Got Mirror

Blob

Date:: Wed Mar 18 16:13:48 2020 UTC
Message:: do not allow passing arbitrary options to SSH
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2018, 2019 Ori Bernstein <ori@openbsd.org>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <sys/types.h>
18 #include <sys/stat.h>
19 #include <sys/queue.h>
20 #include <sys/uio.h>
21 #include <sys/socket.h>
22 #include <sys/wait.h>
23 #include <sys/syslimits.h>
24 #include <sys/resource.h>
25 #include <sys/socket.h>
26 
27 #include <errno.h>
28 #include <err.h>
29 #include <fcntl.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <stdint.h>
34 #include <sha1.h>
35 #include <zlib.h>
36 #include <ctype.h>
37 #include <limits.h>
38 #include <imsg.h>
39 #include <time.h>
40 #include <uuid.h>
41 #include <netdb.h>
42 #include <netinet/in.h>
43 
44 #include "got_error.h"
45 #include "got_reference.h"
46 #include "got_repository.h"
47 #include "got_path.h"
48 #include "got_cancel.h"
49 #include "got_worktree.h"
50 #include "got_object.h"
51 #include "got_opentemp.h"
52 #include "got_fetch.h"
53 
54 #include "got_lib_delta.h"
55 #include "got_lib_inflate.h"
56 #include "got_lib_object.h"
57 #include "got_lib_object_parse.h"
58 #include "got_lib_object_create.h"
59 #include "got_lib_pack.h"
60 #include "got_lib_sha1.h"
61 #include "got_lib_privsep.h"
62 #include "got_lib_object_cache.h"
63 #include "got_lib_repository.h"
64 
65 #ifndef nitems
66 #define nitems(_a)	(sizeof((_a)) / sizeof((_a)[0]))
67 #endif
68 
69 static int
70 hassuffix(char *base, char *suf)
71 {
72 	int nb, ns;
73 
74 	nb = strlen(base);
75 	ns = strlen(suf);
76 	if (ns <= nb && strcmp(base + (nb - ns), suf) == 0)
77 		return 1;
78 	return 0;
79 }
80 
81 static const struct got_error *
82 dial_ssh(int *fetchfd, const char *host, const char *port, const char *path,
83     const char *direction)
84 {
85 	const struct got_error *error = NULL;
86 	int pid, pfd[2];
87 	char cmd[64];
88 
89 	*fetchfd = -1;
90 
91 	if (pipe(pfd) == -1)
92 		return got_error_from_errno("pipe");
93 
94 	pid = fork();
95 	if (pid == -1) {
96 		error = got_error_from_errno("fork");
97 		close(pfd[0]);
98 		close(pfd[1]);
99 		return error;
100 	} else if (pid == 0) {
101 		int n;
102 		close(pfd[1]);
103 		dup2(pfd[0], 0);
104 		dup2(pfd[0], 1);
105 		n = snprintf(cmd, sizeof(cmd), "git-%s-pack", direction);
106 		if (n < 0 || n >= sizeof(cmd))
107 			err(1, "snprintf");
108 		if (execl(GOT_FETCH_PATH_SSH, GOT_FETCH_PATH_SSH, "--",
109 		    host, cmd, path, NULL) == -1)
110 			err(1, "execl");
111 		abort(); /* not reached */
112 	} else {
113 		close(pfd[0]);
114 		*fetchfd = pfd[1];
115 		return NULL;
116 	}
117 }
118 
119 static const struct got_error *
120 dial_git(int *fetchfd, const char *host, const char *port, const char *path,
121     const char *direction)
122 {
123 	const struct got_error *err = NULL;
124 	struct addrinfo hints, *servinfo, *p;
125 	char *cmd = NULL, *pkt = NULL;
126 	int fd = -1, totlen, r, eaicode;
127 
128 	*fetchfd = -1;
129 
130 	memset(&hints, 0, sizeof hints);
131 	hints.ai_family = AF_UNSPEC;
132 	hints.ai_socktype = SOCK_STREAM;
133 	eaicode = getaddrinfo(host, port, &hints, &servinfo);
134 	if (eaicode) {
135 		char msg[512];
136 		snprintf(msg, sizeof(msg), "%s: %s", host,
137 		    gai_strerror(eaicode));
138 		return got_error_msg(GOT_ERR_ADDRINFO, msg);
