git.oblomov.eu Git - git/blob - credential.c

   1 #include "cache.h"
   2 #include "config.h"
   3 #include "credential.h"
   4 #include "string-list.h"
   5 #include "run-command.h"
   6 #include "url.h"
   7 #include "prompt.h"
   8
   9 void credential_init(struct credential *c)
  10 {
  11         memset(c, 0, sizeof(*c));
  12         c->helpers.strdup_strings = 1;
  13 }
  14
  15 void credential_clear(struct credential *c)
  16 {
  17         free(c->protocol);
  18         free(c->host);
  19         free(c->path);
  20         free(c->username);
  21         free(c->password);
  22         string_list_clear(&c->helpers, 0);
  23
  24         credential_init(c);
  25 }
  26
  27 int credential_match(const struct credential *want,
  28                      const struct credential *have)
  29 {
  30 #define CHECK(x) (!want->x || (have->x && !strcmp(want->x, have->x)))
  31         return CHECK(protocol) &&
  32                CHECK(host) &&
  33                CHECK(path) &&
  34                CHECK(username);
  35 #undef CHECK
  36 }
  37
  38 static int credential_config_callback(const char *var, const char *value,
  39                                       void *data)
  40 {
  41         struct credential *c = data;
  42         const char *key, *dot;
  43
  44         if (!skip_prefix(var, "credential.", &key))
  45                 return 0;
  46
  47         if (!value)
  48                 return config_error_nonbool(var);
  49
  50         dot = strrchr(key, '.');
  51         if (dot) {
  52                 struct credential want = CREDENTIAL_INIT;
  53                 char *url = xmemdupz(key, dot - key);
  54                 int matched;
  55
  56                 credential_from_url(&want, url);
  57                 matched = credential_match(&want, c);
  58
  59                 credential_clear(&want);
  60                 free(url);
  61
  62                 if (!matched)
  63                         return 0;
  64                 key = dot + 1;
  65         }
  66
  67         if (!strcmp(key, "helper")) {
  68                 if (*value)
  69                         string_list_append(&c->helpers, value);
  70                 else
  71                         string_list_clear(&c->helpers, 0);
  72         } else if (!strcmp(key, "username")) {
  73                 if (!c->username)
  74                         c->username = xstrdup(value);
  75         }
  76         else if (!strcmp(key, "usehttppath"))
  77                 c->use_http_path = git_config_bool(var, value);
  78
  79         return 0;
  80 }
  81
  82 static int proto_is_http(const char *s)
  83 {
  84         if (!s)
  85                 return 0;
  86         return !strcmp(s, "https") || !strcmp(s, "http");
  87 }
  88
  89 static void credential_apply_config(struct credential *c)
  90 {
  91         if (!c->host)
  92                 die(_("refusing to work with credential missing host field"));
  93         if (!c->protocol)
  94                 die(_("refusing to work with credential missing protocol field"));
  95
  96         if (c->configured)
  97                 return;
  98         git_config(credential_config_callback, c);
  99         c->configured = 1;
 100
 101         if (!c->use_http_path && proto_is_http(c->protocol)) {
 102                 FREE_AND_NULL(c->path);
 103         }
 104 }
 105
 106 static void credential_describe(struct credential *c, struct strbuf *out)
 107 {
 108         if (!c->protocol)
 109                 return;
 110         strbuf_addf(out, "%s://", c->protocol);
 111         if (c->username && *c->username)
 112                 strbuf_addf(out, "%s@", c->username);
 113         if (c->host)
 114                 strbuf_addstr(out, c->host);
 115         if (c->path)
 116                 strbuf_addf(out, "/%s", c->path);
 117 }
 118
 119 static char *credential_ask_one(const char *what, struct credential *c,
 120                                 int flags)
 121 {
 122         struct strbuf desc = STRBUF_INIT;
 123         struct strbuf prompt = STRBUF_INIT;
 124         char *r;
 125
 126         credential_describe(c, &desc);
 127         if (desc.len)
 128                 strbuf_addf(&prompt, "%s for '%s': ", what, desc.buf);
 129         else
 130                 strbuf_addf(&prompt, "%s: ", what);
 131
 132         r = git_prompt(prompt.buf, flags);
 133
 134         strbuf_release(&desc);
 135         strbuf_release(&prompt);
 136         return xstrdup(r);
 137 }
 138
 139 static void credential_getpass(struct credential *c)
 140 {
 141         if (!c->username)
 142                 c->username = credential_ask_one("Username", c,
 143                                                  PROMPT_ASKPASS|PROMPT_ECHO);
 144         if (!c->password)
 145                 c->password = credential_ask_one("Password", c,
 146                                                  PROMPT_ASKPASS);
 147 }
 148
 149 int credential_read(struct credential *c, FILE *fp)
 150 {
 151         struct strbuf line = STRBUF_INIT;
 152
 153         while (strbuf_getline_lf(&line, fp) != EOF) {
 154                 char *key = line.buf;
 155                 char *value = strchr(key, '=');
 156
 157                 if (!line.len)
 158                         break;
 159
 160                 if (!value) {
 161                         warning("invalid credential line: %s", key);
 162                         strbuf_release(&line);
 163                         return -1;
 164                 }
 165                 *value++ = '\0';
 166
 167                 if (!strcmp(key, "username")) {
 168                         free(c->username);
 169                         c->username = xstrdup(value);
 170                 } else if (!strcmp(key, "password")) {
 171                         free(c->password);
 172                         c->password = xstrdup(value);
 173                 } else if (!strcmp(key, "protocol")) {
 174                         free(c->protocol);
 175                         c->protocol = xstrdup(value);
 176                 } else if (!strcmp(key, "host")) {
 177                         free(c->host);
 178                         c->host = xstrdup(value);
 179                 } else if (!strcmp(key, "path")) {
 180                         free(c->path);
 181                         c->path = xstrdup(value);
 182                 } else if (!strcmp(key, "url")) {
 183                         credential_from_url(c, value);
 184                 } else if (!strcmp(key, "quit")) {
 185                         c->quit = !!git_config_bool("quit", value);
 186                 }
 187                 /*
 188                  * Ignore other lines; we don't know what they mean, but
 189                  * this future-proofs us when later versions of git do
 190                  * learn new lines, and the helpers are updated to match.
