Merge branch 'ab/avoid-losing-exit-codes-in-tests'
[git/debian.git] / credential.c
blobea40a2a410bb5b7b1294ca2a77944d9f7ca6c878
1 #include "cache.h"
2 #include "config.h"
3 #include "credential.h"
4 #include "string-list.h"
5 #include "run-command.h"
6 #include "url.h"
7 #include "prompt.h"
8 #include "sigchain.h"
9 #include "urlmatch.h"
10 #include "git-compat-util.h"
12 void credential_init(struct credential *c)
14 struct credential blank = CREDENTIAL_INIT;
15 memcpy(c, &blank, sizeof(*c));
18 void credential_clear(struct credential *c)
20 free(c->protocol);
21 free(c->host);
22 free(c->path);
23 free(c->username);
24 free(c->password);
25 string_list_clear(&c->helpers, 0);
26 strvec_clear(&c->wwwauth_headers);
28 credential_init(c);
31 int credential_match(const struct credential *want,
32 const struct credential *have)
34 #define CHECK(x) (!want->x || (have->x && !strcmp(want->x, have->x)))
35 return CHECK(protocol) &&
36 CHECK(host) &&
37 CHECK(path) &&
38 CHECK(username);
39 #undef CHECK
43 static int credential_from_potentially_partial_url(struct credential *c,
44 const char *url);
46 static int credential_config_callback(const char *var, const char *value,
47 void *data)
49 struct credential *c = data;
50 const char *key;
52 if (!skip_prefix(var, "credential.", &key))
53 return 0;
55 if (!value)
56 return config_error_nonbool(var);
58 if (!strcmp(key, "helper")) {
59 if (*value)
60 string_list_append(&c->helpers, value);
61 else
62 string_list_clear(&c->helpers, 0);
63 } else if (!strcmp(key, "username")) {
64 if (!c->username_from_proto) {
65 free(c->username);
66 c->username = xstrdup(value);
69 else if (!strcmp(key, "usehttppath"))
70 c->use_http_path = git_config_bool(var, value);
72 return 0;
75 static int proto_is_http(const char *s)
77 if (!s)
78 return 0;
79 return !strcmp(s, "https") || !strcmp(s, "http");
82 static void credential_describe(struct credential *c, struct strbuf *out);
83 static void credential_format(struct credential *c, struct strbuf *out);
85 static int select_all(const struct urlmatch_item *a,
86 const struct urlmatch_item *b)
88 return 0;
91 static int match_partial_url(const char *url, void *cb)
93 struct credential *c = cb;
94 struct credential want = CREDENTIAL_INIT;
95 int matches = 0;
97 if (credential_from_potentially_partial_url(&want, url) < 0)
98 warning(_("skipping credential lookup for key: credential.%s"),
99 url);
100 else
101 matches = credential_match(&want, c);
102 credential_clear(&want);
104 return matches;
107 static void credential_apply_config(struct credential *c)
109 char *normalized_url;
110 struct urlmatch_config config = URLMATCH_CONFIG_INIT;
111 struct strbuf url = STRBUF_INIT;
113 if (!c->host)
114 die(_("refusing to work with credential missing host field"));
115 if (!c->protocol)
116 die(_("refusing to work with credential missing protocol field"));
118 if (c->configured)
119 return;
121 config.section = "credential";
122 config.key = NULL;
123 config.collect_fn = credential_config_callback;
124 config.cascade_fn = NULL;
125 config.select_fn = select_all;
126 config.fallback_match_fn = match_partial_url;
127 config.cb = c;
129 credential_format(c, &url);
130 normalized_url = url_normalize(url.buf, &config.url);
