Got Mirror

Blob

Date:: Wed Mar 18 16:13:47 2020 UTC
Message:: apply unveil(2) to 'got clone'
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2018, 2019 Ori Bernstein <ori@openbsd.org>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <sys/types.h>
18 #include <sys/stat.h>
19 #include <sys/queue.h>
20 #include <sys/uio.h>
21 #include <sys/socket.h>
22 #include <sys/wait.h>
23 #include <sys/syslimits.h>
24 #include <sys/resource.h>
25 #include <sys/socket.h>
26 
27 #include <errno.h>
28 #include <err.h>
29 #include <fcntl.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <stdint.h>
34 #include <sha1.h>
35 #include <zlib.h>
36 #include <ctype.h>
37 #include <limits.h>
38 #include <imsg.h>
39 #include <time.h>
40 #include <uuid.h>
41 #include <netdb.h>
42 #include <netinet/in.h>
43 
44 #include "got_error.h"
45 #include "got_reference.h"
46 #include "got_repository.h"
47 #include "got_path.h"
48 #include "got_cancel.h"
49 #include "got_worktree.h"
50 #include "got_object.h"
51 #include "got_opentemp.h"
52 #include "got_fetch.h"
53 
54 #include "got_lib_delta.h"
55 #include "got_lib_inflate.h"
56 #include "got_lib_object.h"
57 #include "got_lib_object_parse.h"
58 #include "got_lib_object_create.h"
59 #include "got_lib_pack.h"
60 #include "got_lib_sha1.h"
61 #include "got_lib_privsep.h"
62 #include "got_lib_object_cache.h"
63 #include "got_lib_repository.h"
64 
65 #define GOT_PROTOMAX	64
66 #define GOT_HOSTMAX	256
67 #define GOT_PATHMAX	512
68 #define GOT_REPOMAX	256
69 #define GOT_PORTMAX	16
70 #define GOT_URIMAX	1024
71 
72 static int
73 hassuffix(char *base, char *suf)
74 {
75 	int nb, ns;
76 
77 	nb = strlen(base);
78 	ns = strlen(suf);
79 	if (ns <= nb && strcmp(base + (nb - ns), suf) == 0)
80 		return 1;
81 	return 0;
82 }
83 
84 static const struct got_error *
85 dial_ssh(int *fetchfd, const char *host, const char *port, const char *path,
86     const char *direction)
87 {
88 	const struct got_error *error = NULL;
89 	int pid, pfd[2];
90 	char cmd[64];
91 
92 	*fetchfd = -1;
93 
94 	if (pipe(pfd) == -1)
95 		return got_error_from_errno("pipe");
96 
97 	pid = fork();
98 	if (pid == -1) {
99 		error = got_error_from_errno("fork");
100 		close(pfd[0]);
101 		close(pfd[1]);
102 		return error;
103 	} else if (pid == 0) {
104 		int n;
105 		close(pfd[1]);
106 		dup2(pfd[0], 0);
107 		dup2(pfd[0], 1);
108 		n = snprintf(cmd, sizeof(cmd), "git-%s-pack", direction);
109 		if (n < 0 || n >= sizeof(cmd))
110 			err(1, "snprintf");
111 		if (execl(GOT_FETCH_PATH_SSH, GOT_FETCH_PATH_SSH,
112 		    host, cmd, path, NULL) == -1)
113 			err(1, "execl");
114 		abort(); /* not reached */
115 	} else {
116 		close(pfd[0]);
117 		*fetchfd = pfd[1];
118 		return NULL;
119 	}
120 }
121 
122 static const struct got_error *
123 dial_git(int *fetchfd, const char *host, const char *port, const char *path,
124     const char *direction)
125 {
126 	const struct got_error *err = NULL;
127 	struct addrinfo hints, *servinfo, *p;
128 	char *cmd = NULL, *pkt = NULL;
129 	int fd = -1, totlen, r, eaicode;
130 
131 	*fetchfd = -1;
132 
133 	memset(&hints, 0, sizeof hints);
134 	hints.ai_family = AF_UNSPEC;
135 	hints.ai_socktype = SOCK_STREAM;
136 	eaicode = getaddrinfo(host, port, &hints, &servinfo);
137 	if (eaicode) {
138 		char msg[512];
139 		snprintf(msg, sizeof(msg), "%s: %s", host,
140 		    gai_strerror(eaicode));
141 		return got_error_msg(GOT_ERR_ADDRINFO, msg);
142 	}
143 
144 	for (p = servinfo; p != NULL; p = p->ai_next) {
145 		if ((fd = socket(p->ai_family, p->ai_socktype,
146 		    p->ai_protocol)) == -1)
147 			continue;
148 		if (connect(fd, p->ai_addr, p->ai_addrlen) == 0)
149 			break;
150 		err = got_error_from_errno("connect");
151 		close(fd);
152 	}
153 	if (p == NULL)
154 		goto done;
155 
156 	if (asprintf(&cmd, "git-%s-pack %s", direction, path) == -1) {
157 		err = got_error_from_errno("asprintf");
158 		goto done;
159 	}
160 	totlen = 4 + strlen(cmd) + 1 + strlen("host=") + strlen(host) + 1;
161 	if (asprintf(&pkt, "%04x%s", totlen, cmd) == -1) {
162 		err = got_error_from_errno("asprintf");
163 		goto done;
164 	}
165 	r = write(fd, pkt, strlen(pkt) + 1);
166 	if (r == -1) {
167 		err = got_error_from_errno("write");
168 		goto done;
169 	}
170 	if (asprintf(&pkt, "host=%s", host) == -1) {
171 		err = got_error_from_errno("asprintf");
