2 * A git credential helper that interface with Windows' Credential Manager
13 #define ARRAY_SIZE(x) (sizeof(x)/sizeof(x[0]))
15 __attribute__((format (printf
, 1, 2)))
16 static void die(const char *err
, ...)
20 va_start(params
, err
);
21 vsnprintf(msg
, sizeof(msg
), err
, params
);
22 fprintf(stderr
, "%s\n", msg
);
27 static void *xmalloc(size_t size
)
29 void *ret
= malloc(size
);
37 static WCHAR
*wusername
, *password
, *protocol
, *host
, *path
, target
[1024],
38 *password_expiry_utc
, *oauth_refresh_token
;
40 static void write_item(const char *what
, LPCWSTR wbuf
, int wlen
)
45 printf("%s=\n", what
);
49 int len
= WideCharToMultiByte(CP_UTF8
, 0, wbuf
, wlen
, NULL
, 0, NULL
,
53 if (!WideCharToMultiByte(CP_UTF8
, 0, wbuf
, wlen
, buf
, len
, NULL
, FALSE
))
54 die("WideCharToMultiByte failed!");
57 fwrite(buf
, 1, len
, stdout
);
63 * Match an (optional) expected string and a delimiter in the target string,
64 * consuming the matched text by updating the target pointer.
67 static LPCWSTR
wcsstr_last(LPCWSTR str
, LPCWSTR find
)
69 LPCWSTR res
= NULL
, pos
;
70 for (pos
= wcsstr(str
, find
); pos
; pos
= wcsstr(pos
+ 1, find
))
75 static int match_part_with_last(LPCWSTR
*ptarget
, LPCWSTR want
, LPCWSTR delim
, int last
)
77 LPCWSTR delim_pos
, start
= *ptarget
;
80 /* find start of delimiter (or end-of-string if delim is empty) */
82 delim_pos
= last
? wcsstr_last(start
, delim
) : wcsstr(start
, delim
);
84 delim_pos
= start
+ wcslen(start
);
87 * match text up to delimiter, or end of string (e.g. the '/' after
88 * host is optional if not followed by a path)
91 len
= delim_pos
- start
;
95 /* update ptarget if we either found a delimiter or need a match */
96 if (delim_pos
|| want
)
97 *ptarget
= delim_pos
? delim_pos
+ wcslen(delim
) : start
+ len
;
99 return !want
|| (!wcsncmp(want
, start
, len
) && !want
[len
]);
102 static int match_part(LPCWSTR
*ptarget
, LPCWSTR want
, LPCWSTR delim
)
104 return match_part_with_last(ptarget
, want
, delim
, 0);
107 static int match_part_last(LPCWSTR
*ptarget
, LPCWSTR want
, LPCWSTR delim
)
109 return match_part_with_last(ptarget
, want
, delim
, 1);
112 static int match_cred_password(const CREDENTIALW
*cred
) {
114 WCHAR
*cred_password
= xmalloc(cred
->CredentialBlobSize
);
115 wcsncpy_s(cred_password
, cred
->CredentialBlobSize
,
116 (LPCWSTR
)cred
->CredentialBlob
,
117 cred
->CredentialBlobSize
/ sizeof(WCHAR
));
118 ret
= !wcscmp(cred_password
, password
);
123 static int match_cred(const CREDENTIALW
*cred
, int match_password
)
125 LPCWSTR target
= cred
->TargetName
;
126 if (wusername
&& wcscmp(wusername
, cred
->UserName
? cred
->UserName
: L
""))
129 return match_part(&target
, L
"git", L
":") &&
130 match_part(&target
, protocol
, L
"://") &&
131 match_part_last(&target
, wusername
, L
"@") &&
132 match_part(&target
, host
, L
"/") &&
133 match_part(&target
, path
, L
"") &&
134 (!match_password
|| match_cred_password(cred
));
137 static void get_credential(void)
142 CREDENTIAL_ATTRIBUTEW
*attr
;
145 WCHAR
*remaining_lines
;
147 WCHAR
*remaining_parts
;
149 if (!CredEnumerateW(L
"git:*", 0, &num_creds
, &creds
))
152 /* search for the first credential that matches username */
153 for (i
= 0; i
< num_creds
; ++i
)
154 if (match_cred(creds
[i
], 0)) {
155 write_item("username", creds
[i
]->UserName
,
156 creds
[i
]->UserName
? wcslen(creds
[i
]->UserName
) : 0);
157 if (creds
[i
]->CredentialBlobSize
> 0) {
158 secret
= xmalloc(creds
[i
]->CredentialBlobSize
);
159 wcsncpy_s(secret
, creds
[i
]->CredentialBlobSize
, (LPCWSTR
)creds
[i
]->CredentialBlob
, creds
[i
]->CredentialBlobSize
/ sizeof(WCHAR
));
160 line
= wcstok_s(secret
, L
"\r\n", &remaining_lines
);
161 write_item("password", line
, line
? wcslen(line
) : 0);
162 while(line
!= NULL
) {
163 part
= wcstok_s(line
, L
"=", &remaining_parts
);
164 if (!wcscmp(part
, L
"oauth_refresh_token")) {
165 write_item("oauth_refresh_token", remaining_parts
, remaining_parts
? wcslen(remaining_parts
) : 0);
167 line
= wcstok_s(NULL
, L
"\r\n", &remaining_lines
);
171 write_item("password",
172 (LPCWSTR
)creds
[i
]->CredentialBlob
,
173 creds
[i
