osxkeychain: lock for exclusive execution #1729
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -12,6 +12,7 @@ static CFStringRef username; | |
| static CFDataRef password; | ||
| static CFDataRef password_expiry_utc; | ||
| static CFDataRef oauth_refresh_token; | ||
| static int state_seen; | ||
|
|
||
| static void clear_credential(void) | ||
| { | ||
|
|
@@ -171,6 +172,9 @@ static OSStatus find_internet_password(void) | |
|
|
||
| CFRelease(item); | ||
|
|
||
| write_item("capability[]", "state", strlen("state")); | ||
| write_item("state[]", "osxkeychain:seen=1", strlen("osxkeychain:seen=1")); | ||
|
|
||
| out: | ||
| CFRelease(attrs); | ||
|
|
||
|
|
@@ -284,6 +288,9 @@ static OSStatus add_internet_password(void) | |
| CFDictionaryRef attrs; | ||
| OSStatus result; | ||
|
|
||
| if (state_seen) | ||
| return errSecSuccess; | ||
|
|
||
| /* Only store complete credentials */ | ||
| if (!protocol || !host || !username || !password) | ||
| return -1; | ||
|
|
@@ -395,6 +402,10 @@ static void read_credential(void) | |
| oauth_refresh_token = CFDataCreate(kCFAllocatorDefault, | ||
| (UInt8 *)v, | ||
| strlen(v)); | ||
| else if (!strcmp(buf, "state[]")) { | ||
| if (!strcmp(v, "osxkeychain:seen=1")) | ||
| state_seen = 1; | ||
| } | ||
| /* | ||
| * Ignore other lines; we don't know what they mean, but | ||
| * this future-proofs us when later versions of git do | ||
|
|
@@ -414,6 +425,9 @@ int main(int argc, const char **argv) | |
| if (!argv[1]) | ||
|
There was a problem hiding this comment. On the Git mailing list, Junio C Hamano wrote (reply to this): "Koji Nakamaru via GitGitGadget" <gitgitgadget@gmail.com> writes:
> From: Koji Nakamaru <koji.nakamaru@gree.net>
>
> Resolves "failed to store: -25299" when "fetch.parallel 0" is configured
> and there are many submodules.
Use of third-person singular without subject for the "observation"
part is highly unusual the log messages in our codebase.
The usual way to compose a log message of this project is to
- Give an observation on how the current system work in the present
tense (so no need to say "Currently X is Y", just "X is Y"), and
discuss what you perceive as a problem in it.
- Propose a solution (optional---often, problem description
trivially leads to an obvious solution in reader's minds).
- Give commands to the codebase to "become like so".
in this order.
> The error code -25299 (errSecDuplicateItem) may be returned by
> SecItemUpdate() in add_internet_password() if multiple instances of
> git-credential-osxkeychain run in parallel. This patch introduces an
> exclusive lock to serialize execution for avoiding this and other
> potential issues.
"This patch introduces" -> "Introduce"
Is this step still needed, though?
> Signed-off-by: Koji Nakamaru <koji.nakamaru@gree.net>
> ---
> contrib/credential/osxkeychain/git-credential-osxkeychain.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/contrib/credential/osxkeychain/git-credential-osxkeychain.c b/contrib/credential/osxkeychain/git-credential-osxkeychain.c
> index 6a40917b1ef..0884db48d0a 100644
> --- a/contrib/credential/osxkeychain/git-credential-osxkeychain.c
> +++ b/contrib/credential/osxkeychain/git-credential-osxkeychain.c
> @@ -414,6 +414,9 @@ int main(int argc, const char **argv)
> if (!argv[1])
> die("%s", usage);
>
> + if (open(argv[0], O_RDONLY | O_EXLOCK) == -1)
> + die("failed to lock %s", argv[0]);
> +
> read_credential();
>
> if (!strcmp(argv[1], "get"))There was a problem hiding this comment. On the Git mailing list, Koji Nakamaru wrote (reply to this): Thank you for the instruction about a log message. I'll follow it.
> Is this step still needed, though?
For solving the issue I originally had, just utilizing state[] to skip
"store" operations is enough.
Since the osxkeychain implementation doesn't seem to be aware that it
can run in parallel, I thought it would be better to leave this step in
case a similar problem occurs. If this reason is weak, I'll remove this
step.
Koji Nakamaru |
||
| die("%s", usage); | ||
|
|
||
| if (open(argv[0], O_RDONLY | O_EXLOCK) == -1) | ||
| die("failed to lock %s", argv[0]); | ||
|
|
||
| read_credential(); | ||
|
|
||
| if (!strcmp(argv[1], "get")) | ||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On the Git mailing list, Junio C Hamano wrote (reply to this):
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On the Git mailing list, Koji Nakamaru wrote (reply to this):