2 #include "credential.h"
3 #include "unix-socket.h"
5 struct credential_cache_entry
{
6 struct credential item
;
7 unsigned long expiration
;
9 static struct credential_cache_entry
*entries
;
10 static int entries_nr
;
11 static int entries_alloc
;
13 static void cache_credential(const struct credential
*c
, int timeout
)
15 struct credential_cache_entry
*e
;
17 ALLOC_GROW(entries
, entries_nr
+ 1, entries_alloc
);
18 e
= &entries
[entries_nr
++];
20 memcpy(&e
->item
, c
, sizeof(*c
));
21 e
->expiration
= time(NULL
) + timeout
;
24 static struct credential_cache_entry
*lookup_credential(const struct credential
*c
)
27 for (i
= 0; i
< entries_nr
; i
++) {
28 struct credential
*e
= &entries
[i
].item
;
30 /* We must either both have the same unique token,
31 * or we must not be using unique tokens at all. */
33 if (!c
->unique
|| strcmp(e
->unique
, c
->unique
))
39 /* If we have a username, it must match. Otherwise,
40 * we will fill in the username. */
41 if (c
->username
&& strcmp(e
->username
, c
->username
))
49 static void remove_credential(const struct credential
*c
)
51 struct credential_cache_entry
*e
;
53 e
= lookup_credential(c
);
58 static int check_expirations(void)
61 unsigned long now
= time(NULL
);
62 unsigned long next
= (unsigned long)-1;
64 while (i
< entries_nr
) {
65 if (entries
[i
].expiration
<= now
) {
69 free(entries
[i
].item
.description
);
70 free(entries
[i
].item
.unique
);
71 free(entries
[i
].item
.username
);
72 free(entries
[i
].item
.password
);
73 memcpy(&entries
[i
], &entries
[entries_nr
], sizeof(*entries
));
76 if (entries
[i
].expiration
< next
)
77 next
= entries
[i
].expiration
;
85 static int read_credential_request(FILE *fh
, struct credential
*c
,
86 char **action
, int *timeout
) {
87 struct strbuf item
= STRBUF_INIT
;
89 while (strbuf_getline(&item
, fh
, '\0') != EOF
) {
91 char *value
= strchr(key
, '=');
94 warning("cache client sent bogus input: %s", key
);
95 strbuf_release(&item
);
100 if (!strcmp(key
, "action"))
101 *action
= xstrdup(value
);
102 else if (!strcmp(key
, "unique"))
103 c
->unique
= xstrdup(value
);
104 else if (!strcmp(key
, "username"))
105 c
->username
= xstrdup(value
);
106 else if (!strcmp(key
, "password"))
107 c
->password
= xstrdup(value
);
108 else if (!strcmp(key
, "timeout"))
109 *timeout
= atoi(value
);
111 warning("cache client sent bogus key: %s", key
);
112 strbuf_release(&item
);
116 strbuf_release(&item
);
120 static void serve_one_client(FILE *in
, FILE *out
)
122 struct credential c
= { NULL
};
126 if (read_credential_request(in
, &c
, &action
, &timeout
) < 0)
130 warning("cache client didn't specify an action");
134 if (!strcmp(action
, "exit"))
137 if (!strcmp(action
, "get")) {
138 struct credential_cache_entry
*e
= lookup_credential(&c
);
140 fprintf(out
, "username=%s\n", e
->item
.username
);
141 fprintf(out
, "password=%s\n", e
->item
.password
);
146 if (!strcmp(action
, "erase")) {
147 remove_credential(&c
);
151 if (!strcmp(action
, "store")) {
153 warning("cache client didn't specify a timeout");
157 remove_credential(&c
);
158 cache_credential(&c
, timeout
);
162 warning("cache client sent unknown action: %s", action
);
166 static int serve_cache_loop(int fd
)
169 unsigned long wakeup
;
171 wakeup
= check_expirations();
177 if (poll(&pfd
, 1, 1000 * wakeup
) < 0) {
179 die_errno("poll failed");
183 if (pfd
.revents
& POLLIN
) {
187 client
= accept(fd
, NULL
, NULL
);
189 warning("accept failed: %s", strerror(errno
));
192 client2
= dup(client
);
194 warning("dup failed: %s", strerror(errno
));
199 in
= xfdopen(client
, "r");
200 out
= xfdopen(client2
, "w");
201 serve_one_client(in
, out
);
208 static void serve_cache(const char *socket_path
)
212 fd
= unix_stream_listen(socket_path
);
214 die_errno("unable to bind to '%s'", socket_path
);
219 while (serve_cache_loop(fd
))
226 static const char permissions_advice
[] =
227 "The permissions on your socket directory are too loose; other\n"
228 "users may be able to read your cached credentials. Consider running:\n"
231 static void check_socket_directory(const char *path
)
234 char *path_copy
= xstrdup(path
);
235 char *dir
= dirname(path_copy
);
237 if (!stat(dir
, &st
)) {
238 if (st
.st_mode
& 077)
239 die(permissions_advice
, dir
);
245 * We must be sure to create the directory with the correct mode,
246 * not just chmod it after the fact; otherwise, there is a race
247 * condition in which somebody can chdir to it, sleep, then try to open
248 * our protected socket.
250 if (safe_create_leading_directories_const(dir
) < 0)
251 die_errno("unable to create directories for '%s'", dir
);
252 if (mkdir(dir
, 0700) < 0)
253 die_errno("unable to mkdir '%s'", dir
);
257 int main(int argc
, const char **argv
)
259 const char *socket_path
= argv
[1];
262 die("usage: git-credential-cache--daemon <socket_path>");
263 check_socket_directory(socket_path
);
265 serve_cache(socket_path
);