]>
Commit | Line | Data |
---|---|---|
71e1b4b6 | 1 | #include "cache.h" |
697cc8ef | 2 | #include "lockfile.h" |
71e1b4b6 JK |
3 | #include "credential.h" |
4 | #include "string-list.h" | |
5 | #include "parse-options.h" | |
6 | ||
7 | static struct lock_file credential_lock; | |
8 | ||
cb2c2796 | 9 | static int parse_credential_file(const char *fn, |
71e1b4b6 JK |
10 | struct credential *c, |
11 | void (*match_cb)(struct credential *), | |
12 | void (*other_cb)(struct strbuf *)) | |
13 | { | |
14 | FILE *fh; | |
15 | struct strbuf line = STRBUF_INIT; | |
16 | struct credential entry = CREDENTIAL_INIT; | |
cb2c2796 | 17 | int found_credential = 0; |
71e1b4b6 JK |
18 | |
19 | fh = fopen(fn, "r"); | |
20 | if (!fh) { | |
cb2c2796 | 21 | if (errno != ENOENT && errno != EACCES) |
71e1b4b6 | 22 | die_errno("unable to open %s", fn); |
cb2c2796 | 23 | return found_credential; |
71e1b4b6 JK |
24 | } |
25 | ||
8f309aeb | 26 | while (strbuf_getline_lf(&line, fh) != EOF) { |
71e1b4b6 JK |
27 | credential_from_url(&entry, line.buf); |
28 | if (entry.username && entry.password && | |
29 | credential_match(c, &entry)) { | |
cb2c2796 | 30 | found_credential = 1; |
71e1b4b6 JK |
31 | if (match_cb) { |
32 | match_cb(&entry); | |
33 | break; | |
34 | } | |
35 | } | |
36 | else if (other_cb) | |
37 | other_cb(&line); | |
38 | } | |
39 | ||
40 | credential_clear(&entry); | |
41 | strbuf_release(&line); | |
42 | fclose(fh); | |
cb2c2796 | 43 | return found_credential; |
71e1b4b6 JK |
44 | } |
45 | ||
46 | static void print_entry(struct credential *c) | |
47 | { | |
48 | printf("username=%s\n", c->username); | |
49 | printf("password=%s\n", c->password); | |
50 | } | |
51 | ||
52 | static void print_line(struct strbuf *buf) | |
53 | { | |
54 | strbuf_addch(buf, '\n'); | |
c99a4c2d | 55 | write_or_die(get_lock_file_fd(&credential_lock), buf->buf, buf->len); |
71e1b4b6 JK |
56 | } |
57 | ||
58 | static void rewrite_credential_file(const char *fn, struct credential *c, | |
59 | struct strbuf *extra) | |
60 | { | |
61 | if (hold_lock_file_for_update(&credential_lock, fn, 0) < 0) | |
62 | die_errno("unable to get credential storage lock"); | |
63 | if (extra) | |
64 | print_line(extra); | |
65 | parse_credential_file(fn, c, NULL, print_line); | |
66 | if (commit_lock_file(&credential_lock) < 0) | |
87d01c85 | 67 | die_errno("unable to write credential store"); |
71e1b4b6 JK |
68 | } |
69 | ||
cb2c2796 | 70 | static void store_credential_file(const char *fn, struct credential *c) |
71e1b4b6 JK |
71 | { |
72 | struct strbuf buf = STRBUF_INIT; | |
73 | ||
71e1b4b6 JK |
74 | strbuf_addf(&buf, "%s://", c->protocol); |
75 | strbuf_addstr_urlencode(&buf, c->username, 1); | |
76 | strbuf_addch(&buf, ':'); | |
77 | strbuf_addstr_urlencode(&buf, c->password, 1); | |
78 | strbuf_addch(&buf, '@'); | |
79 | if (c->host) | |
80 | strbuf_addstr_urlencode(&buf, c->host, 1); | |
81 | if (c->path) { | |
82 | strbuf_addch(&buf, '/'); | |
83 | strbuf_addstr_urlencode(&buf, c->path, 0); | |
84 | } | |
85 | ||
86 | rewrite_credential_file(fn, c, &buf); | |
87 | strbuf_release(&buf); | |
88 | } | |
89 | ||
cb2c2796 | 90 | static void store_credential(const struct string_list *fns, struct credential *c) |
71e1b4b6 | 91 | { |
cb2c2796 PT |
92 | struct string_list_item *fn; |
93 | ||
94 | /* | |
95 | * Sanity check that what we are storing is actually sensible. | |
96 | * In particular, we can't make a URL without a protocol field. | |
97 | * Without either a host or pathname (depending on the scheme), | |
98 | * we have no primary key. And without a username and password, | |
99 | * we are not actually storing a credential. | |
