search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
credential: treat URL without scheme as invalid
[git/debian.git] / credential.c
blobaedb64574def1542f24d9e8a09322779464cc97d
1 #include "cache.h"
2 #include "config.h"
3 #include "credential.h"
4 #include "string-list.h"
5 #include "run-command.h"
6 #include "url.h"
7 #include "prompt.h"
8
9 void credential_init(struct credential *c)
10 {
11 memset(c, 0, sizeof(*c));
12 c->helpers.strdup_strings = 1;
13 }
14
15 void credential_clear(struct credential *c)
16 {
17 free(c->protocol);
18 free(c->host);
19 free(c->path);
20 free(c->username);
21 free(c->password);
22 string_list_clear(&c->helpers, 0);
23
24 credential_init(c);
25 }
26
27 int credential_match(const struct credential *want,
28 const struct credential *have)
29 {
30 #define CHECK(x) (!want->x || (have->x && !strcmp(want->x, have->x)))
31 return CHECK(protocol) &&
32 CHECK(host) &&
33 CHECK(path) &&
34 CHECK(username);
35 #undef CHECK
36 }
37
38 static int credential_config_callback(const char *var, const char *value,
39 void *data)
40 {
41 struct credential *c = data;
42 const char *key, *dot;
43
44 if (!skip_prefix(var, "credential.", &key))
45 return 0;
46
47 if (!value)
48 return config_error_nonbool(var);
49
50 dot = strrchr(key, '.');
51 if (dot) {
52 struct credential want = CREDENTIAL_INIT;
53 char *url = xmemdupz(key, dot - key);
54 int matched;
55
56 credential_from_url(&want, url);
57 matched = credential_match(&want, c);
58
59 credential_clear(&want);
60 free(url);
61
62 if (!matched)
63 return 0;
64 key = dot + 1;
65 }
66
67 if (!strcmp(key, "helper")) {
68 if (*value)
69 string_list_append(&c->helpers, value);
70 else
71 string_list_clear(&c->helpers, 0);
72 } else if (!strcmp(key, "username")) {
73 if (!c->username)
74 c->username = xstrdup(value);
75 }
76 else if (!strcmp(key, "usehttppath"))
77 c->use_http_path = git_config_bool(var, value);
78
79 return 0;
80 }
81
82 static int proto_is_http(const char *s)
83 {
84 if (!s)
85 return 0;
86 return !strcmp(s, "https") || !strcmp(s, "http");
87 }
88
89 static void credential_apply_config(struct credential *c)
90 {
91 if (!c->host)
92 die(_("refusing to work with credential missing host field"));
93 if (!c->protocol)
94 die(_("refusing to work with credential missing protocol field"));
95
96 if (c->configured)
97 return;
98 git_config(credential_config_callback, c);
99 c->configured = 1;
100
101 if (!c->use_http_path && proto_is_http(c->protocol)) {
102 FREE_AND_NULL(c->path);
103 }
104 }
105
106 static void credential_describe(struct credential *c, struct strbuf *out)
107 {
108 if (!c->protocol)
109 return;
110 strbuf_addf(out, "%s://", c->protocol);
111 if (c->username && *c->username)
112 strbuf_addf(out, "%s@", c->username);
113 if (c->host)
114 strbuf_addstr(out, c->host);
115 if (c->path)
116 strbuf_addf(out, "/%s", c->path);
117 }
118
119 static char *credential_ask_one(const char *what, struct credential *c,
120 int flags)
121 {
122 struct strbuf desc = STRBUF_INIT;
123 struct strbuf prompt = STRBUF_INIT;
124 char *r;
125
126 credential_describe(c, &desc);
127 if (desc.len)
128 strbuf_addf(&prompt, "%s for '%s': ", what, desc.buf);
129 else
130 strbuf_addf(&prompt, "%s: ", what);
131
132 r = git_prompt(prompt.buf, flags);
133
134 strbuf_release(&desc);
