git.oblomov.eu Git - git/blob - builtin/credential-cache--daemon.c

   1 #include "builtin.h"
   2 #include "parse-options.h"
   3
   4 #ifndef NO_UNIX_SOCKETS
   5
   6 #include "config.h"
   7 #include "tempfile.h"
   8 #include "credential.h"
   9 #include "unix-socket.h"
  10
  11 struct credential_cache_entry {
  12         struct credential item;
  13         timestamp_t expiration;
  14 };
  15 static struct credential_cache_entry *entries;
  16 static int entries_nr;
  17 static int entries_alloc;
  18
  19 static void cache_credential(struct credential *c, int timeout)
  20 {
  21         struct credential_cache_entry *e;
  22
  23         ALLOC_GROW(entries, entries_nr + 1, entries_alloc);
  24         e = &entries[entries_nr++];
  25
  26         /* take ownership of pointers */
  27         memcpy(&e->item, c, sizeof(*c));
  28         memset(c, 0, sizeof(*c));
  29         e->expiration = time(NULL) + timeout;
  30 }
  31
  32 static struct credential_cache_entry *lookup_credential(const struct credential *c)
  33 {
  34         int i;
  35         for (i = 0; i < entries_nr; i++) {
  36                 struct credential *e = &entries[i].item;
  37                 if (credential_match(c, e))
  38                         return &entries[i];
  39         }
  40         return NULL;
  41 }
  42
  43 static void remove_credential(const struct credential *c)
  44 {
  45         struct credential_cache_entry *e;
  46
  47         e = lookup_credential(c);
  48         if (e)
  49                 e->expiration = 0;
  50 }
  51
  52 static timestamp_t check_expirations(void)
  53 {
  54         static timestamp_t wait_for_entry_until;
  55         int i = 0;
  56         timestamp_t now = time(NULL);
  57         timestamp_t next = TIME_MAX;
  58
  59         /*
  60          * Initially give the client 30 seconds to actually contact us
  61          * and store a credential before we decide there's no point in
  62          * keeping the daemon around.
  63          */
  64         if (!wait_for_entry_until)
  65                 wait_for_entry_until = now + 30;
  66
  67         while (i < entries_nr) {
  68                 if (entries[i].expiration <= now) {
  69                         entries_nr--;
  70                         credential_clear(&entries[i].item);
  71                         if (i != entries_nr)
  72                                 memcpy(&entries[i], &entries[entries_nr], sizeof(*entries));
  73                         /*
  74                          * Stick around 30 seconds in case a new credential
  75                          * shows up (e.g., because we just removed a failed
  76                          * one, and we will soon get the correct one).
  77                          */
  78                         wait_for_entry_until = now + 30;
  79                 }
  80                 else {
  81                         if (entries[i].expiration < next)
  82                                 next = entries[i].expiration;
  83                         i++;
  84                 }
  85         }
  86
  87         if (!entries_nr) {
  88                 if (wait_for_entry_until <= now)
  89                         return 0;
  90                 next = wait_for_entry_until;
  91         }
  92
  93         return next - now;
  94 }
  95
  96 static int read_request(FILE *fh, struct credential *c,
  97                         struct strbuf *action, int *timeout)
  98 {
  99         static struct strbuf item = STRBUF_INIT;
 100         const char *p;
 101
 102         strbuf_getline_lf(&item, fh);
 103         if (!skip_prefix(item.buf, "action=", &p))
 104                 return error("client sent bogus action line: %s", item.buf);
 105         strbuf_addstr(action, p);
 106
 107         strbuf_getline_lf(&item, fh);
 108         if (!skip_prefix(item.buf, "timeout=", &p))
 109                 return error("client sent bogus timeout line: %s", item.buf);
 110         *timeout = atoi(p);
 111
 112         if (credential_read(c, fh) < 0)
 113                 return -1;
 114         return 0;
 115 }
 116
 117 static void serve_one_client(FILE *in, FILE *out)
 118 {
 119         struct credential c = CREDENTIAL_INIT;
 120         struct strbuf action = STRBUF_INIT;
 121         int timeout = -1;
 122
 123         if (read_request(in, &c, &action, &timeout) < 0)
 124                 /* ignore error */ ;
 125         else if (!strcmp(action.buf, "get")) {
 126                 struct credential_cache_entry *e = lookup_credential(&c);
 127                 if (e) {
 128                         fprintf(out, "username=%s\n", e->item.username);
 129                         fprintf(out, "password=%s\n", e->item.password);
 130                 }
 131         }
 132         else if (!strcmp(action.buf, "exit")) {
 133                 /*
 134                  * It's important that we clean up our socket first, and then
 135                  * signal the client only once we have finished the cleanup.
 136                  * Calling exit() directly does this, because we clean up in
 137                  * our atexit() handler, and then signal the client when our
 138                  * process actually ends, which closes the socket and gives
 139                  * them EOF.
