search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
make got-read-object clear its imsgbuf before exit in an error case
[got-portable.git] / lib / dial.c
blobcfa2e3f620cec146787249e3db07b69d7a32be00
1 /*
2 * Copyright (c) 2018, 2019 Ori Bernstein <ori@openbsd.org>
3 * Copyright (c) 2021 Stefan Sperling <stsp@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18 #include "got_compat.h"
19
20 #include <sys/queue.h>
21 #include <sys/tree.h>
22 #include <sys/types.h>
23 #include <sys/socket.h>
24 #include <sys/uio.h>
25 #include <netdb.h>
26
27 #include <assert.h>
28 #include <err.h>
29 #include <stdint.h>
30 #include <limits.h>
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <string.h>
34 #include <unistd.h>
35 #include <imsg.h>
36
37 #include "got_error.h"
38 #include "got_path.h"
39 #include "got_object.h"
40
41 #include "got_compat.h"
42
43 #include "got_lib_dial.h"
44 #include "got_lib_delta.h"
45 #include "got_lib_hash.h"
46 #include "got_lib_object.h"
47 #include "got_lib_privsep.h"
48 #include "got_dial.h"
49
50 #ifndef nitems
51 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
52 #endif
53
54 #ifndef ssizeof
55 #define ssizeof(_x) ((ssize_t)(sizeof(_x)))
56 #endif
57
58 #ifndef MIN
59 #define MIN(_a,_b) ((_a) < (_b) ? (_a) : (_b))
60 #endif
61
62 #ifndef GOT_DIAL_PATH_SSH
63 #define GOT_DIAL_PATH_SSH "/usr/bin/ssh"
64 #endif
65
66 /* IANA assigned */
67 #define GOT_DEFAULT_GIT_PORT 9418
68 #define GOT_DEFAULT_GIT_PORT_STR "9418"
69
70 const struct got_error *
71 got_dial_apply_unveil(const char *proto)
72 {
73 if (strcmp(proto, "git+ssh") == 0 || strcmp(proto, "ssh") == 0) {
74 if (unveil(GOT_DIAL_PATH_SSH, "x") != 0) {
75 return got_error_from_errno2("unveil",
76 GOT_DIAL_PATH_SSH);
77 }
78 }
79
80 if (strstr(proto, "http") != NULL) {
81 if (unveil(GOT_PATH_PROG_FETCH_HTTP, "x") != 0) {
82 return got_error_from_errno2("unveil",
83 GOT_PATH_PROG_FETCH_HTTP);
84 }
85 }
86
87 return NULL;
88 }
89
90 static int
91 hassuffix(const char *base, const char *suf)
92 {
93 int nb, ns;
94
95 nb = strlen(base);
96 ns = strlen(suf);
97 if (ns <= nb && strcmp(base + (nb - ns), suf) == 0)
98 return 1;
99 return 0;
100 }
101
102 const struct got_error *
103 got_dial_parse_uri(char **proto, char **host, char **port,
104 char **server_path, char **repo_name, const char *uri)
105 {
106 const struct got_error *err = NULL;
107 char *s, *p, *q;
108
109 *proto = *host = *port = *server_path = *repo_name = NULL;
110
111 p = strstr(uri, "://");
112 if (!p) {
113 /* Try parsing Git's "scp" style URL syntax. */
114 *proto = strdup("ssh");
115 if (*proto == NULL) {
116 err = got_error_from_errno("strdup");
117 goto done;
118 }
119 s = (char *)uri;
120 q = strchr(s, ':');
121 if (q == NULL) {
122 err = got_error(GOT_ERR_PARSE_URI);
123 goto done;
124 }
125 /* No slashes allowed before first colon. */
126 p = strchr(s, '/');
127 if (p && q > p) {
128 err = got_error(GOT_ERR_PARSE_URI);
129 goto done;
130 }
131 *host = strndup(s, q - s);
132 if (*host == NULL) {
133 err = got_error_from_errno("strndup");
134 goto done;
135 }
136 if ((*host)[0] == '\0') {
137 err = got_error(GOT_ERR_PARSE_URI);
138 goto done;
139 }
140 p = q + 1;
141 } else {
142 *proto = strndup(uri, p - uri);
143 if (*proto == NULL) {
144 err = got_error_from_errno("strndup");
145 goto done;
146 }
147 s = p + 3;
148
149 p = strstr(s, "/");