139 	}
140 
141 	for (p = servinfo; p != NULL; p = p->ai_next) {
142 		if ((fd = socket(p->ai_family, p->ai_socktype,
143 		    p->ai_protocol)) == -1)
144 			continue;
145 		if (connect(fd, p->ai_addr, p->ai_addrlen) == 0)
146 			break;
147 		err = got_error_from_errno("connect");
148 		close(fd);
149 	}
150 	if (p == NULL)
151 		goto done;
152 
153 	if (asprintf(&cmd, "git-%s-pack %s", direction, path) == -1) {
154 		err = got_error_from_errno("asprintf");
155 		goto done;
156 	}
157 	totlen = 4 + strlen(cmd) + 1 + strlen("host=") + strlen(host) + 1;
158 	if (asprintf(&pkt, "%04x%s", totlen, cmd) == -1) {
159 		err = got_error_from_errno("asprintf");
160 		goto done;
161 	}
162 	r = write(fd, pkt, strlen(pkt) + 1);
163 	if (r == -1) {
164 		err = got_error_from_errno("write");
165 		goto done;
166 	}
167 	if (asprintf(&pkt, "host=%s", host) == -1) {
168 		err = got_error_from_errno("asprintf");
169 		goto done;
170 	}
171 	r = write(fd, pkt, strlen(pkt) + 1);
172 	if (r == -1) {
173 		err = got_error_from_errno("write");
174 		goto done;
175 	}
176 done:
177 	free(cmd);
178 	free(pkt);
179 	if (err) {
180 		if (fd != -1)
181 			close(fd);
182 	} else
183 		*fetchfd = fd;
184 	return err;
185 }
186 
187 const struct got_error *
188 got_fetch_connect(int *fetchfd, const char *proto, const char *host,
189     const char *port, const char *server_path)
190 {
191 	const struct got_error *err = NULL;
192 
193 	*fetchfd = -1;
194 
195 	if (strcmp(proto, "ssh") == 0 || strcmp(proto, "git+ssh") == 0)
196 		err = dial_ssh(fetchfd, host, port, server_path, "upload");
197 	else if (strcmp(proto, "git") == 0)
198 		err = dial_git(fetchfd, host, port, server_path, "upload");
199 	else if (strcmp(proto, "http") == 0 || strcmp(proto, "git+http") == 0)
200 		err = got_error_path(proto, GOT_ERR_NOT_IMPL);
201 	else
202 		err = got_error_path(proto, GOT_ERR_BAD_PROTO);
203 	return err;
204 }
205 
206 const struct got_error *
207 got_fetch_parse_uri(char **proto, char **host, char **port,
208     char **server_path, char **repo_name, const char *uri)
209 {
210 	const struct got_error *err = NULL;
211 	char *s, *p, *q;
212 	int n, hasport;
213 
214 	*proto = *host = *port = *server_path = *repo_name = NULL;
215 
216 	p = strstr(uri, "://");
217 	if (!p) {
218 		return got_error(GOT_ERR_PARSE_URI);
219 	}
220 	*proto = strndup(uri, p - uri);
221 	if (proto == NULL) {
222 		err = got_error_from_errno("strndup");
223 		goto done;
224 	}
225 
226 	hasport = (strcmp(*proto, "git") == 0 ||
227 	    strstr(*proto, "http") == *proto);
228 	s = p + 3;
229 	p = NULL;
230 	if (!hasport) {
231 		p = strstr(s, ":");
232 		if (p != NULL)
233 			p++;
234 	}
235 	if (p == NULL)
236 		p = strstr(s, "/");
237 	if (p == NULL || strlen(p) == 1) {
238 		err = got_error(GOT_ERR_PARSE_URI);
239 		goto done;
240 	}
241 
242 	q = memchr(s, ':', p - s);
243 	if (q) {
244 		*host = strndup(s, q - s);
245 		if (*host == NULL) {
246 			err = got_error_from_errno("strndup");
247 			goto done;
248 		}
249 		*port = strndup(q + 1, p - (q + 1));
250 		if (*port == NULL) {
251 			err = got_error_from_errno("strndup");
252 			goto done;
253 		}
254 	} else {
255 		*host = strndup(s, p - s);
256 		if (*host == NULL) {
257 			err = got_error_from_errno("strndup");
258 			goto done;
259 		}
260 		if (asprintf(port, "%u", GOT_DEFAULT_GIT_PORT) == -1) {