]->CredentialBlobSize
/ sizeof(WCHAR
));
175 for (int j
= 0; j
< creds
[i
]->AttributeCount
; j
++) {
176 attr
= creds
[i
]->Attributes
+ j
;
177 if (!wcscmp(attr
->Keyword
, L
"git_password_expiry_utc")) {
178 write_item("password_expiry_utc", (LPCWSTR
)attr
->Value
,
179 attr
->ValueSize
/ sizeof(WCHAR
));
189 static void store_credential(void)
192 CREDENTIAL_ATTRIBUTEW expiry_attr
;
196 if (!wusername
|| !password
)
199 if (oauth_refresh_token
) {
200 wlen
= _scwprintf(L
"%s\r\noauth_refresh_token=%s", password
, oauth_refresh_token
);
201 secret
= xmalloc(sizeof(WCHAR
) * wlen
);
202 _snwprintf_s(secret
, sizeof(WCHAR
) * wlen
, wlen
, L
"%s\r\noauth_refresh_token=%s", password
, oauth_refresh_token
);
204 secret
= _wcsdup(password
);
208 cred
.Type
= CRED_TYPE_GENERIC
;
209 cred
.TargetName
= target
;
210 cred
.Comment
= L
"saved by git-credential-wincred";
211 cred
.CredentialBlobSize
= wcslen(secret
) * sizeof(WCHAR
);
212 cred
.CredentialBlob
= (LPVOID
)_wcsdup(secret
);
213 cred
.Persist
= CRED_PERSIST_LOCAL_MACHINE
;
214 cred
.AttributeCount
= 0;
215 cred
.Attributes
= NULL
;
216 if (password_expiry_utc
!= NULL
) {
217 expiry_attr
.Keyword
= L
"git_password_expiry_utc";
218 expiry_attr
.Value
= (LPVOID
)password_expiry_utc
;
219 expiry_attr
.ValueSize
= (wcslen(password_expiry_utc
)) * sizeof(WCHAR
);
220 expiry_attr
.Flags
= 0;
221 cred
.Attributes
= &expiry_attr
;
222 cred
.AttributeCount
= 1;
224 cred
.TargetAlias
= NULL
;
225 cred
.UserName
= wusername
;
229 if (!CredWriteW(&cred
, 0))
230 die("CredWrite failed");
233 static void erase_credential(void)
239 if (!CredEnumerateW(L
"git:*", 0, &num_creds
, &creds
))
242 for (i
= 0; i
< num_creds
; ++i
) {
243 if (match_cred(creds
[i
], password
!= NULL
))
244 CredDeleteW(creds
[i
]->TargetName
, creds
[i
]->Type
, 0);
250 static WCHAR
*utf8_to_utf16_dup(const char *str
)
252 int wlen
= MultiByteToWideChar(CP_UTF8
, 0, str
, -1, NULL
, 0);
253 WCHAR
*wstr
= xmalloc(sizeof(WCHAR
) * wlen
);
254 MultiByteToWideChar(CP_UTF8
, 0, str
, -1, wstr
, wlen
);
260 static void read_credential(void)
262 size_t alloc
= 100 * KB
;
263 char *buf
= calloc(alloc
, sizeof(*buf
));
265 while (fgets(buf
, alloc
, stdin
)) {
267 size_t len
= strlen(buf
);
268 int ends_in_newline
= 0;
269 /* strip trailing CR / LF */
270 if (len
&& buf
[len
- 1] == '\n') {
274 if (len
&& buf
[len
- 1] == '\r')
277 if (!ends_in_newline
)
278 die("bad input: %s", buf
);
283 v
= strchr(buf
, '=');
285 die("bad input: %s", buf
);
288 if (!strcmp(buf
, "protocol"))
289 protocol
= utf8_to_utf16_dup(v
);
290 else if (!strcmp(buf
, "host"))
291 host
= utf8_to_utf16_dup(v
);
292 else if (!strcmp(buf
, "path"))
293 path
= utf8_to_utf16_dup(v
);
294 else if (!strcmp(buf
, "username")) {
295 wusername
= utf8_to_utf16_dup(v
);
296 } else if (!strcmp(buf
, "password"))
297 password
= utf8_to_utf16_dup(v
);
298 else if (!strcmp(buf
, "password_expiry_utc"))
299 password_expiry_utc
= utf8_to_utf16_dup(v
);
300 else if (!strcmp(buf
, "oauth_refresh_token"))
301 oauth_refresh_token
= utf8_to_utf16_dup(v
);
303 * Ignore other lines; we don't know what they mean, but
304 * this future-proofs us when later versions of git do
305 * learn new lines, and the helpers are updated to match.
312 int main(int argc
, char *argv
[])
315 "usage: git credential-wincred <get|store|erase>\n";
320 /* git use binary pipes to avoid CRLF-issues */
321 _setmode(_fileno(stdin
), _O_BINARY
);
322 _setmode(_fileno(stdout
), _O_BINARY
);
326 if (!protocol
|| !(host
|| path
))
329 /* prepare 'target', the unique key for the credential */
330 wcscpy(target
, L
"git:");
331 wcsncat(target
, protocol
, ARRAY_SIZE(target
));
332 wcsncat(target
, L
"://", ARRAY_SIZE(target
));
334 wcsncat(target
, wusername
, ARRAY_SIZE(target
));
335 wcsncat(target
, L
"@", ARRAY_SIZE(target
));
338 wcsncat(target
, host
, ARRAY_SIZE(target
));
340 wcsncat(target
, L
"/", ARRAY_SIZE(target
));
341 wcsncat(target
, path
, ARRAY_SIZE(target
));
344 if (!strcmp(argv
[1], "get"))
346 else if (!strcmp(argv
[1], "store"))
348 else if (!strcmp(argv
[1], "erase"))
350 /* otherwise, ignore unknown action */