150 if (p == NULL || strlen(p) == 1) {
151 err = got_error(GOT_ERR_PARSE_URI);
152 goto done;
153 }
154
155 q = memchr(s, ':', p - s);
156 if (q) {
157 *host = strndup(s, q - s);
158 if (*host == NULL) {
159 err = got_error_from_errno("strndup");
160 goto done;
161 }
162 if ((*host)[0] == '\0') {
163 err = got_error(GOT_ERR_PARSE_URI);
164 goto done;
165 }
166 *port = strndup(q + 1, p - (q + 1));
167 if (*port == NULL) {
168 err = got_error_from_errno("strndup");
169 goto done;
170 }
171 if ((*port)[0] == '\0') {
172 err = got_error(GOT_ERR_PARSE_URI);
173 goto done;
174 }
175 } else {
176 *host = strndup(s, p - s);
177 if (*host == NULL) {
178 err = got_error_from_errno("strndup");
179 goto done;
180 }
181 if ((*host)[0] == '\0') {
182 err = got_error(GOT_ERR_PARSE_URI);
183 goto done;
184 }
185 }
186 }
187
188 while (p[0] == '/' && (p[1] == '/' || p[1] == '~'))
189 p++;
190 *server_path = strdup(p);
191 if (*server_path == NULL) {
192 err = got_error_from_errno("strdup");
193 goto done;
194 }
195 got_path_strip_trailing_slashes(*server_path);
196 if ((*server_path)[0] == '\0') {
197 err = got_error(GOT_ERR_PARSE_URI);
198 goto done;
199 }
200
201 err = got_path_basename(repo_name, *server_path);
202 if (err)
203 goto done;
204 if (hassuffix(*repo_name, ".git"))
205 (*repo_name)[strlen(*repo_name) - 4] = '\0';
206 if ((*repo_name)[0] == '\0')
207 err = got_error(GOT_ERR_PARSE_URI);
208 done:
209 if (err) {
210 free(*proto);
211 *proto = NULL;
212 free(*host);
213 *host = NULL;
214 free(*port);
215 *port = NULL;
216 free(*server_path);
217 *server_path = NULL;
218 free(*repo_name);
219 *repo_name = NULL;
220 }
221 return err;
222 }
223
224 /*
225 * Escape a given path for the shell which will be started by sshd.
226 * In particular, git-shell is known to require single-quote characters
227 * around its repository path argument and will refuse to run otherwise.
228 */
229 static const struct got_error *
230 escape_path(char *buf, size_t bufsize, const char *path)
231 {
232 const char *p;
233 char *q;
234
235 p = path;
236 q = buf;
237
238 if (bufsize > 1)
239 *q++ = '\'';
240
241 while (*p != '\0' && (q - buf < bufsize)) {
242 /* git escapes ! too */
243 if (*p != '\'' && *p != '!') {
244 *q++ = *p++;
245 continue;
246 }
247
248 if (q - buf + 4 >= bufsize)
249 break;
250 *q++ = '\'';
251 *q++ = '\\';
252 *q++ = *p++;
253 *q++ = '\'';
254 }
255
256 if (*p == '\0' && (q - buf + 1 < bufsize)) {
257 *q++ = '\'';
258 *q = '\0';
259 return NULL;
260 }
261
262 return got_error_fmt(GOT_ERR_NO_SPACE, "overlong path: %s", path);
263 }
264
265 const struct got_error *
266 got_dial_ssh(pid_t *newpid, int *newfd, const char *host,
267 const char *port, const char *path, const char *jumphost,
268 const char *command, int verbosity)
269 {
270 const struct got_error *error = NULL;
271 int pid, pfd[2];
272 char cmd[64];
273 char escaped_path[PATH_MAX];
274 const char *argv[13];
275 int i = 0, j;
276
277 *newpid = -1;
278 *newfd = -1;
279
280 error = escape_path(escaped_path, sizeof(escaped_path), path);
281 if (error)
282 return error;
283
284 argv[i++] = GOT_DIAL_PATH_SSH;
285 if (port != NULL) {
286 argv[i++] = "-p";
287 argv[i++] = (char *)port;
288 }
289 if (verbosity <= 0) {
290 argv[i++] = "-q";
291 } else if (verbosity > 1) {
292 /* ssh(1) allows up to 3 "-v" options. */
293 for (j = 0; j < MIN(3, verbosity); j++)