135 strbuf_release(&prompt);
136 return xstrdup(r);
137 }
138
139 static void credential_getpass(struct credential *c)
140 {
141 if (!c->username)
142 c->username = credential_ask_one("Username", c,
143 PROMPT_ASKPASS|PROMPT_ECHO);
144 if (!c->password)
145 c->password = credential_ask_one("Password", c,
146 PROMPT_ASKPASS);
147 }
148
149 int credential_read(struct credential *c, FILE *fp)
150 {
151 struct strbuf line = STRBUF_INIT;
152
153 while (strbuf_getline_lf(&line, fp) != EOF) {
154 char *key = line.buf;
155 char *value = strchr(key, '=');
156
157 if (!line.len)
158 break;
159
160 if (!value) {
161 warning("invalid credential line: %s", key);
162 strbuf_release(&line);
163 return -1;
164 }
165 *value++ = '\0';
166
167 if (!strcmp(key, "username")) {
168 free(c->username);
169 c->username = xstrdup(value);
170 } else if (!strcmp(key, "password")) {
171 free(c->password);
172 c->password = xstrdup(value);
173 } else if (!strcmp(key, "protocol")) {
174 free(c->protocol);
175 c->protocol = xstrdup(value);
176 } else if (!strcmp(key, "host")) {
177 free(c->host);
178 c->host = xstrdup(value);
179 } else if (!strcmp(key, "path")) {
180 free(c->path);
181 c->path = xstrdup(value);
182 } else if (!strcmp(key, "url")) {
183 credential_from_url(c, value);
184 } else if (!strcmp(key, "quit")) {
185 c->quit = !!git_config_bool("quit", value);
186 }
187 /*
188 * Ignore other lines; we don't know what they mean, but
189 * this future-proofs us when later versions of git do
190 * learn new lines, and the helpers are updated to match.
191 */
192 }
193
194 strbuf_release(&line);
195 return 0;
196 }
197
198 static void credential_write_item(FILE *fp, const char *key, const char *value,
199 int required)
200 {
201 if (!value && required)
202 BUG("credential value for %s is missing", key);
203 if (!value)
204 return;
205 if (strchr(value, '\n'))
206 die("credential value for %s contains newline", key);
207 fprintf(fp, "%s=%s\n", key, value);
208 }
209
210 void credential_write(const struct credential *c, FILE *fp)
211 {
212 credential_write_item(fp, "protocol", c->protocol, 1);
213 credential_write_item(fp, "host", c->host, 1);
214 credential_write_item(fp, "path", c->path, 0);
215 credential_write_item(fp, "username", c->username, 0);
216 credential_write_item(fp, "password", c->password, 0);
217 }
218
219 static int run_credential_helper(struct credential *c,
220 const char *cmd,
221 int want_output)
222 {
223 struct child_process helper = CHILD_PROCESS_INIT;
224 const char *argv[] = { NULL, NULL };
225 FILE *fp;
226
227 argv[0] = cmd;
228 helper.argv = argv;
229 helper.use_shell = 1;
230 helper.in = -1;
231 if (want_output)
232 helper.out = -1;
233 else
234 helper.no_stdout = 1;
235
236 if (start_command(&helper) < 0)
237 return -1;
238
239 fp = xfdopen(helper.in, "w");
240 credential_write(c, fp);
241 fclose(fp);
242
243 if (want_output) {
244 int r;
245 fp = xfdopen(helper.out, "r");
246 r = credential_read(c, fp);
247 fclose(fp);
248 if (r < 0) {
249 finish_command(&helper);
250 return -1;
251 }
252 }
253
254 if (finish_command(&helper))
255 return -1;
256 return 0;
257 }
258
259 static int credential_do(struct credential *c, const char *helper,
260 const char *operation)
261 {
262 struct strbuf cmd = STRBUF_INIT;
263 int r;
264
265 if (helper[0] == '!')
