git/credential-store.c

#include "cache.h"
#include "credential.h"
#include "string-list.h"
#include "parse-options.h"

static struct lock_file credential_lock;

static void parse_credential_file(const char *fn,
				  struct credential *c,
				  void (*match_cb)(struct credential *),
				  void (*other_cb)(struct strbuf *))
{
	FILE *fh;
	struct strbuf line = STRBUF_INIT;
	struct credential entry = CREDENTIAL_INIT;

	fh = fopen(fn, "r");
	if (!fh) {
		if (errno != ENOENT)
			die_errno("unable to open %s", fn);
		return;
	}

	while (strbuf_getline(&line, fh, '\n') != EOF) {
		credential_from_url(&entry, line.buf);
		if (entry.username && entry.password &&
		    credential_match(c, &entry)) {
			if (match_cb) {
				match_cb(&entry);
				break;
			}
		}
		else if (other_cb)
			other_cb(&line);
	}

	credential_clear(&entry);
	strbuf_release(&line);
	fclose(fh);
}

static void print_entry(struct credential *c)
{
	printf("username=%s\n", c->username);
	printf("password=%s\n", c->password);
}

static void print_line(struct strbuf *buf)
{
	strbuf_addch(buf, '\n');
	write_or_die(credential_lock.fd, buf->buf, buf->len);
}

static void rewrite_credential_file(const char *fn, struct credential *c,
				    struct strbuf *extra)
{
	if (hold_lock_file_for_update(&credential_lock, fn, 0) < 0)
		die_errno("unable to get credential storage lock");
	if (extra)
		print_line(extra);
	parse_credential_file(fn, c, NULL, print_line);
	if (commit_lock_file(&credential_lock) < 0)
		die_errno("unable to commit credential store");
}

static void store_credential(const char *fn, struct credential *c)
{
	struct strbuf buf = STRBUF_INIT;

	/*
	 * Sanity check that what we are storing is actually sensible.
	 * In particular, we can't make a URL without a protocol field.
	 * Without either a host or pathname (depending on the scheme),
	 * we have no primary key. And without a username and password,
	 * we are not actually storing a credential.
	 */
	if (!c->protocol || !(c->host || c->path) ||
	    !c->username || !c->password)
		return;

	strbuf_addf(&buf, "%s://", c->protocol);
	strbuf_addstr_urlencode(&buf, c->username, 1);
	strbuf_addch(&buf, ':');
	strbuf_addstr_urlencode(&buf, c->password, 1);
	strbuf_addch(&buf, '@');
	if (c->host)
		strbuf_addstr_urlencode(&buf, c->host, 1);
	if (c->path) {
		strbuf_addch(&buf, '/');
		strbuf_addstr_urlencode(&buf, c->path, 0);
	}

	rewrite_credential_file(fn, c, &buf);
	strbuf_release(&buf);
}

static void remove_credential(const char *fn, struct credential *c)
{
	/*
	 * Sanity check that we actually have something to match
	 * against. The input we get is a restrictive pattern,
	 * so technically a blank credential means "erase everything".
	 * But it is too easy to accidentally send this, since it is equivalent
	 * to empty input. So explicitly disallow it, and require that the
	 * pattern have some actual content to match.
	 */
	if (c->protocol || c->host || c->path || c->username)
		rewrite_credential_file(fn, c, NULL);
}

static int lookup_credential(const char *fn, struct credential *c)
{
	parse_credential_file(fn, c, print_entry, NULL);
	return c->username && c->password;
}

int main(int argc, char **argv)
{
	const char * const usage[] = {
		"git credential-store [options] <action>",
		NULL
	};
	const char *op;
	struct credential c = CREDENTIAL_INIT;
	char *file = NULL;
	struct option options[] = {
		OPT_STRING(0, "file", &file, "path",
			   "fetch and store credentials in <path>"),
		OPT_END()
	};

	umask(077);

	argc = parse_options(argc, (const char **)argv, NULL, options, usage, 0);
	if (argc != 1)
		usage_with_options(usage, options);
	op = argv[0];

	if (!file)
		file = expand_user_path("~/.git-credentials");
	if (!file)
		die("unable to set up default path; use --file");

	if (credential_read(&c, stdin) < 0)
		die("unable to read credential");

	if (!strcmp(op, "get"))
		lookup_credential(file, &c);
	else if (!strcmp(op, "erase"))
		remove_credential(file, &c);
	else if (!strcmp(op, "store"))
		store_credential(file, &c);
	else
		; /* Ignore unknown operation. */

	return 0;
}
credentials: add "store" helper This is like "cache", except that we actually put the credentials on disk. This can be terribly insecure, of course, but we do what we can to protect them by filesystem permissions, and we warn the user in the documentation. This is not unlike using .netrc to store entries, but it's a little more user-friendly. Instead of putting credentials in place ahead of time, we transparently store them after prompting the user for them once. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2011-12-10 10:34:44 +00:00			`#include "cache.h"`
			`#include "credential.h"`
			`#include "string-list.h"`
			`#include "parse-options.h"`

