git
97 строк · 2.8 Кб
1// Copyright 2012 Google Inc. All Rights Reserved.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15package main
16
17import (
18"fmt"
19"log"
20"net"
21"os"
22"path/filepath"
23"syscall"
24)
25
26// A Socket is a wrapper around a Unix socket that verifies directory
27// permissions.
28type Socket struct {
29Dir string
30}
31
32func defaultDir() string {
33sockPath := ".git-credential-cache"
34if home := os.Getenv("HOME"); home != "" {
35return filepath.Join(home, sockPath)
36}
37log.Printf("socket: cannot find HOME path. using relative directory %q for socket", sockPath)
38return sockPath
39}
40
41// DefaultSocket is a Socket in the $HOME/.git-credential-cache directory.
42var DefaultSocket = Socket{Dir: defaultDir()}
43
44// Listen announces the local network address of the unix socket. The
45// permissions on the socket directory are verified before attempting
46// the actual listen.
47func (s Socket) Listen() (net.Listener, error) {
48network, addr := "unix", s.Path()
49if err := s.mkdir(); err != nil {
50return nil, &net.OpError{Op: "listen", Net: network, Addr: &net.UnixAddr{Name: addr, Net: network}, Err: err}
51}
52return net.Listen(network, addr)
53}
54
55// Dial connects to the unix socket. The permissions on the socket directory
56// are verified before attempting the actual dial.
57func (s Socket) Dial() (net.Conn, error) {
58network, addr := "unix", s.Path()
59if err := s.checkPermissions(); err != nil {
60return nil, &net.OpError{Op: "dial", Net: network, Addr: &net.UnixAddr{Name: addr, Net: network}, Err: err}
61}
62return net.Dial(network, addr)
63}
64
65// Path returns the fully specified file name of the unix socket.
66func (s Socket) Path() string {
67return filepath.Join(s.Dir, "persistent-https-proxy-socket")
68}
69
70func (s Socket) mkdir() error {
71if err := s.checkPermissions(); err == nil {
72return nil
73} else if !os.IsNotExist(err) {
74return err
75}
76if err := os.MkdirAll(s.Dir, 0700); err != nil {
77return err
78}
79return s.checkPermissions()
80}
81
82func (s Socket) checkPermissions() error {
83fi, err := os.Stat(s.Dir)
84if err != nil {
85return err
86}
87if !fi.IsDir() {
88return fmt.Errorf("socket: got file, want directory for %q", s.Dir)
89}
90if fi.Mode().Perm() != 0700 {
91return fmt.Errorf("socket: got perm %o, want 700 for %q", fi.Mode().Perm(), s.Dir)
92}
93if st := fi.Sys().(*syscall.Stat_t); int(st.Uid) != os.Getuid() {
94return fmt.Errorf("socket: got uid %d, want %d for %q", st.Uid, os.Getuid(), s.Dir)
95}
96return nil
97}
98