insecure Oc Oc
Send notifications via HTTP.
This directive may be specified multiple times to build a list of
HTTP servers to send notifications to.
The
.Ar password
must not be an empty string.
+Unless the
+.Ic insecure
+option is specified the notification target
+.Ar URL
+must be a
+.Dq https://
+URL to avoid leaking of authentication credentials.
.Pp
The request body contains a JSON object with a
.Dq notifications
blob - a3f897aa6bfb4b65dde83d437ee62682525ffc9f
blob + 0aa454a1c57aed05f6c61df19f663823fe60f40b
--- gotd/parse.y
+++ gotd/parse.y
static int conf_notify_email(struct gotd_repo *,
char *, char *, char *, char *, char *);
static int conf_notify_http(struct gotd_repo *,
- char *, char *, char *);
+ char *, char *, char *, int);
static enum gotd_procid gotd_proc_id;
typedef struct {
%token PATH ERROR LISTEN ON USER REPOSITORY PERMIT DENY
%token RO RW CONNECTION LIMIT REQUEST TIMEOUT
%token PROTECT NAMESPACE BRANCH TAG REFERENCE RELAY PORT
-%token NOTIFY EMAIL FROM REPLY TO URL PASSWORD
+%token NOTIFY EMAIL FROM REPLY TO URL PASSWORD INSECURE
%token <v.string> STRING
%token <v.number> NUMBER
gotd_proc_id == PROC_SESSION_WRITE ||
gotd_proc_id == PROC_NOTIFY) {
if (conf_notify_http(new_repo, $2, NULL,
- NULL)) {
+ NULL, 0)) {
free($2);
YYERROR;
}
if (gotd_proc_id == PROC_GOTD ||
gotd_proc_id == PROC_SESSION_WRITE ||
gotd_proc_id == PROC_NOTIFY) {
- if (conf_notify_http(new_repo, $2, $4, $6)) {
+ if (conf_notify_http(new_repo, $2, $4, $6, 0)) {
+ free($2);
+ free($4);
+ free($6);
+ YYERROR;
+ }
+ }
+ free($2);
+ free($4);
+ free($6);
+ }
+ | URL STRING USER STRING PASSWORD STRING INSECURE {
+ if (gotd_proc_id == PROC_GOTD ||
+ gotd_proc_id == PROC_SESSION_WRITE ||
+ gotd_proc_id == PROC_NOTIFY) {
+ if (conf_notify_http(new_repo, $2, $4, $6, 1)) {
free($2);
free($4);
free($6);
{ "deny", DENY },
{ "email", EMAIL },
{ "from", FROM },
+ { "insecure", INSECURE },
{ "limit", LIMIT },
{ "listen", LISTEN },
{ "namespace", NAMESPACE },
}
static int
-conf_notify_http(struct gotd_repo *repo, char *url, char *user, char *password)
+conf_notify_http(struct gotd_repo *repo, char *url, char *user, char *password,
+ int insecure)
{
const struct got_error *error;
struct gotd_notification_target *target;
goto done;
}
- if (strcmp(proto, "http") == 0 && (user != NULL || password != NULL)) {
- log_warnx("%s: WARNING: Using basic authentication over "
- "plaintext http:// will leak credentials; https:// is "
- "recommended for URL '%s'", getprogname(), url);
+ if (!insecure && strcmp(proto, "http") == 0 &&
+ (user != NULL || password != NULL)) {
+ yyerror("%s: HTTP notifications with basic authentication "
+ "over plaintext HTTP will leak credentials; add the "
+ "'insecure' config keyword if this is intentional", url);
+ ret = -1;
+ goto done;
}
STAILQ_FOREACH(target, &repo->notification_targets, entry) {
blob - c00bf5c27253d88367260cc43d44b187d066276e
blob + c38bd07b843aa78426c9e628f609604a4d815417
--- regress/gotd/Makefile
+++ regress/gotd/Makefile
@echo ' path "$(GOTD_TEST_REPO)"' >> $(PWD)/gotd.conf
@echo ' permit rw $(GOTD_DEVUSER)' >> $(PWD)/gotd.conf
@echo ' notify {' >> $(PWD)/gotd.conf
- @echo ' url "http://localhost:${GOTD_TEST_HTTP_PORT}/" user flan password "password"' >> $(PWD)/gotd.conf
+ @echo ' url "http://localhost:${GOTD_TEST_HTTP_PORT}/" user flan password "password" insecure' >> $(PWD)/gotd.conf
@echo " }" >> $(PWD)/gotd.conf
@echo "}" >> $(PWD)/gotd.conf
@$(GOTD_TRAP); $(GOTD_START_CMD)
