]>
Commit | Line | Data |
---|---|---|
34961d30 JK |
1 | #include <stdio.h> |
2 | #include <string.h> | |
3 | #include <stdlib.h> | |
4 | #include <Security/Security.h> | |
5 | ||
6 | static SecProtocolType protocol; | |
7 | static char *host; | |
8 | static char *path; | |
9 | static char *username; | |
10 | static char *password; | |
11 | static UInt16 port; | |
12 | ||
48ca53ca | 13 | __attribute__((format (printf, 1, 2))) |
34961d30 JK |
14 | static void die(const char *err, ...) |
15 | { | |
16 | char msg[4096]; | |
17 | va_list params; | |
18 | va_start(params, err); | |
19 | vsnprintf(msg, sizeof(msg), err, params); | |
20 | fprintf(stderr, "%s\n", msg); | |
21 | va_end(params); | |
22 | exit(1); | |
23 | } | |
24 | ||
25 | static void *xstrdup(const char *s1) | |
26 | { | |
27 | void *ret = strdup(s1); | |
28 | if (!ret) | |
29 | die("Out of memory"); | |
30 | return ret; | |
31 | } | |
32 | ||
33 | #define KEYCHAIN_ITEM(x) (x ? strlen(x) : 0), x | |
34 | #define KEYCHAIN_ARGS \ | |
35 | NULL, /* default keychain */ \ | |
36 | KEYCHAIN_ITEM(host), \ | |
37 | 0, NULL, /* account domain */ \ | |
38 | KEYCHAIN_ITEM(username), \ | |
39 | KEYCHAIN_ITEM(path), \ | |
40 | port, \ | |
41 | protocol, \ | |
42 | kSecAuthenticationTypeDefault | |
43 | ||
44 | static void write_item(const char *what, const char *buf, int len) | |
45 | { | |
46 | printf("%s=", what); | |
47 | fwrite(buf, 1, len, stdout); | |
48 | putchar('\n'); | |
49 | } | |
50 | ||
51 | static void find_username_in_item(SecKeychainItemRef item) | |
52 | { | |
53 | SecKeychainAttributeList list; | |
54 | SecKeychainAttribute attr; | |
55 | ||
56 | list.count = 1; | |
57 | list.attr = &attr; | |
58 | attr.tag = kSecAccountItemAttr; | |
59 | ||
60 | if (SecKeychainItemCopyContent(item, NULL, &list, NULL, NULL)) | |
61 | return; | |
62 | ||
63 | write_item("username", attr.data, attr.length); | |
64 | SecKeychainItemFreeContent(&list, NULL); | |
65 | } | |
66 | ||
67 | static void find_internet_password(void) | |
68 | { | |
69 | void *buf; | |
70 | UInt32 len; | |
71 | SecKeychainItemRef item; | |
72 | ||
73 | if (SecKeychainFindInternetPassword(KEYCHAIN_ARGS, &len, &buf, &item)) | |
74 | return; | |
75 | ||
76 | write_item("password", buf, len); | |
77 | if (!username) | |
78 | find_username_in_item(item); | |
79 | ||
80 | SecKeychainItemFreeContent(NULL, buf); | |
81 | } | |
82 | ||
83 | static void delete_internet_password(void) | |
84 | { | |
85 | SecKeychainItemRef item; | |
86 | ||
87 | /* | |
88 | * Require at least a protocol and host for removal, which is what git | |
89 | * will give us; if you want to do something more fancy, use the | |
90 | * Keychain manager. | |
91 | */ | |
92 | if (!protocol || !host) | |
93 | return; | |
94 | ||
95 | if (SecKeychainFindInternetPassword(KEYCHAIN_ARGS, 0, NULL, &item)) | |
96 | return; | |
97 | ||
98 | SecKeychainItemDelete(item); | |
99 | } | |
100 | ||
101 | static void add_internet_password(void) | |
102 | { | |
