search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix confusing error message from 'got commit' upon uncommitable paths
[got-portable.git] / lib / dial.c
blob7ca218c2929d81c6f590bfc9413c5fece7a4260f
1 /*
2 * Copyright (c) 2018, 2019 Ori Bernstein <ori@openbsd.org>
3 * Copyright (c) 2021 Stefan Sperling <stsp@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18 #include "got_compat.h"
19
20 #include <sys/queue.h>
21 #include <sys/types.h>
22 #include <sys/socket.h>
23 #include <sys/uio.h>
24 #include <netdb.h>
25
26 #include <assert.h>
27 #include <err.h>
28 #include <limits.h>
29 #include <stdint.h>
30 #include <limits.h>
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <string.h>
34 #include <unistd.h>
35 #include <imsg.h>
36
37 #include "got_error.h"
38 #include "got_path.h"
39 #include "got_object.h"
40
41 #include "got_compat.h"
42
43 #include "got_lib_dial.h"
44 #include "got_lib_delta.h"
45 #include "got_lib_object.h"
46 #include "got_lib_privsep.h"
47 #include "got_dial.h"
48
49 #ifndef nitems
50 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
51 #endif
52
53 #ifndef ssizeof
54 #define ssizeof(_x) ((ssize_t)(sizeof(_x)))
55 #endif
56
57 #ifndef MIN
58 #define MIN(_a,_b) ((_a) < (_b) ? (_a) : (_b))
59 #endif
60
61 #ifndef GOT_DIAL_PATH_SSH
62 #define GOT_DIAL_PATH_SSH "/usr/bin/ssh"
63 #endif
64
65 /* IANA assigned */
66 #define GOT_DEFAULT_GIT_PORT 9418
67 #define GOT_DEFAULT_GIT_PORT_STR "9418"
68
69 const struct got_error *
70 got_dial_apply_unveil(const char *proto)
71 {
72 if (strcmp(proto, "git+ssh") == 0 || strcmp(proto, "ssh") == 0) {
73 if (unveil(GOT_DIAL_PATH_SSH, "x") != 0) {
74 return got_error_from_errno2("unveil",
75 GOT_DIAL_PATH_SSH);
76 }
77 }
78
79 if (strstr(proto, "http") != NULL) {
80 if (unveil(GOT_PATH_PROG_FETCH_HTTP, "x") != 0) {
81 return got_error_from_errno2("unveil",
82 GOT_PATH_PROG_FETCH_HTTP);
83 }
84 }
85
86 return NULL;
87 }
88
89 static int
90 hassuffix(const char *base, const char *suf)
91 {
92 int nb, ns;
93
94 nb = strlen(base);
95 ns = strlen(suf);
96 if (ns <= nb && strcmp(base + (nb - ns), suf) == 0)
97 return 1;
98 return 0;
99 }
100
101 const struct got_error *
102 got_dial_parse_uri(char **proto, char **host, char **port,
103 char **server_path, char **repo_name, const char *uri)
104 {
105 const struct got_error *err = NULL;
106 char *s, *p, *q;
107
108 *proto = *host = *port = *server_path = *repo_name = NULL;
109
110 p = strstr(uri, "://");
111 if (!p) {
112 /* Try parsing Git's "scp" style URL syntax. */
113 *proto = strdup("ssh");
114 if (*proto == NULL) {
115 err = got_error_from_errno("strdup");
116 goto done;
117 }
118 s = (char *)uri;
119 q = strchr(s, ':');
120 if (q == NULL) {
121 err = got_error(GOT_ERR_PARSE_URI);
122 goto done;
123 }
124 /* No slashes allowed before first colon. */
125 p = strchr(s, '/');
126 if (p && q > p) {
127 err = got_error(GOT_ERR_PARSE_URI);
128 goto done;
129 }
130 *host = strndup(s, q - s);
131 if (*host == NULL) {
132 err = got_error_from_errno("strndup");
133 goto done;
134 }
135 if ((*host)[0] == '\0') {
136 err = got_error(GOT_ERR_PARSE_URI);
137 goto done;
138 }
139 p = q + 1;
140 } else {
141 *proto = strndup(uri, p - uri);
142 if (*proto == NULL) {
143 err = got_error_from_errno("strndup");
144 goto done;
145 }
146 s = p + 3;
147
148 p = strstr(s, "/");
