private static void EnableTraceLogging(OperationArguments operationArguments) { const int LogFileMaxLength = 8 * 1024 * 1024; // 8 MB Trace.WriteLine("Program::EnableTraceLogging"); if (operationArguments.WriteLog) { Trace.WriteLine(" trace logging enabled"); string gitConfigPath; if (Where.GitLocalConfig(out gitConfigPath)) { Trace.WriteLine(" git local config found at " + gitConfigPath); string dotGitPath = Path.GetDirectoryName(gitConfigPath); string logFilePath = Path.Combine(dotGitPath, Path.ChangeExtension(ConfigPrefix, ".log")); string logFileName = operationArguments.TargetUri.ToString(); FileInfo logFileInfo = new FileInfo(logFilePath); if (logFileInfo.Exists && logFileInfo.Length > LogFileMaxLength) { for (int i = 1; i < Int32.MaxValue; i++) { string moveName = String.Format("{0}{1:000}.log", ConfigPrefix, i); string movePath = Path.Combine(dotGitPath, moveName); if (!File.Exists(movePath)) { logFileInfo.MoveTo(movePath); break; } } } Trace.WriteLine(" trace log destination is " + logFilePath); var listener = new TextWriterTraceListener(logFilePath, logFileName); Trace.Listeners.Add(listener); // write a small header to help with identifying new log entries listener.WriteLine(Environment.NewLine); listener.WriteLine(String.Format("Log Start ({0:u})", DateTimeOffset.Now)); listener.WriteLine(String.Format("Microsoft {0} version {0}", Program.Title, Version.ToString(3))); } } }
private static void Store() { // parse the operations arguments from stdin (this is how git sends commands) // see: https://www.kernel.org/pub/software/scm/git/docs/technical/api-credentials.html // see: https://www.kernel.org/pub/software/scm/git/docs/git-credential.html OperationArguments operationArguments = new OperationArguments(Console.In); Debug.Assert(operationArguments != null, "The operationArguments is null"); Debug.Assert(operationArguments.Username != null, "The operaionArgument.Username is null"); Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null"); LoadOperationArguments(operationArguments); EnableTraceLogging(operationArguments); Trace.WriteLine("Program::Store"); Trace.WriteLine(" targetUri = " + operationArguments.TargetUri); BaseAuthentication authentication = CreateAuthentication(operationArguments); Credential credentials = new Credential(operationArguments.Username, operationArguments.Password); authentication.SetCredentials(operationArguments.TargetUri, credentials); }
private static void LoadOperationArguments(OperationArguments operationArguments) { Debug.Assert(operationArguments != null, "The operationsArguments parameter is null."); Trace.WriteLine("Program::LoadOperationArguments"); Configuration config = new Configuration(); Configuration.Entry entry; if (config.TryGetEntry(ConfigPrefix, operationArguments.TargetUri, ConfigAuthortyKey, out entry)) { Trace.WriteLine(" " + ConfigAuthortyKey + " = " + entry.Value); if (String.Equals(entry.Value, "MSA", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "Microsoft", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "MicrosoftAccount", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "Live", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "LiveConnect", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "LiveID", StringComparison.OrdinalIgnoreCase)) { operationArguments.Authority = AuthorityType.MicrosoftAccount; } else if (String.Equals(entry.Value, "AAD", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "Azure", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "AzureDirectory", StringComparison.OrdinalIgnoreCase)) { operationArguments.Authority = AuthorityType.AzureDirectory; } else if (String.Equals(entry.Value, "Integrated", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "NTLM", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "Kerberos", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "SSO", StringComparison.OrdinalIgnoreCase)) { operationArguments.Authority = AuthorityType.Integrated; } else { operationArguments.Authority = AuthorityType.Basic; } } if (config.TryGetEntry(ConfigPrefix, operationArguments.TargetUri, ConfigInteractiveKey, out entry)) { Trace.WriteLine(" " + ConfigInteractiveKey + " = " + entry.Value); if (String.Equals("always", entry.Value, StringComparison.OrdinalIgnoreCase) || String.Equals("true", entry.Value, StringComparison.OrdinalIgnoreCase) || String.Equals("force", entry.Value, StringComparison.OrdinalIgnoreCase)) { operationArguments.Interactivity = Interactivity.Always; } else if (String.Equals("never", entry.Value, StringComparison.OrdinalIgnoreCase) || String.Equals("false", entry.Value, StringComparison.OrdinalIgnoreCase)) { operationArguments.Interactivity = Interactivity.Never; } } if (config.TryGetEntry(ConfigPrefix, operationArguments.TargetUri, ConfigValidateKey, out entry)) { Trace.WriteLine(" " + ConfigValidateKey + " = " + entry.Value); bool validate = operationArguments.ValidateCredentials; if (Boolean.TryParse(entry.Value, out validate)) { operationArguments.ValidateCredentials = validate; } } if (config.TryGetEntry(ConfigPrefix, operationArguments.TargetUri, ConfigWritelogKey, out entry)) { Trace.WriteLine(" " + ConfigWritelogKey + " = " + entry.Value); bool writelog = operationArguments.WriteLog; if (Boolean.TryParse(entry.Value, out writelog)) { operationArguments.WriteLog = writelog; } } if (config.TryGetEntry(ConfigPrefix, operationArguments.TargetUri, ConfigUseModalUi, out entry)) { Trace.WriteLine(" " + ConfigUseModalUi + " = " + entry.Value); bool usemodel = operationArguments.WriteLog; if (Boolean.TryParse(entry.Value, out usemodel)) { operationArguments.UseModalUi = usemodel; } } }
private static void Get() { const string AadMsaAuthFailureMessage = "Logon failed, use ctrl+c to cancel basic credential prompt."; const string GitHubAuthFailureMessage = "Logon failed, use ctrl+c to cancel basic credential prompt."; // parse the operations arguments from stdin (this is how git sends commands) // see: https://www.kernel.org/pub/software/scm/git/docs/technical/api-credentials.html // see: https://www.kernel.org/pub/software/scm/git/docs/git-credential.html OperationArguments operationArguments = new OperationArguments(Console.In); Debug.Assert(operationArguments != null, "The operationArguments is null"); Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null"); LoadOperationArguments(operationArguments); EnableTraceLogging(operationArguments); Trace.WriteLine("Program::Get"); Trace.WriteLine(" targetUri = " + operationArguments.TargetUri); BaseAuthentication authentication = CreateAuthentication(operationArguments); Credential credentials = null; switch (operationArguments.Authority) { default: case AuthorityType.Basic: if (authentication.GetCredentials(operationArguments.TargetUri, out credentials)) { Trace.WriteLine(" credentials found"); operationArguments.SetCredentials(credentials); } else if (operationArguments.UseModalUi) { // display the modal dialog string username; string password; if (PromptForCredentials(operationArguments.TargetUri, out username, out password)) { // set the credentials object // no need to save the credentials explicitly, as Git will call back // with a store command if the credentials are valid. credentials = new Credential(username, password); } } break; case AuthorityType.AzureDirectory: VsoAadAuthentication aadAuth = authentication as VsoAadAuthentication; Task.Run(async () => { // attmempt to get cached creds -> refresh creds -> non-interactive logon -> interactive logon // note that AAD "credentials" are always scoped access tokens if (((operationArguments.Interactivity != Interactivity.Always && aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Always && await aadAuth.RefreshCredentials(operationArguments.TargetUri, true) && aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Always && await aadAuth.NoninteractiveLogon(operationArguments.TargetUri, true) && aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Never && aadAuth.InteractiveLogon(operationArguments.TargetUri, true)) && aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))) { Trace.WriteLine(" credentials found"); operationArguments.SetCredentials(credentials); LogEvent("Azure Directory credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit); } else { Console.Error.WriteLine(AadMsaAuthFailureMessage); LogEvent("Failed to retrieve Azure Directory credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit); } }).Wait(); break; case AuthorityType.MicrosoftAccount: VsoMsaAuthentication msaAuth = authentication as VsoMsaAuthentication; Task.Run(async () => { // attmempt to get cached creds -> refresh creds -> interactive logon // note that MSA "credentials" are always scoped access tokens if (((operationArguments.Interactivity != Interactivity.Always && msaAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Always && await msaAuth.RefreshCredentials(operationArguments.TargetUri, true) && msaAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Never && msaAuth.InteractiveLogon(operationArguments.TargetUri, true)) && msaAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))) { Trace.WriteLine(" credentials found"); operationArguments.SetCredentials(credentials); LogEvent("Microsoft Live credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit); } else { Console.Error.WriteLine(AadMsaAuthFailureMessage); LogEvent("Failed to retrieve Microsoft Live credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit); } }).Wait(); break; case AuthorityType.GitHub: GithubAuthentication ghAuth = authentication as GithubAuthentication; Task.Run(async () => { if ((operationArguments.Interactivity != Interactivity.Always && ghAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await ghAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Never && ghAuth.InteractiveLogon(operationArguments.TargetUri, out credentials) && ghAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await ghAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))) { Trace.WriteLine(" credentials found"); operationArguments.SetCredentials(credentials); LogEvent("GitHub credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit); } else { Console.Error.WriteLine(GitHubAuthFailureMessage); LogEvent("Failed to retrieve GitHub credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit); } }).Wait(); break; case AuthorityType.Integrated: credentials = new Credential(String.Empty, String.Empty); operationArguments.SetCredentials(credentials); break; } Console.Out.Write(operationArguments); }
private static void Erase() { // parse the operations arguments from stdin (this is how git sends commands) // see: https://www.kernel.org/pub/software/scm/git/docs/technical/api-credentials.html // see: https://www.kernel.org/pub/software/scm/git/docs/git-credential.html OperationArguments operationArguments = new OperationArguments(Console.In); Debug.Assert(operationArguments != null, "The operationArguments is null"); Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null"); LoadOperationArguments(operationArguments); EnableTraceLogging(operationArguments); Trace.WriteLine("Program::Erase"); Trace.WriteLine(" targetUri = " + operationArguments.TargetUri); BaseAuthentication authentication = CreateAuthentication(operationArguments); switch (operationArguments.Authority) { default: case AuthorityType.Basic: authentication.DeleteCredentials(operationArguments.TargetUri); break; case AuthorityType.AzureDirectory: case AuthorityType.MicrosoftAccount: BaseVsoAuthentication vsoAuth = authentication as BaseVsoAuthentication; vsoAuth.DeleteCredentials(operationArguments.TargetUri); break; } }
private static BaseAuthentication CreateAuthentication(OperationArguments operationArguments) { Debug.Assert(operationArguments != null, "The operationArguments is null"); Trace.WriteLine("Program::CreateAuthentication"); var secrets = new SecretStore(SecretsNamespace); BaseAuthentication authority = null; switch (operationArguments.Authority) { case AuthorityType.Auto: Trace.WriteLine(" detecting authority type"); // detect the authority if (BaseVsoAuthentication.GetAuthentication(operationArguments.TargetUri, VsoCredentialScope, secrets, null, out authority) || GithubAuthentication.GetAuthentication(operationArguments.TargetUri, GithubCredentialScope, secrets, GithubCredentialPrompt, GithubAuthCodePrompt, null, out authority)) { // set the authority type based on the returned value if (authority is VsoMsaAuthentication) { operationArguments.Authority = AuthorityType.MicrosoftAccount; goto case AuthorityType.MicrosoftAccount; } else if (authority is VsoAadAuthentication) { operationArguments.Authority = AuthorityType.AzureDirectory; goto case AuthorityType.AzureDirectory; } else if (authority is GithubAuthentication) { operationArguments.Authority = AuthorityType.GitHub; goto case AuthorityType.GitHub; } } operationArguments.Authority = AuthorityType.Basic; goto case AuthorityType.Basic; case AuthorityType.AzureDirectory: Trace.WriteLine(" authority is Azure Directory"); Guid tenantId = Guid.Empty; // return the allocated authority or a generic AAD