2 * A git credential helper that interface with Windows' Credential Manager
13 #define ARRAY_SIZE(x) (sizeof(x)/sizeof(x[0]))
15 __attribute__((format (printf
, 1, 2)))
16 static void die(const char *err
, ...)
20 va_start(params
, err
);
21 vsnprintf(msg
, sizeof(msg
), err
, params
);
22 fprintf(stderr
, "%s\n", msg
);
27 static void *xmalloc(size_t size
)
29 void *ret
= malloc(size
);
37 static WCHAR
*wusername
, *password
, *protocol
, *host
, *path
, target
[1024],
40 static void write_item(const char *what
, LPCWSTR wbuf
, int wlen
)
45 printf("%s=\n", what
);
49 int len
= WideCharToMultiByte(CP_UTF8
, 0, wbuf
, wlen
, NULL
, 0, NULL
,
53 if (!WideCharToMultiByte(CP_UTF8
, 0, wbuf
, wlen
, buf
, len
, NULL
, FALSE
))
54 die("WideCharToMultiByte failed!");
57 fwrite(buf
, 1, len
, stdout
);
63 * Match an (optional) expected string and a delimiter in the target string,
64 * consuming the matched text by updating the target pointer.
67 static LPCWSTR
wcsstr_last(LPCWSTR str
, LPCWSTR find
)
69 LPCWSTR res
= NULL
, pos
;
70 for (pos
= wcsstr(str
, find
); pos
; pos
= wcsstr(pos
+ 1, find
))
75 static int match_part_with_last(LPCWSTR
*ptarget
, LPCWSTR want
, LPCWSTR delim
, int last
)
77 LPCWSTR delim_pos
, start
= *ptarget
;
80 /* find start of delimiter (or end-of-string if delim is empty) */
82 delim_pos
= last
? wcsstr_last(start
, delim
) : wcsstr(start
, delim
);
84 delim_pos
= start
+ wcslen(start
);
87 * match text up to delimiter, or end of string (e.g. the '/' after
88 * host is optional if not followed by a path)
91 len
= delim_pos
- start
;
95 /* update ptarget if we either found a delimiter or need a match */
96 if (delim_pos
|| want
)
97 *ptarget
= delim_pos
? delim_pos
+ wcslen(delim
) : start
+ len
;
99 return !want
|| (!wcsncmp(want
, start
, len
) && !want
[len
]);
102 static int match_part(LPCWSTR
*ptarget
, LPCWSTR want
, LPCWSTR delim
)
104 return match_part_with_last(ptarget
, want
, delim
, 0);
107 static int match_part_last(LPCWSTR
*ptarget
, LPCWSTR want
, LPCWSTR delim
)
109 return match_part_with_last(ptarget
, want
, delim
, 1);
112 static int match_cred_password(const CREDENTIALW
*cred
) {
114 WCHAR
*cred_password
= xmalloc(cred
->CredentialBlobSize
);
115 wcsncpy_s(cred_password
, cred
->CredentialBlobSize
,
116 (LPCWSTR
)cred
->CredentialBlob
,
117 cred
->CredentialBlobSize
/ sizeof(WCHAR
));
118 ret
= !wcscmp(cred_password
, password
);
123 static int match_cred(const CREDENTIALW
*cred
, int match_password
)
125 LPCWSTR target
= cred
->TargetName
;
126 if (wusername
&& wcscmp(wusername
, cred
->UserName
? cred
->UserName
: L
""))
129 return match_part(&target
, L
"git", L
":") &&
130 match_part(&target
, protocol
, L
"://") &&
131 match_part_last(&target
, wusername
, L
"@") &&
132 match_part(&target
, host
, L
"/") &&
133 match_part(&target
, path
, L
"") &&
134 (!match_password
|| match_cred_password(cred
));
137 static void get_credential(void)
142 CREDENTIAL_ATTRIBUTEW
*attr
;
144 if (!CredEnumerateW(L
"git:*", 0, &num_creds
, &creds
))
147 /* search for the first credential that matches username */
148 for (i
= 0; i
< num_creds
; ++i
)
149 if (match_cred(creds
[i
], 0)) {
150 write_item("username", creds
[i
]->UserName
,
151 creds
[i
]->UserName
? wcslen(creds
[i
]->UserName
) : 0);
152 write_item("password",
153 (LPCWSTR
)creds
[i
]->CredentialBlob
,
154 creds
[i
]->CredentialBlobSize
/ sizeof(WCHAR
));
155 for (int j
= 0; j
< creds
[i
]->AttributeCount
; j
++) {
156 attr
= creds
[i
]->Attributes
+ j
;
157 if (!wcscmp(attr
->Keyword
