contrib / credential / gnome-keyring / git-credential-gnome-keyring.con commit Merge branch 'qn/blame-show-email' (20d16da)
   1/*
   2 * Copyright (C) 2011 John Szakmeister <john@szakmeister.net>
   3 *               2012 Philipp A. Hartmann <pah@qo.cx>
   4 *
   5 *  This program is free software; you can redistribute it and/or modify
   6 *  it under the terms of the GNU General Public License as published by
   7 *  the Free Software Foundation; either version 2 of the License, or
   8 *  (at your option) any later version.
   9 *
  10 *  This program is distributed in the hope that it will be useful,
  11 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 *  GNU General Public License for more details.
  14 *
  15 *  You should have received a copy of the GNU General Public License
  16 *  along with this program; if not, write to the Free Software
  17 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  18 */
  19
  20/*
  21 * Credits:
  22 * - GNOME Keyring API handling originally written by John Szakmeister
  23 * - ported to credential helper API by Philipp A. Hartmann
  24 */
  25
  26#include <stdio.h>
  27#include <string.h>
  28#include <stdlib.h>
  29#include <glib.h>
  30#include <gnome-keyring.h>
  31
  32#ifdef GNOME_KEYRING_DEFAULT
  33
  34   /* Modern gnome-keyring */
  35
  36#include <gnome-keyring-memory.h>
  37
  38#else
  39
  40   /*
  41    * Support ancient gnome-keyring, circ. RHEL 5.X.
  42    * GNOME_KEYRING_DEFAULT seems to have been introduced with Gnome 2.22,
  43    * and the other features roughly around Gnome 2.20, 6 months before.
  44    * Ubuntu 8.04 used Gnome 2.22 (I think).  Not sure any distro used 2.20.
  45    * So the existence/non-existence of GNOME_KEYRING_DEFAULT seems like
  46    * a decent thing to use as an indicator.
  47    */
  48
  49#define GNOME_KEYRING_DEFAULT NULL
  50
  51/*
  52 * ancient gnome-keyring returns DENIED when an entry is not found.
  53 * Setting NO_MATCH to DENIED will prevent us from reporting DENIED
  54 * errors during get and erase operations, but we will still report
  55 * DENIED errors during a store.
  56 */
  57#define GNOME_KEYRING_RESULT_NO_MATCH GNOME_KEYRING_RESULT_DENIED
  58
  59#define gnome_keyring_memory_alloc g_malloc
  60#define gnome_keyring_memory_free gnome_keyring_free_password
  61#define gnome_keyring_memory_strdup g_strdup
  62
  63static const char *gnome_keyring_result_to_message(GnomeKeyringResult result)
  64{
  65        switch (result) {
  66        case GNOME_KEYRING_RESULT_OK:
  67                return "OK";
  68        case GNOME_KEYRING_RESULT_DENIED:
  69                return "Denied";
  70        case GNOME_KEYRING_RESULT_NO_KEYRING_DAEMON:
  71                return "No Keyring Daemon";
  72        case GNOME_KEYRING_RESULT_ALREADY_UNLOCKED:
  73                return "Already UnLocked";
  74        case GNOME_KEYRING_RESULT_NO_SUCH_KEYRING:
  75                return "No Such Keyring";
  76        case GNOME_KEYRING_RESULT_BAD_ARGUMENTS:
  77                return "Bad Arguments";
  78        case GNOME_KEYRING_RESULT_IO_ERROR:
  79                return "IO Error";
  80        case GNOME_KEYRING_RESULT_CANCELLED:
  81                return "Cancelled";
  82        case GNOME_KEYRING_RESULT_ALREADY_EXISTS:
  83                return "Already Exists";
  84        default:
  85                return "Unknown Error";
  86        }
  87}
  88
  89/*
  90 * Support really ancient gnome-keyring, circ. RHEL 4.X.
  91 * Just a guess for the Glib version.  Glib 2.8 was roughly Gnome 2.12 ?
  92 * Which was released with gnome-keyring 0.4.3 ??
