search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
avoid needless use of STAILQ_FOREACH_SAFE, we are not removing elements here
[got-portable.git] / lib / dial.c
blobe167ce4fc4fdbd3ba61f87ec9df08caaeedc1759
1 /*
2 * Copyright (c) 2018, 2019 Ori Bernstein <ori@openbsd.org>
3 * Copyright (c) 2021 Stefan Sperling <stsp@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18 #include "got_compat.h"
19
20 #include <sys/queue.h>
21 #include <sys/types.h>
22 #include <sys/socket.h>
23 #include <sys/uio.h>
24 #include <netdb.h>
25
26 #include <assert.h>
27 #include <err.h>
28 #include <stdint.h>
29 #include <limits.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <unistd.h>
34 #include <imsg.h>
35
36 #include "got_error.h"
37 #include "got_path.h"
38 #include "got_object.h"
39
40 #include "got_compat.h"
41
42 #include "got_lib_dial.h"
43 #include "got_lib_delta.h"
44 #include "got_lib_hash.h"
45 #include "got_lib_object.h"
46 #include "got_lib_privsep.h"
47 #include "got_dial.h"
48
49 #ifndef nitems
50 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
51 #endif
52
53 #ifndef ssizeof
54 #define ssizeof(_x) ((ssize_t)(sizeof(_x)))
55 #endif
56
57 #ifndef MIN
58 #define MIN(_a,_b) ((_a) < (_b) ? (_a) : (_b))
59 #endif
60
61 #ifndef GOT_DIAL_PATH_SSH
62 #define GOT_DIAL_PATH_SSH "/usr/bin/ssh"
63 #endif
64
65 /* IANA assigned */
66 #define GOT_DEFAULT_GIT_PORT 9418
67 #define GOT_DEFAULT_GIT_PORT_STR "9418"
68
69 const struct got_error *
70 got_dial_apply_unveil(const char *proto)
71 {
72 if (strcmp(proto, "git+ssh") == 0 || strcmp(proto, "ssh") == 0) {
73 if (unveil(GOT_DIAL_PATH_SSH, "x") != 0) {
74 return got_error_from_errno2("unveil",
75 GOT_DIAL_PATH_SSH);
76 }
77 }
78
79 if (strstr(proto, "http") != NULL) {
80 if (unveil(GOT_PATH_PROG_FETCH_HTTP, "x") != 0) {
81 return got_error_from_errno2("unveil",
82 GOT_PATH_PROG_FETCH_HTTP);
83 }
84 }
85
86 return NULL;
87 }
88
89 static int
90 hassuffix(const char *base, const char *suf)
91 {
92 int nb, ns;
93
94 nb = strlen(base);
95 ns = strlen(suf);
96 if (ns <= nb && strcmp(base + (nb - ns), suf) == 0)
97 return 1;
98 return 0;
99 }
100
101 const struct got_error *
102 got_dial_parse_uri(char **proto, char **host, char **port,
103 char **server_path, char **repo_name, const char *uri)
104 {
105 const struct got_error *err = NULL;
106 char *s, *p, *q;
107
108 *proto = *host = *port = *server_path = *repo_name = NULL;
109
110 p = strstr(uri, "://");
111 if (!p) {
112 /* Try parsing Git's "scp" style URL syntax. */
113 *proto = strdup("ssh");
114 if (*proto == NULL) {
115 err = got_error_from_errno("strdup");
116 goto done;
117 }
118 s = (char *)uri;
119 q = strchr(s, ':');
120 if (q == NULL) {
121 err = got_error(GOT_ERR_PARSE_URI);
122 goto done;
123 }
124 /* No slashes allowed before first colon. */
125 p = strchr(s, '/');
126 if (p && q > p) {
127 err = got_error(GOT_ERR_PARSE_URI);
128 goto done;
129 }
130 *host = strndup(s, q - s);
131 if (*host == NULL) {
132 err = got_error_from_errno("strndup");
133 goto done;
134 }
135 if ((*host)[0] == '\0') {
136 err = got_error(GOT_ERR_PARSE_URI);
137 goto done;
138 }
139 p = q + 1;
140 } else {
141 *proto = strndup(uri, p - uri);
142 if (*proto == NULL) {
143 err = got_error_from_errno("strndup");
144 goto done;
145 }
146 s = p + 3;
147
148 p = strstr(s, "/");
149 if (p == NULL || strlen(p) == 1) {