294 argv[i++] = "-v";
295 }
296 if (jumphost) {
297 argv[i++] = "-J";
298 argv[i++] = jumphost;
299 }
300 argv[i++] = "--";
301 argv[i++] = (char *)host;
302 argv[i++] = (char *)cmd;
303 argv[i++] = (char *)escaped_path;
304 argv[i++] = NULL;
305 assert(i <= nitems(argv));
306
307 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pfd) == -1)
308 return got_error_from_errno("socketpair");
309
310 pid = fork();
311 if (pid == -1) {
312 error = got_error_from_errno("fork");
313 close(pfd[0]);
314 close(pfd[1]);
315 return error;
316 } else if (pid == 0) {
317 if (close(pfd[1]) == -1)
318 err(1, "close");
319 if (dup2(pfd[0], 0) == -1)
320 err(1, "dup2");
321 if (dup2(pfd[0], 1) == -1)
322 err(1, "dup2");
323 if (strlcpy(cmd, command, sizeof(cmd)) >= sizeof(cmd))
324 err(1, "snprintf");
325 if (execv(GOT_DIAL_PATH_SSH, (char *const *)argv) == -1)
326 err(1, "execv %s", GOT_DIAL_PATH_SSH);
327 abort(); /* not reached */
328 } else {
329 if (close(pfd[0]) == -1)
330 return got_error_from_errno("close");
331 *newpid = pid;
332 *newfd = pfd[1];
333 return NULL;
334 }
335 }
336
337 const struct got_error *
338 got_dial_git(int *newfd, const char *host, const char *port,
339 const char *path, const char *command)
340 {
341 const struct got_error *err = NULL;
342 struct addrinfo hints, *servinfo, *p;
343 char *cmd = NULL;
344 int fd = -1, len, r, eaicode;
345
346 *newfd = -1;
347
348 if (port == NULL)
349 port = GOT_DEFAULT_GIT_PORT_STR;
350
351 memset(&hints, 0, sizeof hints);
352 hints.ai_family = AF_UNSPEC;
353 hints.ai_socktype = SOCK_STREAM;
354 eaicode = getaddrinfo(host, port, &hints, &servinfo);
355 if (eaicode) {
356 char msg[512];
357 snprintf(msg, sizeof(msg), "%s: %s", host,
358 gai_strerror(eaicode));
359 return got_error_msg(GOT_ERR_ADDRINFO, msg);
360 }
361
362 for (p = servinfo; p != NULL; p = p->ai_next) {
363 if ((fd = socket(p->ai_family, p->ai_socktype,
364 p->ai_protocol)) == -1)
365 continue;
366 if (connect(fd, p->ai_addr, p->ai_addrlen) == 0) {
367 err = NULL;
368 break;
369 }
370 err = got_error_from_errno("connect");
371 close(fd);
372 }
373 freeaddrinfo(servinfo);
374 if (p == NULL)
375 goto done;
376
377 if (asprintf(&cmd, "%s %s", command, path) == -1) {
378 err = got_error_from_errno("asprintf");
379 goto done;
380 }
381 len = 4 + strlen(cmd) + 1 + strlen("host=") + strlen(host) + 1;
382 r = dprintf(fd, "%04x%s%chost=%s%c", len, cmd, '\0', host, '\0');
383 if (r < 0)
384 err = got_error_from_errno("dprintf");
385 done:
386 free(cmd);
387 if (err) {
388 if (fd != -1)
389 close(fd);
390 } else
391 *newfd = fd;
392 return err;
393 }
394
395 const struct got_error *
396 got_dial_http(pid_t *newpid, int *newfd, const char *host,
397 const char *port, const char *path, int verbosity, int tls)
398 {
399 const struct got_error *error = NULL;
400 int pid, pfd[2];
401 const char *argv[8];
402 int i = 0;
403
404 *newpid = -1;
405 *newfd = -1;
406
407 if (!port)
408 port = tls ? "443" : "80";
409
410 argv[i++] = GOT_PATH_PROG_FETCH_HTTP;
411 if (verbosity == -1)
412 argv[i++] = "-q";
413 else if (verbosity > 0)
414 argv[i++] = "-v";
415 argv[i++] = "--";
416 argv[i++] = tls ? "https" : "http";
417 argv[i++] = host;
418 argv[i++] = port;
419 argv[i++] = path;
420 argv[i++] = NULL;
421 assert(i <= nitems(argv));
422
423 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pfd) == -1)