  93 */
  94#if GLIB_MAJOR_VERSION == 2 && GLIB_MINOR_VERSION < 8
  95
  96static void gnome_keyring_done_cb(GnomeKeyringResult result, gpointer user_data)
  97{
  98        gpointer *data = (gpointer *)user_data;
  99        int *done = (int *)data[0];
 100        GnomeKeyringResult *r = (GnomeKeyringResult *)data[1];
 101
 102        *r = result;
 103        *done = 1;
 104}
 105
 106static void wait_for_request_completion(int *done)
 107{
 108        GMainContext *mc = g_main_context_default();
 109        while (!*done)
 110                g_main_context_iteration(mc, TRUE);
 111}
 112
 113static GnomeKeyringResult gnome_keyring_item_delete_sync(const char *keyring, guint32 id)
 114{
 115        int done = 0;
 116        GnomeKeyringResult result;
 117        gpointer data[] = { &done, &result };
 118
 119        gnome_keyring_item_delete(keyring, id, gnome_keyring_done_cb, data,
 120                NULL);
 121
 122        wait_for_request_completion(&done);
 123
 124        return result;
 125}
 126
 127#endif
 128#endif
 129
 130/*
 131 * This credential struct and API is simplified from git's credential.{h,c}
 132 */
 133struct credential {
 134        char *protocol;
 135        char *host;
 136        unsigned short port;
 137        char *path;
 138        char *username;
 139        char *password;
 140};
 141
 142#define CREDENTIAL_INIT { NULL, NULL, 0, NULL, NULL, NULL }
 143
 144typedef int (*credential_op_cb)(struct credential *);
 145
 146struct credential_operation {
 147        char *name;
 148        credential_op_cb op;
 149};
 150
 151#define CREDENTIAL_OP_END { NULL, NULL }
 152
 153/* ----------------- GNOME Keyring functions ----------------- */
 154
 155/* create a special keyring option string, if path is given */
 156static char *keyring_object(struct credential *c)
 157{
 158        if (!c->path)
 159                return NULL;
 160
 161        if (c->port)
 162                return g_strdup_printf("%s:%hd/%s", c->host, c->port, c->path);
 163
 164        return g_strdup_printf("%s/%s", c->host, c->path);
 165}
 166
 167static int keyring_get(struct credential *c)
 168{
 169        char *object = NULL;
 170        GList *entries;
 171        GnomeKeyringNetworkPasswordData *password_data;
 172        GnomeKeyringResult result;
 173
 174        if (!c->protocol || !(c->host || c->path))
 175                return EXIT_FAILURE;
 176
 177        object = keyring_object(c);
 178
 179        result = gnome_keyring_find_network_password_sync(
 180                                c->username,
 181                                NULL /* domain */,
 182                                c->host,
 183                                object,
 184                                c->protocol,
 185                                NULL /* authtype */,
 186                                c->port,
 187                                &entries);
 188
 189        g_free(object);
 190
 191        if (result == GNOME_KEYRING_RESULT_NO_MATCH)
 192                return EXIT_SUCCESS;
 193
 194        if (result == GNOME_KEYRING_RESULT_CANCELLED)
 195                return EXIT_SUCCESS;
 196
 197        if (result != GNOME_KEYRING_RESULT_OK) {
 198                g_critical("%s", gnome_keyring_result_to_message(result));
 199                return EXIT_FAILURE;
 200        }
 201
 202        /* pick the first one from the list */
 203        password_data = (GnomeKeyringNetworkPasswordData *)entries->data;
 204
 205        gnome_keyring_memory_free(c->password);
 206        c->password = gnome_keyring_memory_strdup(password_data->password);
 207
 208        if (!c->username)
 209                c->username = g_strdup(password_data->user);
 210
 211        gnome_keyring_network_password_list_free(entries);
 212
 213        return EXIT_SUCCESS;
 214}
 215
 216
 217static int keyring_store(struct credential *c)
 218{
 219        guint32 item_id;
 220        char *object = NULL;
 221        GnomeKeyringResult result;
 222
 223        /*
 224         * Sanity check that what we are storing is actually sensible.
