credential.c

   1 #include "cache.h"
   2 #include "config.h"
   3 #include "credential.h"
   4 #include "string-list.h"
   5 #include "run-command.h"
   6 #include "url.h"
   7 #include "prompt.h"
   8 #include "sigchain.h"
   9 #include "urlmatch.h"
  10
  11 void credential_init(struct credential *c)
  12 {
  13         memset(c, 0, sizeof(*c));
  14         c->helpers.strdup_strings = 1;
  15 }
  16
  17 void credential_clear(struct credential *c)
  18 {
  19         free(c->protocol);
  20         free(c->host);
  21         free(c->path);
  22         free(c->username);
  23         free(c->password);
  24         string_list_clear(&c->helpers, 0);
  25
  26         credential_init(c);
  27 }
  28
  29 int credential_match(const struct credential *want,
  30                      const struct credential *have)
  31 {
  32 #define CHECK(x) (!want->x || (have->x && !strcmp(want->x, have->x)))
  33         return CHECK(protocol) &&
  34                CHECK(host) &&
  35                CHECK(path) &&
  36                CHECK(username);
  37 #undef CHECK
  38 }
  39
  40 static int credential_config_callback(const char *var, const char *value,
  41                                       void *data)
  42 {
  43         struct credential *c = data;
  44         const char *key;
  45
  46         if (!skip_prefix(var, "credential.", &key))
  47                 return 0;
  48
  49         if (!value)
  50                 return config_error_nonbool(var);
  51
  52         if (!strcmp(key, "helper")) {
  53                 if (*value)
  54                         string_list_append(&c->helpers, value);
  55                 else
  56                         string_list_clear(&c->helpers, 0);
  57         } else if (!strcmp(key, "username")) {
  58                 if (!c->username_from_proto) {
  59                         free(c->username);
  60                         c->username = xstrdup(value);
  61                 }
  62         }
  63         else if (!strcmp(key, "usehttppath"))
  64                 c->use_http_path = git_config_bool(var, value);
  65
  66         return 0;
  67 }
  68
  69 static int proto_is_http(const char *s)
  70 {
  71         if (!s)
  72                 return 0;
  73         return !strcmp(s, "https") || !strcmp(s, "http");
  74 }
  75
  76 static void credential_describe(struct credential *c, struct strbuf *out);
  77 static void credential_format(struct credential *c, struct strbuf *out);
  78
  79 static int select_all(const struct urlmatch_item *a,
  80                       const struct urlmatch_item *b)
  81 {
  82         return 0;
  83 }
  84
  85 static void credential_apply_config(struct credential *c)
  86 {
  87         char *normalized_url;
  88         struct urlmatch_config config = { STRING_LIST_INIT_DUP };
  89         struct strbuf url = STRBUF_INIT;
  90
  91         if (c->configured)
  92                 return;
  93
  94         config.section = "credential";
  95         config.key = NULL;
  96         config.collect_fn = credential_config_callback;
  97         config.cascade_fn = NULL;
  98         config.select_fn = select_all;
  99         config.cb = c;
 100
 101         credential_format(c, &url);
 102         normalized_url = url_normalize(url.buf, &config.url);
 103
 104         git_config(urlmatch_config_entry, &config);
 105         free(normalized_url);
 106         strbuf_release(&url);
 107
 108         c->configured = 1;
 109
 110         if (!c->use_http_path && proto_is_http(c->protocol)) {
 111                 FREE_AND_NULL(c->path);
 112         }
 113 }
 114
 115 static void credential_describe(struct credential *c, struct strbuf *out)
 116 {
 117         if (!c->protocol)
 118                 return;
 119         strbuf_addf(out, "%s://", c->protocol);
 120         if (c->username && *c->username)
 121                 strbuf_addf(out, "%s@", c->username);
 122         if (c->host)
 123                 strbuf_addstr(out, c->host);
 124         if (c->path)
 125                 strbuf_addf(out, "/%s", c->path);
 126 }
 127
 128 static void credential_format(struct credential *c, struct strbuf *out)
 129 {
 130         if (!c->protocol)
 131                 return;
 132         strbuf_addf(out, "%s://", c->protocol);
 133         if (c->username && *c->username) {
 134                 strbuf_add_percentencode(out, c->username);
 135                 strbuf_addch(out, '@');
 136         }
 137         if (c->host)
 138                 strbuf_addstr(out, c->host);
 139         if (c->path) {
 140                 strbuf_addch(out, '/');
 141                 strbuf_add_percentencode(out, c->path);
 142         }
 143 }
 144
 145 static char *credential_ask_one(const char *what, struct credential *c,
 146                                 int flags)
 147 {
 148         struct strbuf desc = STRBUF_INIT;
 149         struct strbuf prompt = STRBUF_INIT;
 150         char *r;
 151
 152         credential_describe(c, &desc);
 153         if (desc.len)