132 git_config(urlmatch_config_entry, &config);
133 string_list_clear(&config.vars, 1);
134 free(normalized_url);
135 urlmatch_config_release(&config);
136 strbuf_release(&url);
138 c->configured = 1;
140 if (!c->use_http_path && proto_is_http(c->protocol)) {
141 FREE_AND_NULL(c->path);
145 static void credential_describe(struct credential *c, struct strbuf *out)
147 if (!c->protocol)
148 return;
149 strbuf_addf(out, "%s://", c->protocol);
150 if (c->username && *c->username)
151 strbuf_addf(out, "%s@", c->username);
152 if (c->host)
153 strbuf_addstr(out, c->host);
154 if (c->path)
155 strbuf_addf(out, "/%s", c->path);
158 static void credential_format(struct credential *c, struct strbuf *out)
160 if (!c->protocol)
161 return;
162 strbuf_addf(out, "%s://", c->protocol);
163 if (c->username && *c->username) {
164 strbuf_add_percentencode(out, c->username, STRBUF_ENCODE_SLASH);
165 strbuf_addch(out, '@');
167 if (c->host)
168 strbuf_addstr(out, c->host);
169 if (c->path) {
170 strbuf_addch(out, '/');
171 strbuf_add_percentencode(out, c->path, 0);
175 static char *credential_ask_one(const char *what, struct credential *c,
176 int flags)
178 struct strbuf desc = STRBUF_INIT;
179 struct strbuf prompt = STRBUF_INIT;
180 char *r;
182 credential_describe(c, &desc);
183 if (desc.len)
184 strbuf_addf(&prompt, "%s for '%s': ", what, desc.buf);
185 else
186 strbuf_addf(&prompt, "%s: ", what);
188 r = git_prompt(prompt.buf, flags);
190 strbuf_release(&desc);
191 strbuf_release(&prompt);
192 return xstrdup(r);
195 static void credential_getpass(struct credential *c)
197 if (!c->username)
198 c->username = credential_ask_one("Username", c,
199 PROMPT_ASKPASS|PROMPT_ECHO);
200 if (!c->password)
201 c->password = credential_ask_one("Password", c,
202 PROMPT_ASKPASS);
205 int credential_read(struct credential *c, FILE *fp)
207 struct strbuf line = STRBUF_INIT;
209 while (strbuf_getline(&line, fp) != EOF) {
210 char *key = line.buf;
211 char *value = strchr(key, '=');
213 if (!line.len)
214 break;
216 if (!value) {
217 warning("invalid credential line: %s", key);
218 strbuf_release(&line);
219 return -1;
221 *value++ = '\0';
223 if (!strcmp(key, "username")) {
224 free(c->username);
225 c->username = xstrdup(value);
226 c->username_from_proto = 1;
227 } else if (!strcmp(key, "password")) {
228 free(c->password);
229 c->password = xstrdup(value);
230 } else if (!strcmp(key, "protocol")) {
231 free(c->protocol);
232 c->protocol = xstrdup(value);
233 } else if (!strcmp(key, "host")) {
234 free(c->host);
235 c->host = xstrdup(value);
236 } else if (!strcmp(key, "path")) {
237 free(c->path);
238 c->path = xstrdup(value);
239 } else if (!strcmp(key, "password_expiry_utc")) {
240 errno = 0;
241 c->password_expiry_utc = parse_timestamp(value, NULL, 10);
242 if (c->password_expiry_utc == 0 || errno == ERANGE)
243 c->password_expiry_utc = TIME_MAX;
244 } else if (!strcmp(key, "url")) {
245 credential_from_url(c, value);
246 } else if (!strcmp(key, "quit")) {
247 c->quit = !!git_config_bool("quit", value);
250 * Ignore other lines; we don't know what they mean, but
251 * this future-proofs us when later versions of git do
252 * learn new lines, and the helpers are updated to match.
