gitwrapper/gitwrapper.c

   1 /*
   2  * Copyright (c) 2023 Stefan Sperling <stsp@openbsd.org>
   3  *
   4  * Permission to use, copy, modify, and distribute this software for any
   5  * purpose with or without fee is hereby granted, provided that the above
   6  * copyright notice and this permission notice appear in all copies.
   7  *
   8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
   9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  15  */
  16
  17 /*
  18  * Resolve path namespace conflicts for git-upload-pack and git-receive-pack.
  19  */
  20
  21 #include "got_compat.h"
  22
  23 #include <sys/queue.h>
  24 #include <sys/types.h>
  25 #include <sys/uio.h>
  26
  27 #include <err.h>
  28 #include <errno.h>
  29 #include <event.h>
  30 #include <limits.h>
  31 #include <stdio.h>
  32 #include <stdlib.h>
  33 #include <string.h>
  34 #include <syslog.h>
  35 #include <unistd.h>
  36
  37 #include "got_error.h"
  38 #include "got_object.h"
  39 #include "got_path.h"
  40
  41 #include "got_lib_dial.h"
  42
  43 #include "gotd.h"
  44 #include "log.h"
  45 #include "secrets.h"
  46
  47 #ifndef GITWRAPPER_GIT_LIBEXEC_DIR
  48 #define GITWRAPPER_GIT_LIBEXEC_DIR "/usr/local/libexec/git"
  49 #endif
  50
  51 #ifndef GITWRAPPER_MY_SERVER_PROG
  52 #define GITWRAPPER_MY_SERVER_PROG "gotsh"
  53 #endif
  54
  55 /* only needed to satisfy the linker */
  56 struct gotd_secret *
  57 gotd_secrets_get(struct gotd_secrets *secrets, enum gotd_secret_type t,
  58     const char *label)
  59 {
  60         return NULL;
  61 }
  62
  63 __dead static void
  64 usage(void)
  65 {
  66         fprintf(stderr, "usage: %s -c '%s|%s repository-path'\n",
  67             getprogname(), GOT_DIAL_CMD_SEND, GOT_DIAL_CMD_FETCH);
  68         exit(1);
  69 }
  70
  71 /*
  72  * Unveil the specific programs we want to start and hide everything else.
  73  * This is important to limit the impact of our "exec" pledge.
  74  */
  75 static const struct got_error *
  76 apply_unveil(const char *myserver)
  77 {
  78         const char *fetchcmd = GITWRAPPER_GIT_LIBEXEC_DIR "/" \
  79                 GOT_DIAL_CMD_FETCH;
  80         const char *sendcmd = GITWRAPPER_GIT_LIBEXEC_DIR "/" \
  81                 GOT_DIAL_CMD_SEND;
  82
  83 #ifdef PROFILE
  84         if (unveil("gmon.out", "rwc") != 0)
  85                 return got_error_from_errno2("unveil", "gmon.out");
  86 #endif
  87         if (unveil(fetchcmd, "x") != 0 && errno != ENOENT)
  88                 return got_error_from_errno2("unveil", fetchcmd);
  89
  90         if (unveil(sendcmd, "x") != 0 && errno != ENOENT)
  91                 return got_error_from_errno2("unveil", sendcmd);
  92
  93         if (myserver && unveil(myserver, "x") != 0 && errno != ENOENT)
  94                 return got_error_from_errno2("unveil", myserver);
  95
  96         if (unveil(NULL, NULL) != 0)
  97                 return got_error_from_errno("unveil");
  98
  99         return NULL;
 100 }
 101
 102 int
 103 main(int argc, char *argv[])
 104 {
 105         const struct got_error *error;
 106         const char *confpath = NULL;
 107         char *command = NULL, *repo_name = NULL; /* for matching gotd.conf */
 108         char *myserver = NULL;
 109         const char *repo_path = NULL; /* as passed on the command line */
 110         const char *relpath;
 111         char *gitcommand = NULL;
 112         struct gotd gotd;
 113         struct gotd_repo *repo = NULL;
 114
 115         log_init(1, LOG_USER); /* Log to stderr. */
 116
 117 #ifndef PROFILE
 118         if (pledge("stdio rpath exec unveil", NULL) == -1)
 119                 err(1, "pledge");
 120 #endif
 121
 122         /*
 123          * Look up our own server program in PATH so we can unveil(2) it.