261 			err = got_error_from_errno("asprintf");
262 			goto done;
263 		}
264 	}
265 
266 	*server_path = strdup(p);
267 	if (*server_path == NULL) {
268 		err = got_error_from_errno("strdup");
269 		goto done;
270 	}
271 
272 	p = strrchr(p, '/') + 1;
273 	if (!p || strlen(p) == 0) {
274 		//werrstr("missing repository in uri");
275 		err = got_error(GOT_ERR_PARSE_URI);
276 		goto done;
277 	}
278 	n = strlen(p);
279 	if (hassuffix(p, ".git"))
280 		n -= 4;
281 	*repo_name = strndup(p, (p + n) - p);
282 	if (*repo_name == NULL) {
283 		err = got_error_from_errno("strndup");
284 		goto done;
285 	}
286 done:
287 	if (err) {
288 		free(*proto);
289 		*proto = NULL;
290 		free(*host);
291 		*host = NULL;
292 		free(*port);
293 		*port = NULL;
294 		free(*server_path);
295 		*server_path = NULL;
296 		free(*repo_name);
297 		*repo_name = NULL;
298 	}
299 	return err;
300 }
301 
302 static const struct got_error *
303 check_pack_hash(int fd, size_t sz, uint8_t *hcomp)
304 {
305 	SHA1_CTX ctx;
306 	uint8_t hexpect[SHA1_DIGEST_LENGTH];
307 	uint8_t buf[32 * 1024];
308 	ssize_t n, r, nr;
309 
310 	if (sz < sizeof(struct got_packfile_hdr) + SHA1_DIGEST_LENGTH)
311 		return got_error_msg(GOT_ERR_BAD_PACKFILE, "short packfile");
312 
313 	n = 0;
314 	SHA1Init(&ctx);
315 	while (n < sz - 20) {
316 		nr = sizeof(buf);
317 		if (sz - n - 20 < sizeof(buf))
318 			nr = sz - n - 20;
319 		r = read(fd, buf, nr);
320 		if (r == -1)
321 			return got_error_from_errno("read");
322 		if (r != nr)
323 			return got_error_msg(GOT_ERR_BAD_PACKFILE,
324 			    "short pack file");
325 		SHA1Update(&ctx, buf, nr);
326 		n += r;
327 	}
328 	SHA1Final(hcomp, &ctx);
329 
330 	r = read(fd, hexpect, sizeof(hexpect));
331 	if (r == -1)
332 		return got_error_from_errno("read");
333 	if (r != sizeof(hexpect))
334 		return got_error_msg(GOT_ERR_BAD_PACKFILE,
335 		    "short pack file");
336 
337 	if (memcmp(hcomp, hexpect, SHA1_DIGEST_LENGTH) != 0)
338 		return got_error_msg(GOT_ERR_BAD_PACKFILE,
339 		    "packfile checksum mismatch");
340 
341 	return NULL;
342 }
343 
344 const struct got_error*
345 got_fetch_pack(struct got_object_id **pack_hash, struct got_pathlist_head *refs,
346     struct got_pathlist_head *symrefs, int fetchfd, struct got_repository *repo,
347     got_fetch_progress_cb progress_cb, void *progress_arg)
348 {
349 	int imsg_fetchfds[2], imsg_idxfds[2];
350 	int packfd = -1, npackfd = -1, idxfd = -1, nidxfd = -1, nfetchfd = -1;
351 	int tmpfds[3], i;
352 	int fetchstatus, idxstatus, done = 0;
353 	const struct got_error *err;
354 	struct imsgbuf fetchibuf, idxibuf;
355 	pid_t fetchpid, idxpid;
356 	char *tmppackpath = NULL, *tmpidxpath = NULL;
357 	char *packpath = NULL, *idxpath = NULL, *id_str = NULL;
358 	const char *repo_path = got_repo_get_path(repo);
359 	struct got_pathlist_head have_refs;
360 	struct got_pathlist_entry *pe;
361 	off_t packfile_size = 0;
362 	char *path;
363 
364 	*pack_hash = NULL;
365 	for (i = 0; i < nitems(tmpfds); i++)
366 		tmpfds[i] = -1;
367 
368 	TAILQ_INIT(&have_refs);
369 
370 	if (asprintf(&path, "%s/%s/fetching.pack",
371 	    repo_path, GOT_OBJECTS_PACK_DIR) == -1) {
372 		err = got_error_from_errno("asprintf");
373 		goto done;
374 	}
375 	err = got_opentemp_named_fd(&tmppackpath, &packfd, path);
376 	free(path);
377 	if (err)
378 		goto done;
379 	npackfd = dup(packfd);
