eyecatchu/git
1
0
Fork 0
mirror of https://github.com/git/git.git synced 2026-01-11 21:33:13 +09:00
Code Issues Packages Projects Releases Wiki Activity
git/builtin/credential-cache.c
brian m. carlson ffff4ac065 credential: add method for querying capabilities 
Right now, there's no specific way to determine whether a credential
helper or git credential itself supports a given set of capabilities.
It would be helpful to have such a way, so let's let credential helpers
and git credential take an argument, "capability", which has it list the
capabilities and a version number on standard output.

Specifically choose a format that is slightly different from regular
credential output and assume that no capabilities are supported if a
non-zero exit status occurs or the data deviates from the format.  It is
common for users to write small shell scripts as the argument to
credential.helper, which will almost never be designed to emit
capabilities.  We want callers to gracefully handle this case by
assuming that they are not capable of extended support because that is
almost certainly the case, and specifying the error behavior up front
does this and preserves backwards compatibility in a graceful way.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2024-04-16 22:39:08 -07:00

196 lines
4.4 KiB
C
Raw Blame History

#include "builtin.h"
#include "credential.h"
#include "gettext.h"
#include "parse-options.h"
#include "path.h"
#include "strbuf.h"
#include "write-or-die.h"
#ifndef NO_UNIX_SOCKETS
#include "unix-socket.h"
#include "run-command.h"
#define FLAG_SPAWN 0x1
#define FLAG_RELAY 0x2
#ifdef GIT_WINDOWS_NATIVE
static int connection_closed(int error)
{
return (error == EINVAL);
}
static int connection_fatally_broken(int error)
{
return (error != ENOENT) && (error != ENETDOWN);
}
#else
static int connection_closed(int error)
{
return (error == ECONNRESET);
}
static int connection_fatally_broken(int error)
{
return (error != ENOENT) && (error != ECONNREFUSED);
}
#endif
static int send_request(const char *socket, const struct strbuf *out)
{
int got_data = 0;
int fd = unix_stream_connect(socket, 0);
if (fd < 0)
return -1;
if (write_in_full(fd, out->buf, out->len) < 0)
die_errno("unable to write to cache daemon");
shutdown(fd, SHUT_WR);
while (1) {
char in[1024];
int r;
r = read_in_full(fd, in, sizeof(in));
if (r == 0 || (r < 0 && connection_closed(errno)))
break;
if (r < 0)
die_errno("read error from cache daemon");
write_or_die(1, in, r);
got_data = 1;
}
close(fd);
return got_data;
}
static void spawn_daemon(const char *socket)
{
struct child_process daemon = CHILD_PROCESS_INIT;
char buf[128];
int r;
strvec_pushl(&daemon.args,
"credential-cache--daemon", socket,
NULL);
daemon.git_cmd = 1;
daemon.no_stdin = 1;
daemon.out = -1;
if (start_command(&daemon))
die_errno("unable to start cache daemon");
r = read_in_full(daemon.out, buf, sizeof(buf));
if (r < 0)
die_errno("unable to read result code from cache daemon");
if (r != 3 || memcmp(buf, "ok\n", 3))
die("cache daemon did not start: %.*s", r, buf);
close(daemon.out);
}
static void do_cache(const char *socket, const char *action, int timeout,
int flags)
{
struct strbuf buf = STRBUF_INIT;
strbuf_addf(&buf, "action=%s\n", action);
strbuf_addf(&buf, "timeout=%d\n", timeout);
if (flags & FLAG_RELAY) {
if (strbuf_read(&buf, 0, 0) < 0)
die_errno("unable to relay credential");
}
if (send_request(socket, &buf) < 0) {
if (connection_fatally_broken(errno))
die_errno("unable to connect to cache daemon");
if (flags & FLAG_SPAWN) {
spawn_daemon(socket);
if (send_request(socket, &buf) < 0)
die_errno("unable to connect to cache daemon");
}
}
strbuf_release(&buf);
}
static char *get_socket_path(void)
{
struct stat sb;
char *old_dir, *socket;
old_dir = interpolate_path("~/.git-credential-cache", 0);
if (old_dir && !stat(old_dir, &sb) && S_ISDIR(sb.st_mode))
socket = xstrfmt("%s/socket", old_dir);
else
socket = xdg_cache_home("credential/socket");
free(old_dir);
return socket;
}
static void announce_capabilities(void)
{
struct credential c = CREDENTIAL_INIT;
c.capa_authtype.request_initial = 1;
credential_announce_capabilities(&c, stdout);
}
int cmd_credential_cache(int argc, const char **argv, const char *prefix)
{
char *socket_path = NULL;
int timeout = 900;
const char *op;
const char * const usage[] = {
"git credential-cache [<options>] <action>",
NULL
};
struct option options[] = {
OPT_INTEGER(0, "timeout", &timeout,
"number of seconds to cache credentials"),
OPT_STRING(0, "socket", &socket_path, "path",
"path of cache-daemon socket"),
OPT_END()
};
argc = parse_options(argc, argv, prefix, options, usage, 0);
if (!argc)
usage_with_options(usage, options);
op = argv[0];
if (!socket_path)
socket_path = get_socket_path();
if (!socket_path)
die("unable to find a suitable socket path; use --socket");
if (!strcmp(op, "exit"))
do_cache(socket_path, op, timeout, 0);
else if (!strcmp(op, "get") || !strcmp(op, "erase"))
do_cache(socket_path, op, timeout, FLAG_RELAY);
else if (!strcmp(op, "store"))
do_cache(socket_path, op, timeout, FLAG_RELAY|FLAG_SPAWN);
else if (!strcmp(op, "capability"))
announce_capabilities();
else
; /* ignore unknown operation */
return 0;
}
#else
int cmd_credential_cache(int argc, const char **argv, const char *prefix)
{
const char * const usage[] = {
"git credential-cache [options] <action>",
"",
"credential-cache is disabled in this build of Git",
NULL
};
struct option options[] = { OPT_END() };
argc = parse_options(argc, argv, prefix, options, usage, 0);
die(_("credential-cache unavailable; no unix socket support"));
}
#endif /* NO_UNIX_SOCKETS */
Reference in New Issue View Git Blame Copy Permalink