 124          * This call only errors out upon memory allocation failure.
 125          * If the program cannot be found then myserver will be set to NULL.
 126          */
 127         error = got_path_find_prog(&myserver, GITWRAPPER_MY_SERVER_PROG);
 128         if (error)
 129                 goto done;
 130
 131         /*
 132          * Run parse_config() before unveil(2) because parse_config()
 133          * checks whether repository paths exist on disk.
 134          * Parsing errors and warnings will be logged to stderr.
 135          * Upon failure we will run Git's native tooling so do not
 136          * bother checking for errors here.
 137          */
 138         confpath = getenv("GOTD_CONF_PATH");
 139         if (confpath == NULL)
 140                 confpath = GOTD_CONF_PATH;
 141         parse_config(confpath, PROC_GITWRAPPER, NULL, &gotd);
 142
 143         error = apply_unveil(myserver);
 144         if (error)
 145                 goto done;
 146
 147 #ifndef PROFILE
 148         if (pledge("stdio exec", NULL) == -1)
 149                 err(1, "pledge");
 150 #endif
 151
 152         if (strcmp(getprogname(), GOT_DIAL_CMD_SEND) == 0 ||
 153             strcmp(getprogname(), GOT_DIAL_CMD_FETCH) == 0) {
 154                 if (argc != 2)
 155                         usage();
 156                 command = strdup(getprogname());
 157                 if (command == NULL) {
 158                         error = got_error_from_errno("strdup");
 159                         goto done;
 160                 }
 161                 repo_path = argv[1];
 162                 relpath = argv[1];
 163                 while (relpath[0] == '/')
 164                         relpath++;
 165                 repo_name = strdup(relpath);
 166                 if (repo_name == NULL) {
 167                         error = got_error_from_errno("strdup");
 168                         goto done;
 169                 }
 170         } else {
 171                 if (argc != 3 || strcmp(argv[1], "-c") != 0)
 172                         usage();
 173                 repo_path = argv[2];
 174                 error = got_dial_parse_command(&command, &repo_name,
 175                     repo_path);
 176                 if (error && error->code == GOT_ERR_BAD_PACKET)
 177                         usage();
 178                 if (error)
 179                         goto done;
 180         }
 181
 182         repo = gotd_find_repo_by_name(repo_name, &gotd.repos);
 183
 184         /*
 185          * Invoke our custom Git server if the repository was found
 186          * in gotd.conf. Otherwise invoke native git(1) tooling.
 187          */
 188         if (repo) {
 189                 if (myserver == NULL) {
 190                         error = got_error_fmt(GOT_ERR_NO_PROG,
 191                             "cannot run '%s'",
 192                             GITWRAPPER_MY_SERVER_PROG);
 193                         goto done;
 194                 }
 195                 execl(myserver, command, repo_name, (char *)NULL);
 196                 error = got_error_from_errno2("execl", myserver);
 197         } else {
 198                 if (asprintf(&gitcommand, "%s/%s",
 199                     GITWRAPPER_GIT_LIBEXEC_DIR, command) == -1) {
 200                         error = got_error_from_errno("asprintf");
 201                         goto done;
 202                 }
 203                 execl(gitcommand, gitcommand, repo_path, (char *)NULL);
 204                 error = got_error_from_errno2("execl", gitcommand);
 205         }
 206
 207 done:
 208         free(command);
 209         free(repo_name);
 210         free(myserver);
 211         free(gitcommand);
 212         if (error) {
 213                 fprintf(stderr, "%s: %s\n", getprogname(), error->msg);
 214                 return 1;
 215         }
 216
 217         return 0;
 218 }