 140                  */
 141                 exit(0);
 142         }
 143         else if (!strcmp(action.buf, "erase"))
 144                 remove_credential(&c);
 145         else if (!strcmp(action.buf, "store")) {
 146                 if (timeout < 0)
 147                         warning("cache client didn't specify a timeout");
 148                 else if (!c.username || !c.password)
 149                         warning("cache client gave us a partial credential");
 150                 else {
 151                         remove_credential(&c);
 152                         cache_credential(&c, timeout);
 153                 }
 154         }
 155         else
 156                 warning("cache client sent unknown action: %s", action.buf);
 157
 158         credential_clear(&c);
 159         strbuf_release(&action);
 160 }
 161
 162 static int serve_cache_loop(int fd)
 163 {
 164         struct pollfd pfd;
 165         timestamp_t wakeup;
 166
 167         wakeup = check_expirations();
 168         if (!wakeup)
 169                 return 0;
 170
 171         pfd.fd = fd;
 172         pfd.events = POLLIN;
 173         if (poll(&pfd, 1, 1000 * wakeup) < 0) {
 174                 if (errno != EINTR)
 175                         die_errno("poll failed");
 176                 return 1;
 177         }
 178
 179         if (pfd.revents & POLLIN) {
 180                 int client, client2;
 181                 FILE *in, *out;
 182
 183                 client = accept(fd, NULL, NULL);
 184                 if (client < 0) {
 185                         warning_errno("accept failed");
 186                         return 1;
 187                 }
 188                 client2 = dup(client);
 189                 if (client2 < 0) {
 190                         warning_errno("dup failed");
 191                         close(client);
 192                         return 1;
 193                 }
 194
 195                 in = xfdopen(client, "r");
 196                 out = xfdopen(client2, "w");
 197                 serve_one_client(in, out);
 198                 fclose(in);
 199                 fclose(out);
 200         }
 201         return 1;
 202 }
 203
 204 static void serve_cache(const char *socket_path, int debug)
 205 {
 206         int fd;
 207
 208         fd = unix_stream_listen(socket_path);
 209         if (fd < 0)
 210                 die_errno("unable to bind to '%s'", socket_path);
 211
 212         printf("ok\n");
 213         fclose(stdout);
 214         if (!debug) {
 215                 if (!freopen("/dev/null", "w", stderr))
 216                         die_errno("unable to point stderr to /dev/null");
 217         }
 218
 219         while (serve_cache_loop(fd))
 220                 ; /* nothing */
 221
 222         close(fd);
 223 }
 224
 225 static const char permissions_advice[] = N_(
 226 "The permissions on your socket directory are too loose; other\n"
 227 "users may be able to read your cached credentials. Consider running:\n"
 228 "\n"
 229 "       chmod 0700 %s");
 230 static void init_socket_directory(const char *path)
 231 {
 232         struct stat st;
 233         char *path_copy = xstrdup(path);
 234         char *dir = dirname(path_copy);
 235
 236         if (!stat(dir, &st)) {
 237                 if (st.st_mode & 077)
 238                         die(_(permissions_advice), dir);
 239         } else {
 240                 /*
 241                  * We must be sure to create the directory with the correct mode,
 242                  * not just chmod it after the fact; otherwise, there is a race
 243                  * condition in which somebody can chdir to it, sleep, then try to open
 244                  * our protected socket.
 245                  */
 246                 if (safe_create_leading_directories_const(dir) < 0)
 247                         die_errno("unable to create directories for '%s'", dir);
 248                 if (mkdir(dir, 0700) < 0)
 249                         die_errno("unable to mkdir '%s'", dir);
 250         }
 251
 252         if (chdir(dir))
 253                 /*
 254                  * We don't actually care what our cwd is; we chdir here just to
 255                  * be a friendly daemon and avoid tying up our original cwd.
 256                  * If this fails, it's OK to just continue without that benefit.
 257                  */
 258                 ;
 259
 260         free(path_copy);
 261 }
 262
 263 int cmd_credential_cache_daemon(int argc, const char **argv, const char *prefix)
 264 {
 265         struct tempfile *socket_file;
 266         const char *socket_path;
 267         int ignore_sighup = 0;
 268         static const char *usage[] = {
 269                 "git-credential-cache--daemon [opts] <socket_path>",
 270                 NULL
 271         };
 272         int debug = 0;
 273         const struct option options[] = {
 274                 OPT_BOOL(0, "debug", &debug,
 275                          N_("print debugging messages to stderr")),
 276                 OPT_END()
 277         };
 278
 279         git_config_get_bool("credentialcache.ignoresighup", &ignore_sighup);
 280
 281         argc = parse_options(argc, argv, prefix, options, usage, 0);
 282         socket_path = argv[0];
 283
 284         if (!socket_path)
 285                 usage_with_options(usage, options);
 286
 287         if (!is_absolute_path(socket_path))
 288                 die("socket directory must be an absolute path");
 289
 290         init_socket_directory(socket_path);
 291         socket_file = register_tempfile(socket_path);
 292
 293         if (ignore_sighup)
 294                 signal(SIGHUP, SIG_IGN);
 295
 296         serve_cache(socket_path, debug);
 297         delete_tempfile(&socket_file);
 298
 299         return 0;
 300 }
 301
 302 #else
 303
 304 int cmd_credential_cache_daemon(int argc, const char **argv, const char *prefix)
 305 {
 306         const char * const usage[] = {
 307                 "git credential-cache--daemon [options] <action>",
 308                 "",
 309                 "credential-cache--daemon is disabled in this build of Git",
 310                 NULL
 311         };
 312         struct option options[] = { OPT_END() };
 313
 314         argc = parse_options(argc, argv, prefix, options, usage, 0);
 315         die(_("credential-cache--daemon unavailable; no unix socket support"));
 316 }
 317
 318 #endif /* NO_UNIX_SOCKET */