100 | */ | |
101 | if (!c->protocol || !(c->host || c->path) || !c->username || !c->password) | |
102 | return; | |
103 | ||
104 | for_each_string_list_item(fn, fns) | |
105 | if (!access(fn->string, F_OK)) { | |
106 | store_credential_file(fn->string, c); | |
107 | return; | |
108 | } | |
109 | /* | |
110 | * Write credential to the filename specified by fns->items[0], thus | |
111 | * creating it | |
112 | */ | |
113 | if (fns->nr) | |
114 | store_credential_file(fns->items[0].string, c); | |
115 | } | |
116 | ||
117 | static void remove_credential(const struct string_list *fns, struct credential *c) | |
71e1b4b6 | 118 | { |
cb2c2796 PT |
119 | struct string_list_item *fn; |
120 | ||
71e1b4b6 JK |
121 | /* |
122 | * Sanity check that we actually have something to match | |
123 | * against. The input we get is a restrictive pattern, | |
124 | * so technically a blank credential means "erase everything". | |
125 | * But it is too easy to accidentally send this, since it is equivalent | |
126 | * to empty input. So explicitly disallow it, and require that the | |
127 | * pattern have some actual content to match. | |
128 | */ | |
cb2c2796 PT |
129 | if (!c->protocol && !c->host && !c->path && !c->username) |
130 | return; | |
131 | for_each_string_list_item(fn, fns) | |
132 | if (!access(fn->string, F_OK)) | |
133 | rewrite_credential_file(fn->string, c, NULL); | |
71e1b4b6 JK |
134 | } |
135 | ||
cb2c2796 | 136 | static void lookup_credential(const struct string_list *fns, struct credential *c) |
71e1b4b6 | 137 | { |
cb2c2796 PT |
138 | struct string_list_item *fn; |
139 | ||
140 | for_each_string_list_item(fn, fns) | |
141 | if (parse_credential_file(fn->string, c, print_entry, NULL)) | |
142 | return; /* Found credential */ | |
71e1b4b6 JK |
143 | } |
144 | ||
3f2e2297 | 145 | int cmd_main(int argc, const char **argv) |
71e1b4b6 JK |
146 | { |
147 | const char * const usage[] = { | |
9c9b4f2f | 148 | "git credential-store [<options>] <action>", |
71e1b4b6 JK |
149 | NULL |
150 | }; | |
151 | const char *op; | |
152 | struct credential c = CREDENTIAL_INIT; | |
cb2c2796 | 153 | struct string_list fns = STRING_LIST_INIT_DUP; |
71e1b4b6 JK |
154 | char *file = NULL; |
155 | struct option options[] = { | |
156 | OPT_STRING(0, "file", &file, "path", | |
157 | "fetch and store credentials in <path>"), | |
158 | OPT_END() | |
159 | }; | |
160 | ||
161 | umask(077); | |
162 | ||
84d32bf7 | 163 | argc = parse_options(argc, (const char **)argv, NULL, options, usage, 0); |
71e1b4b6 JK |
164 | if (argc != 1) |
165 | usage_with_options(usage, options); | |
166 | op = argv[0]; | |
167 | ||
44b22898 | 168 | if (file) { |
cb2c2796 | 169 | string_list_append(&fns, file); |
44b22898 PT |
170 | } else { |
171 | if ((file = expand_user_path("~/.git-credentials"))) | |
172 | string_list_append_nodup(&fns, file); | |
64ab71db | 173 | file = xdg_config_home("credentials"); |
44b22898 PT |
174 | if (file) |
175 | string_list_append_nodup(&fns, file); | |
176 | } | |
177 | if (!fns.nr) | |
71e1b4b6 JK |
178 | die("unable to set up default path; use --file"); |
179 | ||
180 | if (credential_read(&c, stdin) < 0) | |
181 | die("unable to read credential"); | |
182 | ||
183 | if (!strcmp(op, "get")) | |
cb2c2796 | 184 | lookup_credential(&fns, &c); |
71e1b4b6 | 185 | else if (!strcmp(op, "erase")) |
cb2c2796 | 186 | remove_credential(&fns, &c); |
71e1b4b6 | 187 | else if (!strcmp(op, "store")) |
cb2c2796 | 188 | store_credential(&fns, &c); |
71e1b4b6 JK |
189 | else |
190 | ; /* Ignore unknown operation. */ | |
191 | ||
cb2c2796 | 192 | string_list_clear(&fns, 0); |
71e1b4b6 JK |
193 | return 0; |
194 | } |