]>
Commit | Line | Data |
---|---|---|
b5dd96b7 | 1 | #include "builtin.h" |
df7f915f | 2 | #include "config.h" |
f394e093 | 3 | #include "gettext.h" |
697cc8ef | 4 | #include "lockfile.h" |
71e1b4b6 | 5 | #include "credential.h" |
d1cbe1e6 | 6 | #include "path.h" |
71e1b4b6 JK |
7 | #include "string-list.h" |
8 | #include "parse-options.h" | |
d48be35c | 9 | #include "write-or-die.h" |
71e1b4b6 JK |
10 | |
11 | static struct lock_file credential_lock; | |
12 | ||
cb2c2796 | 13 | static int parse_credential_file(const char *fn, |
71e1b4b6 JK |
14 | struct credential *c, |
15 | void (*match_cb)(struct credential *), | |
16 | void (*other_cb)(struct strbuf *)) | |
17 | { | |
18 | FILE *fh; | |
19 | struct strbuf line = STRBUF_INIT; | |
20 | struct credential entry = CREDENTIAL_INIT; | |
cb2c2796 | 21 | int found_credential = 0; |
71e1b4b6 JK |
22 | |
23 | fh = fopen(fn, "r"); | |
24 | if (!fh) { | |
cb2c2796 | 25 | if (errno != ENOENT && errno != EACCES) |
71e1b4b6 | 26 | die_errno("unable to open %s", fn); |
cb2c2796 | 27 | return found_credential; |
71e1b4b6 JK |
28 | } |
29 | ||
8f309aeb | 30 | while (strbuf_getline_lf(&line, fh) != EOF) { |
c03859a6 CMAB |
31 | if (!credential_from_url_gently(&entry, line.buf, 1) && |
32 | entry.username && entry.password && | |
71e1b4b6 | 33 | credential_match(c, &entry)) { |
cb2c2796 | 34 | found_credential = 1; |
71e1b4b6 JK |
35 | if (match_cb) { |
36 | match_cb(&entry); | |
37 | break; | |
38 | } | |
39 | } | |
40 | else if (other_cb) | |
41 | other_cb(&line); | |
42 | } | |
43 | ||
44 | credential_clear(&entry); | |
45 | strbuf_release(&line); | |
46 | fclose(fh); | |
cb2c2796 | 47 | return found_credential; |
71e1b4b6 JK |
48 | } |
49 | ||
50 | static void print_entry(struct credential *c) | |
51 | { | |
52 | printf("username=%s\n", c->username); | |
53 | printf("password=%s\n", c->password); | |
54 | } | |
55 | ||
56 | static void print_line(struct strbuf *buf) | |
57 | { | |
58 | strbuf_addch(buf, '\n'); | |
c99a4c2d | 59 | write_or_die(get_lock_file_fd(&credential_lock), buf->buf, buf->len); |
71e1b4b6 JK |
60 | } |
61 | ||
62 | static void rewrite_credential_file(const char *fn, struct credential *c, | |
63 | struct strbuf *extra) | |
64 | { | |
df7f915f SA |
65 | int timeout_ms = 1000; |
66 | ||
67 | git_config_get_int("credentialstore.locktimeoutms", &timeout_ms); | |
68 | if (hold_lock_file_for_update_timeout(&credential_lock, fn, 0, timeout_ms) < 0) | |
69 | die_errno(_("unable to get credential storage lock in %d ms"), timeout_ms); | |
71e1b4b6 JK |
70 | if (extra) |
71 | print_line(extra); | |
72 | parse_credential_file(fn, c, NULL, print_line); | |
73 | if (commit_lock_file(&credential_lock) < 0) | |
87d01c85 | 74 | die_errno("unable to write credential store"); |
71e1b4b6 JK |
75 | } |
76 | ||
f8985436 CW |
77 | static int is_rfc3986_unreserved(char ch) |
78 | { | |
79 | return isalnum(ch) || | |
80 | ch == '-' || ch == '_' || ch == '.' || ch == '~'; | |
81 | } | |
82 | ||
83 | static int is_rfc3986_reserved_or_unreserved(char ch) | |
84 | { | |
85 | if (is_rfc3986_unreserved(ch)) | |
86 | return 1; | |
87 | switch (ch) { | |
88 | case '!': case '*': case '\'': case '(': case ')': case ';': | |
89 | case ':': case '@': case '&': case '=': case '+': case '$': | |
90 | case ',': case '/': case '?': case '#': case '[': case ']': | |
91 | return 1; | |
92 | } | |
93 | return 0; | |
94 | } | |
95 | ||
cb2c2796 | 96 | static void store_credential_file(const char *fn, struct credential *c) |
71e1b4b6 JK |
97 | { |
98 | struct strbuf buf = STRBUF_INIT; | |
99 | ||
71e1b4b6 | 100 | strbuf_addf(&buf, "%s://", c->protocol); |
c2694952 | 101 | strbuf_addstr_urlencode(&buf, c->username, is_rfc3986_unreserved); |
71e1b4b6 | 102 | strbuf_addch(&buf, ':'); |
c2694952 | 103 | strbuf_addstr_urlencode(&buf, c->password, is_rfc3986_unreserved); |
71e1b4b6 JK |
104 | strbuf_addch(&buf, '@'); |
105 | if (c->host) | |
c2694952 | 106 | strbuf_addstr_urlencode(&buf, c->host, is_rfc3986_unreserved); |
71e1b4b6 JK |
107 | if (c->path) { |
108 | strbuf_addch(&buf, '/'); | |
c2694952 MD |
109 | strbuf_addstr_urlencode(&buf, c->path, |
110 | is_rfc3986_reserved_or_unreserved); | |
71e1b4b6 JK |
111 | } |
112 | ||
113 | rewrite_credential_file(fn, c, &buf); | |