256 strbuf_release(&line);
257 return 0;
260 static void credential_write_item(FILE *fp, const char *key, const char *value,
261 int required)
263 if (!value && required)
264 BUG("credential value for %s is missing", key);
265 if (!value)
266 return;
267 if (strchr(value, '\n'))
268 die("credential value for %s contains newline", key);
269 fprintf(fp, "%s=%s\n", key, value);
272 void credential_write(const struct credential *c, FILE *fp)
274 credential_write_item(fp, "protocol", c->protocol, 1);
275 credential_write_item(fp, "host", c->host, 1);
276 credential_write_item(fp, "path", c->path, 0);
277 credential_write_item(fp, "username", c->username, 0);
278 credential_write_item(fp, "password", c->password, 0);
279 if (c->password_expiry_utc != TIME_MAX) {
280 char *s = xstrfmt("%"PRItime, c->password_expiry_utc);
281 credential_write_item(fp, "password_expiry_utc", s, 0);
282 free(s);
284 for (size_t i = 0; i < c->wwwauth_headers.nr; i++)
285 credential_write_item(fp, "wwwauth[]", c->wwwauth_headers.v[i], 0);
288 static int run_credential_helper(struct credential *c,
289 const char *cmd,
290 int want_output)
292 struct child_process helper = CHILD_PROCESS_INIT;
293 FILE *fp;
295 strvec_push(&helper.args, cmd);
296 helper.use_shell = 1;
297 helper.in = -1;
298 if (want_output)
299 helper.out = -1;
300 else
301 helper.no_stdout = 1;
303 if (start_command(&helper) < 0)
304 return -1;
306 fp = xfdopen(helper.in, "w");
307 sigchain_push(SIGPIPE, SIG_IGN);
308 credential_write(c, fp);
309 fclose(fp);
310 sigchain_pop(SIGPIPE);
312 if (want_output) {
313 int r;
314 fp = xfdopen(helper.out, "r");
315 r = credential_read(c, fp);
316 fclose(fp);
317 if (r < 0) {
318 finish_command(&helper);
319 return -1;
323 if (finish_command(&helper))
324 return -1;
325 return 0;
328 static int credential_do(struct credential *c, const char *helper,
329 const char *operation)
331 struct strbuf cmd = STRBUF_INIT;
332 int r;
334 if (helper[0] == '!')
335 strbuf_addstr(&cmd, helper + 1);
336 else if (is_absolute_path(helper))
337 strbuf_addstr(&cmd, helper);
338 else
339 strbuf_addf(&cmd, "git credential-%s", helper);
341 strbuf_addf(&cmd, " %s", operation);
342 r = run_credential_helper(c, cmd.buf, !strcmp(operation, "get"));
344 strbuf_release(&cmd);
345 return r;
348 void credential_fill(struct credential *c)
350 int i;
352 if (c->username && c->password)
353 return;
355 credential_apply_config(c);
357 for (i = 0; i < c->helpers.nr; i++) {
358 credential_do(c, c->helpers.items[i].string, "get");
359 if (c->password_expiry_utc < time(NULL)) {
360 /* Discard expired password */
361 FREE_AND_NULL(c->password);
362 /* Reset expiry to maintain consistency */
363 c->password_expiry_utc = TIME_MAX;
365 if (c->username && c->password)
366 return;
367 if (c->quit)
368 die("credential helper '%s' told us to quit",
369 c->helpers.items[i].string);
372 credential_getpass(c);
373 if (!c->username && !c->password)
374 die("unable to get password from user");
377 void credential_approve(struct credential *c)
379 int i;
381 if (c->approved)
382 return;
383 if (!c->username || !c->password || c->password_expiry_utc < time(NULL))
384 return;
386 credential_apply_config(c);
388 for (i = 0; i < c->helpers.nr; i++)
389 credential_do(c, c->helpers.items[i].string, "store");
390 c->approved = 1;
393 void credential_reject(struct credential *c)
395 int i;
397 credential_apply_config(c);
399 for (i = 0; i < c->helpers.nr; i++)
400 credential_do(c, c->helpers.items[i].string, "erase");
402 FREE_AND_NULL(c->username);
403 FREE_AND_NULL(c->password);
404 c->password_expiry_utc = TIME_MAX;
405 c->approved = 0;
408 static int check_url_component(const char *url, int quiet,
409 const char *name, const char *value)
411 if (!value)
412 return 0;
413 if (!strchr(value, '\n'))
414 return 0;
416 if (!quiet)
417 warning(_("url contains a newline in its %s component: %s"),
418 name, url);
419 return -1;
423 * Potentially-partial URLs can, but do not have to, contain
425 * - a protocol (or scheme) of the form "<protocol>://"
427 * - a host name (the part after the protocol and before the first slash after
428 * that, if any)
430 * - a user name and potentially a password (as "<user>[:<password>]@" part of
431 * the host name)
433 * - a path (the part after the host name, if any, starting with the slash)
435 * Missing parts will be left unset in `struct credential`. Thus, `https://`
436 * will have only the `protocol` set, `example.com` only the host name, and
437 * `/git` only the path.