380 	if (npackfd == -1) {
381 		err = got_error_from_errno("dup");
382 		goto done;
383 	}
384 	if (asprintf(&path, "%s/%s/fetching.idx",
385 	    repo_path, GOT_OBJECTS_PACK_DIR) == -1) {
386 		err = got_error_from_errno("asprintf");
387 		goto done;
388 	}
389 	err = got_opentemp_named_fd(&tmpidxpath, &idxfd, path);
390 	free(path);
391 	if (err)
392 		goto done;
393 	nidxfd = dup(idxfd);
394 	if (nidxfd == -1) {
395 		err = got_error_from_errno("dup");
396 		goto done;
397 	}
398 
399 	for (i = 0; i < nitems(tmpfds); i++) {
400 		tmpfds[i] = got_opentempfd();
401 		if (tmpfds[i] == -1) {
402 			err = got_error_from_errno("got_opentempfd");
403 			goto done;
404 		}
405 	}
406 
407 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fetchfds) == -1) {
408 		err = got_error_from_errno("socketpair");
409 		goto done;
410 	}
411 
412 	fetchpid = fork();
413 	if (fetchpid == -1) {
414 		err = got_error_from_errno("fork");
415 		goto done;
416 	} else if (fetchpid == 0){
417 		got_privsep_exec_child(imsg_fetchfds,
418 		    GOT_PATH_PROG_FETCH_PACK, tmppackpath);
419 	}
420 
421 	if (close(imsg_fetchfds[1]) != 0) {
422 		err = got_error_from_errno("close");
423 		goto done;
424 	}
425 	imsg_init(&fetchibuf, imsg_fetchfds[0]);
426 	nfetchfd = dup(fetchfd);
427 	if (nfetchfd == -1) {
428 		err = got_error_from_errno("dup");
429 		goto done;
430 	}
431 	err = got_privsep_send_fetch_req(&fetchibuf, nfetchfd, &have_refs);
432 	if (err != NULL)
433 		goto done;
434 	nfetchfd = -1;
435 	err = got_privsep_send_fetch_outfd(&fetchibuf, npackfd);
436 	if (err != NULL)
437 		goto done;
438 	npackfd = dup(packfd);
439 	if (npackfd == -1) {
440 		err = got_error_from_errno("dup");
441 		goto done;
442 	}
443 
444 	packfile_size = 0;
445 	while (!done) {
446 		struct got_object_id *id = NULL;
447 		char *refname = NULL;
448 		char *server_progress = NULL;
449 		off_t packfile_size_cur;
450 
451 		err = got_privsep_recv_fetch_progress(&done,
452 		    &id, &refname, symrefs, &server_progress,
453 		    &packfile_size_cur, &fetchibuf);
454 		if (err != NULL)
455 			goto done;
456 		if (done)
457 			*pack_hash = id;
458 		else if (refname && id) {
459 			err = got_pathlist_append(refs, refname, id);
460 			if (err)
461 				goto done;
462 		} else if (server_progress) {
463 			char *s, *s0 = server_progress;
464 			while ((s = strsep(&s0, "\r")) != NULL) {
465 				if (*s == '\0')
466 					continue;
467 				err = progress_cb(progress_arg, s,
468 				    packfile_size_cur, 0, 0, 0, 0);
469 				if (err)
470 					break;
471 			}
472 			free(server_progress);
473 			if (err)
474 				goto done;
475 		} else if (packfile_size_cur != packfile_size) {
476 			err = progress_cb(progress_arg, NULL,
477 			    packfile_size_cur, 0, 0, 0, 0);
478 			if (err)
479 				break;
480 			packfile_size = packfile_size_cur;
481 		}
482 	}
483 	if (waitpid(fetchpid, &fetchstatus, 0) == -1) {
484 		err = got_error_from_errno("waitpid");
485 		goto done;
486 	}
487 
488 	if (lseek(packfd, 0, SEEK_SET) == -1) {
489 		err = got_error_from_errno("lseek");
490 		goto done;
491 	}
492 	err = check_pack_hash(packfd, packfile_size, (*pack_hash)->sha1);
493 	if (err)
494 		goto done;
495  
496 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_idxfds) == -1) {
497 		err = got_error_from_errno("socketpair");
498 		goto done;
499 	}
