builtin/credential-cache--daemon.c

   1 #include "builtin.h"
   2 #include "parse-options.h"
   3
   4 #ifndef NO_UNIX_SOCKETS
   5
   6 #include "config.h"
   7 #include "tempfile.h"
   8 #include "credential.h"
   9 #include "unix-socket.h"
  10
  11 struct credential_cache_entry {
  12         struct credential item;
  13         timestamp_t expiration;
  14 };
  15 static struct credential_cache_entry *entries;
  16 static int entries_nr;
  17 static int entries_alloc;
  18
  19 static void cache_credential(struct credential *c, int timeout)
  20 {
  21         struct credential_cache_entry *e;
  22
  23         ALLOC_GROW(entries, entries_nr + 1, entries_alloc);
  24         e = &entries[entries_nr++];
  25
  26         /* take ownership of pointers */
  27         memcpy(&e->item, c, sizeof(*c));
  28         memset(c, 0, sizeof(*c));
  29         e->expiration = time(NULL) + timeout;
  30 }
  31
  32 static struct credential_cache_entry *lookup_credential(const struct credential *c)
  33 {
  34         int i;
  35         for (i = 0; i < entries_nr; i++) {
  36                 struct credential *e = &entries[i].item;
  37                 if (credential_match(c, e))
  38                         return &entries[i];
  39         }
  40         return NULL;
  41 }
  42
  43 static void remove_credential(const struct credential *c)
  44 {
  45         struct credential_cache_entry *e;
  46
  47         e = lookup_credential(c);
  48         if (e)
  49                 e->expiration = 0;
  50 }
  51
  52 static timestamp_t check_expirations(void)
  53 {
  54         static timestamp_t wait_for_entry_until;
  55         int i = 0;
  56         timestamp_t now = time(NULL);
  57         timestamp_t next = TIME_MAX;
  58
  59         /*
  60          * Initially give the client 30 seconds to actually contact us
  61          * and store a credential before we decide there's no point in
  62          * keeping the daemon around.
  63          */
  64         if (!wait_for_entry_until)
  65                 wait_for_entry_until = now + 30;
  66
  67         while (i < entries_nr) {
  68                 if (entries[i].expiration <= now) {
  69                         entries_nr--;
  70                         credential_clear(&entries[i].item);
  71                         if (i != entries_nr)
  72                                 memcpy(&entries[i], &entries[entries_nr], sizeof(*entries));
  73                         /*
  74                          * Stick around 30 seconds in case a new credential
  75                          * shows up (e.g., because we just removed a failed
  76                          * one, and we will soon get the correct one).
  77                          */
  78                         wait_for_entry_until = now + 30;
  79                 }
  80                 else {
  81                         if (entries[i].expiration < next)
  82                                 next = entries[i].expiration;
  83                         i++;
  84                 }
  85         }
  86
  87         if (!entries_nr) {
  88                 if (wait_for_entry_until <= now)
  89                         return 0;
  90                 next = wait_for_entry_until;
  91         }
  92
  93         return next - now;
  94 }
  95
  96 static int read_request(FILE *fh, struct credential *c,
  97                         struct strbuf *action, int *timeout)
  98 {
  99         static struct strbuf item = STRBUF_INIT;
 100         const char *p;
 101
 102         strbuf_getline_lf(&item, fh);
 103         if (!skip_prefix(item.buf, "action=", &p))
 104                 return error("client sent bogus action line: %s", item.buf);
 105         strbuf_addstr(action, p);
 106
 107         strbuf_getline_lf(&item, fh);
 108         if (!skip_prefix(item.buf, "timeout=", &p))
 109                 return error("client sent bogus timeout line: %s", item.buf);
 110         *timeout = atoi(p);
 111
 112         if (credential_read(c, fh) < 0)
 113                 return -1;
 114         return 0;
 115 }
 116
 117 static void serve_one_client(FILE *in, FILE *out)
 118 {
 119         struct credential c = CREDENTIAL_INIT;
 120         struct strbuf action = STRBUF_INIT;
 121         int timeout = -1;
 122
 123         if (read_request(in, &c, &action, &timeout) < 0)
 124                 /* ignore error */ ;
 125         else if (!strcmp(action.buf, "get")) {
 126                 struct credential_cache_entry *e = lookup_credential(&c);
 127                 if (e) {
 128                         fprintf(out, "username=%s\n", e->item.username);
 129                         fprintf(out, "password=%s\n", e->item.password);
 130                         if (e->item.password_expiry_utc != TIME_MAX)
 131                                 fprintf(out, "password_expiry_utc=%"PRItime"\n",
 132                                         e->item.password_expiry_utc);
 133                 }
 134         }
 135         else if (!strcmp(action.buf, "exit")) {
 136                 /*
 137                  * It's important that we clean up our socket first, and then
 138                  * signal the client only once we have finished the cleanup.
 139                  * Calling exit() directly does this, because we clean up in
 140                  * our atexit() handler, and then signal the client when our
 141                  * process actually ends, which closes the socket and gives
 142                  * them EOF.
