From 07659b1d1a131f2672bd049a63628424cc4fd5f9 Mon Sep 17 00:00:00 2001 From: Koji Nakamaru Date: Wed, 12 Nov 2025 13:39:37 +0900 Subject: [PATCH] Revert "osxkeychain: state to skip unnecessary store operations" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit e1ab45b2dab51f94db9548666dfd7af626d2aa7e. That commit was trying to skip to store a credential returned by "git-credential-osxkeychain get" by setting "state[]=osxkeychain:seen=1". However, this state[] is kept even if a credential returned by "git-credential-osxkeychain get" is invalid and another subsequent helper's "get" returns a valid credential. Another subsequent helper (such as [1]) may expect git-credential-osxkeychain to store the valid credential so that "store" cannot be skipped by just checking "state[]=osxkeychain:seen=1". In order to solve this issue, the state[] mechanism can be refined or "osxkeychain:seen" can encode the whole information of the last "get". For now, let's revert the change. [1]: https://github.com/hickford/git-credential-oauth Reported-by: Petter Sælen Signed-off-by: Koji Nakamaru --- .../osxkeychain/git-credential-osxkeychain.c | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/contrib/credential/osxkeychain/git-credential-osxkeychain.c b/contrib/credential/osxkeychain/git-credential-osxkeychain.c index 611c9798b3ae5c..1f49ab8548be80 100644 --- a/contrib/credential/osxkeychain/git-credential-osxkeychain.c +++ b/contrib/credential/osxkeychain/git-credential-osxkeychain.c @@ -12,7 +12,6 @@ static CFStringRef username; static CFDataRef password; static CFDataRef password_expiry_utc; static CFDataRef oauth_refresh_token; -static int state_seen; static void clear_credential(void) { @@ -172,9 +171,6 @@ static OSStatus find_internet_password(void) CFRelease(item); - write_item("capability[]", "state", strlen("state")); - write_item("state[]", "osxkeychain:seen=1", strlen("osxkeychain:seen=1")); - out: CFRelease(attrs); @@ -288,9 +284,6 @@ static OSStatus add_internet_password(void) CFDictionaryRef attrs; OSStatus result; - if (state_seen) - return errSecSuccess; - /* Only store complete credentials */ if (!protocol || !host || !username || !password) return -1; @@ -402,10 +395,6 @@ static void read_credential(void) oauth_refresh_token = CFDataCreate(kCFAllocatorDefault, (UInt8 *)v, strlen(v)); - else if (!strcmp(buf, "state[]")) { - if (!strcmp(v, "osxkeychain:seen=1")) - state_seen = 1; - } /* * Ignore other lines; we don't know what they mean, but * this future-proofs us when later versions of git do