, L
"git_password_expiry_utc")) {
158 write_item("password_expiry_utc", (LPCWSTR
)attr
->Value
,
159 attr
->ValueSize
/ sizeof(WCHAR
));
169 static void store_credential(void)
172 CREDENTIAL_ATTRIBUTEW expiry_attr
;
174 if (!wusername
|| !password
)
178 cred
.Type
= CRED_TYPE_GENERIC
;
179 cred
.TargetName
= target
;
180 cred
.Comment
= L
"saved by git-credential-wincred";
181 cred
.CredentialBlobSize
= (wcslen(password
)) * sizeof(WCHAR
);
182 cred
.CredentialBlob
= (LPVOID
)password
;
183 cred
.Persist
= CRED_PERSIST_LOCAL_MACHINE
;
184 cred
.AttributeCount
= 0;
185 cred
.Attributes
= NULL
;
186 if (password_expiry_utc
!= NULL
) {
187 expiry_attr
.Keyword
= L
"git_password_expiry_utc";
188 expiry_attr
.Value
= (LPVOID
)password_expiry_utc
;
189 expiry_attr
.ValueSize
= (wcslen(password_expiry_utc
)) * sizeof(WCHAR
);
190 expiry_attr
.Flags
= 0;
191 cred
.Attributes
= &expiry_attr
;
192 cred
.AttributeCount
= 1;
194 cred
.TargetAlias
= NULL
;
195 cred
.UserName
= wusername
;
197 if (!CredWriteW(&cred
, 0))
198 die("CredWrite failed");
201 static void erase_credential(void)
207 if (!CredEnumerateW(L
"git:*", 0, &num_creds
, &creds
))
210 for (i
= 0; i
< num_creds
; ++i
) {
211 if (match_cred(creds
[i
], password
!= NULL
))
212 CredDeleteW(creds
[i
]->TargetName
, creds
[i
]->Type
, 0);
218 static WCHAR
*utf8_to_utf16_dup(const char *str
)
220 int wlen
= MultiByteToWideChar(CP_UTF8
, 0, str
, -1, NULL
, 0);
221 WCHAR
*wstr
= xmalloc(sizeof(WCHAR
) * wlen
);
222 MultiByteToWideChar(CP_UTF8
, 0, str
, -1, wstr
, wlen
);
228 static void read_credential(void)
230 size_t alloc
= 100 * KB
;
231 char *buf
= calloc(alloc
, sizeof(*buf
));
233 while (fgets(buf
, alloc
, stdin
)) {
235 size_t len
= strlen(buf
);
236 int ends_in_newline
= 0;
237 /* strip trailing CR / LF */
238 if (len
&& buf
[len
- 1] == '\n') {
242 if (len
&& buf
[len
- 1] == '\r')
245 if (!ends_in_newline
)
246 die("bad input: %s", buf
);
251 v
= strchr(buf
, '=');
253 die("bad input: %s", buf
);
256 if (!strcmp(buf
, "protocol"))
257 protocol
= utf8_to_utf16_dup(v
);
258 else if (!strcmp(buf
, "host"))
259 host
= utf8_to_utf16_dup(v
);
260 else if (!strcmp(buf
, "path"))
261 path
= utf8_to_utf16_dup(v
);
262 else if (!strcmp(buf
, "username")) {
263 wusername
= utf8_to_utf16_dup(v
);
264 } else if (!strcmp(buf
, "password"))
265 password
= utf8_to_utf16_dup(v
);
266 else if (!strcmp(buf
, "password_expiry_utc"))
267 password_expiry_utc
= utf8_to_utf16_dup(v
);
269 * Ignore other lines; we don't know what they mean, but
270 * this future-proofs us when later versions of git do
271 * learn new lines, and the helpers are updated to match.
278 int main(int argc
, char *argv
[])
281 "usage: git credential-wincred <get|store|erase>\n";
286 /* git use binary pipes to avoid CRLF-issues */
287 _setmode(_fileno(stdin
), _O_BINARY
);
288 _setmode(_fileno(stdout
), _O_BINARY
);
292 if (!protocol
|| !(host
|| path
))
295 /* prepare 'target', the unique key for the credential */
296 wcscpy(target
, L
"git:");
297 wcsncat(target
, protocol
, ARRAY_SIZE(target
));
298 wcsncat(target
, L
"://", ARRAY_SIZE(target
));
300 wcsncat(target
, wusername
, ARRAY_SIZE(target
));
301 wcsncat(target
, L
"@", ARRAY_SIZE(target
));
304 wcsncat(target
, host
, ARRAY_SIZE(target
));
306 wcsncat(target
, L
"/", ARRAY_SIZE(target
));
307 wcsncat(target
, path
, ARRAY_SIZE(target
));
310 if (!strcmp(argv
[1], "get"))
312 else if (!strcmp(argv
[1], "store"))
314 else if (!strcmp(argv
[1], "erase"))
316 /* otherwise, ignore unknown action */