[thirdparty/git.git] / contrib / credential / osxkeychain / git-credential-osxkeychain.c

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <Security/Security.h>

static SecProtocolType protocol;
static char *host;
static char *path;
static char *username;
static char *password;
static UInt16 port;

__attribute__((format (printf, 1, 2)))
static void die(const char *err, ...)
{
	char msg[4096];
	va_list params;
	va_start(params, err);
	vsnprintf(msg, sizeof(msg), err, params);
	fprintf(stderr, "%s\n", msg);
	va_end(params);
	exit(1);
}

static void *xstrdup(const char *s1)
{
	void *ret = strdup(s1);
	if (!ret)
		die("Out of memory");
	return ret;
}

#define KEYCHAIN_ITEM(x) (x ? strlen(x) : 0), x
#define KEYCHAIN_ARGS \
	NULL, /* default keychain */ \
	KEYCHAIN_ITEM(host), \
	0, NULL, /* account domain */ \
	KEYCHAIN_ITEM(username), \
	KEYCHAIN_ITEM(path), \
	port, \
	protocol, \
	kSecAuthenticationTypeDefault

static void write_item(const char *what, const char *buf, int len)
{
	printf("%s=", what);
	fwrite(buf, 1, len, stdout);
	putchar('\n');
}

static void find_username_in_item(SecKeychainItemRef item)
{
	SecKeychainAttributeList list;
	SecKeychainAttribute attr;

	list.count = 1;
	list.attr = &attr;
	attr.tag = kSecAccountItemAttr;

	if (SecKeychainItemCopyContent(item, NULL, &list, NULL, NULL))
		return;

	write_item("username", attr.data, attr.length);
	SecKeychainItemFreeContent(&list, NULL);
}

static void find_internet_password(void)
{
	void *buf;
	UInt32 len;
	SecKeychainItemRef item;

	if (SecKeychainFindInternetPassword(KEYCHAIN_ARGS, &len, &buf, &item))
		return;

	write_item("password", buf, len);
	if (!username)
		find_username_in_item(item);

	SecKeychainItemFreeContent(NULL, buf);
}

static void delete_internet_password(void)
{
	SecKeychainItemRef item;

	/*
	 * Require at least a protocol and host for removal, which is what git
	 * will give us; if you want to do something more fancy, use the
	 * Keychain manager.
	 */
	if (!protocol || !host)
		return;

	if (SecKeychainFindInternetPassword(KEYCHAIN_ARGS, 0, NULL, &item))
		return;

	SecKeychainItemDelete(item);
}

static void add_internet_password(void)
{
	/* Only store complete credentials */
	if (!protocol || !host || !username || !password)
		return;

	if (SecKeychainAddInternetPassword(
	      KEYCHAIN_ARGS,
	      KEYCHAIN_ITEM(password),
	      NULL))
		return;
}

static void read_credential(void)
{
	char *buf = NULL;
	size_t alloc;
	ssize_t line_len;

	while ((line_len = getline(&buf, &alloc, stdin)) > 0) {
		char *v;

		if (!strcmp(buf, "\n"))
			break;
		buf[line_len-1] = '\0';

		v = strchr(buf, '=');
		if (!v)
			die("bad input: %s", buf);
		*v++ = '\0';