150 err = got_error(GOT_ERR_PARSE_URI);
151 goto done;
152 }
153
154 q = memchr(s, ':', p - s);
155 if (q) {
156 *host = strndup(s, q - s);
157 if (*host == NULL) {
158 err = got_error_from_errno("strndup");
159 goto done;
160 }
161 if ((*host)[0] == '\0') {
162 err = got_error(GOT_ERR_PARSE_URI);
163 goto done;
164 }
165 *port = strndup(q + 1, p - (q + 1));
166 if (*port == NULL) {
167 err = got_error_from_errno("strndup");
168 goto done;
169 }
170 if ((*port)[0] == '\0') {
171 err = got_error(GOT_ERR_PARSE_URI);
172 goto done;
173 }
174 } else {
175 *host = strndup(s, p - s);
176 if (*host == NULL) {
177 err = got_error_from_errno("strndup");
178 goto done;
179 }
180 if ((*host)[0] == '\0') {
181 err = got_error(GOT_ERR_PARSE_URI);
182 goto done;
183 }
184 }
185 }
186
187 while (p[0] == '/' && (p[1] == '/' || p[1] == '~'))
188 p++;
189 *server_path = strdup(p);
190 if (*server_path == NULL) {
191 err = got_error_from_errno("strdup");
192 goto done;
193 }
194 got_path_strip_trailing_slashes(*server_path);
195 if ((*server_path)[0] == '\0') {
196 err = got_error(GOT_ERR_PARSE_URI);
197 goto done;
198 }
199
200 err = got_path_basename(repo_name, *server_path);
201 if (err)
202 goto done;
203 if (hassuffix(*repo_name, ".git"))
204 (*repo_name)[strlen(*repo_name) - 4] = '\0';
205 if ((*repo_name)[0] == '\0')
206 err = got_error(GOT_ERR_PARSE_URI);
207 done:
208 if (err) {
209 free(*proto);
210 *proto = NULL;
211 free(*host);
212 *host = NULL;
213 free(*port);
214 *port = NULL;
215 free(*server_path);
216 *server_path = NULL;
217 free(*repo_name);
218 *repo_name = NULL;
219 }
220 return err;
221 }
222
223 /*
224 * Escape a given path for the shell which will be started by sshd.
225 * In particular, git-shell is known to require single-quote characters
226 * around its repository path argument and will refuse to run otherwise.
227 */
228 static const struct got_error *
229 escape_path(char *buf, size_t bufsize, const char *path)
230 {
231 const char *p;
232 char *q;
233
234 p = path;
235 q = buf;
236
237 if (bufsize > 1)
238 *q++ = '\'';
239
240 while (*p != '\0' && (q - buf < bufsize)) {
241 /* git escapes ! too */
242 if (*p != '\'' && *p != '!') {
243 *q++ = *p++;
244 continue;
245 }
246
247 if (q - buf + 4 >= bufsize)
248 break;
249 *q++ = '\'';
250 *q++ = '\\';
251 *q++ = *p++;
252 *q++ = '\'';
253 }
254
255 if (*p == '\0' && (q - buf + 1 < bufsize)) {
256 *q++ = '\'';
257 *q = '\0';
258 return NULL;
259 }
260
261 return got_error_fmt(GOT_ERR_NO_SPACE, "overlong path: %s", path);
262 }
263
264 const struct got_error *
265 got_dial_ssh(pid_t *newpid, int *newfd, const char *host,
266 const char *port, const char *path, const char *jumphost,
267 const char *identity_file, const char *command, int verbosity)
268 {
269 const struct got_error *error = NULL;
270 int pid, pfd[2];
271 char cmd[64];
272 char escaped_path[PATH_MAX];
273 const char *argv[15];
274 int i = 0, j;
275
276 *newpid = -1;
277 *newfd = -1;
278
279 error = escape_path(escaped_path, sizeof(escaped_path), path);
280 if (error)
281 return error;
282
283 argv[i++] = GOT_DIAL_PATH_SSH;
284 if (port != NULL) {
285 argv[i++] = "-p";
286 argv[i++] = (char *)port;
287 }
288 if (verbosity <= 0) {
289 argv[i++] = "-q";
290 } else if (verbosity > 1) {
291 /* ssh(1) allows up to 3 "-v" options. */
292 for (j = 0; j < MIN(3, verbosity); j++)
293 argv[i++] = "-v";
294 }