			`static struct lock_file credential_lock;`

			`static void parse_credential_file(const char *fn,`
			`struct credential *c,`
			`void (match_cb)(struct credential ),`
			`void (other_cb)(struct strbuf ))`
			`{`
			`FILE *fh;`
			`struct strbuf line = STRBUF_INIT;`
			`struct credential entry = CREDENTIAL_INIT;`

			`fh = fopen(fn, "r");`
			`if (!fh) {`
			`if (errno != ENOENT)`
			`die_errno("unable to open %s", fn);`
			`return;`
			`}`

			`while (strbuf_getline(&line, fh, '\n') != EOF) {`
			`credential_from_url(&entry, line.buf);`
			`if (entry.username && entry.password &&`
			`credential_match(c, &entry)) {`
			`if (match_cb) {`
			`match_cb(&entry);`
			`break;`
			`}`
			`}`
			`else if (other_cb)`
			`other_cb(&line);`
			`}`

			`credential_clear(&entry);`
			`strbuf_release(&line);`
			`fclose(fh);`
			`}`

			`static void print_entry(struct credential *c)`
			`{`
			`printf("username=%s\n", c->username);`
			`printf("password=%s\n", c->password);`
			`}`

			`static void print_line(struct strbuf *buf)`
			`{`
			`strbuf_addch(buf, '\n');`
			`write_or_die(credential_lock.fd, buf->buf, buf->len);`
			`}`

			`static void rewrite_credential_file(const char fn, struct credential c,`
			`struct strbuf *extra)`
			`{`
			`if (hold_lock_file_for_update(&credential_lock, fn, 0) < 0)`
			`die_errno("unable to get credential storage lock");`
			`if (extra)`
			`print_line(extra);`
			`parse_credential_file(fn, c, NULL, print_line);`
			`if (commit_lock_file(&credential_lock) < 0)`
			`die_errno("unable to commit credential store");`
			`}`

			`static void store_credential(const char fn, struct credential c)`
			`{`
			`struct strbuf buf = STRBUF_INIT;`

			`/*`
			`* Sanity check that what we are storing is actually sensible.`
			`* In particular, we can't make a URL without a protocol field.`
			`* Without either a host or pathname (depending on the scheme),`
			`* we have no primary key. And without a username and password,`
			`* we are not actually storing a credential.`
			`*/`
			`if (!c->protocol \|\| !(c->host \|\| c->path) \|\|`
			`!c->username \|\| !c->password)`
			`return;`

			`strbuf_addf(&buf, "%s://", c->protocol);`
			`strbuf_addstr_urlencode(&buf, c->username, 1);`
			`strbuf_addch(&buf, ':');`
			`strbuf_addstr_urlencode(&buf, c->password, 1);`
			`strbuf_addch(&buf, '@');`
			`if (c->host)`
			`strbuf_addstr_urlencode(&buf, c->host, 1);`
			`if (c->path) {`
			`strbuf_addch(&buf, '/');`
			`strbuf_addstr_urlencode(&buf, c->path, 0);`
			`}`

			`rewrite_credential_file(fn, c, &buf);`
			`strbuf_release(&buf);`
			`}`

			`static void remove_credential(const char fn, struct credential c)`
			`{`
			`/*`
			`* Sanity check that we actually have something to match`
			`* against. The input we get is a restrictive pattern,`
			`* so technically a blank credential means "erase everything".`
			`* But it is too easy to accidentally send this, since it is equivalent`
			`* to empty input. So explicitly disallow it, and require that the`
			`* pattern have some actual content to match.`
			`*/`
			`if (c->protocol \|\| c->host \|\| c->path \|\| c->username)`
			`rewrite_credential_file(fn, c, NULL);`
			`}`

