3 #include "credential.h"
4 #include "unix-socket.h"
5 #include "parse-options.h"
7 static struct tempfile socket_file
;
9 struct credential_cache_entry
{
10 struct credential item
;
11 unsigned long expiration
;
13 static struct credential_cache_entry
*entries
;
14 static int entries_nr
;
15 static int entries_alloc
;
17 static void cache_credential(struct credential
*c
, int timeout
)
19 struct credential_cache_entry
*e
;
21 ALLOC_GROW(entries
, entries_nr
+ 1, entries_alloc
);
22 e
= &entries
[entries_nr
++];
24 /* take ownership of pointers */
25 memcpy(&e
->item
, c
, sizeof(*c
));
26 memset(c
, 0, sizeof(*c
));
27 e
->expiration
= time(NULL
) + timeout
;
30 static struct credential_cache_entry
*lookup_credential(const struct credential
*c
)
33 for (i
= 0; i
< entries_nr
; i
++) {
34 struct credential
*e
= &entries
[i
].item
;
35 if (credential_match(c
, e
))
41 static void remove_credential(const struct credential
*c
)
43 struct credential_cache_entry
*e
;
45 e
= lookup_credential(c
);
50 static int check_expirations(void)
52 static unsigned long wait_for_entry_until
;
54 unsigned long now
= time(NULL
);
55 unsigned long next
= (unsigned long)-1;
58 * Initially give the client 30 seconds to actually contact us
59 * and store a credential before we decide there's no point in
60 * keeping the daemon around.
62 if (!wait_for_entry_until
)
63 wait_for_entry_until
= now
+ 30;
65 while (i
< entries_nr
) {
66 if (entries
[i
].expiration
<= now
) {
68 credential_clear(&entries
[i
].item
);
70 memcpy(&entries
[i
], &entries
[entries_nr
], sizeof(*entries
));
72 * Stick around 30 seconds in case a new credential
73 * shows up (e.g., because we just removed a failed
74 * one, and we will soon get the correct one).
76 wait_for_entry_until
= now
+ 30;
79 if (entries
[i
].expiration
< next
)
80 next
= entries
[i
].expiration
;
86 if (wait_for_entry_until
<= now
)
88 next
= wait_for_entry_until
;
94 static int read_request(FILE *fh
, struct credential
*c
,
95 struct strbuf
*action
, int *timeout
) {
96 static struct strbuf item
= STRBUF_INIT
;
99 strbuf_getline_lf(&item
, fh
);
100 if (!skip_prefix(item
.buf
, "action=", &p
))
101 return error("client sent bogus action line: %s", item
.buf
);
102 strbuf_addstr(action
, p
);
104 strbuf_getline_lf(&item
, fh
);
105 if (!skip_prefix(item
.buf
, "timeout=", &p
))
106 return error("client sent bogus timeout line: %s", item
.buf
);
109 if (credential_read(c
, fh
) < 0)
114 static void serve_one_client(FILE *in
, FILE *out
)
116 struct credential c
= CREDENTIAL_INIT
;
117 struct strbuf action
= STRBUF_INIT
;
120 if (read_request(in
, &c
, &action
, &timeout
) < 0)
122 else if (!strcmp(action
.buf
, "get")) {
123 struct credential_cache_entry
*e
= lookup_credential(&c
);
125 fprintf(out
, "username=%s\n", e
->item
.username
);
126 fprintf(out
, "password=%s\n", e
->item
.password
);
129 else if (!strcmp(action
.buf
, "exit"))
131 else if (!strcmp(action
.buf
, "erase"))
132 remove_credential(&c
);
133 else if (!strcmp(action
.buf
, "store")) {
135 warning("cache client didn't specify a timeout");
136 else if (!c
.username
|| !c
.password
)
137 warning("cache client gave us a partial credential");
139 remove_credential(&c
);
140 cache_credential(&c
, timeout
);
144 warning("cache client sent unknown action: %s", action
.buf
);
146 credential_clear(&c
);
147 strbuf_release(&action
);
150 static int serve_cache_loop(int fd
)
153 unsigned long wakeup
;
155 wakeup
= check_expirations();
161 if (poll(&pfd
, 1, 1000 * wakeup
) < 0) {
163 die_errno("poll failed");
167 if (pfd
.revents
& POLLIN
) {
171 client
= accept(fd
, NULL
, NULL
);
173 warning_errno("accept failed");
176 client2
= dup(client
);
178 warning_errno("dup failed");
183 in
= xfdopen(client
, "r");
184 out
= xfdopen(client2
, "w");
185 serve_one_client(in
, out
);
192 static void serve_cache(const char *socket_path
, int debug
)
196 fd
= unix_stream_listen(socket_path
);
198 die_errno("unable to bind to '%s'", socket_path
);
203 if (!freopen("/dev/null", "w", stderr
))
204 die_errno("unable to point stderr to /dev/null");
207 while (serve_cache_loop(fd
))
213 static const char permissions_advice
[] =
214 "The permissions on your socket directory are too loose; other\n"
215 "users may be able to read your cached credentials. Consider running:\n"
218 static void init_socket_directory(const char *path
)
221 char *path_copy
= xstrdup(path
);
222 char *dir
= dirname(path_copy
);
224 if (!stat(dir
, &st
)) {
225 if (st
.st_mode
& 077)
226 die(permissions_advice
, dir
);
229 * We must be sure to create the directory with the correct mode,
230 * not just chmod it after the fact; otherwise, there is a race
231 * condition in which somebody can chdir to it, sleep, then try to open
232 * our protected socket.
234 if (safe_create_leading_directories_const(dir
) < 0)
235 die_errno("unable to create directories for '%s'", dir
);
236 if (mkdir(dir
, 0700) < 0)
237 die_errno("unable to mkdir '%s'", dir
);
242 * We don't actually care what our cwd is; we chdir here just to
243 * be a friendly daemon and avoid tying up our original cwd.
244 * If this fails, it's OK to just continue without that benefit.
251 int main(int argc
, const char **argv
)
253 const char *socket_path
;
254 int ignore_sighup
= 0;
255 static const char *usage
[] = {
256 "git-credential-cache--daemon [opts] <socket_path>",
260 const struct option options
[] = {
261 OPT_BOOL(0, "debug", &debug
,
262 N_("print debugging messages to stderr")),
266 git_config_get_bool("credentialcache.ignoresighup", &ignore_sighup
);
268 argc
= parse_options(argc
, argv
, NULL
, options
, usage
, 0);
269 socket_path
= argv
[0];
272 usage_with_options(usage
, options
);
274 if (!is_absolute_path(socket_path
))
275 die("socket directory must be an absolute path");
277 init_socket_directory(socket_path
);
278 register_tempfile(&socket_file
, socket_path
);
281 signal(SIGHUP
, SIG_IGN
);
283 serve_cache(socket_path
, debug
);
284 delete_tempfile(&socket_file
);