295 if (identity_file) {
296 argv[i++] = "-i";
297 argv[i++] = identity_file;
298 }
299 if (jumphost) {
300 argv[i++] = "-J";
301 argv[i++] = jumphost;
302 }
303 argv[i++] = "--";
304 argv[i++] = (char *)host;
305 argv[i++] = (char *)cmd;
306 argv[i++] = (char *)escaped_path;
307 argv[i++] = NULL;
308 assert(i <= nitems(argv));
309
310 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pfd) == -1)
311 return got_error_from_errno("socketpair");
312
313 pid = fork();
314 if (pid == -1) {
315 error = got_error_from_errno("fork");
316 close(pfd[0]);
317 close(pfd[1]);
318 return error;
319 } else if (pid == 0) {
320 if (close(pfd[1]) == -1)
321 err(1, "close");
322 if (dup2(pfd[0], 0) == -1)
323 err(1, "dup2");
324 if (dup2(pfd[0], 1) == -1)
325 err(1, "dup2");
326 if (strlcpy(cmd, command, sizeof(cmd)) >= sizeof(cmd))
327 err(1, "snprintf");
328 if (execv(GOT_DIAL_PATH_SSH, (char *const *)argv) == -1)
329 err(1, "execv %s", GOT_DIAL_PATH_SSH);
330 abort(); /* not reached */
331 } else {
332 if (close(pfd[0]) == -1)
333 return got_error_from_errno("close");
334 *newpid = pid;
335 *newfd = pfd[1];
336 return NULL;
337 }
338 }
339
340 const struct got_error *
341 got_dial_git(int *newfd, const char *host, const char *port,
342 const char *path, const char *command)
343 {
344 const struct got_error *err = NULL;
345 struct addrinfo hints, *servinfo, *p;
346 char *cmd = NULL;
347 int fd = -1, len, r, eaicode;
348
349 *newfd = -1;
350
351 if (port == NULL)
352 port = GOT_DEFAULT_GIT_PORT_STR;
353
354 memset(&hints, 0, sizeof hints);
355 hints.ai_family = AF_UNSPEC;
356 hints.ai_socktype = SOCK_STREAM;
357 eaicode = getaddrinfo(host, port, &hints, &servinfo);
358 if (eaicode) {
359 char msg[512];
360 snprintf(msg, sizeof(msg), "%s: %s", host,
361 gai_strerror(eaicode));
362 return got_error_msg(GOT_ERR_ADDRINFO, msg);
363 }
364
365 for (p = servinfo; p != NULL; p = p->ai_next) {
366 if ((fd = socket(p->ai_family, p->ai_socktype,
367 p->ai_protocol)) == -1)
368 continue;
369 if (connect(fd, p->ai_addr, p->ai_addrlen) == 0) {
370 err = NULL;
371 break;
372 }
373 err = got_error_from_errno("connect");
374 close(fd);
375 }
376 freeaddrinfo(servinfo);
377 if (p == NULL)
378 goto done;
379
380 if (asprintf(&cmd, "%s %s", command, path) == -1) {
381 err = got_error_from_errno("asprintf");
382 goto done;
383 }
384 len = 4 + strlen(cmd) + 1 + strlen("host=") + strlen(host) + 1;
385 r = dprintf(fd, "%04x%s%chost=%s%c", len, cmd, '\0', host, '\0');
386 if (r < 0)
387 err = got_error_from_errno("dprintf");
388 done:
389 free(cmd);
390 if (err) {
391 if (fd != -1)
392 close(fd);
393 } else
394 *newfd = fd;
395 return err;
396 }
397
398 const struct got_error *
399 got_dial_http(pid_t *newpid, int *newfd, const char *host,
400 const char *port, const char *path, int verbosity, int tls)
401 {
402 const struct got_error *error = NULL;
403 int pid, pfd[2];
404 const char *argv[8];
405 int i = 0;
406
407 *newpid = -1;
408 *newfd = -1;
409
410 if (!port)
411 port = tls ? "443" : "80";
412
413 argv[i++] = GOT_PATH_PROG_FETCH_HTTP;
414 if (verbosity == -1)
415 argv[i++] = "-q";
416 else if (verbosity > 0)
417 argv[i++] = "-v";
418 argv[i++] = "--";
419 argv[i++] = tls ? "https" : "http";
420 argv[i++] = host;
421 argv[i++] = port;
422 argv[i++] = path;
423 argv[i++] = NULL;
424 assert(i <= nitems(argv));
425
426 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pfd) == -1)