 225         * In particular, we can't make a URL without a protocol field.
 226         * Without either a host or pathname (depending on the scheme),
 227         * we have no primary key. And without a username and password,
 228         * we are not actually storing a credential.
 229         */
 230        if (!c->protocol || !(c->host || c->path) ||
 231            !c->username || !c->password)
 232                return EXIT_FAILURE;
 233
 234        object = keyring_object(c);
 235
 236        result = gnome_keyring_set_network_password_sync(
 237                                GNOME_KEYRING_DEFAULT,
 238                                c->username,
 239                                NULL /* domain */,
 240                                c->host,
 241                                object,
 242                                c->protocol,
 243                                NULL /* authtype */,
 244                                c->port,
 245                                c->password,
 246                                &item_id);
 247
 248        g_free(object);
 249
 250        if (result != GNOME_KEYRING_RESULT_OK &&
 251            result != GNOME_KEYRING_RESULT_CANCELLED) {
 252                g_critical("%s", gnome_keyring_result_to_message(result));
 253                return EXIT_FAILURE;
 254        }
 255
 256        return EXIT_SUCCESS;
 257}
 258
 259static int keyring_erase(struct credential *c)
 260{
 261        char *object = NULL;
 262        GList *entries;
 263        GnomeKeyringNetworkPasswordData *password_data;
 264        GnomeKeyringResult result;
 265
 266        /*
 267         * Sanity check that we actually have something to match
 268         * against. The input we get is a restrictive pattern,
 269         * so technically a blank credential means "erase everything".
 270         * But it is too easy to accidentally send this, since it is equivalent
 271         * to empty input. So explicitly disallow it, and require that the
 272         * pattern have some actual content to match.
 273         */
 274        if (!c->protocol && !c->host && !c->path && !c->username)
 275                return EXIT_FAILURE;
 276
 277        object = keyring_object(c);
 278
 279        result = gnome_keyring_find_network_password_sync(
 280                                c->username,
 281                                NULL /* domain */,
 282                                c->host,
 283                                object,
 284                                c->protocol,
 285                                NULL /* authtype */,
 286                                c->port,
 287                                &entries);
 288
 289        g_free(object);
 290
 291        if (result == GNOME_KEYRING_RESULT_NO_MATCH)
 292                return EXIT_SUCCESS;
 293
 294        if (result == GNOME_KEYRING_RESULT_CANCELLED)
 295                return EXIT_SUCCESS;
 296
 297        if (result != GNOME_KEYRING_RESULT_OK) {
 298                g_critical("%s", gnome_keyring_result_to_message(result));
 299                return EXIT_FAILURE;
 300        }
 301
 302        /* pick the first one from the list (delete all matches?) */
 303        password_data = (GnomeKeyringNetworkPasswordData *)entries->data;
 304
 305        result = gnome_keyring_item_delete_sync(
 306                password_data->keyring, password_data->item_id);
 307
 308        gnome_keyring_network_password_list_free(entries);
 309
 310        if (result != GNOME_KEYRING_RESULT_OK) {
 311                g_critical("%s", gnome_keyring_result_to_message(result));
 312                return EXIT_FAILURE;
 313        }
 314
 315        return EXIT_SUCCESS;
 316}
 317
 318/*
 319 * Table with helper operation callbacks, used by generic
 320 * credential helper main function.