		if (!strcmp(buf, "protocol")) {
			if (!strcmp(v, "imap"))
				protocol = kSecProtocolTypeIMAP;
			else if (!strcmp(v, "imaps"))
				protocol = kSecProtocolTypeIMAPS;
			else if (!strcmp(v, "ftp"))
				protocol = kSecProtocolTypeFTP;
			else if (!strcmp(v, "ftps"))
				protocol = kSecProtocolTypeFTPS;
			else if (!strcmp(v, "https"))
				protocol = kSecProtocolTypeHTTPS;
			else if (!strcmp(v, "http"))
				protocol = kSecProtocolTypeHTTP;
			else if (!strcmp(v, "smtp"))
				protocol = kSecProtocolTypeSMTP;
			else /* we don't yet handle other protocols */
				exit(0);
		}
		else if (!strcmp(buf, "host")) {
			char *colon = strchr(v, ':');
			if (colon) {
				*colon++ = '\0';
				port = atoi(colon);
			}
			host = xstrdup(v);
		}
		else if (!strcmp(buf, "path"))
			path = xstrdup(v);
		else if (!strcmp(buf, "username"))
			username = xstrdup(v);
		else if (!strcmp(buf, "password"))
			password = xstrdup(v);
		/*
		 * Ignore other lines; we don't know what they mean, but
		 * this future-proofs us when later versions of git do
		 * learn new lines, and the helpers are updated to match.
		 */
	}

	free(buf);
}

int main(int argc, const char **argv)
{
	const char *usage =
		"usage: git credential-osxkeychain <get|store|erase>";

	if (!argv[1])
		die("%s", usage);

	read_credential();

	if (!strcmp(argv[1], "get"))
		find_internet_password();
	else if (!strcmp(argv[1], "store"))
		add_internet_password();
	else if (!strcmp(argv[1], "erase"))
		delete_internet_password();
	/* otherwise, ignore unknown action */

