Merge pull request #36 from desktop/separate-helper-trampoline

Create a separate credential helper trampoline
desktop · Jun 3, 2024 · 03004d0 · 03004d0
2 parents ac8a04f + fd06e4c
commit 03004d0
Show file tree

Hide file tree

Showing 6 changed files with 194 additions and 88 deletions.
diff --git a/README.md b/README.md
@@ -60,7 +60,7 @@ The equivalent Bash shell code looks like this:
 
 ```sh
   # environment variable
-  GIT_ASKPASS="C:/some/path/to/desktop-trampoline.exe" \
+  GIT_ASKPASS="C:/some/path/to/desktop-askpass-trampoline.exe" \
   # ensure Git doesn't block the process waiting for the user to provide input
   GIT_TERMINAL_PROMPT=0 \
   git \

diff --git a/binding.gyp b/binding.gyp
@@ -1,15 +1,8 @@
   {
-    'targets': [
-      {
-        'target_name': 'desktop-trampoline',
+    'target_defaults': {
         'defines': [
           "NAPI_VERSION=<(napi_build_version)",
         ],
-        'type': 'executable',
-        'sources': [
-          'src/desktop-trampoline.c',
-          'src/socket.c'
-        ],
         'include_dirs': [
           '<!(node -p "require(\'node-addon-api\').include_dir")',
           'include'
@@ -42,62 +35,50 @@
         'msvs_settings': {
           'VCCLCompilerTool': { 'ExceptionHandling': 1 },
         },
+        'conditions': [
+          ['OS=="win"', { 'defines': [ 'WINDOWS' ] }]
+        ]
+    },
+    'targets': [
+      {
+        'target_name': 'desktop-askpass-trampoline',
+        'type': 'executable',
+        'sources': [
+          'src/desktop-trampoline.c',
+          'src/socket.c'
+        ],
         'conditions': [
           ['OS=="win"', {
-            'defines': [ 'WINDOWS' ],
             'link_settings': {
               'libraries': [ 'Ws2_32.lib' ]
             }
           }]
         ]
       },
       {
-        'target_name': 'ssh-wrapper',
+        'target_name': 'desktop-credential-helper-trampoline',
+        'type': 'executable',
         'defines': [
-          "NAPI_VERSION=<(napi_build_version)",
+          'CREDENTIAL_HELPER'
         ],
-        'type': 'executable',
         'sources': [
-          'src/ssh-wrapper.c'
-        ],
-        'include_dirs': [
-          '<!(node -p "require(\'node-addon-api\').include_dir")',
-          'include'
-        ],
-        'xcode_settings': {
-          'OTHER_CFLAGS': [
-            '-Wall',
-            '-Werror',
-            '-Werror=format-security',
-            '-fPIC',
-            '-D_FORTIFY_SOURCE=1',
-            '-fstack-protector-strong'
-          ]
-        },
-        'cflags!': [
-          '-Wall',
-          '-Werror',
-          '-fPIC',
-          '-pie',
-          '-D_FORTIFY_SOURCE=1',
-          '-fstack-protector-strong',
-          '-Werror=format-security',
-          '-fno-exceptions'
-        ],
-        'cflags_cc!': [ '-fno-exceptions' ],
-        'ldflags!': [
-          '-z relro',
-          '-z now'
+          'src/desktop-trampoline.c',
+          'src/socket.c'
         ],
-        'msvs_settings': {
-          'VCCLCompilerTool': { 'ExceptionHandling': 1 },
-        },
         'conditions': [
-          # For now only build it for macOS, since it's not needed on Windows
           ['OS=="win"', {
-            'defines': [ 'WINDOWS' ],
+            'link_settings': {
+              'libraries': [ 'Ws2_32.lib' ]
+            }
           }]
         ]
       },
+      {
+        'target_name': 'ssh-wrapper',
+        'type': 'executable',
+        'sources': [
+          'src/ssh-wrapper.c'
+        ],
+      },
     ],
   }
diff --git a/index.d.ts b/index.d.ts
@@ -1,5 +1,8 @@
-export function getDesktopTrampolinePath(): string