 154                 strbuf_addf(&prompt, "%s for '%s': ", what, desc.buf);
 155         else
 156                 strbuf_addf(&prompt, "%s: ", what);
 157
 158         r = git_prompt(prompt.buf, flags);
 159
 160         strbuf_release(&desc);
 161         strbuf_release(&prompt);
 162         return xstrdup(r);
 163 }
 164
 165 static void credential_getpass(struct credential *c)
 166 {
 167         if (!c->username)
 168                 c->username = credential_ask_one("Username", c,
 169                                                  PROMPT_ASKPASS|PROMPT_ECHO);
 170         if (!c->password)
 171                 c->password = credential_ask_one("Password", c,
 172                                                  PROMPT_ASKPASS);
 173 }
 174
 175 int credential_read(struct credential *c, FILE *fp)
 176 {
 177         struct strbuf line = STRBUF_INIT;
 178
 179         while (strbuf_getline_lf(&line, fp) != EOF) {
 180                 char *key = line.buf;
 181                 char *value = strchr(key, '=');
 182
 183                 if (!line.len)
 184                         break;
 185
 186                 if (!value) {
 187                         warning("invalid credential line: %s", key);
 188                         strbuf_release(&line);
 189                         return -1;
 190                 }
 191                 *value++ = '\0';
 192
 193                 if (!strcmp(key, "username")) {
 194                         free(c->username);
 195                         c->username = xstrdup(value);
 196                         c->username_from_proto = 1;
 197                 } else if (!strcmp(key, "password")) {
 198                         free(c->password);
 199                         c->password = xstrdup(value);
 200                 } else if (!strcmp(key, "protocol")) {
 201                         free(c->protocol);
 202                         c->protocol = xstrdup(value);
 203                 } else if (!strcmp(key, "host")) {
 204                         free(c->host);
 205                         c->host = xstrdup(value);
 206                 } else if (!strcmp(key, "path")) {
 207                         free(c->path);
 208                         c->path = xstrdup(value);
 209                 } else if (!strcmp(key, "url")) {
 210                         credential_from_url(c, value);
 211                 } else if (!strcmp(key, "quit")) {
 212                         c->quit = !!git_config_bool("quit", value);
 213                 }
 214                 /*
 215                  * Ignore other lines; we don't know what they mean, but
 216                  * this future-proofs us when later versions of git do
 217                  * learn new lines, and the helpers are updated to match.
 218                  */
 219         }
 220
 221         strbuf_release(&line);
 222         return 0;
 223 }
 224
 225 static void credential_write_item(FILE *fp, const char *key, const char *value)
 226 {
 227         if (!value)
 228                 return;
 229         fprintf(fp, "%s=%s\n", key, value);
 230 }
 231
 232 void credential_write(const struct credential *c, FILE *fp)
 233 {
 234         credential_write_item(fp, "protocol", c->protocol);
 235         credential_write_item(fp, "host", c->host);
 236         credential_write_item(fp, "path", c->path);
 237         credential_write_item(fp, "username", c->username);
 238         credential_write_item(fp, "password", c->password);
 239 }
 240
 241 static int run_credential_helper(struct credential *c,
 242                                  const char *cmd,
 243                                  int want_output)
 244 {
 245         struct child_process helper = CHILD_PROCESS_INIT;
 246         const char *argv[] = { NULL, NULL };
 247         FILE *fp;
 248
 249         argv[0] = cmd;
 250         helper.argv = argv;
 251         helper.use_shell = 1;
 252         helper.in = -1;
 253         if (want_output)
 254                 helper.out = -1;
 255         else
 256                 helper.no_stdout = 1;
 257
 258         if (start_command(&helper) < 0)
 259                 return -1;
 260
 261         fp = xfdopen(helper.in, "w");
 262         sigchain_push(SIGPIPE, SIG_IGN);
 263         credential_write(c, fp);
 264         fclose(fp);
 265         sigchain_pop(SIGPIPE);
 266
 267         if (want_output) {
 268                 int r;
 269                 fp = xfdopen(helper.out, "r");
 270                 r = credential_read(c, fp);
 271                 fclose(fp);
 272                 if (r < 0) {
 273                         finish_command(&helper);
 274                         return -1;
 275                 }
 276         }
 277
 278         if (finish_command(&helper))
 279                 return -1;
 280         return 0;
 281 }
 282
 283 static int credential_do(struct credential *c, const char *helper,
 284                          const char *operation)
 285 {
 286         struct strbuf cmd = STRBUF_INIT;
 287         int r;
 288
 289         if (helper[0] == '!')
