1 // Copyright 2019 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // gitauth uses 'git credential' to implement the GOAUTH protocol described in
6 // https://golang.org/issue/26232. It expects an absolute path to the working
7 // directory for the 'git' command as the first command-line argument.
9 // Example GOAUTH usage:
10 // export GOAUTH="gitauth $HOME"
12 // See https://git-scm.com/docs/gitcredentials or run 'man gitcredentials' for
13 // information on how to configure 'git credential'.
19 exec "golang.org/x/sys/execabs"
29 if len(os.Args) < 2 || !filepath.IsAbs(os.Args[1]) {
30 fmt.Fprintf(os.Stderr, "usage: %s WORKDIR [URL]", os.Args[0])
34 log.SetPrefix("gitauth: ")
36 if len(os.Args) != 3 {
37 // No explicit URL was passed on the command line, but 'git credential'
38 // provides no way to enumerate existing credentials.
39 // Wait for a request for a specific URL.
43 u, err := url.ParseRequestURI(os.Args[2])
45 log.Fatalf("invalid request URI (%v): %q\n", err, os.Args[1])
50 lastHeader http.Header
51 lastStatus = http.StatusUnauthorized
53 for lastStatus == http.StatusUnauthorized {
54 cmd := exec.Command("git", "credential", "fill")
56 // We don't want to execute a 'git' command in an arbitrary directory, since
57 // that opens up a number of config-injection attacks (for example,
58 // https://golang.org/issue/29230). Instead, we have the user configure a
59 // directory explicitly on the command line.
62 cmd.Stdin = strings.NewReader(fmt.Sprintf("url=%s\n", u))
63 cmd.Stderr = os.Stderr
64 out, err := cmd.Output()
66 log.Fatalf("'git credential fill' failed: %v\n", err)
70 var username, password string
71 lines := strings.Split(string(out), "\n")
72 for _, line := range lines {
73 frags := strings.SplitN(line, "=", 2)
75 continue // Ignore unrecognized response lines.
77 switch strings.TrimSpace(frags[0]) {
79 prefix.Scheme = frags[1]
81 prefix.Host = frags[1]
83 prefix.Path = frags[1]
89 // Write to a local variable instead of updating prefix directly:
90 // if the url field is malformed, we don't want to invalidate
91 // information parsed from the protocol, host, and path fields.
92 u, err := url.ParseRequestURI(frags[1])
96 log.Printf("malformed URL from 'git credential fill' (%v): %q\n", err, frags[1])
97 // Proceed anyway: we might be able to parse the prefix from other fields of the response.
102 // Double-check that the URL Git gave us is a prefix of the one we requested.
103 if !strings.HasPrefix(u.String(), prefix.String()) {
104 log.Fatalf("requested a credential for %q, but 'git credential fill' provided one for %q\n", u, prefix)
107 // Send a HEAD request to try to detect whether the credential is valid.
108 // If the user just typed in a correct password and has caching enabled,
109 // we don't want to nag them for it again the next time they run a 'go' command.
110 req, err := http.NewRequest("HEAD", u.String(), nil)
112 log.Fatalf("internal error constructing HTTP HEAD request: %v\n", err)
114 req.SetBasicAuth(username, password)
115 lastHeader = req.Header
116 resp, err := http.DefaultClient.Do(req)
118 log.Printf("HTTPS HEAD request failed to connect: %v\n", err)
119 // Couldn't verify the credential, but we have no evidence that it is invalid either.
120 // Proceed, but don't update git's credential cache.
123 lastStatus = resp.StatusCode
125 if resp.StatusCode != http.StatusOK {
126 log.Printf("%s: %v %s\n", u, resp.StatusCode, http.StatusText(resp.StatusCode))
129 if resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusUnauthorized {
130 // We learned something about the credential: it either worked or it was invalid.
131 // Approve or reject the credential (on a best-effort basis)
132 // so that the git credential helper can update its cache as appropriate.
134 if resp.StatusCode != http.StatusOK {
137 cmd = exec.Command("git", "credential", action)
138 cmd.Stderr = os.Stderr
139 cmd.Stdout = os.Stderr
140 cmd.Stdin = bytes.NewReader(out)
145 // Write out the credential in the format expected by the 'go' command.
146 fmt.Printf("%s\n\n", prefix)
147 lastHeader.Write(os.Stdout)