contrib/credential/osxkeychain/git-credential-osxkeychain.c

   1 #include <stdio.h>
   2 #include <string.h>
   3 #include <stdlib.h>
   4 #include <Security/Security.h>
   5
   6 static SecProtocolType protocol;
   7 static char *host;
   8 static char *path;
   9 static char *username;
  10 static char *password;
  11 static UInt16 port;
  12
  13 __attribute__((format (printf, 1, 2)))
  14 static void die(const char *err, ...)
  15 {
  16         char msg[4096];
  17         va_list params;
  18         va_start(params, err);
  19         vsnprintf(msg, sizeof(msg), err, params);
  20         fprintf(stderr, "%s\n", msg);
  21         va_end(params);
  22         exit(1);
  23 }
  24
  25 static void *xstrdup(const char *s1)
  26 {
  27         void *ret = strdup(s1);
  28         if (!ret)
  29                 die("Out of memory");
  30         return ret;
  31 }
  32
  33 #define KEYCHAIN_ITEM(x) (x ? strlen(x) : 0), x
  34 #define KEYCHAIN_ARGS \
  35         NULL, /* default keychain */ \
  36         KEYCHAIN_ITEM(host), \
  37         0, NULL, /* account domain */ \
  38         KEYCHAIN_ITEM(username), \
  39         KEYCHAIN_ITEM(path), \
  40         port, \
  41         protocol, \
  42         kSecAuthenticationTypeDefault
  43
  44 static void write_item(const char *what, const char *buf, int len)
  45 {
  46         printf("%s=", what);
  47         fwrite(buf, 1, len, stdout);
  48         putchar('\n');
  49 }
  50
  51 static void find_username_in_item(SecKeychainItemRef item)
  52 {
  53         SecKeychainAttributeList list;
  54         SecKeychainAttribute attr;
  55
  56         list.count = 1;
  57         list.attr = &attr;
  58         attr.tag = kSecAccountItemAttr;
  59
  60         if (SecKeychainItemCopyContent(item, NULL, &list, NULL, NULL))
  61                 return;
  62
  63         write_item("username", attr.data, attr.length);
  64         SecKeychainItemFreeContent(&list, NULL);
  65 }
  66
  67 static void find_internet_password(void)
  68 {
  69         void *buf;
  70         UInt32 len;
  71         SecKeychainItemRef item;
  72
  73         if (SecKeychainFindInternetPassword(KEYCHAIN_ARGS, &len, &buf, &item))
  74                 return;
  75
  76         write_item("password", buf, len);
  77         if (!username)
  78                 find_username_in_item(item);
  79
  80         SecKeychainItemFreeContent(NULL, buf);
  81 }
  82
  83 static void delete_internet_password(void)
  84 {
  85         SecKeychainItemRef item;
  86
  87         /*
  88          * Require at least a protocol and host for removal, which is what git
  89          * will give us; if you want to do something more fancy, use the
  90          * Keychain manager.
  91          */
  92         if (!protocol || !host)
  93                 return;
  94
  95         if (SecKeychainFindInternetPassword(KEYCHAIN_ARGS, 0, NULL, &item))
  96                 return;
  97
  98         SecKeychainItemDelete(item);
  99 }
 100
 101 static void add_internet_password(void)
 102 {
 103         /* Only store complete credentials */
 104         if (!protocol || !host || !username || !password)
 105                 return;
 106
 107         if (SecKeychainAddInternetPassword(
 108               KEYCHAIN_ARGS,
 109               KEYCHAIN_ITEM(password),
 110               NULL))
 111                 return;
 112 }
 113
 114 static void read_credential(void)
 115 {
 116         char *buf = NULL;
 117         size_t alloc;
 118         ssize_t line_len;
 119
 120         while ((line_len = getline(&buf, &alloc, stdin)) > 0) {
 121                 char *v;
 122
 123                 if (!strcmp(buf, "\n"))
 124                         break;
 125                 buf[line_len-1] = '\0';
 126
 127                 v = strchr(buf, '=');
 128                 if (!v)
 129                         die("bad input: %s", buf);
 130                 *v++ = '\0';
 131
 132                 if (!strcmp(buf, "protocol")) {
 133                         if (!strcmp(v, "imap"))
 134                                 protocol = kSecProtocolTypeIMAP;
 135                         else if (!strcmp(v, "imaps"))
 136                                 protocol = kSecProtocolTypeIMAPS;
 137                         else if (!strcmp(v, "ftp"))
 138                                 protocol = kSecProtocolTypeFTP;
 139                         else if (!strcmp(v, "ftps"))
 140                                 protocol = kSecProtocolTypeFTPS;
 141                         else if (!strcmp(v, "https"))
 142                                 protocol = kSecProtocolTypeHTTPS;
 143                         else if (!strcmp(v, "http"))
 144                                 protocol = kSecProtocolTypeHTTP;
 145                         else if (!strcmp(v, "smtp"))
 146                                 protocol = kSecProtocolTypeSMTP;
 147                         else /* we don't yet handle other protocols */
 148                                 exit(0);
 149                 }
 150                 else if (!strcmp(buf, "host")) {
 151                         char *colon = strchr(v, ':');
 152                         if (colon) {
 153                                 *colon++ = '\0';
 154                                 port = atoi(colon);
 155                         }
 156                         host = xstrdup(v);
 157                 }
 158                 else if (!strcmp(buf, "path"))
 159                         path = xstrdup(v);
 160                 else if (!strcmp(buf, "username"))
 161                         username = xstrdup(v);
 162                 else if (!strcmp(buf, "password"))
 163                         password = xstrdup(v);
 164                 /*
 165                  * Ignore other lines; we don't know what they mean, but
 166                  * this future-proofs us when later versions of git do
 167                  * learn new lines, and the helpers are updated to match.
 168                  */
 169         }
 170
 171         free(buf);
 172 }
 173
 174 int main(int argc, const char **argv)
 175 {
 176         const char *usage =
 177                 "usage: git credential-osxkeychain <get|store|erase>";
 178
 179         if (!argv[1])
 180                 die("%s", usage);
 181
 182         read_credential();
 183
 184         if (!strcmp(argv[1], "get"))
 185                 find_internet_password();
 186         else if (!strcmp(argv[1], "store"))
 187                 add_internet_password();
 188         else if (!strcmp(argv[1], "erase"))
 189                 delete_internet_password();
 190         /* otherwise, ignore unknown action */
 191
 192         return 0;
 193 }