500 	idxpid = fork();
501 	if (idxpid == -1) {
502 		err= got_error_from_errno("fork");
503 		goto done;
504 	} else if (idxpid == 0)
505 		got_privsep_exec_child(imsg_idxfds,
506 		    GOT_PATH_PROG_INDEX_PACK, tmppackpath);
507 	if (close(imsg_idxfds[1]) != 0) {
508 		err = got_error_from_errno("close");
509 		goto done;
510 	}
511 	imsg_init(&idxibuf, imsg_idxfds[0]);
512 
513 	err = got_privsep_send_index_pack_req(&idxibuf, (*pack_hash)->sha1,
514 	    npackfd);
515 	if (err != NULL)
516 		goto done;
517 	npackfd = -1;
518 	err = got_privsep_send_index_pack_outfd(&idxibuf, nidxfd);
519 	if (err != NULL)
520 		goto done;
521 	nidxfd = -1;
522 	for (i = 0; i < nitems(tmpfds); i++) {
523 		err = got_privsep_send_tmpfd(&idxibuf, tmpfds[i]);
524 		if (err != NULL)
525 			goto done;
526 		tmpfds[i] = -1;
527 	}
528 	done = 0;
529 	while (!done) {
530 		int nobj_total, nobj_indexed, nobj_loose, nobj_resolved;
531 
532 		err = got_privsep_recv_index_progress(&done, &nobj_total,
533 		    &nobj_indexed, &nobj_loose, &nobj_resolved,
534 		    &idxibuf);
535 		if (err != NULL)
536 			goto done;
537 		if (nobj_indexed != 0) {
538 			err = progress_cb(progress_arg, NULL,
539 			    packfile_size, nobj_total,
540 			    nobj_indexed, nobj_loose, nobj_resolved);
541 			if (err)
542 				break;
543 		}
544 		imsg_clear(&idxibuf);
545 	}
546 	if (close(imsg_idxfds[0]) == -1) {
547 		err = got_error_from_errno("close");
548 		goto done;
549 	}
550 	if (waitpid(idxpid, &idxstatus, 0) == -1) {
551 		err = got_error_from_errno("waitpid");
552 		goto done;
553 	}
554 
555 	err = got_object_id_str(&id_str, *pack_hash);
556 	if (err)
557 		goto done;
558 	if (asprintf(&packpath, "%s/%s/pack-%s.pack",
559 	    repo_path, GOT_OBJECTS_PACK_DIR, id_str) == -1) {
560 		err = got_error_from_errno("asprintf");
561 		goto done;
562 	}
563 
564 	if (asprintf(&idxpath, "%s/%s/pack-%s.idx",
565 	    repo_path, GOT_OBJECTS_PACK_DIR, id_str) == -1) {
566 		err = got_error_from_errno("asprintf");
567 		goto done;
568 	}
569 
570 	if (rename(tmppackpath, packpath) == -1) {
571 		err = got_error_from_errno3("rename", tmppackpath, packpath);
572 		goto done;
573 	}
574 	if (rename(tmpidxpath, idxpath) == -1) {
575 		err = got_error_from_errno3("rename", tmpidxpath, idxpath);
576 		goto done;
577 	}
578 
579 done:
580 	if (nfetchfd != -1 && close(nfetchfd) == -1 && err == NULL)
581 		err = got_error_from_errno("close");
582 	if (npackfd != -1 && close(npackfd) == -1 && err == NULL)
583 		err = got_error_from_errno("close");
584 	if (packfd != -1 && close(packfd) == -1 && err == NULL)
585 		err = got_error_from_errno("close");
586 	if (idxfd != -1 && close(idxfd) == -1 && err == NULL)
587 		err = got_error_from_errno("close");
588 	for (i = 0; i < nitems(tmpfds); i++) {
589 		if (tmpfds[i] != -1 && close(tmpfds[i]) == -1 && err == NULL)
590 			err = got_error_from_errno("close");
591 	}
592 	free(tmppackpath);
593 	free(tmpidxpath);
594 	free(idxpath);
595 	free(packpath);
596 
597 	if (err) {
598 		free(*pack_hash);
599 		*pack_hash = NULL;
600 		TAILQ_FOREACH(pe, refs, entry) {
601 			free((void *)pe->path);
602 			free(pe->data);
603 		}
604 		got_pathlist_free(refs);
605 		TAILQ_FOREACH(pe, symrefs, entry) {
606 			free((void *)pe->path);
607 			free(pe->data);
608 		}
609 		got_pathlist_free(symrefs);
610 	}
611 	return err;
612 }