]>
Commit | Line | Data |
---|---|---|
34961d30 JK |
1 | #include <stdio.h> |
2 | #include <string.h> | |
3 | #include <stdlib.h> | |
4 | #include <Security/Security.h> | |
5 | ||
6 | static SecProtocolType protocol; | |
7 | static char *host; | |
8 | static char *path; | |
9 | static char *username; | |
10 | static char *password; | |
11 | static UInt16 port; | |
12 | ||
48ca53ca | 13 | __attribute__((format (printf, 1, 2))) |
34961d30 JK |
14 | static void die(const char *err, ...) |
15 | { | |
16 | char msg[4096]; | |
17 | va_list params; | |
18 | va_start(params, err); | |
19 | vsnprintf(msg, sizeof(msg), err, params); | |
20 | fprintf(stderr, "%s\n", msg); | |
21 | va_end(params); | |
22 | exit(1); | |
23 | } | |
24 | ||
25 | static void *xstrdup(const char *s1) | |
26 | { | |
27 | void *ret = strdup(s1); | |
28 | if (!ret) | |
29 | die("Out of memory"); | |
30 | return ret; | |
31 | } | |
32 | ||
33 | #define KEYCHAIN_ITEM(x) (x ? strlen(x) : 0), x | |
34 | #define KEYCHAIN_ARGS \ | |
35 | NULL, /* default keychain */ \ | |
36 | KEYCHAIN_ITEM(host), \ | |
37 | 0, NULL, /* account domain */ \ | |
38 | KEYCHAIN_ITEM(username), \ | |
39 | KEYCHAIN_ITEM(path), \ | |
40 | port, \ | |
41 | protocol, \ | |
42 | kSecAuthenticationTypeDefault | |
43 | ||
44 | static void write_item(const char *what, const char *buf, int len) | |
45 | { | |
46 | printf("%s=", what); | |
47 | fwrite(buf, 1, len, stdout); | |
48 | putchar('\n'); | |
49 | } | |
50 | ||
51 | static void find_username_in_item(SecKeychainItemRef item) | |
52 | { | |
53 | SecKeychainAttributeList list; | |
54 | SecKeychainAttribute attr; | |
55 | ||
56 | list.count = 1; | |
57 | list.attr = &attr; | |
58 | attr.tag = kSecAccountItemAttr; | |
59 | ||
60 | if (SecKeychainItemCopyContent(item, NULL, &list, NULL, NULL)) | |
61 | return; | |
62 | ||
63 | write_item("username", attr.data, attr.length); | |
64 | SecKeychainItemFreeContent(&list, NULL); | |
65 | } | |
66 | ||
67 | static void find_internet_password(void) | |
68 | { | |
69 | void *buf; | |
70 | UInt32 len; | |
71 | SecKeychainItemRef item; | |
72 | ||
73 | if (SecKeychainFindInternetPassword(KEYCHAIN_ARGS, &len, &buf, &item)) | |
74 | return; | |
75 | ||
76 | write_item("password", buf, len); | |
77 | if (!username) | |
78 | find_username_in_item(item); | |
79 | ||
80 | SecKeychainItemFreeContent(NULL, buf); | |
81 | } | |
82 | ||
83 | static void delete_internet_password(void) | |
84 | { | |
85 | SecKeychainItemRef item; | |
86 | ||
87 | /* | |
88 | * Require at least a protocol and host for removal, which is what git | |
89 | * will give us; if you want to do something more fancy, use the | |
90 | * Keychain manager. | |
91 | */ | |
92 | if (!protocol || !host) | |
93 | return; | |
94 | ||
95 | if (SecKeychainFindInternetPassword(KEYCHAIN_ARGS, 0, NULL, &item)) | |
96 | return; | |
97 | ||
98 | SecKeychainItemDelete(item); | |
99 | } | |
100 | ||
101 | static void add_internet_password(void) | |
102 | { | |
103 | /* Only store complete credentials */ | |
104 | if (!protocol || !host || !username || !password) | |
105 | return; | |
106 | ||
107 | if (SecKeychainAddInternetPassword( | |
108 | KEYCHAIN_ARGS, | |
109 | KEYCHAIN_ITEM(password), | |
110 | NULL)) | |
111 | return; | |
112 | } | |
113 | ||
114 | static void read_credential(void) | |
115 | { | |
116 | char buf[1024]; | |
117 | ||
118 | while (fgets(buf, sizeof(buf), stdin)) { | |
119 | char *v; | |
120 | ||
121 | if (!strcmp(buf, "\n")) | |
122 | break; | |
123 | buf[strlen(buf)-1] = '\0'; | |
124 | ||
125 | v = strchr(buf, '='); | |
126 | if (!v) | |
127 | die("bad input: %s", buf); | |
128 | *v++ = '\0'; | |
129 | ||
130 | if (!strcmp(buf, "protocol")) { | |
de56ccf7 XQ |
131 | if (!strcmp(v, "imap")) |
132 | protocol = kSecProtocolTypeIMAP; | |
133 | else if (!strcmp(v, "imaps")) | |
134 | protocol = kSecProtocolTypeIMAPS; | |
135 | else if (!strcmp(v, "ftp")) | |
136 | protocol = kSecProtocolTypeFTP; | |
137 | else if (!strcmp(v, "ftps")) | |
138 | protocol = kSecProtocolTypeFTPS; | |
139 | else if (!strcmp(v, "https")) | |
34961d30 JK |
140 | protocol = kSecProtocolTypeHTTPS; |
141 | else if (!strcmp(v, "http")) | |
142 | protocol = kSecProtocolTypeHTTP; | |
de56ccf7 XQ |
143 | else if (!strcmp(v, "smtp")) |
144 | protocol = kSecProtocolTypeSMTP; | |
34961d30 JK |
145 | else /* we don't yet handle other protocols */ |
146 | exit(0); | |
147 | } | |
148 | else if (!strcmp(buf, "host")) { | |
149 | char *colon = strchr(v, ':'); | |
150 | if (colon) { | |
151 | *colon++ = '\0'; | |
152 | port = atoi(colon); | |
153 | } | |
154 | host = xstrdup(v); | |
155 | } | |
156 | else if (!strcmp(buf, "path")) | |
157 | path = xstrdup(v); | |
158 | else if (!strcmp(buf, "username")) | |
159 | username = xstrdup(v); | |
160 | else if (!strcmp(buf, "password")) | |
161 | password = xstrdup(v); | |
162 | } | |
163 | } | |
164 | ||
165 | int main(int argc, const char **argv) | |
166 | { | |
167 | const char *usage = | |
c358ed75 | 168 | "usage: git credential-osxkeychain <get|store|erase>"; |
34961d30 JK |
169 | |
170 | if (!argv[1]) | |
171 | die(usage); | |
172 | ||
173 | read_credential(); | |
174 | ||
175 | if (!strcmp(argv[1], "get")) | |
176 | find_internet_password(); | |
177 | else if (!strcmp(argv[1], "store")) | |
178 | add_internet_password(); | |
179 | else if (!strcmp(argv[1], "erase")) | |
180 | delete_internet_password(); | |
181 | /* otherwise, ignore unknown action */ | |
182 | ||
183 | return 0; | |
184 | } |