4 #include "object-file.h"
5 #include "parse-options.h"
7 #ifndef NO_UNIX_SOCKETS
11 #include "credential.h"
12 #include "unix-socket.h"
14 struct credential_cache_entry
{
15 struct credential item
;
16 timestamp_t expiration
;
18 static struct credential_cache_entry
*entries
;
19 static int entries_nr
;
20 static int entries_alloc
;
22 static void cache_credential(struct credential
*c
, int timeout
)
24 struct credential_cache_entry
*e
;
26 ALLOC_GROW(entries
, entries_nr
+ 1, entries_alloc
);
27 e
= &entries
[entries_nr
++];
29 /* take ownership of pointers */
30 memcpy(&e
->item
, c
, sizeof(*c
));
31 memset(c
, 0, sizeof(*c
));
32 e
->expiration
= time(NULL
) + timeout
;
35 static struct credential_cache_entry
*lookup_credential(const struct credential
*c
)
38 for (i
= 0; i
< entries_nr
; i
++) {
39 struct credential
*e
= &entries
[i
].item
;
40 if (credential_match(c
, e
, 0))
46 static void remove_credential(const struct credential
*c
, int match_password
)
48 struct credential_cache_entry
*e
;
51 for (i
= 0; i
< entries_nr
; i
++) {
53 if (credential_match(c
, &e
->item
, match_password
))
58 static timestamp_t
check_expirations(void)
60 static timestamp_t wait_for_entry_until
;
62 timestamp_t now
= time(NULL
);
63 timestamp_t next
= TIME_MAX
;
66 * Initially give the client 30 seconds to actually contact us
67 * and store a credential before we decide there's no point in
68 * keeping the daemon around.
70 if (!wait_for_entry_until
)
71 wait_for_entry_until
= now
+ 30;
73 while (i
< entries_nr
) {
74 if (entries
[i
].expiration
<= now
) {
76 credential_clear(&entries
[i
].item
);
78 memcpy(&entries
[i
], &entries
[entries_nr
], sizeof(*entries
));
80 * Stick around 30 seconds in case a new credential
81 * shows up (e.g., because we just removed a failed
82 * one, and we will soon get the correct one).
84 wait_for_entry_until
= now
+ 30;
87 if (entries
[i
].expiration
< next
)
88 next
= entries
[i
].expiration
;
94 if (wait_for_entry_until
<= now
)
96 next
= wait_for_entry_until
;
102 static int read_request(FILE *fh
, struct credential
*c
,
103 struct strbuf
*action
, int *timeout
)
105 static struct strbuf item
= STRBUF_INIT
;
108 strbuf_getline_lf(&item
, fh
);
109 if (!skip_prefix(item
.buf
, "action=", &p
))
110 return error("client sent bogus action line: %s", item
.buf
);
111 strbuf_addstr(action
, p
);
113 strbuf_getline_lf(&item
, fh
);
114 if (!skip_prefix(item
.buf
, "timeout=", &p
))
115 return error("client sent bogus timeout line: %s", item
.buf
);
118 if (credential_read(c
, fh
) < 0)
123 static void serve_one_client(FILE *in
, FILE *out
)
125 struct credential c
= CREDENTIAL_INIT
;
126 struct strbuf action
= STRBUF_INIT
;
129 if (read_request(in
, &c
, &action
, &timeout
) < 0)
131 else if (!strcmp(action
.buf
, "get")) {
132 struct credential_cache_entry
*e
= lookup_credential(&c
);
134 fprintf(out
, "username=%s\n", e
->item
.username
);
135 fprintf(out
, "password=%s\n", e
->item
.password
);
136 if (e
->item
.password_expiry_utc
!= TIME_MAX
)
137 fprintf(out
, "password_expiry_utc=%"PRItime
"\n",
138 e
->item
.password_expiry_utc
);
139 if (e
->item
.oauth_refresh_token
)
140 fprintf(out
, "oauth_refresh_token=%s\n",
141 e
->item
.oauth_refresh_token
);
144 else if (!strcmp(action
.buf
, "exit")) {
146 * It's important that we clean up our socket first, and then
147 * signal the client only once we have finished the cleanup.