-export function getDesktopTrampolineFilename(): string
+export function getDesktopAskpassTrampolinePath(): string
+export function getDesktopAskpassTrampolineFilename(): string
+
+export function getDesktopCredentialHelperTrampolinePath(): string
+export function getDesktopCredentialHelperTrampolineFilename(): string
 
 export function getSSHWrapperPath(): string
 export function getSSHWrapperFilename(): string
diff --git a/index.js b/index.js
@@ -1,18 +1,33 @@
 const Path = require('path')
 
-function getDesktopTrampolinePath() {
+function getDesktopAskpassTrampolinePath() {
   return Path.join(
     __dirname,
     'build',
     'Release',
-    getDesktopTrampolineFilename()
+    getDesktopAskpassTrampolineFilename()
   )
 }
 
-function getDesktopTrampolineFilename() {
+function getDesktopAskpassTrampolineFilename() {
   return process.platform === 'win32'
-    ? 'desktop-trampoline.exe'
-    : 'desktop-trampoline'
+    ? 'desktop-askpass-trampoline.exe'
+    : 'desktop-askpass-trampoline'
+}
+
+function getDesktopCredentialHelperTrampolinePath() {
+  return Path.join(
+    __dirname,
+    'build',
+    'Release',
+    getDesktopCredentialHelperTrampolineFilename()
+  )
+}
+
+function getDesktopCredentialHelperTrampolineFilename() {
+  return process.platform === 'win32'
+    ? 'desktop-credential-helper-trampoline.exe'
+    : 'desktop-credential-helper-trampoline'
 }
 
 function getSSHWrapperPath() {
@@ -24,8 +39,10 @@ function getSSHWrapperFilename() {
 }
 
 module.exports = {
-  getDesktopTrampolinePath,
-  getDesktopTrampolineFilename,
+  getDesktopAskpassTrampolinePath,
+  getDesktopAskpassTrampolineFilename,
+  getDesktopCredentialHelperTrampolinePath,
+  getDesktopCredentialHelperTrampolineFilename,
   getSSHWrapperPath,
   getSSHWrapperFilename,
 }
diff --git a/src/desktop-trampoline.c b/src/desktop-trampoline.c
@@ -9,6 +9,13 @@
 #define BUFFER_LENGTH 4096
 #define MAXIMUM_NUMBER_LENGTH 33
 
+#ifdef CREDENTIAL_HELPER
+  #define DESKTOP_TRAMPOLINE_IDENTIFIER "CREDENTIALHELPER"
+#else
+  #define DESKTOP_TRAMPOLINE_IDENTIFIER "ASKPASS"
+#endif
+
+
 #define WRITE_STRING_OR_EXIT(dataName, dataString) \
 if (writeSocket(socket, dataString, strlen(dataString) + 1) != 0) { \
   printSocketError("ERROR: Couldn't send " dataName); \
@@ -17,9 +24,8 @@ if (writeSocket(socket, dataString, strlen(dataString) + 1) != 0) { \
 
 // This is a list of valid environment variables that GitHub Desktop might
 // send or expect to receive.
-#define NUMBER_OF_VALID_ENV_VARS 2
+#define NUMBER_OF_VALID_ENV_VARS 1
 static const char *sValidEnvVars[NUMBER_OF_VALID_ENV_VARS] = {
-  "DESKTOP_TRAMPOLINE_IDENTIFIER",
   "DESKTOP_TRAMPOLINE_TOKEN",
 };
 
@@ -81,8 +87,9 @@ int runTrampolineClient(SOCKET *outSocket, int argc, char **argv, char **envp) {
   }
 
   // Get the number of environment variables
-  char *validEnvVars[NUMBER_OF_VALID_ENV_VARS];
-  int envc = 0;
+  char *validEnvVars[NUMBER_OF_VALID_ENV_VARS + 1];
+  validEnvVars[0] = "DESKTOP_TRAMPOLINE_IDENTIFIER=" DESKTOP_TRAMPOLINE_IDENTIFIER;
+  int envc = 1;
   for (char **env = envp; *env != 0; env++) {
     if (isValidEnvVar(*env)) {
       validEnvVars[envc] = *env;
@@ -100,7 +107,15 @@ int runTrampolineClient(SOCKET *outSocket, int argc, char **argv, char **envp) {
     WRITE_STRING_OR_EXIT("environment variable", validEnvVars[idx]);
   }
 
-  // TODO: send stdin stuff?
+  char stdinBuffer[BUFFER_LENGTH + 1];
+  int stdinBytes = 0;
+
+  #ifdef CREDENTIAL_HELPER
+    stdinBytes = fread(stdinBuffer, sizeof(char), BUFFER_LENGTH, stdin);
+  #endif
+
+  stdinBuffer[stdinBytes] = '\0';
+  WRITE_STRING_OR_EXIT("stdin", stdinBuffer);
 
   char buffer[BUFFER_LENGTH + 1];
   size_t totalBytesRead = 0;