]>
Commit | Line | Data |
---|---|---|
71e1b4b6 | 1 | #include "cache.h" |
697cc8ef | 2 | #include "lockfile.h" |
71e1b4b6 JK |
3 | #include "credential.h" |
4 | #include "string-list.h" | |
5 | #include "parse-options.h" | |
6 | ||
7 | static struct lock_file credential_lock; | |
8 | ||
cb2c2796 | 9 | static int parse_credential_file(const char *fn, |
71e1b4b6 JK |
10 | struct credential *c, |
11 | void (*match_cb)(struct credential *), | |
12 | void (*other_cb)(struct strbuf *)) | |
13 | { | |
14 | FILE *fh; | |
15 | struct strbuf line = STRBUF_INIT; | |
16 | struct credential entry = CREDENTIAL_INIT; | |
cb2c2796 | 17 | int found_credential = 0; |
71e1b4b6 JK |
18 | |
19 | fh = fopen(fn, "r"); | |
20 | if (!fh) { | |
cb2c2796 | 21 | if (errno != ENOENT && errno != EACCES) |
71e1b4b6 | 22 | die_errno("unable to open %s", fn); |
cb2c2796 | 23 | return found_credential; |
71e1b4b6 JK |
24 | } |
25 | ||
8f309aeb | 26 | while (strbuf_getline_lf(&line, fh) != EOF) { |
71e1b4b6 JK |
27 | credential_from_url(&entry, line.buf); |
28 | if (entry.username && entry.password && | |
29 | credential_match(c, &entry)) { | |
cb2c2796 | 30 | found_credential = 1; |
71e1b4b6 JK |
31 | if (match_cb) { |
32 | match_cb(&entry); | |
33 | break; | |
34 | } | |
35 | } | |
36 | else if (other_cb) | |
37 | other_cb(&line); | |
38 | } | |
39 | ||
40 | credential_clear(&entry); | |
41 | strbuf_release(&line); | |
42 | fclose(fh); | |
cb2c2796 | 43 | return found_credential; |
71e1b4b6 JK |
44 | } |
45 | ||
46 | static void print_entry(struct credential *c) | |
47 | { | |
48 | printf("username=%s\n", c->username); | |
49 | printf("password=%s\n", c->password); | |
50 | } | |
51 | ||
52 | static void print_line(struct strbuf *buf) | |
53 | { | |
54 | strbuf_addch(buf, '\n'); | |
c99a4c2d | 55 | write_or_die(get_lock_file_fd(&credential_lock), buf->buf, buf->len); |
71e1b4b6 JK |
56 | } |
57 | ||
58 | static void rewrite_credential_file(const char *fn, struct credential *c, | |
59 | struct strbuf *extra) | |
60 | { | |
61 | if (hold_lock_file_for_update(&credential_lock, fn, 0) < 0) | |
62 | die_errno("unable to get credential storage lock"); | |
63 | if (extra) | |
64 | print_line(extra); | |
65 | parse_credential_file(fn, c, NULL, print_line); | |
66 | if (commit_lock_file(&credential_lock) < 0) | |
87d01c85 | 67 | die_errno("unable to write credential store"); |
71e1b4b6 JK |
68 | } |
69 | ||
cb2c2796 | 70 | static void store_credential_file(const char *fn, struct credential *c) |
71e1b4b6 JK |
71 | { |
72 | struct strbuf buf = STRBUF_INIT; | |
73 | ||
71e1b4b6 | 74 | strbuf_addf(&buf, "%s://", c->protocol); |
c2694952 | 75 | strbuf_addstr_urlencode(&buf, c->username, is_rfc3986_unreserved); |
71e1b4b6 | 76 | strbuf_addch(&buf, ':'); |
c2694952 | 77 | strbuf_addstr_urlencode(&buf, c->password, is_rfc3986_unreserved); |
71e1b4b6 JK |
78 | strbuf_addch(&buf, '@'); |
79 | if (c->host) | |
c2694952 | 80 | strbuf_addstr_urlencode(&buf, c->host, is_rfc3986_unreserved); |
71e1b4b6 JK |
81 | if (c->path) { |
82 | strbuf_addch(&buf, '/'); | |
c2694952 MD |
83 | strbuf_addstr_urlencode(&buf, c->path, |
84 | is_rfc3986_reserved_or_unreserved); | |
71e1b4b6 JK |
85 | } |
86 | ||
87 | rewrite_credential_file(fn, c, &buf); | |
88 | strbuf_release(&buf); | |
89 | } | |
90 | ||
cb2c2796 | 91 | static void store_credential(const struct string_list *fns, struct credential *c) |
71e1b4b6 | 92 | { |
cb2c2796 PT |
93 | struct string_list_item *fn; |
94 | ||
95 | /* | |
96 | * Sanity check that what we are storing is actually sensible. | |
97 | * In particular, we can't make a URL without a protocol field. | |
98 | * Without either a host or pathname (depending on the scheme), | |
99 | * we have no primary key. And without a username and password, | |