149 if (p == NULL || strlen(p) == 1) {
150 err = got_error(GOT_ERR_PARSE_URI);
151 goto done;
152 }
153
154 q = memchr(s, ':', p - s);
155 if (q) {
156 *host = strndup(s, q - s);
157 if (*host == NULL) {
158 err = got_error_from_errno("strndup");
159 goto done;
160 }
161 if ((*host)[0] == '\0') {
162 err = got_error(GOT_ERR_PARSE_URI);
163 goto done;
164 }
165 *port = strndup(q + 1, p - (q + 1));
166 if (*port == NULL) {
167 err = got_error_from_errno("strndup");
168 goto done;
169 }
170 if ((*port)[0] == '\0') {
171 err = got_error(GOT_ERR_PARSE_URI);
172 goto done;
173 }
174 } else {
175 *host = strndup(s, p - s);
176 if (*host == NULL) {
177 err = got_error_from_errno("strndup");
178 goto done;
179 }
180 if ((*host)[0] == '\0') {
181 err = got_error(GOT_ERR_PARSE_URI);
182 goto done;
183 }
184 }
185 }
186
187 while (p[0] == '/' && (p[1] == '/' || p[1] == '~'))
188 p++;
189 *server_path = strdup(p);
190 if (*server_path == NULL) {
191 err = got_error_from_errno("strdup");
192 goto done;
193 }
194 got_path_strip_trailing_slashes(*server_path);
195 if ((*server_path)[0] == '\0') {
196 err = got_error(GOT_ERR_PARSE_URI);
197 goto done;
198 }
199
200 err = got_path_basename(repo_name, *server_path);
201 if (err)
202 goto done;
203 if (hassuffix(*repo_name, ".git"))
204 (*repo_name)[strlen(*repo_name) - 4] = '\0';
205 if ((*repo_name)[0] == '\0')
206 err = got_error(GOT_ERR_PARSE_URI);
207 done:
208 if (err) {
209 free(*proto);
210 *proto = NULL;
211 free(*host);
212 *host = NULL;
213 free(*port);
214 *port = NULL;
215 free(*server_path);
216 *server_path = NULL;
217 free(*repo_name);
218 *repo_name = NULL;
219 }
220 return err;
221 }
222
223 /*
224 * Escape a given path for the shell which will be started by sshd.
225 * In particular, git-shell is known to require single-quote characters
226 * around its repository path argument and will refuse to run otherwise.
227 */
228 static const struct got_error *
229 escape_path(char *buf, size_t bufsize, const char *path)
230 {
231 const char *p;
232 char *q;
233
234 p = path;
235 q = buf;
236
237 if (bufsize > 1)
238 *q++ = '\'';
239
240 while (*p != '\0' && (q - buf < bufsize)) {
241 /* git escapes ! too */
242 if (*p != '\'' && *p != '!') {
243 *q++ = *p++;
244 continue;
245 }
246
247 if (q - buf + 4 >= bufsize)
248 break;
249 *q++ = '\'';
250 *q++ = '\\';
251 *q++ = *p++;
252 *q++ = '\'';
253 }
254
255 if (*p == '\0' && (q - buf + 1 < bufsize)) {
256 *q++ = '\'';
257 *q = '\0';
258 return NULL;
259 }
260
261 return got_error_fmt(GOT_ERR_NO_SPACE, "overlong path: %s", path);
262 }
263
264 const struct got_error *
265 got_dial_ssh(pid_t *newpid, int *newfd, const char *host,
266 const char *port, const char *path, const char *command, int verbosity)
267 {
268 const struct got_error *error = NULL;
269 int pid, pfd[2];
270 char cmd[64];
271 char escaped_path[PATH_MAX];
272 const char *argv[11];
273 int i = 0, j;
274
275 *newpid = -1;
276 *newfd = -1;
277
278 error = escape_path(escaped_path, sizeof(escaped_path), path);
279 if (error)
280 return error;
281
282 argv[i++] = GOT_DIAL_PATH_SSH;
283 if (port != NULL) {
284 argv[i++] = "-p";
285 argv[i++] = (char *)port;
286 }
287 if (verbosity == -1) {
288 argv[i++] = "-q";
289 } else {
290 /* ssh(1) allows up to 3 "-v" options. */
291 for (j = 0; j < MIN(3, verbosity); j++)
