Merge branch 'ma/double-dashes-in-docs'
[git.git] / contrib / credential / osxkeychain / git-credential-osxkeychain.c
blobbcd3f575a3e38611a88a8a0fcd51d39b9edb1599
1 #include <stdio.h>
2 #include <string.h>
3 #include <stdlib.h>
4 #include <Security/Security.h>
6 static SecProtocolType protocol;
7 static char *host;
8 static char *path;
9 static char *username;
10 static char *password;
11 static UInt16 port;
13 static void die(const char *err, ...)
15 char msg[4096];
16 va_list params;
17 va_start(params, err);
18 vsnprintf(msg, sizeof(msg), err, params);
19 fprintf(stderr, "%s\n", msg);
20 va_end(params);
21 exit(1);
24 static void *xstrdup(const char *s1)
26 void *ret = strdup(s1);
27 if (!ret)
28 die("Out of memory");
29 return ret;
32 #define KEYCHAIN_ITEM(x) (x ? strlen(x) : 0), x
33 #define KEYCHAIN_ARGS \
34 NULL, /* default keychain */ \
35 KEYCHAIN_ITEM(host), \
36 0, NULL, /* account domain */ \
37 KEYCHAIN_ITEM(username), \
38 KEYCHAIN_ITEM(path), \
39 port, \
40 protocol, \
41 kSecAuthenticationTypeDefault
43 static void write_item(const char *what, const char *buf, int len)
45 printf("%s=", what);
46 fwrite(buf, 1, len, stdout);
47 putchar('\n');
50 static void find_username_in_item(SecKeychainItemRef item)
52 SecKeychainAttributeList list;
53 SecKeychainAttribute attr;
55 list.count = 1;
56 list.attr = &attr;
57 attr.tag = kSecAccountItemAttr;
59 if (SecKeychainItemCopyContent(item, NULL, &list, NULL, NULL))
60 return;
62 write_item("username", attr.data, attr.length);
63 SecKeychainItemFreeContent(&list, NULL);
66 static void find_internet_password(void)
68 void *buf;
69 UInt32 len;
70 SecKeychainItemRef item;
72 if (SecKeychainFindInternetPassword(KEYCHAIN_ARGS, &len, &buf, &item))
73 return;
75 write_item("password", buf, len);
76 if (!username)
77 find_username_in_item(item);
79 SecKeychainItemFreeContent(NULL, buf);
82 static void delete_internet_password(void)
84 SecKeychainItemRef item;
87 * Require at least a protocol and host for removal, which is what git
88 * will give us; if you want to do something more fancy, use the
89 * Keychain manager.
91 if (!protocol || !host)
92 return;
94 if (SecKeychainFindInternetPassword(KEYCHAIN_ARGS, 0, NULL, &item))
95 return;
97 SecKeychainItemDelete(item);
100 static void add_internet_password(void)
102 /* Only store complete credentials */
103 if (!protocol || !host || !username || !password)
104 return;
106 if (SecKeychainAddInternetPassword(
107 KEYCHAIN_ARGS,
108 KEYCHAIN_ITEM(password),
109 NULL))
110 return;
113 static void read_credential(void)
115 char buf[1024];
117 while (fgets(buf, sizeof(buf), stdin)) {
118 char *v;
120 if (!strcmp(buf, "\n"))
121 break;
122 buf[strlen(buf)-1] = '\0';
124 v = strchr(buf, '=');
125 if (!v)
126 die("bad input: %s", buf);
127 *v++ = '\0';
129 if (!strcmp(buf, "protocol")) {
130 if (!strcmp(v, "imap"))
131 protocol = kSecProtocolTypeIMAP;
132 else if (!strcmp(v, "imaps"))
133 protocol = kSecProtocolTypeIMAPS;
134 else if (!strcmp(v, "ftp"))
135 protocol = kSecProtocolTypeFTP;
136 else if (!strcmp(v, "ftps"))
137 protocol = kSecProtocolTypeFTPS;
138 else if (!strcmp(v, "https"))
139 protocol = kSecProtocolTypeHTTPS;
140 else if (!strcmp(v, "http"))
141 protocol = kSecProtocolTypeHTTP;
142 else if (!strcmp(v, "smtp"))
143 protocol = kSecProtocolTypeSMTP;
144 else /* we don't yet handle other protocols */
145 exit(0);
147 else if (!strcmp(buf, "host")) {
148 char *colon = strchr(v, ':');
149 if (colon) {
150 *colon++ = '\0';
151 port = atoi(colon);
153 host = xstrdup(v);
155 else if (!strcmp(buf, "path"))
156 path = xstrdup(v);
157 else if (!strcmp(buf, "username"))
158 username = xstrdup(v);
159 else if (!strcmp(buf, "password"))
160 password = xstrdup(v);
164 int main(int argc, const char **argv)
166 const char *usage =
167 "usage: git credential-osxkeychain <get|store|erase>";
169 if (!argv[1])
170 die(usage);
172 read_credential();
174 if (!strcmp(argv[1], "get"))
175 find_internet_password();
176 else if (!strcmp(argv[1], "store"))
177 add_internet_password();
178 else if (!strcmp(argv[1], "erase"))
179 delete_internet_password();
180 /* otherwise, ignore unknown action */
182 return 0;