 143                  */
 144                 exit(0);
 145         }
 146         else if (!strcmp(action.buf, "erase"))
 147                 remove_credential(&c);
 148         else if (!strcmp(action.buf, "store")) {
 149                 if (timeout < 0)
 150                         warning("cache client didn't specify a timeout");
 151                 else if (!c.username || !c.password)
 152                         warning("cache client gave us a partial credential");
 153                 else {
 154                         remove_credential(&c);
 155                         cache_credential(&c, timeout);
 156                 }
 157         }
 158         else
 159                 warning("cache client sent unknown action: %s", action.buf);
 160
 161         credential_clear(&c);
 162         strbuf_release(&action);
 163 }
 164
 165 static int serve_cache_loop(int fd)
 166 {
 167         struct pollfd pfd;
 168         timestamp_t wakeup;
 169
 170         wakeup = check_expirations();
 171         if (!wakeup)
 172                 return 0;
 173
 174         pfd.fd = fd;
 175         pfd.events = POLLIN;
 176         if (poll(&pfd, 1, 1000 * wakeup) < 0) {
 177                 if (errno != EINTR)
 178                         die_errno("poll failed");
 179                 return 1;
 180         }
 181
 182         if (pfd.revents & POLLIN) {
 183                 int client, client2;
 184                 FILE *in, *out;
 185
 186                 client = accept(fd, NULL, NULL);
 187                 if (client < 0) {
 188                         warning_errno("accept failed");
 189                         return 1;
 190                 }
 191                 client2 = dup(client);
 192                 if (client2 < 0) {
 193                         warning_errno("dup failed");
 194                         close(client);
 195                         return 1;
 196                 }
 197
 198                 in = xfdopen(client, "r");
 199                 out = xfdopen(client2, "w");
 200                 serve_one_client(in, out);
 201                 fclose(in);
 202                 fclose(out);
 203         }
 204         return 1;
 205 }
 206
 207 static void serve_cache(const char *socket_path, int debug)
 208 {
 209         struct unix_stream_listen_opts opts = UNIX_STREAM_LISTEN_OPTS_INIT;
 210         int fd;
 211
 212         fd = unix_stream_listen(socket_path, &opts);
 213         if (fd < 0)
 214                 die_errno("unable to bind to '%s'", socket_path);
 215
 216         printf("ok\n");
 217         fclose(stdout);
 218         if (!debug) {
 219                 if (!freopen("/dev/null", "w", stderr))
 220                         die_errno("unable to point stderr to /dev/null");
 221         }
 222
 223         while (serve_cache_loop(fd))
 224                 ; /* nothing */
 225
 226         close(fd);
 227 }
 228
 229 static const char permissions_advice[] = N_(
 230 "The permissions on your socket directory are too loose; other\n"
 231 "users may be able to read your cached credentials. Consider running:\n"
 232 "\n"
 233 "       chmod 0700 %s");
 234 static void init_socket_directory(const char *path)
 235 {
 236         struct stat st;
 237         char *path_copy = xstrdup(path);
 238         char *dir = dirname(path_copy);
 239
 240         if (!stat(dir, &st)) {
 241                 if (st.st_mode & 077)
 242                         die(_(permissions_advice), dir);
 243         } else {
 244                 /*
 245                  * We must be sure to create the directory with the correct mode,
 246                  * not just chmod it after the fact; otherwise, there is a race
 247                  * condition in which somebody can chdir to it, sleep, then try to open
 248                  * our protected socket.
 249                  */
 250                 if (safe_create_leading_directories_const(dir) < 0)
 251                         die_errno("unable to create directories for '%s'", dir);
 252                 if (mkdir(dir, 0700) < 0)
 253                         die_errno("unable to mkdir '%s'", dir);
 254         }
 255
 256         if (chdir(dir))
 257                 /*
 258                  * We don't actually care what our cwd is; we chdir here just to
 259                  * be a friendly daemon and avoid tying up our original cwd.
 260                  * If this fails, it's OK to just continue without that benefit.
 261                  */
 262                 ;
 263
 264         free(path_copy);
 265 }
 266
 267 int cmd_credential_cache_daemon(int argc, const char **argv, const char *prefix)
 268 {
 269         struct tempfile *socket_file;
 270         const char *socket_path;
 271         int ignore_sighup = 0;
 272         static const char *usage[] = {
 273                 "git credential-cache--daemon [--debug] <socket-path>",
 274                 NULL
 275         };
 276         int debug = 0;
 277         const struct option options[] = {
 278                 OPT_BOOL(0, "debug", &debug,
 279                          N_("print debugging messages to stderr")),
 280                 OPT_END()
 281         };
 282
 283         git_config_get_bool("credentialcache.ignoresighup", &ignore_sighup);
 284
 285         argc = parse_options(argc, argv, prefix, options, usage, 0);
 286         socket_path = argv[0];
 287
 288         if (!socket_path)
 289                 usage_with_options(usage, options);
 290
 291         if (!is_absolute_path(socket_path))
 292                 die("socket directory must be an absolute path");
 293
 294         init_socket_directory(socket_path);
 295         socket_file = register_tempfile(socket_path);
 296
 297         if (ignore_sighup)
 298                 signal(SIGHUP, SIG_IGN);
 299
 300         serve_cache(socket_path, debug);
 301         delete_tempfile(&socket_file);
 302
 303         return 0;
 304 }
 305
 306 #else
 307
 308 int cmd_credential_cache_daemon(int argc, const char **argv, const char *prefix)
 309 {
 310         const char * const usage[] = {
 311                 "git credential-cache--daemon [--debug] <socket-path>",
 312                 "",
 313                 "credential-cache--daemon is disabled in this build of Git",
 314                 NULL
 315         };
 316         struct option options[] = { OPT_END() };
 317
 318         argc = parse_options(argc, argv, prefix, options, usage, 0);
 319         die(_("credential-cache--daemon unavailable; no unix socket support"));
 320 }
 321
 322 #endif /* NO_UNIX_SOCKET */