			`static int lookup_credential(const char fn, struct credential c)`
			`{`
			`parse_credential_file(fn, c, print_entry, NULL);`
			`return c->username && c->password;`
			`}`

sparse: Fix mingw_main() argument number/type errors Sparse issues 68 errors (two errors for each main() function) such as the following: SP git.c git.c:510:5: error: too many arguments for function mingw_main git.c:510:5: error: symbol 'mingw_main' redeclared with different type \ (originally declared at git.c:510) - different argument counts The errors are caused by the 'main' macro used by the MinGW build to provide a replacement main() function. The original main function is effectively renamed to 'mingw_main' and is called from the new main function. The replacement main is used to execute certain actions common to all git programs on MinGW (e.g. ensure the standard I/O streams are in binary mode). In order to suppress the errors, we change the macro to include the parameters in the declaration of the mingw_main function. Unfortunately, this change provokes both sparse and gcc to complain about 9 calls to mingw_main(), such as the following: CC git.o git.c: In function 'main': git.c:510: warning: passing argument 2 of 'mingw_main' from \ incompatible pointer type git.c:510: note: expected 'const char ' but argument is of \ type 'char ' In order to suppress these warnings, since both of the main functions need to be declared with the same prototype, we change the declaration of the 9 main functions, thus: int main(int argc, char **argv) Signed-off-by: Ramsay Jones <ramsay@ramsay1.demon.co.uk> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2013-04-27 19:19:47 +00:00			`int main(int argc, char **argv)`
credentials: add "store" helper This is like "cache", except that we actually put the credentials on disk. This can be terribly insecure, of course, but we do what we can to protect them by filesystem permissions, and we warn the user in the documentation. This is not unlike using .netrc to store entries, but it's a little more user-friendly. Instead of putting credentials in place ahead of time, we transparently store them after prompting the user for them once. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2011-12-10 10:34:44 +00:00			`{`
			`const char * const usage[] = {`
			`"git credential-store [options] <action>",`
			`NULL`
			`};`
			`const char *op;`
			`struct credential c = CREDENTIAL_INIT;`
			`char *file = NULL;`
			`struct option options[] = {`
			`OPT_STRING(0, "file", &file, "path",`
			`"fetch and store credentials in <path>"),`
			`OPT_END()`
			`};`

			`umask(077);`

sparse: Fix mingw_main() argument number/type errors Sparse issues 68 errors (two errors for each main() function) such as the following: SP git.c git.c:510:5: error: too many arguments for function mingw_main git.c:510:5: error: symbol 'mingw_main' redeclared with different type \ (originally declared at git.c:510) - different argument counts The errors are caused by the 'main' macro used by the MinGW build to provide a replacement main() function. The original main function is effectively renamed to 'mingw_main' and is called from the new main function. The replacement main is used to execute certain actions common to all git programs on MinGW (e.g. ensure the standard I/O streams are in binary mode). In order to suppress the errors, we change the macro to include the parameters in the declaration of the mingw_main function. Unfortunately, this change provokes both sparse and gcc to complain about 9 calls to mingw_main(), such as the following: CC git.o git.c: In function 'main': git.c:510: warning: passing argument 2 of 'mingw_main' from \ incompatible pointer type git.c:510: note: expected 'const char ' but argument is of \ type 'char ' In order to suppress these warnings, since both of the main functions need to be declared with the same prototype, we change the declaration of the 9 main functions, thus: int main(int argc, char **argv) Signed-off-by: Ramsay Jones <ramsay@ramsay1.demon.co.uk> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2013-04-27 19:19:47 +00:00			`argc = parse_options(argc, (const char **)argv, NULL, options, usage, 0);`
credentials: add "store" helper This is like "cache", except that we actually put the credentials on disk. This can be terribly insecure, of course, but we do what we can to protect them by filesystem permissions, and we warn the user in the documentation. This is not unlike using .netrc to store entries, but it's a little more user-friendly. Instead of putting credentials in place ahead of time, we transparently store them after prompting the user for them once. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2011-12-10 10:34:44 +00:00			`if (argc != 1)`
			`usage_with_options(usage, options);`
			`op = argv[0];`

			`if (!file)`
			`file = expand_user_path("~/.git-credentials");`
			`if (!file)`
			`die("unable to set up default path; use --file");`

			`if (credential_read(&c, stdin) < 0)`
			`die("unable to read credential");`

			`if (!strcmp(op, "get"))`
			`lookup_credential(file, &c);`
			`else if (!strcmp(op, "erase"))`
			`remove_credential(file, &c);`
			`else if (!strcmp(op, "store"))`
			`store_credential(file, &c);`
			`else`
			`; /* Ignore unknown operation. */`

			`return 0;`
			`}`