]>
Commit | Line | Data |
---|---|---|
1 | #include "cache.h" | |
2 | #include "lockfile.h" | |
3 | #include "credential.h" | |
4 | #include "string-list.h" | |
5 | #include "parse-options.h" | |
6 | ||
7 | static struct lock_file credential_lock; | |
8 | ||
9 | static int parse_credential_file(const char *fn, | |
10 | struct credential *c, | |
11 | void (*match_cb)(struct credential *), | |
12 | void (*other_cb)(struct strbuf *)) | |
13 | { | |
14 | FILE *fh; | |
15 | struct strbuf line = STRBUF_INIT; | |
16 | struct credential entry = CREDENTIAL_INIT; | |
17 | int found_credential = 0; | |
18 | ||
19 | fh = fopen(fn, "r"); | |
20 | if (!fh) { | |
21 | if (errno != ENOENT && errno != EACCES) | |
22 | die_errno("unable to open %s", fn); | |
23 | return found_credential; | |
24 | } | |
25 | ||
26 | while (strbuf_getline_lf(&line, fh) != EOF) { | |
27 | credential_from_url(&entry, line.buf); | |
28 | if (entry.username && entry.password && | |
29 | credential_match(c, &entry)) { | |
30 | found_credential = 1; | |
31 | if (match_cb) { | |
32 | match_cb(&entry); | |
33 | break; | |
34 | } | |
35 | } | |
36 | else if (other_cb) | |
37 | other_cb(&line); | |
38 | } | |
39 | ||
40 | credential_clear(&entry); | |
41 | strbuf_release(&line); | |
42 | fclose(fh); | |
43 | return found_credential; | |
44 | } | |
45 | ||
46 | static void print_entry(struct credential *c) | |
47 | { | |
48 | printf("username=%s\n", c->username); | |
49 | printf("password=%s\n", c->password); | |
50 | } | |
51 | ||
52 | static void print_line(struct strbuf *buf) | |
53 | { | |
54 | strbuf_addch(buf, '\n'); | |
55 | write_or_die(get_lock_file_fd(&credential_lock), buf->buf, buf->len); | |
56 | } | |
57 | ||
58 | static void rewrite_credential_file(const char *fn, struct credential *c, | |
59 | struct strbuf *extra) | |
60 | { | |
61 | if (hold_lock_file_for_update(&credential_lock, fn, 0) < 0) | |
62 | die_errno("unable to get credential storage lock"); | |
63 | if (extra) | |
64 | print_line(extra); | |
65 | parse_credential_file(fn, c, NULL, print_line); | |
66 | if (commit_lock_file(&credential_lock) < 0) | |
67 | die_errno("unable to write credential store"); | |
68 | } | |
69 | ||
70 | static void store_credential_file(const char *fn, struct credential *c) | |
71 | { | |
72 | struct strbuf buf = STRBUF_INIT; | |
73 | ||
74 | strbuf_addf(&buf, "%s://", c->protocol); | |
75 | strbuf_addstr_urlencode(&buf, c->username, 1); | |
76 | strbuf_addch(&buf, ':'); | |
77 | strbuf_addstr_urlencode(&buf, c->password, 1); | |
78 | strbuf_addch(&buf, '@'); | |
79 | if (c->host) | |
80 | strbuf_addstr_urlencode(&buf, c->host, 1); | |
81 | if (c->path) { | |
82 | strbuf_addch(&buf, '/'); | |
83 | strbuf_addstr_urlencode(&buf, c->path, 0); | |
84 | } | |
85 | ||
86 | rewrite_credential_file(fn, c, &buf); | |
87 | strbuf_release(&buf); | |
88 | } | |
89 | ||
90 | static void store_credential(const struct string_list *fns, struct credential *c) | |
91 | { | |
92 | struct string_list_item *fn; | |
93 | ||
94 | /* | |
95 | * Sanity check that what we are storing is actually sensible. | |
96 | * In particular, we can't make a URL without a protocol field. | |
97 | * Without either a host or pathname (depending on the scheme), | |
98 | * we have no primary key. And without a username and password, | |
99 | * we are not actually storing a credential. | |
