Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to use credentials from git-credential helper #4873

Open
jeroen opened this issue Oct 31, 2018 · 4 comments
Open

How to use credentials from git-credential helper #4873

jeroen opened this issue Oct 31, 2018 · 4 comments
Labels

Comments

@jeroen
Copy link
Contributor

jeroen commented Oct 31, 2018

Is it possible to make libgit2 authenticate using credentials that the user has previously stored via the command line git? Specifically Git for Windows defaults to storing credentials in Git Credential Manager for Windows which speaks the credential helper protocol.

I think this involves shelling out to git credential fill but maybe there is more to it. Is there an example that implements something like this? A git_cred_ helper function would also be very useful.

@dscho

@ethomson
Copy link
Member

As you've noted, this isn't something that we have built-in support for - we don't exec programs directly for a plurality of reasons. But indeed, it should be relatively straightforward to call out to the git credential fill command from a credential callback.

We do have an example of credential callbacks but we don't have an example for one that exec's something.

@jeroen
Copy link
Contributor Author

jeroen commented Oct 31, 2018

So for future reference, to get credentials from e.g. github.com the callback needs to invoke a shell command equivalent to this:

printf "protocol=https\nhost=github.com\n" | git credential fill

If credential for the given host is stored, those are returned, and otherwise the user is prompted for a username/password. The output is then printed to stdout like this:

protocol=https
host=github.com
username=jerry
password=2aae6c35c94fcfb415dbe95f408b9ce91ee846ed

Which you can then feed back to git_cred_userpass_plaintext_new in the callback.

@csware
Copy link
Contributor

csware commented Jan 3, 2019

I already wrote a (GPLed) framework executing external commands from libgit2 (for filters and ssh; cf. https://gitlab.com/tortoisegit/tortoisegit/tree/master/src/libgit2). I haven't found the time for extending it for the credential API, yet, but I'm open for contributions.

@connorjak
Copy link

So for future reference, to get credentials from e.g. github.com the callback needs to invoke a shell command equivalent to this:

printf "protocol=https\nhost=github.com\n" | git credential fill

If credential for the given host is stored, those are returned, and otherwise the user is prompted for a username/password. The output is then printed to stdout like this:

protocol=https
host=github.com
username=jerry
password=2aae6c35c94fcfb415dbe95f408b9ce91ee846ed

Which you can then feed back to git_cred_userpass_plaintext_new in the callback.

To adapt this to a windows C/C++ environment, I needed to use _popen("git credential fill < temp_file.txt", "r"), which opens a pipe to read the stdout output of git credential fill. The temp_file.txt was previously populated with

protocol=https
host=github.com

The reason I used a file instead of piping it in on the command line is passing input and reading output on the same pipe is not possible. The output string was constructed by reading from the pipe using fgets. Don't forget _pclose() as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

5 participants