 321 */
 322static struct credential_operation const credential_helper_ops[] = {
 323        { "get",   keyring_get },
 324        { "store", keyring_store },
 325        { "erase", keyring_erase },
 326        CREDENTIAL_OP_END
 327};
 328
 329/* ------------------ credential functions ------------------ */
 330
 331static void credential_init(struct credential *c)
 332{
 333        memset(c, 0, sizeof(*c));
 334}
 335
 336static void credential_clear(struct credential *c)
 337{
 338        g_free(c->protocol);
 339        g_free(c->host);
 340        g_free(c->path);
 341        g_free(c->username);
 342        gnome_keyring_memory_free(c->password);
 343
 344        credential_init(c);
 345}
 346
 347static int credential_read(struct credential *c)
 348{
 349        char *buf;
 350        size_t line_len;
 351        char *key;
 352        char *value;
 353
 354        key = buf = gnome_keyring_memory_alloc(1024);
 355
 356        while (fgets(buf, 1024, stdin)) {
 357                line_len = strlen(buf);
 358
 359                if (line_len && buf[line_len-1] == '\n')
 360                        buf[--line_len] = '\0';
 361
 362                if (!line_len)
 363                        break;
 364
 365                value = strchr(buf, '=');
 366                if (!value) {
 367                        g_warning("invalid credential line: %s", key);
 368                        gnome_keyring_memory_free(buf);
 369                        return -1;
 370                }
 371                *value++ = '\0';
 372
 373                if (!strcmp(key, "protocol")) {
 374                        g_free(c->protocol);
 375                        c->protocol = g_strdup(value);
 376                } else if (!strcmp(key, "host")) {
 377                        g_free(c->host);
 378                        c->host = g_strdup(value);
 379                        value = strrchr(c->host, ':');
 380                        if (value) {
 381                                *value++ = '\0';
 382                                c->port = atoi(value);
 383                        }
 384                } else if (!strcmp(key, "path")) {
 385                        g_free(c->path);
 386                        c->path = g_strdup(value);
 387                } else if (!strcmp(key, "username")) {
 388                        g_free(c->username);
 389                        c->username = g_strdup(value);
 390                } else if (!strcmp(key, "password")) {
 391                        gnome_keyring_memory_free(c->password);
 392                        c->password = gnome_keyring_memory_strdup(value);
 393                        while (*value)
 394                                *value++ = '\0';
 395                }
 396                /*
 397                 * Ignore other lines; we don't know what they mean, but
 398                 * this future-proofs us when later versions of git do
 399                 * learn new lines, and the helpers are updated to match.
 400                 */
 401        }
 402
 403        gnome_keyring_memory_free(buf);
 404
 405        return 0;
 406}
 407
 408static void credential_write_item(FILE *fp, const char *key, const char *value)
 409{
 410        if (!value)
 411                return;
 412        fprintf(fp, "%s=%s\n", key, value);
 413}
 414
 415static void credential_write(const struct credential *c)
 416{
 417        /* only write username/password, if set */
 418        credential_write_item(stdout, "username", c->username);
 419        credential_write_item(stdout, "password", c->password);
 420}
 421
 422static void usage(const char *name)
 423{
 424        struct credential_operation const *try_op = credential_helper_ops;
 425        const char *basename = strrchr(name, '/');
 426
 427        basename = (basename) ? basename + 1 : name;
 428        fprintf(stderr, "usage: %s <", basename);
 429        while (try_op->name) {
 430                fprintf(stderr, "%s", (try_op++)->name);
 431                if (try_op->name)
 432                        fprintf(stderr, "%s", "|");
 433        }
 434        fprintf(stderr, "%s", ">\n");
 435}
 436
 437int main(int argc, char *argv[])
 438{
 439        int ret = EXIT_SUCCESS;
 440
 441        struct credential_operation const *try_op = credential_helper_ops;
 442        struct credential cred = CREDENTIAL_INIT;
 443
 444        if (!argv[1]) {
 445                usage(argv[0]);
 446                exit(EXIT_FAILURE);
 447        }
 448
 449        g_set_application_name("Git Credential Helper");
 450
 451        /* lookup operation callback */
 452        while (try_op->name && strcmp(argv[1], try_op->name))
 453                try_op++;
 454
 455        /* unsupported operation given -- ignore silently */
 456        if (!try_op->name || !try_op->op)
 457                goto out;
 458
 459        ret = credential_read(&cred);
 460        if (ret)
 461                goto out;
 462
 463        /* perform credential operation */
 464        ret = (*try_op->op)(&cred);
 465
 466        credential_write(&cred);
 467
 468out:
 469        credential_clear(&cred);
 470        return ret;
 471}