103 | /* Only store complete credentials */ | |
104 | if (!protocol || !host || !username || !password) | |
105 | return; | |
106 | ||
107 | if (SecKeychainAddInternetPassword( | |
108 | KEYCHAIN_ARGS, | |
109 | KEYCHAIN_ITEM(password), | |
110 | NULL)) | |
111 | return; | |
112 | } | |
113 | ||
114 | static void read_credential(void) | |
115 | { | |
5747c807 TB |
116 | char *buf = NULL; |
117 | size_t alloc; | |
118 | ssize_t line_len; | |
34961d30 | 119 | |
5747c807 | 120 | while ((line_len = getline(&buf, &alloc, stdin)) > 0) { |
34961d30 JK |
121 | char *v; |
122 | ||
123 | if (!strcmp(buf, "\n")) | |
124 | break; | |
5747c807 | 125 | buf[line_len-1] = '\0'; |
34961d30 JK |
126 | |
127 | v = strchr(buf, '='); | |
128 | if (!v) | |
129 | die("bad input: %s", buf); | |
130 | *v++ = '\0'; | |
131 | ||
132 | if (!strcmp(buf, "protocol")) { | |
de56ccf7 XQ |
133 | if (!strcmp(v, "imap")) |
134 | protocol = kSecProtocolTypeIMAP; | |
135 | else if (!strcmp(v, "imaps")) | |
136 | protocol = kSecProtocolTypeIMAPS; | |
137 | else if (!strcmp(v, "ftp")) | |
138 | protocol = kSecProtocolTypeFTP; | |
139 | else if (!strcmp(v, "ftps")) | |
140 | protocol = kSecProtocolTypeFTPS; | |
141 | else if (!strcmp(v, "https")) | |
34961d30 JK |
142 | protocol = kSecProtocolTypeHTTPS; |
143 | else if (!strcmp(v, "http")) | |
144 | protocol = kSecProtocolTypeHTTP; | |
de56ccf7 XQ |
145 | else if (!strcmp(v, "smtp")) |
146 | protocol = kSecProtocolTypeSMTP; | |
34961d30 JK |
147 | else /* we don't yet handle other protocols */ |
148 | exit(0); | |
149 | } | |
150 | else if (!strcmp(buf, "host")) { | |
151 | char *colon = strchr(v, ':'); | |
152 | if (colon) { | |
153 | *colon++ = '\0'; | |
154 | port = atoi(colon); | |
155 | } | |
156 | host = xstrdup(v); | |
157 | } | |
158 | else if (!strcmp(buf, "path")) | |
159 | path = xstrdup(v); | |
160 | else if (!strcmp(buf, "username")) | |
161 | username = xstrdup(v); | |
162 | else if (!strcmp(buf, "password")) | |
163 | password = xstrdup(v); | |
630a6429 MJC |
164 | /* |
165 | * Ignore other lines; we don't know what they mean, but | |
166 | * this future-proofs us when later versions of git do | |
167 | * learn new lines, and the helpers are updated to match. | |
168 | */ | |
34961d30 | 169 | } |
5747c807 TB |
170 | |
171 | free(buf); | |
34961d30 JK |
172 | } |
173 | ||
174 | int main(int argc, const char **argv) | |
175 | { | |
176 | const char *usage = | |
c358ed75 | 177 | "usage: git credential-osxkeychain <get|store|erase>"; |
34961d30 JK |
178 | |
179 | if (!argv[1]) | |
f2fc5315 | 180 | die("%s", usage); |
34961d30 JK |
181 | |
182 | read_credential(); | |
183 | ||
184 | if (!strcmp(argv[1], "get")) | |
185 | find_internet_password(); | |
186 | else if (!strcmp(argv[1], "store")) | |
187 | add_internet_password(); | |
188 | else if (!strcmp(argv[1], "erase")) | |
189 | delete_internet_password(); | |
190 | /* otherwise, ignore unknown action */ | |
191 | ||
192 | return 0; | |
193 | } |