git

1
// Copyright 2012 Google Inc. All Rights Reserved.
2
//
3
// Licensed under the Apache License, Version 2.0 (the "License");
4
// you may not use this file except in compliance with the License.
5
// You may obtain a copy of the License at
6
//
7
//     http://www.apache.org/licenses/LICENSE-2.0
8
//
9
// Unless required by applicable law or agreed to in writing, software
10
// distributed under the License is distributed on an "AS IS" BASIS,
11
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
// See the License for the specific language governing permissions and
13
// limitations under the License.
14

15
package main
16

17
import (
18
	"fmt"
19
	"log"
20
	"net"
21
	"os"
22
	"path/filepath"
23
	"syscall"
24
)
25

26
// A Socket is a wrapper around a Unix socket that verifies directory
27
// permissions.
28
type Socket struct {
29
	Dir string
30
}
31

32
func defaultDir() string {
33
	sockPath := ".git-credential-cache"
34
	if home := os.Getenv("HOME"); home != "" {
35
		return filepath.Join(home, sockPath)
36
	}
37
	log.Printf("socket: cannot find HOME path. using relative directory %q for socket", sockPath)
38
	return sockPath
39
}
40

41
// DefaultSocket is a Socket in the $HOME/.git-credential-cache directory.
42
var DefaultSocket = Socket{Dir: defaultDir()}
43

44
// Listen announces the local network address of the unix socket. The
45
// permissions on the socket directory are verified before attempting
46
// the actual listen.
47
func (s Socket) Listen() (net.Listener, error) {
48
	network, addr := "unix", s.Path()
49
	if err := s.mkdir(); err != nil {
50
		return nil, &net.OpError{Op: "listen", Net: network, Addr: &net.UnixAddr{Name: addr, Net: network}, Err: err}
51
	}
52
	return net.Listen(network, addr)
53
}
54

55
// Dial connects to the unix socket. The permissions on the socket directory
56
// are verified before attempting the actual dial.
57
func (s Socket) Dial() (net.Conn, error) {
58
	network, addr := "unix", s.Path()
59
	if err := s.checkPermissions(); err != nil {
60
		return nil, &net.OpError{Op: "dial", Net: network, Addr: &net.UnixAddr{Name: addr, Net: network}, Err: err}
61
	}
62
	return net.Dial(network, addr)
63
}
64

65
// Path returns the fully specified file name of the unix socket.
66
func (s Socket) Path() string {
67
	return filepath.Join(s.Dir, "persistent-https-proxy-socket")
68
}
69

70
func (s Socket) mkdir() error {
71
	if err := s.checkPermissions(); err == nil {
72
		return nil
73
	} else if !os.IsNotExist(err) {
74
		return err
75
	}
76
	if err := os.MkdirAll(s.Dir, 0700); err != nil {
77
		return err
78
	}
79
	return s.checkPermissions()
80
}
81

82
func (s Socket) checkPermissions() error {
83
	fi, err := os.Stat(s.Dir)
84
	if err != nil {
85
		return err
86
	}
87
	if !fi.IsDir() {
88
		return fmt.Errorf("socket: got file, want directory for %q", s.Dir)
89
	}
90
	if fi.Mode().Perm() != 0700 {
91
		return fmt.Errorf("socket: got perm %o, want 700 for %q", fi.Mode().Perm(), s.Dir)
92
	}
93
	if st := fi.Sys().(*syscall.Stat_t); int(st.Uid) != os.Getuid() {
94
		return fmt.Errorf("socket: got uid %d, want %d for %q", st.Uid, os.Getuid(), s.Dir)
95
	}
96
	return nil
97
}
98