427 return got_error_from_errno("socketpair");
428
429 pid = fork();
430 if (pid == -1) {
431 error = got_error_from_errno("fork");
432 close(pfd[0]);
433 close(pfd[1]);
434 return error;
435 } else if (pid == 0) {
436 if (close(pfd[1]) == -1)
437 err(1, "close");
438 if (dup2(pfd[0], 0) == -1)
439 err(1, "dup2");
440 if (dup2(pfd[0], 1) == -1)
441 err(1, "dup2");
442 if (execv(GOT_PATH_PROG_FETCH_HTTP, (char *const *)argv) == -1)
443 err(1, "execv %s", GOT_PATH_PROG_FETCH_HTTP);
444 abort(); /* not reached */
445 } else {
446 if (close(pfd[0]) == -1)
447 return got_error_from_errno("close");
448 *newpid = pid;
449 *newfd = pfd[1];
450 return NULL;
451 }
452 }
453
454 const struct got_error *
455 got_dial_parse_command(char **command, char **repo_path, const char *gitcmd)
456 {
457 const struct got_error *err = NULL;
458 size_t len, cmdlen, pathlen;
459 char *path0 = NULL, *path, *abspath = NULL, *canonpath = NULL;
460 const char *relpath;
461
462 *command = NULL;
463 *repo_path = NULL;
464
465 len = strlen(gitcmd);
466
467 if (len >= strlen(GOT_DIAL_CMD_SEND) &&
468 strncmp(gitcmd, GOT_DIAL_CMD_SEND,
469 strlen(GOT_DIAL_CMD_SEND)) == 0)
470 cmdlen = strlen(GOT_DIAL_CMD_SEND);
471 else if (len >= strlen(GOT_DIAL_CMD_FETCH) &&
472 strncmp(gitcmd, GOT_DIAL_CMD_FETCH,
473 strlen(GOT_DIAL_CMD_FETCH)) == 0)
474 cmdlen = strlen(GOT_DIAL_CMD_FETCH);
475 else
476 return got_error(GOT_ERR_BAD_PACKET);
477
478 if (len <= cmdlen + 1 || gitcmd[cmdlen] != ' ')
479 return got_error(GOT_ERR_BAD_PACKET);
480
481 if (memchr(&gitcmd[cmdlen + 1], '\0', len - cmdlen) == NULL)
482 return got_error(GOT_ERR_BAD_PATH);
483
484 /* Forbid linefeeds in paths, like Git does. */
485 if (memchr(&gitcmd[cmdlen + 1], '\n', len - cmdlen) != NULL)
486 return got_error(GOT_ERR_BAD_PATH);
487
488 path0 = strdup(&gitcmd[cmdlen + 1]);
489 if (path0 == NULL)
490 return got_error_from_errno("strdup");
491 path = path0;
492 pathlen = strlen(path);
493
494 /*
495 * Git clients send a shell command.
496 * Trim spaces and quotes around the path.
497 */
498 while (path[0] == '\'' || path[0] == '\"' || path[0] == ' ') {
499 path++;
500 pathlen--;
501 }
502 while (pathlen > 0 &&
503 (path[pathlen - 1] == '\'' || path[pathlen - 1] == '\"' ||
504 path[pathlen - 1] == ' ')) {
505 path[pathlen - 1] = '\0';
506 pathlen--;
507 }
508
509 /* Deny an empty repository path. */
510 if (path[0] == '\0' || got_path_is_root_dir(path)) {
511 err = got_error(GOT_ERR_NOT_GIT_REPO);
512 goto done;
513 }
514
515 if (asprintf(&abspath, "/%s", path) == -1) {
516 err = got_error_from_errno("asprintf");
517 goto done;
518 }
519 pathlen = strlen(abspath);
520 canonpath = malloc(pathlen + 1);
521 if (canonpath == NULL) {
522 err = got_error_from_errno("malloc");
523 goto done;
524 }
525 err = got_canonpath(abspath, canonpath, pathlen + 1);
526 if (err)
527 goto done;
528
529 relpath = canonpath;
530 while (relpath[0] == '/')
531 relpath++;
532 *repo_path = strdup(relpath);
533 if (*repo_path == NULL) {
534 err = got_error_from_errno("strdup");
535 goto done;
536 }
537 *command = strndup(gitcmd, cmdlen);
538 if (*command == NULL)
539 err = got_error_from_errno("strndup");
540 done:
541 free(path0);
542 free(abspath);
543 free(canonpath);
544 if (err) {
545 free(*repo_path);
546 *repo_path = NULL;
547 }
548 return err;
549 }
portable version of Game of Trees