Merge branch 'ds/sparse-checkout-harden'
[git] / contrib / credential / osxkeychain / git-credential-osxkeychain.c
1 #include <stdio.h>
2 #include <string.h>
3 #include <stdlib.h>
4 #include <Security/Security.h>
5
6 static SecProtocolType protocol;
7 static char *host;
8 static char *path;
9 static char *username;
10 static char *password;
11 static UInt16 port;
12
13 static void die(const char *err, ...)
14 {
15         char msg[4096];
16         va_list params;
17         va_start(params, err);
18         vsnprintf(msg, sizeof(msg), err, params);
19         fprintf(stderr, "%s\n", msg);
20         va_end(params);
21         exit(1);
22 }
23
24 static void *xstrdup(const char *s1)
25 {
26         void *ret = strdup(s1);
27         if (!ret)
28                 die("Out of memory");
29         return ret;
30 }
31
32 #define KEYCHAIN_ITEM(x) (x ? strlen(x) : 0), x
33 #define KEYCHAIN_ARGS \
34         NULL, /* default keychain */ \
35         KEYCHAIN_ITEM(host), \
36         0, NULL, /* account domain */ \
37         KEYCHAIN_ITEM(username), \
38         KEYCHAIN_ITEM(path), \
39         port, \
40         protocol, \
41         kSecAuthenticationTypeDefault
42
43 static void write_item(const char *what, const char *buf, int len)
44 {
45         printf("%s=", what);
46         fwrite(buf, 1, len, stdout);
47         putchar('\n');
48 }
49
50 static void find_username_in_item(SecKeychainItemRef item)
51 {
52         SecKeychainAttributeList list;
53         SecKeychainAttribute attr;
54
55         list.count = 1;
56         list.attr = &attr;
57         attr.tag = kSecAccountItemAttr;
58
59         if (SecKeychainItemCopyContent(item, NULL, &list, NULL, NULL))
60                 return;
61
62         write_item("username", attr.data, attr.length);
63         SecKeychainItemFreeContent(&list, NULL);
64 }
65
66 static void find_internet_password(void)
67 {
68         void *buf;
69         UInt32 len;
70         SecKeychainItemRef item;
71
72         if (SecKeychainFindInternetPassword(KEYCHAIN_ARGS, &len, &buf, &item))
73                 return;
74
75         write_item("password", buf, len);
76         if (!username)
77                 find_username_in_item(item);
78
79         SecKeychainItemFreeContent(NULL, buf);
80 }
81
82 static void delete_internet_password(void)
83 {
84         SecKeychainItemRef item;
85
86         /*
87          * Require at least a protocol and host for removal, which is what git
88          * will give us; if you want to do something more fancy, use the
89          * Keychain manager.
90          */
91         if (!protocol || !host)
92                 return;
93
94         if (SecKeychainFindInternetPassword(KEYCHAIN_ARGS, 0, NULL, &item))
95                 return;
96
97         SecKeychainItemDelete(item);
98 }
99
100 static void add_internet_password(void)
101 {
102         /* Only store complete credentials */
103         if (!protocol || !host || !username || !password)
104                 return;
105
106         if (SecKeychainAddInternetPassword(
107               KEYCHAIN_ARGS,
108               KEYCHAIN_ITEM(password),
109               NULL))
110                 return;
111 }
112
113 static void read_credential(void)
114 {
115         char buf[1024];
116
117         while (fgets(buf, sizeof(buf), stdin)) {
118                 char *v;
119
120                 if (!strcmp(buf, "\n"))
121                         break;
122                 buf[strlen(buf)-1] = '\0';
123
124                 v = strchr(buf, '=');
125                 if (!v)
126                         die("bad input: %s", buf);
127                 *v++ = '\0';
128
129                 if (!strcmp(buf, "protocol")) {
130                         if (!strcmp(v, "imap"))
131                                 protocol = kSecProtocolTypeIMAP;
132                         else if (!strcmp(v, "imaps"))
133                                 protocol = kSecProtocolTypeIMAPS;
134                         else if (!strcmp(v, "ftp"))
135                                 protocol = kSecProtocolTypeFTP;
136                         else if (!strcmp(v, "ftps"))
137                                 protocol = kSecProtocolTypeFTPS;
138                         else if (!strcmp(v, "https"))
139                                 protocol = kSecProtocolTypeHTTPS;
140                         else if (!strcmp(v, "http"))
141                                 protocol = kSecProtocolTypeHTTP;
142                         else if (!strcmp(v, "smtp"))
143                                 protocol = kSecProtocolTypeSMTP;
144                         else /* we don't yet handle other protocols */
145                                 exit(0);
146                 }
147                 else if (!strcmp(buf, "host")) {
148                         char *colon = strchr(v, ':');
149                         if (colon) {
150                                 *colon++ = '\0';
151                                 port = atoi(colon);
152                         }
153                         host = xstrdup(v);
154                 }
155                 else if (!strcmp(buf, "path"))
156                         path = xstrdup(v);
157                 else if (!strcmp(buf, "username"))
158                         username = xstrdup(v);
159                 else if (!strcmp(buf, "password"))
160                         password = xstrdup(v);
161         }
162 }
163
164 int main(int argc, const char **argv)
165 {
166         const char *usage =
167                 "usage: git credential-osxkeychain <get|store|erase>";
168
169         if (!argv[1])
170                 die(usage);
171
172         read_credential();
173
174         if (!strcmp(argv[1], "get"))
175                 find_internet_password();
176         else if (!strcmp(argv[1], "store"))
177                 add_internet_password();
178         else if (!strcmp(argv[1], "erase"))
179                 delete_internet_password();
180         /* otherwise, ignore unknown action */
181
182         return 0;
183 }