contrib/persistent-https/socket.go - git - Git at Google

 // Copyright 2012 Google Inc. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package main

 import (
 	"fmt"
 	"log"
 	"net"
 	"os"
 	"path/filepath"
 	"syscall"
 )

 // A Socket is a wrapper around a Unix socket that verifies directory
 // permissions.
 type Socket struct {
 	Dir string
 }

 func defaultDir() string {
 	sockPath := ".git-credential-cache"
 	if home := os.Getenv("HOME"); home != "" {
 		return filepath.Join(home, sockPath)
 	}
 	log.Printf("socket: cannot find HOME path. using relative directory %q for socket", sockPath)
 	return sockPath
 }

 // DefaultSocket is a Socket in the $HOME/.git-credential-cache directory.
 var DefaultSocket = Socket{Dir: defaultDir()}

 // Listen announces the local network address of the unix socket. The
 // permissions on the socket directory are verified before attempting
 // the actual listen.
 func (s Socket) Listen() (net.Listener, error) {
 	network, addr := "unix", s.Path()
 	if err := s.mkdir(); err != nil {
 		return nil, &net.OpError{Op: "listen", Net: network, Addr: &net.UnixAddr{Name: addr, Net: network}, Err: err}
 	}
 	return net.Listen(network, addr)
 }

 // Dial connects to the unix socket. The permissions on the socket directory
 // are verified before attempting the actual dial.
 func (s Socket) Dial() (net.Conn, error) {
 	network, addr := "unix", s.Path()
 	if err := s.checkPermissions(); err != nil {
 		return nil, &net.OpError{Op: "dial", Net: network, Addr: &net.UnixAddr{Name: addr, Net: network}, Err: err}
 	}
 	return net.Dial(network, addr)
 }

 // Path returns the fully specified file name of the unix socket.
 func (s Socket) Path() string {
 	return filepath.Join(s.Dir, "persistent-https-proxy-socket")
 }

 func (s Socket) mkdir() error {
 	if err := s.checkPermissions(); err == nil {
 		return nil
 	} else if !os.IsNotExist(err) {
 		return err
 	}
 	if err := os.MkdirAll(s.Dir, 0700); err != nil {
 		return err
 	}
 	return s.checkPermissions()
 }

 func (s Socket) checkPermissions() error {
 	fi, err := os.Stat(s.Dir)
 	if err != nil {
 		return err
 	}
 	if !fi.IsDir() {
 		return fmt.Errorf("socket: got file, want directory for %q", s.Dir)
 	}
 	if fi.Mode().Perm() != 0700 {
 		return fmt.Errorf("socket: got perm %o, want 700 for %q", fi.Mode().Perm(), s.Dir)
 	}
 	if st := fi.Sys().(*syscall.Stat_t); int(st.Uid) != os.Getuid() {
 		return fmt.Errorf("socket: got uid %d, want %d for %q", st.Uid, os.Getuid(), s.Dir)
 	}
 	return nil
 }
	// Copyright 2012 Google Inc. All Rights Reserved.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package main

	import (
	"fmt"
	"log"
	"net"
	"os"
	"path/filepath"
	"syscall"
	)

	// A Socket is a wrapper around a Unix socket that verifies directory
	// permissions.
	type Socket struct {
	Dir string
	}

	func defaultDir() string {
	sockPath := ".git-credential-cache"
	if home := os.Getenv("HOME"); home != "" {
	return filepath.Join(home, sockPath)
	}
	log.Printf("socket: cannot find HOME path. using relative directory %q for socket", sockPath)
	return sockPath
	}

	// DefaultSocket is a Socket in the $HOME/.git-credential-cache directory.
	var DefaultSocket = Socket{Dir: defaultDir()}

	// Listen announces the local network address of the unix socket. The
	// permissions on the socket directory are verified before attempting
	// the actual listen.
	func (s Socket) Listen() (net.Listener, error) {
	network, addr := "unix", s.Path()
	if err := s.mkdir(); err != nil {
	return nil, &net.OpError{Op: "listen", Net: network, Addr: &net.UnixAddr{Name: addr, Net: network}, Err: err}
	}
	return net.Listen(network, addr)
	}

	// Dial connects to the unix socket. The permissions on the socket directory
	// are verified before attempting the actual dial.
	func (s Socket) Dial() (net.Conn, error) {
	network, addr := "unix", s.Path()
	if err := s.checkPermissions(); err != nil {
	return nil, &net.OpError{Op: "dial", Net: network, Addr: &net.UnixAddr{Name: addr, Net: network}, Err: err}
	}
	return net.Dial(network, addr)
	}

	// Path returns the fully specified file name of the unix socket.
	func (s Socket) Path() string {
	return filepath.Join(s.Dir, "persistent-https-proxy-socket")
	}

	func (s Socket) mkdir() error {
	if err := s.checkPermissions(); err == nil {
	return nil
	} else if !os.IsNotExist(err) {
	return err
	}
	if err := os.MkdirAll(s.Dir, 0700); err != nil {
	return err
	}
	return s.checkPermissions()
	}

	func (s Socket) checkPermissions() error {
	fi, err := os.Stat(s.Dir)
	if err != nil {
	return err
	}
	if !fi.IsDir() {
	return fmt.Errorf("socket: got file, want directory for %q", s.Dir)
	}
	if fi.Mode().Perm() != 0700 {
	return fmt.Errorf("socket: got perm %o, want 700 for %q", fi.Mode().Perm(), s.Dir)
	}
	if st := fi.Sys().(*syscall.Stat_t); int(st.Uid) != os.Getuid() {
	return fmt.Errorf("socket: got uid %d, want %d for %q", st.Uid, os.Getuid(), s.Dir)
	}
	return nil
	}