backed VSO authentication object return authority ?? new VsoAadAuthentication(Guid.Empty, VsoCredentialScope, secrets); case AuthorityType.Basic: default: Trace.WriteLine(" authority is basic"); // return a generic username + password authentication object return authority ?? new BasicAuthentication(secrets); case AuthorityType.GitHub: Trace.WriteLine(" authority it GitHub"); // return a GitHub authenitcation object return authority ?? new GithubAuthentication(GithubCredentialScope, secrets, GithubCredentialPrompt, GithubAuthCodePrompt, null); case AuthorityType.MicrosoftAccount: Trace.WriteLine(" authority is Microsoft Live"); // return the allocated authority or a generic MSA backed VSO authentication object return authority ?? new VsoMsaAuthentication(VsoCredentialScope, secrets); } }
private static void Erase() { // parse the operations arguments from stdin (this is how git sends commands) // see: https://www.kernel.org/pub/software/scm/git/docs/technical/api-credentials.html // see: https://www.kernel.org/pub/software/scm/git/docs/git-credential.html OperationArguments operationArguments = new OperationArguments(Console.In); Debug.Assert(operationArguments != null, "The operationArguments is null"); Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null"); LoadOperationArguments(operationArguments); EnableTraceLogging(operationArguments); Trace.WriteLine("Program::Erase"); Trace.WriteLine(" targetUri = " + operationArguments.TargetUri); if (operationArguments.PreserveCredentials) { Trace.WriteLine(" " + ConfigPreserveCredntials + " = true"); Trace.WriteLine(" cancelling erase request."); return; } BaseAuthentication authentication = CreateAuthentication(operationArguments); switch (operationArguments.Authority) { default: case AuthorityType.Basic: Trace.WriteLine(" deleting basic credentials"); authentication.DeleteCredentials(operationArguments.TargetUri); break; case AuthorityType.AzureDirectory: case AuthorityType.MicrosoftAccount: Trace.WriteLine(" deleting VSTS credentials"); BaseVstsAuthentication vstsAuth = authentication as BaseVstsAuthentication; vstsAuth.DeleteCredentials(operationArguments.TargetUri); break; case AuthorityType.GitHub: Trace.WriteLine(" deleting GitHub credentials"); GithubAuthentication ghAuth = authentication as GithubAuthentication; ghAuth.DeleteCredentials(operationArguments.TargetUri); break; } }
private static void LoadOperationArguments(OperationArguments operationArguments) { Debug.Assert(operationArguments != null, "The operationsArguments parameter is null."); Trace.WriteLine("Program::LoadOperationArguments"); Configuration config = new Configuration(); Configuration.Entry entry; if (config.TryGetEntry(ConfigPrefix, operationArguments.TargetUri, ConfigAuthortyKey, out entry)) { Trace.WriteLine(" " + ConfigAuthortyKey + " = " + entry.Value); if (String.Equals(entry.Value, "MSA", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "Microsoft", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "MicrosoftAccount", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "Live", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "LiveConnect", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "LiveID", StringComparison.OrdinalIgnoreCase)) { operationArguments.Authority = AuthorityType.MicrosoftAccount; } else if (String.Equals(entry.Value, "AAD", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "Azure", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "AzureDirectory", StringComparison.OrdinalIgnoreCase)) { operationArguments.Authority = AuthorityType.AzureDirectory; } else if (String.Equals(entry.Value, "Integrated", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "NTLM", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "Kerberos", StringComparison.OrdinalIgnoreCase) || String.Equals(entry.Value, "SSO", StringComparison.OrdinalIgnoreCase)) { operationArguments.Authority = AuthorityType.Integrated; } else { operationArguments.Authority = AuthorityType.Basic; } } if (config.TryGetEntry(ConfigPrefix, operationArguments.TargetUri, ConfigInteractiveKey, out entry)) { Trace.WriteLine(" " + ConfigInteractiveKey + " = " + entry.Value); if (String.Equals("always", entry.Value, StringComparison.OrdinalIgnoreCase) || String.Equals("true", entry.Value, StringComparison.OrdinalIgnoreCase) || String.Equals("force", entry.Value, StringComparison.OrdinalIgnoreCase)) { operationArguments.Interactivity = Interactivity.Always; } else if (String.Equals("never", entry.Value, StringComparison.OrdinalIgnoreCase) || String.Equals("false", entry.Value, StringComparison.OrdinalIgnoreCase)) { operationArguments.Interactivity = Interactivity.Never; } } if (config.TryGetEntry(ConfigPrefix, operationArguments.TargetUri, ConfigValidateKey, out entry)) { Trace.WriteLine(" " + ConfigValidateKey + " = " + entry.Value); bool validate = operationArguments.ValidateCredentials; if (Boolean.TryParse(entry.Value, out validate)) { operationArguments.ValidateCredentials = validate; } } if (config.TryGetEntry(ConfigPrefix, operationArguments.TargetUri, ConfigWritelogKey, out entry)) { Trace.WriteLine(" " + ConfigWritelogKey + " = " + entry.Value); bool writelog = operationArguments.WriteLog; if (Boolean.TryParse(entry.Value, out writelog)) { operationArguments.WriteLog = writelog; } } }
private static BaseAuthentication CreateAuthentication(OperationArguments operationArguments) { Debug.Assert(operationArguments != null, "The operationArguments is null"); Trace.WriteLine("Program::CreateAuthentication"); var secrets = new SecretStore(SecretsNamespace); BaseAuthentication authority = null; switch (operationArguments.Authority) { case AuthorityType.Auto: Trace.WriteLine(" detecting authority type"); // detect the authority if (BaseVsoAuthentication.GetAuthentication(operationArguments.TargetUri, VsoCredentialScope, secrets, null, out authority) || GithubAuthentication.GetAuthentication(operationArguments.TargetUri, GithubCredentialScope, secrets, out authority)) { // set the authority type based on the returned value if (authority is VsoMsaAuthentication) { operationArguments.Authority = AuthorityType.MicrosoftAccount; goto case AuthorityType.MicrosoftAccount; } else if (authority is VsoAadAuthentication) { operationArguments.Authority = AuthorityType.AzureDirectory; goto case AuthorityType.AzureDirectory; } else if (authority is GithubAuthentication) { operationArguments.Authority = AuthorityType.GitHub; goto case AuthorityType.GitHub; } } operationArguments.Authority = AuthorityType.Basic; goto case AuthorityType.Basic; case AuthorityType.AzureDirectory: Trace.WriteLine(" authority is Azure Directory"); Guid tenantId = Guid.Empty; // return the allocated authority or a generic AAD backed VSO authentication object return(authority ?? new VsoAadAuthentication(Guid.Empty, VsoCredentialScope, secrets)); case AuthorityType.Basic: default: Trace.WriteLine(" authority is basic"); // return a generic username + password authentication object return(authority ?? new BasicAuthentication(secrets)); case AuthorityType.GitHub: Trace.WriteLine(" authority it GitHub"); // return a GitHub authenitcation object return(authority ?? new GithubAuthentication(GithubCredentialScope, secrets)); case AuthorityType.MicrosoftAccount: Trace.WriteLine(" authority is Microsoft Live"); // return the allocated authority or a generic MSA backed VSO authentication object return(authority ?? new VsoMsaAuthentication(VsoCredentialScope, secrets)); } }
private static void Get() { const string AadMsaAuthFailureMessage = "Logon failed, use ctrl+c to cancel basic credential prompt."; const string GitHubAuthFailureMessage = "Logon failed, use ctrl+c to cancel basic credential prompt."; // parse the operations arguments from stdin (this is how git sends commands) // see: https://www.kernel.org/pub/software/scm/git/docs/technical/api-credentials.html // see: https://www.kernel.org/pub/software/scm/git/docs/git-credential.html OperationArguments operationArguments = new OperationArguments(Console.In); Debug.Assert(operationArguments != null, "The operationArguments is null"); Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null"); LoadOperationArguments(operationArguments); EnableTraceLogging(operationArguments); Trace.WriteLine("Program::Get"); Trace.WriteLine(" targetUri = " + operationArguments.TargetUri); BaseAuthentication authentication = CreateAuthentication(operationArguments); Credential credentials = null; switch (operationArguments.Authority) { default: case AuthorityType.Basic: if (authentication.GetCredentials(operationArguments.TargetUri, out credentials)) { Trace.WriteLine(" credentials found"); operationArguments.SetCredentials(credentials); } break; case