148 * Calling exit() directly does this, because we clean up in
149 * our atexit() handler, and then signal the client when our
150 * process actually ends, which closes the socket and gives
155 else if (!strcmp(action
.buf
, "erase"))
156 remove_credential(&c
, 1);
157 else if (!strcmp(action
.buf
, "store")) {
159 warning("cache client didn't specify a timeout");
160 else if (!c
.username
|| !c
.password
)
161 warning("cache client gave us a partial credential");
163 remove_credential(&c
, 0);
164 cache_credential(&c
, timeout
);
168 warning("cache client sent unknown action: %s", action
.buf
);
170 credential_clear(&c
);
171 strbuf_release(&action
);
174 static int serve_cache_loop(int fd
)
179 wakeup
= check_expirations();
185 if (poll(&pfd
, 1, 1000 * wakeup
) < 0) {
187 die_errno("poll failed");
191 if (pfd
.revents
& POLLIN
) {
195 client
= accept(fd
, NULL
, NULL
);
197 warning_errno("accept failed");
200 client2
= dup(client
);
202 warning_errno("dup failed");
207 in
= xfdopen(client
, "r");
208 out
= xfdopen(client2
, "w");
209 serve_one_client(in
, out
);
216 static void serve_cache(const char *socket_path
, int debug
)
218 struct unix_stream_listen_opts opts
= UNIX_STREAM_LISTEN_OPTS_INIT
;
221 fd
= unix_stream_listen(socket_path
, &opts
);
223 die_errno("unable to bind to '%s'", socket_path
);
228 if (!freopen("/dev/null", "w", stderr
))
229 die_errno("unable to point stderr to /dev/null");
232 while (serve_cache_loop(fd
))
238 static const char permissions_advice
[] = N_(
239 "The permissions on your socket directory are too loose; other\n"
240 "users may be able to read your cached credentials. Consider running:\n"
243 static void init_socket_directory(const char *path
)
246 char *path_copy
= xstrdup(path
);
247 char *dir
= dirname(path_copy
);
249 if (!stat(dir
, &st
)) {
250 if (st
.st_mode
& 077)
251 die(_(permissions_advice
), dir
);
254 * We must be sure to create the directory with the correct mode,
255 * not just chmod it after the fact; otherwise, there is a race
256 * condition in which somebody can chdir to it, sleep, then try to open
257 * our protected socket.
259 if (safe_create_leading_directories_const(dir
) < 0)
260 die_errno("unable to create directories for '%s'", dir
);
261 if (mkdir(dir
, 0700) < 0)
262 die_errno("unable to mkdir '%s'", dir
);
267 * We don't actually care what our cwd is; we chdir here just to
268 * be a friendly daemon and avoid tying up our original cwd.
269 * If this fails, it's OK to just continue without that benefit.
276 int cmd_credential_cache_daemon(int argc
, const char **argv
, const char *prefix
)
278 struct tempfile
*socket_file
;
279 const char *socket_path
;
280 int ignore_sighup
= 0;
281 static const char *usage
[] = {
282 "git credential-cache--daemon [--debug] <socket-path>",
286 const struct option options
[] = {
287 OPT_BOOL(0, "debug", &debug
,
288 N_("print debugging messages to stderr")),
292 git_config_get_bool("credentialcache.ignoresighup", &ignore_sighup
);
294 argc
= parse_options(argc
, argv
, prefix
, options
, usage
, 0);
295 socket_path
= argv
[0];
297 if (!have_unix_sockets())
298 die(_("credential-cache--daemon unavailable; no unix socket support"));
300 usage_with_options(usage
, options
);
302 if (!is_absolute_path(socket_path
))
303 die("socket directory must be an absolute path");
305 init_socket_directory(socket_path
);
306 socket_file
= register_tempfile(socket_path
);
309 signal(SIGHUP
, SIG_IGN
);
311 serve_cache(socket_path
, debug
);
312 delete_tempfile(&socket_file
);
319 int cmd_credential_cache_daemon(int argc
, const char **argv
, const char *prefix
)
321 const char * const usage
[] = {
322 "git credential-cache--daemon [--debug] <socket-path>",
324 "credential-cache--daemon is disabled in this build of Git",
327 struct option options
[] = { OPT_END() };
329 argc
= parse_options(argc
, argv
, prefix
, options
, usage
, 0);
330 die(_("credential-cache--daemon unavailable; no unix socket support"));
333 #endif /* NO_UNIX_SOCKET */