 191                  */
 192         }
 193
 194         strbuf_release(&line);
 195         return 0;
 196 }
 197
 198 static void credential_write_item(FILE *fp, const char *key, const char *value,
 199                                   int required)
 200 {
 201         if (!value && required)
 202                 BUG("credential value for %s is missing", key);
 203         if (!value)
 204                 return;
 205         if (strchr(value, '\n'))
 206                 die("credential value for %s contains newline", key);
 207         fprintf(fp, "%s=%s\n", key, value);
 208 }
 209
 210 void credential_write(const struct credential *c, FILE *fp)
 211 {
 212         credential_write_item(fp, "protocol", c->protocol, 1);
 213         credential_write_item(fp, "host", c->host, 1);
 214         credential_write_item(fp, "path", c->path, 0);
 215         credential_write_item(fp, "username", c->username, 0);
 216         credential_write_item(fp, "password", c->password, 0);
 217 }
 218
 219 static int run_credential_helper(struct credential *c,
 220                                  const char *cmd,
 221                                  int want_output)
 222 {
 223         struct child_process helper = CHILD_PROCESS_INIT;
 224         const char *argv[] = { NULL, NULL };
 225         FILE *fp;
 226
 227         argv[0] = cmd;
 228         helper.argv = argv;
 229         helper.use_shell = 1;
 230         helper.in = -1;
 231         if (want_output)
 232                 helper.out = -1;
 233         else
 234                 helper.no_stdout = 1;
 235
 236         if (start_command(&helper) < 0)
 237                 return -1;
 238
 239         fp = xfdopen(helper.in, "w");
 240         credential_write(c, fp);
 241         fclose(fp);
 242
 243         if (want_output) {
 244                 int r;
 245                 fp = xfdopen(helper.out, "r");
 246                 r = credential_read(c, fp);
 247                 fclose(fp);
 248                 if (r < 0) {
 249                         finish_command(&helper);
 250                         return -1;
 251                 }
 252         }
 253
 254         if (finish_command(&helper))
 255                 return -1;
 256         return 0;
 257 }
 258
 259 static int credential_do(struct credential *c, const char *helper,
 260                          const char *operation)
 261 {
 262         struct strbuf cmd = STRBUF_INIT;
 263         int r;
 264
 265         if (helper[0] == '!')