AuthorityType.AzureDirectory: VsoAadAuthentication aadAuth = authentication as VsoAadAuthentication; Task.Run(async() => { // attmempt to get cached creds -> refresh creds -> non-interactive logon -> interactive logon // note that AAD "credentials" are always scoped access tokens if (((operationArguments.Interactivity != Interactivity.Always && aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Always && await aadAuth.RefreshCredentials(operationArguments.TargetUri, true) && aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Always && await aadAuth.NoninteractiveLogon(operationArguments.TargetUri, true) && aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Never && aadAuth.InteractiveLogon(operationArguments.TargetUri, true)) && aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))) { Trace.WriteLine(" credentials found"); operationArguments.SetCredentials(credentials); LogEvent("Azure Directory credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit); } else { Console.Error.WriteLine(AadMsaAuthFailureMessage); LogEvent("Failed to retrieve Azure Directory credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit); } }).Wait(); break; case AuthorityType.MicrosoftAccount: VsoMsaAuthentication msaAuth = authentication as VsoMsaAuthentication; Task.Run(async() => { // attmempt to get cached creds -> refresh creds -> interactive logon // note that MSA "credentials" are always scoped access tokens if (((operationArguments.Interactivity != Interactivity.Always && msaAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Always && await msaAuth.RefreshCredentials(operationArguments.TargetUri, true) && msaAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Never && msaAuth.InteractiveLogon(operationArguments.TargetUri, true)) && msaAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))) { Trace.WriteLine(" credentials found"); operationArguments.SetCredentials(credentials); LogEvent("Microsoft Live credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit); } else { Console.Error.WriteLine(AadMsaAuthFailureMessage); LogEvent("Failed to retrieve Microsoft Live credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit); } }).Wait(); break; case AuthorityType.GitHub: GithubAuthentication ghAuth = authentication as GithubAuthentication; Task.Run(async() => { if ((operationArguments.Interactivity != Interactivity.Always && ghAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await ghAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Never && ghAuth.InteractiveLogon(operationArguments.TargetUri, out credentials) && ghAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await ghAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))) { Trace.WriteLine(" credentials found"); operationArguments.SetCredentials(credentials); LogEvent("GitHub credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit); } else { Console.Error.WriteLine(GitHubAuthFailureMessage); LogEvent("Failed to retrieve GitHub credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit); } }).Wait(); break; case AuthorityType.Integrated: credentials = new Credential(String.Empty, String.Empty); operationArguments.SetCredentials(credentials); break; } Console.Out.Write(operationArguments); }
private static void LoadOperationArguments(OperationArguments operationArguments) { Debug.Assert(operationArguments != null, "The operationsArguments parameter is null."); Trace.WriteLine("Program::LoadOperationArguments"); if (operationArguments.TargetUri == null) { Console.Error.WriteLine("fatal: no host information, unable to continue."); Environment.Exit(-1); } Configuration config = new Configuration(); Configuration.Entry entry; if (config.TryGetEntry(ConfigPrefix, operationArguments.QueryUri, ConfigAuthortyKey, out entry)) { Trace.WriteLine(" " + ConfigAuthortyKey + " = " + entry.Value); if (ConfigStringComparer.Equals(entry.Value, "MSA") || ConfigStringComparer.Equals(entry.Value, "Microsoft") || ConfigStringComparer.Equals(entry.Value, "MicrosoftAccount") || ConfigStringComparer.Equals(entry.Value, "Live") || ConfigStringComparer.Equals(entry.Value, "LiveConnect") || ConfigStringComparer.Equals(entry.Value, "LiveID")) { operationArguments.Authority = AuthorityType.MicrosoftAccount; } else if (ConfigStringComparer.Equals(entry.Value, "AAD") || ConfigStringComparer.Equals(entry.Value, "Azure") || ConfigStringComparer.Equals(entry.Value, "AzureDirectory")) { operationArguments.Authority = AuthorityType.AzureDirectory; } else if (ConfigStringComparer.Equals(entry.Value, "Integrated") || ConfigStringComparer.Equals(entry.Value, "NTLM") || ConfigStringComparer.Equals(entry.Value, "Kerberos") || ConfigStringComparer.Equals(entry.Value, "SSO")) { operationArguments.Authority = AuthorityType.Integrated; } else { operationArguments.Authority = AuthorityType.Basic; } } if (config.TryGetEntry(ConfigPrefix, operationArguments.QueryUri, ConfigInteractiveKey, out entry)) { Trace.WriteLine(" " + ConfigInteractiveKey + " = " + entry.Value); if (ConfigStringComparer.Equals(entry.Value, "always") || ConfigStringComparer.Equals(entry.Value, "true") || ConfigStringComparer.Equals(entry.Value, "force")) { operationArguments.Interactivity = Interactivity.Always; } else if (ConfigStringComparer.Equals(entry.Value, "never") || ConfigStringComparer.Equals(entry.Value, "false")) { operationArguments.Interactivity = Interactivity.Never; } } if (config.TryGetEntry(ConfigPrefix, operationArguments.QueryUri, ConfigValidateKey, out entry)) { Trace.WriteLine(" " + ConfigValidateKey + " = " + entry.Value); bool validate = operationArguments.ValidateCredentials; if (Boolean.TryParse(entry.Value, out validate)) { operationArguments.ValidateCredentials = validate; } else { if (ConfigStringComparer.Equals(validate, "no")) { operationArguments.ValidateCredentials = false; } else if (ConfigStringComparer.Equals(validate, "yes")) { operationArguments.ValidateCredentials = true; } } } if (config.TryGetEntry(ConfigPrefix, operationArguments.QueryUri, ConfigWritelogKey, out entry)) { Trace.WriteLine(" " + ConfigWritelogKey + " = " + entry.Value); bool writelog = operationArguments.WriteLog; if (Boolean.TryParse(entry.Value, out writelog)) { operationArguments.WriteLog = writelog; } else { if (ConfigStringComparer.Equals(writelog, "no")) { operationArguments.WriteLog = false; } else if (ConfigStringComparer.Equals(writelog, "yes")) { operationArguments.WriteLog = true; } } } if (config.TryGetEntry(ConfigPrefix, operationArguments.QueryUri, ConfigUseModalPromptKey, out entry)) { Trace.WriteLine(" " + ConfigUseModalPromptKey + " = " + entry.Value); bool usemodel = operationArguments.UseModalUi; if (Boolean.TryParse(entry.Value, out usemodel)) { operationArguments.UseModalUi = usemodel; } else { if (ConfigStringComparer.Equals(usemodel, "no")) { operationArguments.UseModalUi = false; } else if (ConfigStringComparer.Equals(usemodel, "yes")) { operationArguments.UseModalUi = true; } } } if (config.TryGetEntry(ConfigPrefix, operationArguments.QueryUri, ConfigPreserveCredentialsKey, out entry)) { Trace.WriteLine(" " + ConfigPreserveCredentialsKey + " = " + entry.Value); bool preserveCredentials = operationArguments.UseModalUi; if (Boolean.TryParse(entry.Value, out preserveCredentials)) { operationArguments.PreserveCredentials = preserveCredentials; } else { if (ConfigStringComparer.Equals(preserveCredentials, "no")) { operationArguments.PreserveCredentials = false; } else if (ConfigStringComparer.Equals(preserveCredentials, "yes")) { operationArguments.PreserveCredentials = true; } } } if (config.TryGetEntry(ConfigPrefix, operationArguments.QueryUri, ConfigUseHttpPathKey, out entry)) { Trace.WriteLine(" " + ConfigUseHttpPathKey + " = " + entry.Value); bool useHttPath = operationArguments.UseHttpPath; if (Boolean.TryParse(entry.Value, out useHttPath)) { operationArguments.UseHttpPath = true; } } if (config.TryGetEntry(ConfigPrefix, operationArguments.QueryUri, ConfigHttpProxyKey, out entry) || config.TryGetEntry("http", operationArguments.QueryUri, "proxy", out entry)) { Trace.WriteLine(" " + ConfigHttpProxyKey + " = " + entry.Value); operationArguments.SetProxy(entry.Value); } }