	return 0;
}
Commit	Line	Data
34961d30 JK	1	#include <stdio.h>
	2	#include <string.h>
	3	#include <stdlib.h>
	4	#include <Security/Security.h>
	5
	6	static SecProtocolType protocol;
	7	static char *host;
	8	static char *path;
	9	static char *username;
	10	static char *password;
	11	static UInt16 port;
	12
48ca53ca	13	__attribute__((format (printf, 1, 2)))
34961d30 JK	14	static void die(const char *err, ...)
	15	{
	16	char msg[4096];
	17	va_list params;
	18	va_start(params, err);
	19	vsnprintf(msg, sizeof(msg), err, params);
	20	fprintf(stderr, "%s\n", msg);
	21	va_end(params);
	22	exit(1);
	23	}
	24
	25	static void xstrdup(const char s1)
	26	{
	27	void *ret = strdup(s1);
	28	if (!ret)
	29	die("Out of memory");
	30	return ret;
	31	}
	32
	33	#define KEYCHAIN_ITEM(x) (x ? strlen(x) : 0), x
	34	#define KEYCHAIN_ARGS \
	35	NULL, /* default keychain */ \
	36	KEYCHAIN_ITEM(host), \
	37	0, NULL, /* account domain */ \
	38	KEYCHAIN_ITEM(username), \
	39	KEYCHAIN_ITEM(path), \
	40	port, \
	41	protocol, \
	42	kSecAuthenticationTypeDefault
	43
	44	static void write_item(const char what, const char buf, int len)
	45	{
	46	printf("%s=", what);
	47	fwrite(buf, 1, len, stdout);
	48	putchar('\n');
	49	}
	50
	51	static void find_username_in_item(SecKeychainItemRef item)
	52	{
	53	SecKeychainAttributeList list;
	54	SecKeychainAttribute attr;
	55
	56	list.count = 1;
	57	list.attr = &attr;
	58	attr.tag = kSecAccountItemAttr;
	59
	60	if (SecKeychainItemCopyContent(item, NULL, &list, NULL, NULL))
	61	return;
	62
	63	write_item("username", attr.data, attr.length);
	64	SecKeychainItemFreeContent(&list, NULL);
	65	}
	66
	67	static void find_internet_password(void)
	68	{
	69	void *buf;
	70	UInt32 len;
	71	SecKeychainItemRef item;
	72
	73	if (SecKeychainFindInternetPassword(KEYCHAIN_ARGS, &len, &buf, &item))
	74	return;
	75
	76	write_item("password", buf, len);
	77	if (!username)
78	find_username_in_item(item);
79
80	SecKeychainItemFreeContent(NULL, buf);
81	}
82
83	static void delete_internet_password(void)
84	{
85	SecKeychainItemRef item;
86
87	/*
88	* Require at least a protocol and host for removal, which is what git
89	* will give us; if you want to do something more fancy, use the
90	* Keychain manager.
91	*/
92	if (!protocol \|\| !host)
93	return;
94
95	if (SecKeychainFindInternetPassword(KEYCHAIN_ARGS, 0, NULL, &item))
96	return;
97
98	SecKeychainItemDelete(item);
99	}
100
101	static void add_internet_password(void)
102	{
103	/* Only store complete credentials */
104	if (!protocol \|\| !host \|\| !username \|\| !password)
105	return;
106
107	if (SecKeychainAddInternetPassword(
108	KEYCHAIN_ARGS,
109	KEYCHAIN_ITEM(password),
110	NULL))
111	return;
112	}
113
114	static void read_credential(void)
115	{
5747c807 TB	116	char *buf = NULL;
	117	size_t alloc;
	118	ssize_t line_len;
34961d30	119
5747c807	120	while ((line_len = getline(&buf, &alloc, stdin)) > 0) {
34961d30 JK	121	char *v;
	122
	123	if (!strcmp(buf, "\n"))
	124	break;
5747c807	125	buf[line_len-1] = '\0';
34961d30 JK	126
	127	v = strchr(buf, '=');
	128	if (!v)
	129	die("bad input: %s", buf);
	130	*v++ = '\0';
	131
	132	if (!strcmp(buf, "protocol")) {
de56ccf7 XQ	133	if (!strcmp(v, "imap"))
	134	protocol = kSecProtocolTypeIMAP;
	135	else if (!strcmp(v, "imaps"))
	136	protocol = kSecProtocolTypeIMAPS;
	137	else if (!strcmp(v, "ftp"))
	138	protocol = kSecProtocolTypeFTP;
	139	else if (!strcmp(v, "ftps"))
	140	protocol = kSecProtocolTypeFTPS;
	141	else if (!strcmp(v, "https"))
34961d30 JK	142	protocol = kSecProtocolTypeHTTPS;
	143	else if (!strcmp(v, "http"))
	144	protocol = kSecProtocolTypeHTTP;
de56ccf7 XQ	145	else if (!strcmp(v, "smtp"))
de56ccf7 XQ	146	protocol = kSecProtocolTypeSMTP;
34961d30 JK	147	else /* we don't yet handle other protocols */
	148	exit(0);
	149	}
	150	else if (!strcmp(buf, "host")) {
	151	char *colon = strchr(v, ':');
	152	if (colon) {
	153	*colon++ = '\0';
	154	port = atoi(colon);
	155	}
	156	host = xstrdup(v);
	157	}
	158	else if (!strcmp(buf, "path"))
	159	path = xstrdup(v);
	160	else if (!strcmp(buf, "username"))
	161	username = xstrdup(v);
	162	else if (!strcmp(buf, "password"))
	163	password = xstrdup(v);
630a6429 MJC	164	/*
	165	* Ignore other lines; we don't know what they mean, but
	166	* this future-proofs us when later versions of git do
	167	* learn new lines, and the helpers are updated to match.
	168	*/
34961d30	169	}
5747c807 TB	170
5747c807 TB	171	free(buf);
34961d30 JK	172	}
	173
	174	int main(int argc, const char **argv)
	175	{
	176	const char *usage =
c358ed75	177	"usage: git credential-osxkeychain <get\|store\|erase>";
34961d30 JK	178
34961d30 JK	179	if (!argv[1])
f2fc5315	180	die("%s", usage);
34961d30 JK	181
	182	read_credential();
	183
	184	if (!strcmp(argv[1], "get"))
	185	find_internet_password();
	186	else if (!strcmp(argv[1], "store"))
	187	add_internet_password();
	188	else if (!strcmp(argv[1], "erase"))
	189	delete_internet_password();
	190	/* otherwise, ignore unknown action */
	191
	192	return 0;
	193	}