You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
157 lines
4.0 KiB
157 lines
4.0 KiB
#include "cache.h" |
|
#include "credential.h" |
|
#include "string-list.h" |
|
#include "parse-options.h" |
|
|
|
static struct lock_file credential_lock; |
|
|
|
static void parse_credential_file(const char *fn, |
|
struct credential *c, |
|
void (*match_cb)(struct credential *), |
|
void (*other_cb)(struct strbuf *)) |
|
{ |
|
FILE *fh; |
|
struct strbuf line = STRBUF_INIT; |
|
struct credential entry = CREDENTIAL_INIT; |
|
|
|
fh = fopen(fn, "r"); |
|
if (!fh) { |
|
if (errno != ENOENT) |
|
die_errno("unable to open %s", fn); |
|
return; |
|
} |
|
|
|
while (strbuf_getline(&line, fh, '\n') != EOF) { |
|
credential_from_url(&entry, line.buf); |
|
if (entry.username && entry.password && |
|
credential_match(c, &entry)) { |
|
if (match_cb) { |
|
match_cb(&entry); |
|
break; |
|
} |
|
} |
|
else if (other_cb) |
|
other_cb(&line); |
|
} |
|
|
|
credential_clear(&entry); |
|
strbuf_release(&line); |
|
fclose(fh); |
|
} |
|
|
|
static void print_entry(struct credential *c) |
|
{ |
|
printf("username=%s\n", c->username); |
|
printf("password=%s\n", c->password); |
|
} |
|
|
|
static void print_line(struct strbuf *buf) |
|
{ |
|
strbuf_addch(buf, '\n'); |
|
write_or_die(credential_lock.fd, buf->buf, buf->len); |
|
} |
|
|
|
static void rewrite_credential_file(const char *fn, struct credential *c, |
|
struct strbuf *extra) |
|
{ |
|
if (hold_lock_file_for_update(&credential_lock, fn, 0) < 0) |
|
die_errno("unable to get credential storage lock"); |
|
if (extra) |
|
print_line(extra); |
|
parse_credential_file(fn, c, NULL, print_line); |
|
if (commit_lock_file(&credential_lock) < 0) |
|
die_errno("unable to commit credential store"); |
|
} |
|
|
|
static void store_credential(const char *fn, struct credential *c) |
|
{ |
|
struct strbuf buf = STRBUF_INIT; |
|
|
|
/* |
|
* Sanity check that what we are storing is actually sensible. |
|
* In particular, we can't make a URL without a protocol field. |
|
* Without either a host or pathname (depending on the scheme), |
|
* we have no primary key. And without a username and password, |
|
* we are not actually storing a credential. |
|
*/ |
|
if (!c->protocol || !(c->host || c->path) || |
|
!c->username || !c->password) |
|
return; |
|
|
|
strbuf_addf(&buf, "%s://", c->protocol); |
|
strbuf_addstr_urlencode(&buf, c->username, 1); |
|
strbuf_addch(&buf, ':'); |
|
strbuf_addstr_urlencode(&buf, c->password, 1); |
|
strbuf_addch(&buf, '@'); |
|
if (c->host) |
|
strbuf_addstr_urlencode(&buf, c->host, 1); |
|
if (c->path) { |
|
strbuf_addch(&buf, '/'); |
|
strbuf_addstr_urlencode(&buf, c->path, 0); |
|
} |
|
|
|
rewrite_credential_file(fn, c, &buf); |
|
strbuf_release(&buf); |
|
} |
|
|
|
static void remove_credential(const char *fn, struct credential *c) |
|
{ |
|
/* |
|
* Sanity check that we actually have something to match |
|
* against. The input we get is a restrictive pattern, |
|
* so technically a blank credential means "erase everything". |
|
* But it is too easy to accidentally send this, since it is equivalent |
|
* to empty input. So explicitly disallow it, and require that the |
|
* pattern have some actual content to match. |
|
*/ |
|
if (c->protocol || c->host || c->path || c->username) |
|
rewrite_credential_file(fn, c, NULL); |
|
} |
|
|
|
static int lookup_credential(const char *fn, struct credential *c) |
|
{ |
|
parse_credential_file(fn, c, print_entry, NULL); |
|
return c->username && c->password; |
|
} |
|
|
|
int main(int argc, char **argv) |
|
{ |
|
const char * const usage[] = { |
|
"git credential-store [options] <action>", |
|
NULL |
|
}; |
|
const char *op; |
|
struct credential c = CREDENTIAL_INIT; |
|
char *file = NULL; |
|
struct option options[] = { |
|
OPT_STRING(0, "file", &file, "path", |
|
"fetch and store credentials in <path>"), |
|
OPT_END() |
|
}; |
|
|
|
umask(077); |
|
|
|
argc = parse_options(argc, (const char **)argv, NULL, options, usage, 0); |
|
if (argc != 1) |
|
usage_with_options(usage, options); |
|
op = argv[0]; |
|
|
|
if (!file) |
|
file = expand_user_path("~/.git-credentials"); |
|
if (!file) |
|
die("unable to set up default path; use --file"); |
|
|
|
if (credential_read(&c, stdin) < 0) |
|
die("unable to read credential"); |
|
|
|
if (!strcmp(op, "get")) |
|
lookup_credential(file, &c); |
|
else if (!strcmp(op, "erase")) |
|
remove_credential(file, &c); |
|
else if (!strcmp(op, "store")) |
|
store_credential(file, &c); |
|
else |
|
; /* Ignore unknown operation. */ |
|
|
|
return 0; |
|
}
|
|
|