private static void Delete() { Trace.WriteLine("Program::Erase"); string[] args = Environment.GetCommandLineArgs(); if (args.Length < 3) goto error_parse; string url = args[2]; Uri uri = null; if (Uri.IsWellFormedUriString(url, UriKind.Absolute)) { if (!Uri.TryCreate(url, UriKind.Absolute, out uri)) goto error_parse; } else { url = String.Format("{0}://{1}", Uri.UriSchemeHttps, url); if (!Uri.TryCreate(url, UriKind.Absolute, out uri)) goto error_parse; } OperationArguments operationArguments = new OperationArguments(TextReader.Null); operationArguments.QueryUri = uri; LoadOperationArguments(operationArguments); BaseAuthentication authentication = CreateAuthentication(operationArguments); switch (operationArguments.Authority) { default: case AuthorityType.Basic: Trace.WriteLine(" deleting basic credentials"); authentication.DeleteCredentials(operationArguments.TargetUri); break; case AuthorityType.AzureDirectory: case AuthorityType.MicrosoftAccount: Trace.WriteLine(" deleting VSTS credentials"); BaseVstsAuthentication vstsAuth = authentication as BaseVstsAuthentication; vstsAuth.DeleteCredentials(operationArguments.TargetUri); // call delete twice to purge any stored ADA tokens vstsAuth.DeleteCredentials(operationArguments.TargetUri); break; case AuthorityType.GitHub: Trace.WriteLine(" deleting GitHub credentials"); GithubAuthentication ghAuth = authentication as GithubAuthentication; ghAuth.DeleteCredentials(operationArguments.TargetUri); break; } return; error_parse: Console.Out.WriteLine("Fatal: unable to parse target uri."); }
private static BaseAuthentication CreateAuthentication(OperationArguments operationArguments) { Debug.Assert(operationArguments != null, "The operationArguments is null"); Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null"); Trace.WriteLine("Program::CreateAuthentication"); Secret.UriNameConversion getTargetName = Secret.UriToSimpleName; if (operationArguments.UseHttpPath) { getTargetName = Secret.UriToPathedName; } var secrets = new SecretStore(SecretsNamespace, null, null, getTargetName); BaseAuthentication authority = null; switch (operationArguments.Authority) { case AuthorityType.Auto: Trace.WriteLine(" detecting authority type"); // detect the authority if (BaseVstsAuthentication.GetAuthentication(operationArguments.TargetUri, VstsCredentialScope, secrets, null, out authority) || GithubAuthentication.GetAuthentication(operationArguments.TargetUri, GithubCredentialScope, secrets, operationArguments.UseModalUi ? new GithubAuthentication.AcquireCredentialsDelegate(GitHub.Authentication.AuthenticationPrompts.CredentialModalPrompt) : new GithubAuthentication.AcquireCredentialsDelegate(GithubCredentialPrompt), operationArguments.UseModalUi ? new GithubAuthentication.AcquireAuthenticationCodeDelegate(GitHub.Authentication.AuthenticationPrompts.AuthenticationCodeModalPrompt) : new GithubAuthentication.AcquireAuthenticationCodeDelegate(GithubAuthCodePrompt), null, out authority)) { // set the authority type based on the returned value if (authority is VstsMsaAuthentication) { operationArguments.Authority = AuthorityType.MicrosoftAccount; goto case AuthorityType.MicrosoftAccount; } else if (authority is VstsAadAuthentication) { operationArguments.Authority = AuthorityType.AzureDirectory; goto case AuthorityType.AzureDirectory; } else if (authority is GithubAuthentication) { operationArguments.Authority = AuthorityType.GitHub; goto case AuthorityType.GitHub; } } operationArguments.Authority = AuthorityType.Basic; goto case AuthorityType.Basic; case AuthorityType.AzureDirectory: Trace.WriteLine(" authority is Azure Directory"); Guid tenantId = Guid.Empty; // return the allocated authority or a generic AAD backed VSTS authentication object return authority ?? new VstsAadAuthentication(Guid.Empty, VstsCredentialScope, secrets); case AuthorityType.Basic: default: Trace.WriteLine(" authority is basic"); // return a generic username + password authentication object return authority ?? new BasicAuthentication(secrets); case AuthorityType.GitHub: Trace.WriteLine(" authority it GitHub"); // return a GitHub authenitcation object return authority ?? new GithubAuthentication(GithubCredentialScope, secrets, operationArguments.UseModalUi ? new GithubAuthentication.AcquireCredentialsDelegate(GitHub.Authentication.AuthenticationPrompts.CredentialModalPrompt) : new GithubAuthentication.AcquireCredentialsDelegate(GithubCredentialPrompt), operationArguments.UseModalUi ? new GithubAuthentication.AcquireAuthenticationCodeDelegate(GitHub.Authentication.AuthenticationPrompts.AuthenticationCodeModalPrompt) : new GithubAuthentication.AcquireAuthenticationCodeDelegate(GithubAuthCodePrompt), null); case AuthorityType.MicrosoftAccount: Trace.WriteLine(" authority is Microsoft Live"); // return the allocated authority or a generic MSA backed VSTS authentication object return authority ?? new VstsMsaAuthentication(VstsCredentialScope, secrets); } }