424 return got_error_from_errno("socketpair");
425
426 pid = fork();
427 if (pid == -1) {
428 error = got_error_from_errno("fork");
429 close(pfd[0]);
430 close(pfd[1]);
431 return error;
432 } else if (pid == 0) {
433 if (close(pfd[1]) == -1)
434 err(1, "close");
435 if (dup2(pfd[0], 0) == -1)
436 err(1, "dup2");
437 if (dup2(pfd[0], 1) == -1)
438 err(1, "dup2");
439 if (execv(GOT_PATH_PROG_FETCH_HTTP, (char *const *)argv) == -1)
440 err(1, "execv %s", GOT_PATH_PROG_FETCH_HTTP);
441 abort(); /* not reached */
442 } else {
443 if (close(pfd[0]) == -1)
444 return got_error_from_errno("close");
445 *newpid = pid;
446 *newfd = pfd[1];
447 return NULL;
448 }
449 }
450
451 const struct got_error *
452 got_dial_parse_command(char **command, char **repo_path, const char *gitcmd)
453 {
454 const struct got_error *err = NULL;
455 size_t len, cmdlen, pathlen;
456 char *path0 = NULL, *path, *abspath = NULL, *canonpath = NULL;
457 const char *relpath;
458
459 *command = NULL;
460 *repo_path = NULL;
461
462 len = strlen(gitcmd);
463
464 if (len >= strlen(GOT_DIAL_CMD_SEND) &&
465 strncmp(gitcmd, GOT_DIAL_CMD_SEND,
466 strlen(GOT_DIAL_CMD_SEND)) == 0)
467 cmdlen = strlen(GOT_DIAL_CMD_SEND);
468 else if (len >= strlen(GOT_DIAL_CMD_FETCH) &&
469 strncmp(gitcmd, GOT_DIAL_CMD_FETCH,
470 strlen(GOT_DIAL_CMD_FETCH)) == 0)
471 cmdlen = strlen(GOT_DIAL_CMD_FETCH);
472 else
473 return got_error(GOT_ERR_BAD_PACKET);
474
475 if (len <= cmdlen + 1 || gitcmd[cmdlen] != ' ')
476 return got_error(GOT_ERR_BAD_PACKET);
477
478 if (memchr(&gitcmd[cmdlen + 1], '\0', len - cmdlen) == NULL)
479 return got_error(GOT_ERR_BAD_PATH);
480
481 /* Forbid linefeeds in paths, like Git does. */
482 if (memchr(&gitcmd[cmdlen + 1], '\n', len - cmdlen) != NULL)
483 return got_error(GOT_ERR_BAD_PATH);
484
485 path0 = strdup(&gitcmd[cmdlen + 1]);
486 if (path0 == NULL)
487 return got_error_from_errno("strdup");
488 path = path0;
489 pathlen = strlen(path);
490
491 /*
492 * Git clients send a shell command.
493 * Trim spaces and quotes around the path.
494 */
495 while (path[0] == '\'' || path[0] == '\"' || path[0] == ' ') {
496 path++;
497 pathlen--;
498 }
499 while (pathlen > 0 &&
500 (path[pathlen - 1] == '\'' || path[pathlen - 1] == '\"' ||
501 path[pathlen - 1] == ' ')) {
502 path[pathlen - 1] = '\0';
503 pathlen--;
504 }
505
506 /* Deny an empty repository path. */
507 if (path[0] == '\0' || got_path_is_root_dir(path)) {
508 err = got_error(GOT_ERR_NOT_GIT_REPO);
509 goto done;
510 }
511
512 if (asprintf(&abspath, "/%s", path) == -1) {
513 err = got_error_from_errno("asprintf");
514 goto done;
515 }
516 pathlen = strlen(abspath);
517 canonpath = malloc(pathlen + 1);
518 if (canonpath == NULL) {
519 err = got_error_from_errno("malloc");
520 goto done;
521 }
522 err = got_canonpath(abspath, canonpath, pathlen + 1);
523 if (err)
524 goto done;
525
526 relpath = canonpath;
527 while (relpath[0] == '/')
528 relpath++;
529 *repo_path = strdup(relpath);
530 if (*repo_path == NULL) {
531 err = got_error_from_errno("strdup");
532 goto done;
533 }
534 *command = strndup(gitcmd, cmdlen);
535 if (*command == NULL)
536 err = got_error_from_errno("strndup");
537 done:
538 free(path0);
539 free(abspath);
540 free(canonpath);
541 if (err) {
542 free(*repo_path);
543 *repo_path = NULL;
544 }
545 return err;
546 }
portable version of Game of Trees