100 | */ | |
101 | if (!c->protocol || !(c->host || c->path) || !c->username || !c->password) | |
102 | return; | |
103 | ||
104 | for_each_string_list_item(fn, fns) | |
105 | if (!access(fn->string, F_OK)) { | |
106 | store_credential_file(fn->string, c); | |
107 | return; | |
108 | } | |
109 | /* | |
110 | * Write credential to the filename specified by fns->items[0], thus | |
111 | * creating it | |
112 | */ | |
113 | if (fns->nr) | |
114 | store_credential_file(fns->items[0].string, c); | |
115 | } | |
116 | ||
117 | static void remove_credential(const struct string_list *fns, struct credential *c) | |
118 | { | |
119 | struct string_list_item *fn; | |
120 | ||
121 | /* | |
122 | * Sanity check that we actually have something to match | |
123 | * against. The input we get is a restrictive pattern, | |
124 | * so technically a blank credential means "erase everything". | |
125 | * But it is too easy to accidentally send this, since it is equivalent | |
126 | * to empty input. So explicitly disallow it, and require that the | |
127 | * pattern have some actual content to match. | |
128 | */ | |
129 | if (!c->protocol && !c->host && !c->path && !c->username) | |
130 | return; | |
131 | for_each_string_list_item(fn, fns) | |
132 | if (!access(fn->string, F_OK)) | |
133 | rewrite_credential_file(fn->string, c, NULL); | |
134 | } | |
135 | ||
136 | static void lookup_credential(const struct string_list *fns, struct credential *c) | |
137 | { | |
138 | struct string_list_item *fn; | |
139 | ||
140 | for_each_string_list_item(fn, fns) | |
141 | if (parse_credential_file(fn->string, c, print_entry, NULL)) | |
142 | return; /* Found credential */ | |
143 | } | |
144 | ||
145 | int cmd_main(int argc, const char **argv) | |
146 | { | |
147 | const char * const usage[] = { | |
148 | "git credential-store [<options>] <action>", | |
149 | NULL | |
150 | }; | |
151 | const char *op; | |
152 | struct credential c = CREDENTIAL_INIT; | |
153 | struct string_list fns = STRING_LIST_INIT_DUP; | |
154 | char *file = NULL; | |
155 | struct option options[] = { | |
156 | OPT_STRING(0, "file", &file, "path", | |
157 | "fetch and store credentials in <path>"), | |
158 | OPT_END() | |
159 | }; | |
160 | ||
161 | umask(077); | |
162 | ||
163 | argc = parse_options(argc, (const char **)argv, NULL, options, usage, 0); | |
164 | if (argc != 1) | |
165 | usage_with_options(usage, options); | |
166 | op = argv[0]; | |
167 | ||
168 | if (file) { | |
169 | string_list_append(&fns, file); | |
170 | } else { | |
171 | if ((file = expand_user_path("~/.git-credentials", 0))) | |
172 | string_list_append_nodup(&fns, file); | |
173 | file = xdg_config_home("credentials"); | |
174 | if (file) | |
175 | string_list_append_nodup(&fns, file); | |
176 | } | |
177 | if (!fns.nr) | |
178 | die("unable to set up default path; use --file"); | |
179 | ||
180 | if (credential_read(&c, stdin) < 0) | |
181 | die("unable to read credential"); | |
182 | ||
183 | if (!strcmp(op, "get")) | |
184 | lookup_credential(&fns, &c); | |
185 | else if (!strcmp(op, "erase")) | |
186 | remove_credential(&fns, &c); | |
187 | else if (!strcmp(op, "store")) | |
188 | store_credential(&fns, &c); | |
189 | else | |
190 | ; /* Ignore unknown operation. */ | |
191 | ||
192 | string_list_clear(&fns, 0); | |
193 | return 0; | |
194 | } |