 266                 strbuf_addstr(&cmd, helper + 1);
 267         else if (is_absolute_path(helper))
 268                 strbuf_addstr(&cmd, helper);
 269         else
 270                 strbuf_addf(&cmd, "git credential-%s", helper);
 271
 272         strbuf_addf(&cmd, " %s", operation);
 273         r = run_credential_helper(c, cmd.buf, !strcmp(operation, "get"));
 274
 275         strbuf_release(&cmd);
 276         return r;
 277 }
 278
 279 void credential_fill(struct credential *c)
 280 {
 281         int i;
 282
 283         if (c->username && c->password)
 284                 return;
 285
 286         credential_apply_config(c);
 287
 288         for (i = 0; i < c->helpers.nr; i++) {
 289                 credential_do(c, c->helpers.items[i].string, "get");
 290                 if (c->username && c->password)
 291                         return;
 292                 if (c->quit)
 293                         die("credential helper '%s' told us to quit",
 294                             c->helpers.items[i].string);
 295         }
 296
 297         credential_getpass(c);
 298         if (!c->username && !c->password)
 299                 die("unable to get password from user");
 300 }
 301
 302 void credential_approve(struct credential *c)
 303 {
 304         int i;
 305
 306         if (c->approved)
 307                 return;
 308         if (!c->username || !c->password)
 309                 return;
 310
 311         credential_apply_config(c);
 312
 313         for (i = 0; i < c->helpers.nr; i++)
 314                 credential_do(c, c->helpers.items[i].string, "store");
 315         c->approved = 1;
 316 }
 317
 318 void credential_reject(struct credential *c)
 319 {
 320         int i;
 321
 322         credential_apply_config(c);
 323
 324         for (i = 0; i < c->helpers.nr; i++)
 325                 credential_do(c, c->helpers.items[i].string, "erase");
 326
 327         FREE_AND_NULL(c->username);
 328         FREE_AND_NULL(c->password);
 329         c->approved = 0;
 330 }
 331
 332 static int check_url_component(const char *url, int quiet,
 333                                const char *name, const char *value)
 334 {
 335         if (!value)
 336                 return 0;
 337         if (!strchr(value, '\n'))
 338                 return 0;
 339
 340         if (!quiet)
 341                 warning(_("url contains a newline in its %s component: %s"),
 342                         name, url);
 343         return -1;
 344 }
 345
 346 /*
 347  * Potentially-partial URLs can, but do not have to, contain
 348  *
 349  * - a protocol (or scheme) of the form "<protocol>://"
 350  *
 351  * - a host name (the part after the protocol and before the first slash after
 352  *   that, if any)
 353  *
 354  * - a user name and potentially a password (as "<user>[:<password>]@" part of
 355  *   the host name)
 356  *
 357  * - a path (the part after the host name, if any, starting with the slash)
 358  *
 359  * Missing parts will be left unset in `struct credential`. Thus, `https://`
 360  * will have only the `protocol` set, `example.com` only the host name, and
 361  * `/git` only the path.
 362  *
 363  * Note that an empty host name in an otherwise fully-qualified URL (e.g.
 364  * `cert:///path/to/cert.pem`) will be treated as unset if we expect the URL to
 365  * be potentially partial, and only then (otherwise, the empty string is used).
 366  *
 367  * The credential_from_url() function does not allow partial URLs.
 368  */
 369 static int credential_from_url_1(struct credential *c, const char *url,
 370                                  int allow_partial_url, int quiet)
 371 {
 372         const char *at, *colon, *cp, *slash, *host, *proto_end;
 373
 374         credential_clear(c);
 375
 376         /*
 377          * Match one of:
 378          *   (1) proto://<host>/...
 379          *   (2) proto://<user>@<host>/...
 380          *   (3) proto://<user>:<pass>@<host>/...
 381          */
 382         proto_end = strstr(url, "://");
 383         if (!allow_partial_url && (!proto_end || proto_end == url)) {
 384                 if (!quiet)
 385                         warning(_("url has no scheme: %s"), url);
 386                 return -1;
 387         }
 388         cp = proto_end ? proto_end + 3 : url;
 389         at = strchr(cp, '@');
 390         colon = strchr(cp, ':');
 391         slash = strchrnul(cp, '/');
 392
 393         if (!at || slash <= at) {
 394                 /* Case (1) */
 395                 host = cp;
 396         }
 397         else if (!colon || at <= colon) {
 398                 /* Case (2) */
 399                 c->username = url_decode_mem(cp, at - cp);
 400                 host = at + 1;
 401         } else {
 402                 /* Case (3) */
 403                 c->username = url_decode_mem(cp, colon - cp);
 404                 c->password = url_decode_mem(colon + 1, at - (colon + 1));
 405                 host = at + 1;
 406         }
 407
 408         if (proto_end && proto_end - url > 0)
 409                 c->protocol = xmemdupz(url, proto_end - url);
 410         if (!allow_partial_url || slash - host > 0)
 411                 c->host = url_decode_mem(host, slash - host);
 412         /* Trim leading and trailing slashes from path */
 413         while (*slash == '/')
 414                 slash++;
 415         if (*slash) {
 416                 char *p;
 417                 c->path = url_decode(slash);
 418                 p = c->path + strlen(c->path) - 1;
 419                 while (p > c->path && *p == '/')
 420                         *p-- = '\0';
 421         }
 422
 423         if (check_url_component(url, quiet, "username", c->username) < 0 ||
 424             check_url_component(url, quiet, "password", c->password) < 0 ||
 425             check_url_component(url, quiet, "protocol", c->protocol) < 0 ||
 426             check_url_component(url, quiet, "host", c->host) < 0 ||
 427             check_url_component(url, quiet, "path", c->path) < 0)
 428                 return -1;
 429
 430         return 0;
 431 }
 432
 433 int credential_from_url_gently(struct credential *c, const char *url, int quiet)
 434 {
 435         return credential_from_url_1(c, url, 0, quiet);
 436 }
 437
 438 void credential_from_url(struct credential *c, const char *url)
 439 {
 440         if (credential_from_url_gently(c, url, 0) < 0)
 441                 die(_("credential url cannot be parsed: %s"), url);
 442 }