100 | * we are not actually storing a credential. | |
101 | */ | |
102 | if (!c->protocol || !(c->host || c->path) || !c->username || !c->password) | |
103 | return; | |
104 | ||
105 | for_each_string_list_item(fn, fns) | |
106 | if (!access(fn->string, F_OK)) { | |
107 | store_credential_file(fn->string, c); | |
108 | return; | |
109 | } | |
110 | /* | |
111 | * Write credential to the filename specified by fns->items[0], thus | |
112 | * creating it | |
113 | */ | |
114 | if (fns->nr) | |
115 | store_credential_file(fns->items[0].string, c); | |
116 | } | |
117 | ||
118 | static void remove_credential(const struct string_list *fns, struct credential *c) | |
71e1b4b6 | 119 | { |
cb2c2796 PT |
120 | struct string_list_item *fn; |
121 | ||
71e1b4b6 JK |
122 | /* |
123 | * Sanity check that we actually have something to match | |
124 | * against. The input we get is a restrictive pattern, | |
125 | * so technically a blank credential means "erase everything". | |
126 | * But it is too easy to accidentally send this, since it is equivalent | |
127 | * to empty input. So explicitly disallow it, and require that the | |
128 | * pattern have some actual content to match. | |
129 | */ | |
cb2c2796 PT |
130 | if (!c->protocol && !c->host && !c->path && !c->username) |
131 | return; | |
132 | for_each_string_list_item(fn, fns) | |
133 | if (!access(fn->string, F_OK)) | |
134 | rewrite_credential_file(fn->string, c, NULL); | |
71e1b4b6 JK |
135 | } |
136 | ||
cb2c2796 | 137 | static void lookup_credential(const struct string_list *fns, struct credential *c) |
71e1b4b6 | 138 | { |
cb2c2796 PT |
139 | struct string_list_item *fn; |
140 | ||
141 | for_each_string_list_item(fn, fns) | |
142 | if (parse_credential_file(fn->string, c, print_entry, NULL)) | |
143 | return; /* Found credential */ | |
71e1b4b6 JK |
144 | } |
145 | ||
3f2e2297 | 146 | int cmd_main(int argc, const char **argv) |
71e1b4b6 JK |
147 | { |
148 | const char * const usage[] = { | |
9c9b4f2f | 149 | "git credential-store [<options>] <action>", |
71e1b4b6 JK |
150 | NULL |
151 | }; | |
152 | const char *op; | |
153 | struct credential c = CREDENTIAL_INIT; | |
cb2c2796 | 154 | struct string_list fns = STRING_LIST_INIT_DUP; |
71e1b4b6 JK |
155 | char *file = NULL; |
156 | struct option options[] = { | |
157 | OPT_STRING(0, "file", &file, "path", | |
158 | "fetch and store credentials in <path>"), | |
159 | OPT_END() | |
160 | }; | |
161 | ||
162 | umask(077); | |
163 | ||
84d32bf7 | 164 | argc = parse_options(argc, (const char **)argv, NULL, options, usage, 0); |
71e1b4b6 JK |
165 | if (argc != 1) |
166 | usage_with_options(usage, options); | |
167 | op = argv[0]; | |
168 | ||
44b22898 | 169 | if (file) { |
cb2c2796 | 170 | string_list_append(&fns, file); |
44b22898 | 171 | } else { |
4aad2f16 | 172 | if ((file = expand_user_path("~/.git-credentials", 0))) |
44b22898 | 173 | string_list_append_nodup(&fns, file); |
64ab71db | 174 | file = xdg_config_home("credentials"); |
44b22898 PT |
175 | if (file) |
176 | string_list_append_nodup(&fns, file); | |
177 | } | |
178 | if (!fns.nr) | |
71e1b4b6 JK |
179 | die("unable to set up default path; use --file"); |
180 | ||
181 | if (credential_read(&c, stdin) < 0) | |
182 | die("unable to read credential"); | |
183 | ||
184 | if (!strcmp(op, "get")) | |
cb2c2796 | 185 | lookup_credential(&fns, &c); |
71e1b4b6 | 186 | else if (!strcmp(op, "erase")) |
cb2c2796 | 187 | remove_credential(&fns, &c); |
71e1b4b6 | 188 | else if (!strcmp(op, "store")) |
cb2c2796 | 189 | store_credential(&fns, &c); |
71e1b4b6 JK |
190 | else |
191 | ; /* Ignore unknown operation. */ | |
192 | ||
cb2c2796 | 193 | string_list_clear(&fns, 0); |
71e1b4b6 JK |
194 | return 0; |
195 | } |