292 argv[i++] = "-v";
293 }
294 argv[i++] = "--";
295 argv[i++] = (char *)host;
296 argv[i++] = (char *)cmd;
297 argv[i++] = (char *)escaped_path;
298 argv[i++] = NULL;
299 assert(i <= nitems(argv));
300
301 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pfd) == -1)
302 return got_error_from_errno("socketpair");
303
304 pid = fork();
305 if (pid == -1) {
306 error = got_error_from_errno("fork");
307 close(pfd[0]);
308 close(pfd[1]);
309 return error;
310 } else if (pid == 0) {
311 if (close(pfd[1]) == -1)
312 err(1, "close");
313 if (dup2(pfd[0], 0) == -1)
314 err(1, "dup2");
315 if (dup2(pfd[0], 1) == -1)
316 err(1, "dup2");
317 if (strlcpy(cmd, command, sizeof(cmd)) >= sizeof(cmd))
318 err(1, "snprintf");
319 if (execv(GOT_DIAL_PATH_SSH, (char *const *)argv) == -1)
320 err(1, "execv %s", GOT_DIAL_PATH_SSH);
321 abort(); /* not reached */
322 } else {
323 if (close(pfd[0]) == -1)
324 return got_error_from_errno("close");
325 *newpid = pid;
326 *newfd = pfd[1];
327 return NULL;
328 }
329 }
330
331 const struct got_error *
332 got_dial_git(int *newfd, const char *host, const char *port,
333 const char *path, const char *command)
334 {
335 const struct got_error *err = NULL;
336 struct addrinfo hints, *servinfo, *p;
337 char *cmd = NULL;
338 int fd = -1, len, r, eaicode;
339
340 *newfd = -1;
341
342 if (port == NULL)
343 port = GOT_DEFAULT_GIT_PORT_STR;
344
345 memset(&hints, 0, sizeof hints);
346 hints.ai_family = AF_UNSPEC;
347 hints.ai_socktype = SOCK_STREAM;
348 eaicode = getaddrinfo(host, port, &hints, &servinfo);
349 if (eaicode) {
350 char msg[512];
351 snprintf(msg, sizeof(msg), "%s: %s", host,
352 gai_strerror(eaicode));
353 return got_error_msg(GOT_ERR_ADDRINFO, msg);
354 }
355
356 for (p = servinfo; p != NULL; p = p->ai_next) {
357 if ((fd = socket(p->ai_family, p->ai_socktype,
358 p->ai_protocol)) == -1)
359 continue;
360 if (connect(fd, p->ai_addr, p->ai_addrlen) == 0) {
361 err = NULL;
362 break;
363 }
364 err = got_error_from_errno("connect");
365 close(fd);
366 }
367 freeaddrinfo(servinfo);
368 if (p == NULL)
369 goto done;
370
371 if (asprintf(&cmd, "%s %s", command, path) == -1) {
372 err = got_error_from_errno("asprintf");
373 goto done;
374 }
375 len = 4 + strlen(cmd) + 1 + strlen("host=") + strlen(host) + 1;
376 r = dprintf(fd, "%04x%s%chost=%s%c", len, cmd, '\0', host, '\0');
377 if (r < 0)
378 err = got_error_from_errno("dprintf");
379 done:
380 free(cmd);
381 if (err) {
382 if (fd != -1)
383 close(fd);
384 } else
385 *newfd = fd;
386 return err;
387 }
388
389 const struct got_error *
390 got_dial_http(pid_t *newpid, int *newfd, const char *host,
391 const char *port, const char *path, int verbosity, int tls)
392 {
393 const struct got_error *error = NULL;
394 int pid, pfd[2];
395 const char *argv[8];
396 int i = 0;
397
398 *newpid = -1;
399 *newfd = -1;
400
401 if (!port)
402 port = tls ? "443" : "80";
403
404 argv[i++] = GOT_PATH_PROG_FETCH_HTTP;
405 if (verbosity == -1)
406 argv[i++] = "-q";
407 else if (verbosity > 0)
408 argv[i++] = "-v";
409 argv[i++] = "--";
410 argv[i++] = tls ? "https" : "http";
411 argv[i++] = host;
412 argv[i++] = port;
413 argv[i++] = path;
414 argv[i++] = NULL;
415 assert(i <= nitems(argv));
416
417 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pfd) == -1)
418 return got_error_from_errno("socketpair");