266 strbuf_addstr(&cmd, helper + 1);
267 else if (is_absolute_path(helper))
268 strbuf_addstr(&cmd, helper);
269 else
270 strbuf_addf(&cmd, "git credential-%s", helper);
271
272 strbuf_addf(&cmd, " %s", operation);
273 r = run_credential_helper(c, cmd.buf, !strcmp(operation, "get"));
274
275 strbuf_release(&cmd);
276 return r;
277 }
278
279 void credential_fill(struct credential *c)
280 {
281 int i;
282
283 if (c->username && c->password)
284 return;
285
286 credential_apply_config(c);
287
288 for (i = 0; i < c->helpers.nr; i++) {
289 credential_do(c, c->helpers.items[i].string, "get");
290 if (c->username && c->password)
291 return;
292 if (c->quit)
293 die("credential helper '%s' told us to quit",
294 c->helpers.items[i].string);
295 }
296
297 credential_getpass(c);
298 if (!c->username && !c->password)
299 die("unable to get password from user");
300 }
301
302 void credential_approve(struct credential *c)
303 {
304 int i;
305
306 if (c->approved)
307 return;
308 if (!c->username || !c->password)
309 return;
310
311 credential_apply_config(c);
312
313 for (i = 0; i < c->helpers.nr; i++)
314 credential_do(c, c->helpers.items[i].string, "store");
315 c->approved = 1;
316 }
317
318 void credential_reject(struct credential *c)
319 {
320 int i;
321
322 credential_apply_config(c);
323
324 for (i = 0; i < c->helpers.nr; i++)
325 credential_do(c, c->helpers.items[i].string, "erase");
326
327 FREE_AND_NULL(c->username);
328 FREE_AND_NULL(c->password);
329 c->approved = 0;
330 }
331
332 static int check_url_component(const char *url, int quiet,
333 const char *name, const char *value)
334 {
335 if (!value)
336 return 0;
337 if (!strchr(value, '\n'))
338 return 0;
339
340 if (!quiet)
341 warning(_("url contains a newline in its %s component: %s"),
342 name, url);
343 return -1;
344 }
345
346 int credential_from_url_gently(struct credential *c, const char *url,
347 int quiet)
348 {
349 const char *at, *colon, *cp, *slash, *host, *proto_end;
350
351 credential_clear(c);
352
353 /*
354 * Match one of:
355 * (1) proto://<host>/...
356 * (2) proto://<user>@<host>/...
357 * (3) proto://<user>:<pass>@<host>/...
358 */
359 proto_end = strstr(url, "://");
360 if (!proto_end) {
361 if (!quiet)
362 warning(_("url has no scheme: %s"), url);
363 return -1;
364 }
365 cp = proto_end + 3;
366 at = strchr(cp, '@');
367 colon = strchr(cp, ':');
368 slash = strchrnul(cp, '/');
369
370 if (!at || slash <= at) {
371 /* Case (1) */
372 host = cp;
373 }
374 else if (!colon || at <= colon) {
375 /* Case (2) */
376 c->username = url_decode_mem(cp, at - cp);
377 host = at + 1;
378 } else {
379 /* Case (3) */
380 c->username = url_decode_mem(cp, colon - cp);
381 c->password = url_decode_mem(colon + 1, at - (colon + 1));
382 host = at + 1;
383 }
384
385 if (proto_end - url > 0)
386 c->protocol = xmemdupz(url, proto_end - url);
387 c->host = url_decode_mem(host, slash - host);
388 /* Trim leading and trailing slashes from path */
389 while (*slash == '/')
390 slash++;
391 if (*slash) {
392 char *p;
393 c->path = url_decode(slash);
394 p = c->path + strlen(c->path) - 1;
395 while (p > c->path && *p == '/')
396 *p-- = '\0';
397 }
398
399 if (check_url_component(url, quiet, "username", c->username) < 0 ||
400 check_url_component(url, quiet, "password", c->password) < 0 ||
401 check_url_component(url, quiet, "protocol", c->protocol) < 0 ||
402 check_url_component(url, quiet, "host", c->host) < 0 ||
403 check_url_component(url, quiet, "path", c->path) < 0)
404 return -1;
405
406 return 0;
407 }
408
409 void credential_from_url(struct credential *c, const char *url)
410 {
411 if (credential_from_url_gently(c, url, 0) < 0)
412 die(_("credential url cannot be parsed: %s"), url);
413 }
git for Debian