114 | strbuf_release(&buf); | |
115 | } | |
116 | ||
cb2c2796 | 117 | static void store_credential(const struct string_list *fns, struct credential *c) |
71e1b4b6 | 118 | { |
cb2c2796 PT |
119 | struct string_list_item *fn; |
120 | ||
121 | /* | |
122 | * Sanity check that what we are storing is actually sensible. | |
123 | * In particular, we can't make a URL without a protocol field. | |
124 | * Without either a host or pathname (depending on the scheme), | |
125 | * we have no primary key. And without a username and password, | |
126 | * we are not actually storing a credential. | |
127 | */ | |
128 | if (!c->protocol || !(c->host || c->path) || !c->username || !c->password) | |
129 | return; | |
130 | ||
131 | for_each_string_list_item(fn, fns) | |
132 | if (!access(fn->string, F_OK)) { | |
133 | store_credential_file(fn->string, c); | |
134 | return; | |
135 | } | |
136 | /* | |
137 | * Write credential to the filename specified by fns->items[0], thus | |
138 | * creating it | |
139 | */ | |
140 | if (fns->nr) | |
141 | store_credential_file(fns->items[0].string, c); | |
142 | } | |
143 | ||
144 | static void remove_credential(const struct string_list *fns, struct credential *c) | |
71e1b4b6 | 145 | { |
cb2c2796 PT |
146 | struct string_list_item *fn; |
147 | ||
71e1b4b6 JK |
148 | /* |
149 | * Sanity check that we actually have something to match | |
150 | * against. The input we get is a restrictive pattern, | |
151 | * so technically a blank credential means "erase everything". | |
152 | * But it is too easy to accidentally send this, since it is equivalent | |
153 | * to empty input. So explicitly disallow it, and require that the | |
154 | * pattern have some actual content to match. | |
155 | */ | |
cb2c2796 PT |
156 | if (!c->protocol && !c->host && !c->path && !c->username) |
157 | return; | |
158 | for_each_string_list_item(fn, fns) | |
159 | if (!access(fn->string, F_OK)) | |
160 | rewrite_credential_file(fn->string, c, NULL); | |
71e1b4b6 JK |
161 | } |
162 | ||
cb2c2796 | 163 | static void lookup_credential(const struct string_list *fns, struct credential *c) |
71e1b4b6 | 164 | { |
cb2c2796 PT |
165 | struct string_list_item *fn; |
166 | ||
167 | for_each_string_list_item(fn, fns) | |
168 | if (parse_credential_file(fn->string, c, print_entry, NULL)) | |
169 | return; /* Found credential */ | |
71e1b4b6 JK |
170 | } |
171 | ||
b5dd96b7 | 172 | int cmd_credential_store(int argc, const char **argv, const char *prefix) |
71e1b4b6 JK |
173 | { |
174 | const char * const usage[] = { | |
9c9b4f2f | 175 | "git credential-store [<options>] <action>", |
71e1b4b6 JK |
176 | NULL |
177 | }; | |
178 | const char *op; | |
179 | struct credential c = CREDENTIAL_INIT; | |
cb2c2796 | 180 | struct string_list fns = STRING_LIST_INIT_DUP; |
71e1b4b6 JK |
181 | char *file = NULL; |
182 | struct option options[] = { | |
183 | OPT_STRING(0, "file", &file, "path", | |
184 | "fetch and store credentials in <path>"), | |
185 | OPT_END() | |
186 | }; | |
187 | ||
188 | umask(077); | |
189 | ||
b5dd96b7 | 190 | argc = parse_options(argc, (const char **)argv, prefix, options, usage, 0); |
71e1b4b6 JK |
191 | if (argc != 1) |
192 | usage_with_options(usage, options); | |
193 | op = argv[0]; | |
194 | ||
44b22898 | 195 | if (file) { |
cb2c2796 | 196 | string_list_append(&fns, file); |
44b22898 | 197 | } else { |
a03b097d | 198 | if ((file = interpolate_path("~/.git-credentials", 0))) |
44b22898 | 199 | string_list_append_nodup(&fns, file); |
64ab71db | 200 | file = xdg_config_home("credentials"); |
44b22898 PT |
201 | if (file) |
202 | string_list_append_nodup(&fns, file); | |
203 | } | |
204 | if (!fns.nr) | |
71e1b4b6 JK |
205 | die("unable to set up default path; use --file"); |
206 | ||
207 | if (credential_read(&c, stdin) < 0) | |
208 | die("unable to read credential"); | |
209 | ||
210 | if (!strcmp(op, "get")) | |
cb2c2796 | 211 | lookup_credential(&fns, &c); |
71e1b4b6 | 212 | else if (!strcmp(op, "erase")) |
cb2c2796 | 213 | remove_credential(&fns, &c); |
71e1b4b6 | 214 | else if (!strcmp(op, "store")) |
cb2c2796 | 215 | store_credential(&fns, &c); |
71e1b4b6 JK |
216 | else |
217 | ; /* Ignore unknown operation. */ | |
218 | ||
cb2c2796 | 219 | string_list_clear(&fns, 0); |
71e1b4b6 JK |
220 | return 0; |
221 | } |