 290                 strbuf_addstr(&cmd, helper + 1);
 291         else if (is_absolute_path(helper))
 292                 strbuf_addstr(&cmd, helper);
 293         else
 294                 strbuf_addf(&cmd, "git credential-%s", helper);
 295
 296         strbuf_addf(&cmd, " %s", operation);
 297         r = run_credential_helper(c, cmd.buf, !strcmp(operation, "get"));
 298
 299         strbuf_release(&cmd);
 300         return r;
 301 }
 302
 303 void credential_fill(struct credential *c)
 304 {
 305         int i;
 306
 307         if (c->username && c->password)
 308                 return;
 309
 310         credential_apply_config(c);
 311
 312         for (i = 0; i < c->helpers.nr; i++) {
 313                 credential_do(c, c->helpers.items[i].string, "get");
 314                 if (c->username && c->password)
 315                         return;
 316                 if (c->quit)
 317                         die("credential helper '%s' told us to quit",
 318                             c->helpers.items[i].string);
 319         }
 320
 321         credential_getpass(c);
 322         if (!c->username && !c->password)
 323                 die("unable to get password from user");
 324 }
 325
 326 void credential_approve(struct credential *c)
 327 {
 328         int i;
 329
 330         if (c->approved)
 331                 return;
 332         if (!c->username || !c->password)
 333                 return;
 334
 335         credential_apply_config(c);
 336
 337         for (i = 0; i < c->helpers.nr; i++)
 338                 credential_do(c, c->helpers.items[i].string, "store");
 339         c->approved = 1;
 340 }
 341
 342 void credential_reject(struct credential *c)
 343 {
 344         int i;
 345
 346         credential_apply_config(c);
 347
 348         for (i = 0; i < c->helpers.nr; i++)
 349                 credential_do(c, c->helpers.items[i].string, "erase");
 350
 351         FREE_AND_NULL(c->username);
 352         FREE_AND_NULL(c->password);
 353         c->approved = 0;
 354 }
 355
 356 void credential_from_url(struct credential *c, const char *url)
 357 {
 358         const char *at, *colon, *cp, *slash, *host, *proto_end;
 359
 360         credential_clear(c);
 361
 362         /*
 363          * Match one of:
 364          *   (1) proto://<host>/...
 365          *   (2) proto://<user>@<host>/...
 366          *   (3) proto://<user>:<pass>@<host>/...
 367          */
 368         proto_end = strstr(url, "://");
 369         if (!proto_end)
 370                 return;
 371         cp = proto_end + 3;
 372         at = strchr(cp, '@');
 373         colon = strchr(cp, ':');
 374         slash = strchrnul(cp, '/');
 375
 376         if (!at || slash <= at) {
 377                 /* Case (1) */
 378                 host = cp;
 379         }
 380         else if (!colon || at <= colon) {
 381                 /* Case (2) */
 382                 c->username = url_decode_mem(cp, at - cp);
 383                 if (c->username && *c->username)
 384                         c->username_from_proto = 1;
 385                 host = at + 1;
 386         } else {
 387                 /* Case (3) */
 388                 c->username = url_decode_mem(cp, colon - cp);
 389                 if (c->username && *c->username)
 390                         c->username_from_proto = 1;
 391                 c->password = url_decode_mem(colon + 1, at - (colon + 1));
 392                 host = at + 1;
 393         }
 394
 395         if (proto_end - url > 0)
 396                 c->protocol = xmemdupz(url, proto_end - url);
 397         if (slash - host > 0)
 398                 c->host = url_decode_mem(host, slash - host);
 399         /* Trim leading and trailing slashes from path */
 400         while (*slash == '/')
 401                 slash++;
 402         if (*slash) {
 403                 char *p;
 404                 c->path = url_decode(slash);
 405                 p = c->path + strlen(c->path) - 1;
 406                 while (p > c->path && *p == '/')
 407                         *p-- = '\0';
 408         }
 409 }