419
420 pid = fork();
421 if (pid == -1) {
422 error = got_error_from_errno("fork");
423 close(pfd[0]);
424 close(pfd[1]);
425 return error;
426 } else if (pid == 0) {
427 if (close(pfd[1]) == -1)
428 err(1, "close");
429 if (dup2(pfd[0], 0) == -1)
430 err(1, "dup2");
431 if (dup2(pfd[0], 1) == -1)
432 err(1, "dup2");
433 if (execv(GOT_PATH_PROG_FETCH_HTTP, (char *const *)argv) == -1)
434 err(1, "execv %s", GOT_PATH_PROG_FETCH_HTTP);
435 abort(); /* not reached */
436 } else {
437 if (close(pfd[0]) == -1)
438 return got_error_from_errno("close");
439 *newpid = pid;
440 *newfd = pfd[1];
441 return NULL;
442 }
443 }
444
445 const struct got_error *
446 got_dial_parse_command(char **command, char **repo_path, const char *gitcmd)
447 {
448 const struct got_error *err = NULL;
449 size_t len, cmdlen, pathlen;
450 char *path0 = NULL, *path, *abspath = NULL, *canonpath = NULL;
451 const char *relpath;
452
453 *command = NULL;
454 *repo_path = NULL;
455
456 len = strlen(gitcmd);
457
458 if (len >= strlen(GOT_DIAL_CMD_SEND) &&
459 strncmp(gitcmd, GOT_DIAL_CMD_SEND,
460 strlen(GOT_DIAL_CMD_SEND)) == 0)
461 cmdlen = strlen(GOT_DIAL_CMD_SEND);
462 else if (len >= strlen(GOT_DIAL_CMD_FETCH) &&
463 strncmp(gitcmd, GOT_DIAL_CMD_FETCH,
464 strlen(GOT_DIAL_CMD_FETCH)) == 0)
465 cmdlen = strlen(GOT_DIAL_CMD_FETCH);
466 else
467 return got_error(GOT_ERR_BAD_PACKET);
468
469 if (len <= cmdlen + 1 || gitcmd[cmdlen] != ' ')
470 return got_error(GOT_ERR_BAD_PACKET);
471
472 if (memchr(&gitcmd[cmdlen + 1], '\0', len - cmdlen) == NULL)
473 return got_error(GOT_ERR_BAD_PATH);
474
475 /* Forbid linefeeds in paths, like Git does. */
476 if (memchr(&gitcmd[cmdlen + 1], '\n', len - cmdlen) != NULL)
477 return got_error(GOT_ERR_BAD_PATH);
478
479 path0 = strdup(&gitcmd[cmdlen + 1]);
480 if (path0 == NULL)
481 return got_error_from_errno("strdup");
482 path = path0;
483 pathlen = strlen(path);
484
485 /*
486 * Git clients send a shell command.
487 * Trim spaces and quotes around the path.
488 */
489 while (path[0] == '\'' || path[0] == '\"' || path[0] == ' ') {
490 path++;
491 pathlen--;
492 }
493 while (pathlen > 0 &&
494 (path[pathlen - 1] == '\'' || path[pathlen - 1] == '\"' ||
495 path[pathlen - 1] == ' ')) {
496 path[pathlen - 1] = '\0';
497 pathlen--;
498 }
499
500 /* Deny an empty repository path. */
501 if (path[0] == '\0' || got_path_is_root_dir(path)) {
502 err = got_error(GOT_ERR_NOT_GIT_REPO);
503 goto done;
504 }
505
506 if (asprintf(&abspath, "/%s", path) == -1) {
507 err = got_error_from_errno("asprintf");
508 goto done;
509 }
510 pathlen = strlen(abspath);
511 canonpath = malloc(pathlen + 1);
512 if (canonpath == NULL) {
513 err = got_error_from_errno("malloc");
514 goto done;
515 }
516 err = got_canonpath(abspath, canonpath, pathlen + 1);
517 if (err)
518 goto done;
519
520 relpath = canonpath;
521 while (relpath[0] == '/')
522 relpath++;
523 *repo_path = strdup(relpath);
524 if (*repo_path == NULL) {
525 err = got_error_from_errno("strdup");
526 goto done;
527 }
528 *command = strndup(gitcmd, cmdlen);
529 if (*command == NULL)
530 err = got_error_from_errno("strndup");
531 done:
532 free(path0);
533 free(abspath);
534 free(canonpath);
535 if (err) {
536 free(*repo_path);
537 *repo_path = NULL;
538 }
539 return err;
540 }
portable version of Game of Trees