439 * Note that an empty host name in an otherwise fully-qualified URL (e.g.
440 * `cert:///path/to/cert.pem`) will be treated as unset if we expect the URL to
441 * be potentially partial, and only then (otherwise, the empty string is used).
443 * The credential_from_url() function does not allow partial URLs.
445 static int credential_from_url_1(struct credential *c, const char *url,
446 int allow_partial_url, int quiet)
448 const char *at, *colon, *cp, *slash, *host, *proto_end;
450 credential_clear(c);
453 * Match one of:
454 * (1) proto://<host>/...
455 * (2) proto://<user>@<host>/...
456 * (3) proto://<user>:<pass>@<host>/...
458 proto_end = strstr(url, "://");
459 if (!allow_partial_url && (!proto_end || proto_end == url)) {
460 if (!quiet)
461 warning(_("url has no scheme: %s"), url);
462 return -1;
464 cp = proto_end ? proto_end + 3 : url;
465 at = strchr(cp, '@');
466 colon = strchr(cp, ':');
469 * A query or fragment marker before the slash ends the host portion.
470 * We'll just continue to call this "slash" for simplicity. Notably our
471 * "trim leading slashes" part won't skip over this part of the path,
472 * but that's what we'd want.
474 slash = cp + strcspn(cp, "/?#");
476 if (!at || slash <= at) {
477 /* Case (1) */
478 host = cp;
480 else if (!colon || at <= colon) {
481 /* Case (2) */
482 c->username = url_decode_mem(cp, at - cp);
483 if (c->username && *c->username)
484 c->username_from_proto = 1;
485 host = at + 1;
486 } else {
487 /* Case (3) */
488 c->username = url_decode_mem(cp, colon - cp);
489 if (c->username && *c->username)
490 c->username_from_proto = 1;
491 c->password = url_decode_mem(colon + 1, at - (colon + 1));
492 host = at + 1;
495 if (proto_end && proto_end - url > 0)
496 c->protocol = xmemdupz(url, proto_end - url);
497 if (!allow_partial_url || slash - host > 0)
498 c->host = url_decode_mem(host, slash - host);
499 /* Trim leading and trailing slashes from path */
500 while (*slash == '/')
501 slash++;
502 if (*slash) {
503 char *p;
504 c->path = url_decode(slash);
505 p = c->path + strlen(c->path) - 1;
506 while (p > c->path && *p == '/')
507 *p-- = '\0';
510 if (check_url_component(url, quiet, "username", c->username) < 0 ||
511 check_url_component(url, quiet, "password", c->password) < 0 ||
512 check_url_component(url, quiet, "protocol", c->protocol) < 0 ||
513 check_url_component(url, quiet, "host", c->host) < 0 ||
514 check_url_component(url, quiet, "path", c->path) < 0)
515 return -1;
517 return 0;
520 static int credential_from_potentially_partial_url(struct credential *c,
521 const char *url)
523 return credential_from_url_1(c, url, 1, 0);
526 int credential_from_url_gently(struct credential *c, const char *url, int quiet)
528 return credential_from_url_1(c, url, 0, quiet);
531 void credential_from_url(struct credential *c, const char *url)
533 if (credential_from_url_gently(c, url, 0) < 0)
534 die(_("credential url cannot be parsed: %s"), url);