172 		goto done;
173 	}
174 	r = write(fd, pkt, strlen(pkt) + 1);
175 	if (r == -1) {
176 		err = got_error_from_errno("write");
177 		goto done;
178 	}
179 done:
180 	free(cmd);
181 	free(pkt);
182 	if (err) {
183 		if (fd != -1)
184 			close(fd);
185 	} else
186 		*fetchfd = fd;
187 	return err;
188 }
189 
190 const struct got_error *
191 got_fetch_connect(int *fetchfd, const char *proto, const char *host,
192     const char *port, const char *server_path)
193 {
194 	const struct got_error *err = NULL;
195 
196 	*fetchfd = -1;
197 
198 	if (strcmp(proto, "ssh") == 0 || strcmp(proto, "git+ssh") == 0)
199 		err = dial_ssh(fetchfd, host, port, server_path, "upload");
200 	else if (strcmp(proto, "git") == 0)
201 		err = dial_git(fetchfd, host, port, server_path, "upload");
202 	else if (strcmp(proto, "http") == 0 || strcmp(proto, "git+http") == 0)
203 		err = got_error_path(proto, GOT_ERR_NOT_IMPL);
204 	else
205 		err = got_error_path(proto, GOT_ERR_BAD_PROTO);
206 	return err;
207 }
208 
209 const struct got_error *
210 got_fetch_parse_uri(char **proto, char **host, char **port,
211     char **server_path, char **repo_name, const char *uri)
212 {
213 	const struct got_error *err = NULL;
214 	char *s, *p, *q;
215 	int n, hasport;
216 
217 	*proto = *host = *port = *server_path = *repo_name = NULL;
218 
219 	p = strstr(uri, "://");
220 	if (!p) {
221 		return got_error(GOT_ERR_PARSE_URI);
222 	}
223 	*proto = strndup(uri, p - uri);
224 	if (proto == NULL) {
225 		err = got_error_from_errno("strndup");
226 		goto done;
227 	}
228 
229 	hasport = (strcmp(*proto, "git") == 0 ||
230 	    strstr(*proto, "http") == *proto);
231 	s = p + 3;
232 	p = NULL;
233 	if (!hasport) {
234 		p = strstr(s, ":");
235 		if (p != NULL)
236 			p++;
237 	}
238 	if (p == NULL)
239 		p = strstr(s, "/");
240 	if (p == NULL || strlen(p) == 1) {
241 		err = got_error(GOT_ERR_PARSE_URI);
242 		goto done;
243 	}
244 
245 	q = memchr(s, ':', p - s);
246 	if (q) {
247 		*host = strndup(s, q - s);
248 		if (*host == NULL) {
249 			err = got_error_from_errno("strndup");
250 			goto done;
251 		}
252 		*port = strndup(q + 1, p - (q + 1));
253 		if (*port == NULL) {
254 			err = got_error_from_errno("strndup");
255 			goto done;
256 		}
257 	} else {
258 		*host = strndup(s, p - s);
259 		if (*host == NULL) {
260 			err = got_error_from_errno("strndup");
261 			goto done;
262 		}
263 		if (asprintf(port, "%u", GOT_DEFAULT_GIT_PORT) == -1) {
264 			err = got_error_from_errno("asprintf");
265 			goto done;
266 		}
267 	}
268 
269 	*server_path = strdup(p);
270 	if (*server_path == NULL) {
271 		err = got_error_from_errno("strdup");
272 		goto done;
273 	}
274 
275 	p = strrchr(p, '/') + 1;
276 	if (!p || strlen(p) == 0) {
277 		//werrstr("missing repository in uri");
278 		err = got_error(GOT_ERR_PARSE_URI);
279 		goto done;
280 	}
281 	n = strlen(p);
282 	if (hassuffix(p, ".git"))
283 		n -= 4;
284 	*repo_name = strndup(p, (p + n) - p);
285 	if (*repo_name == NULL) {
286 		err = got_error_from_errno("strndup");
287 		goto done;
288 	}
289 done:
290 	if (err) {
291 		free(*proto);
292 		*proto = NULL;
293 		free(*host);
294 		*host = NULL;
295 		free(*port);
296 		*port = NULL;
297 		free(*server_path);
298 		*server_path = NULL;
299 		free(*repo_name);
300 		*repo_name = NULL;
301 	}
302 	return err;
303 }
304 
305 static const struct got_error *
306 check_pack_hash(int fd, size_t sz, uint8_t *hcomp)
307 {
308 	SHA1_CTX ctx;
309 	uint8_t hexpect[SHA1_DIGEST_LENGTH];
310 	uint8_t buf[32 * 1024];
311 	ssize_t n, r, nr;
312 
313 	if (sz < sizeof(struct got_packfile_hdr) + SHA1_DIGEST_LENGTH)
314 		return got_error_msg(GOT_ERR_BAD_PACKFILE, "short packfile");
315 
316 	n = 0;
317 	SHA1Init(&ctx);
318 	while (n < sz - 20) {
319 		nr = sizeof(buf);
320 		if (sz - n - 20 < sizeof(buf))
321 			nr = sz - n - 20;
322 		r = read(fd, buf, nr);
323 		if (r == -1)
324 			return got_error_from_errno("read");
325 		if (r != nr)
326 			return got_error_msg(GOT_ERR_BAD_PACKFILE,
327 			    "short pack file");
328 		SHA1Update(&ctx, buf, nr);
329 		n += r;
330 	}
331 	SHA1Final(hcomp, &ctx);
332 
333 	r = read(fd, hexpect, sizeof(hexpect));
334 	if (r == -1)
335 		return got_error_from_errno("read");
336 	if (r != sizeof(hexpect))
337 		return got_error_msg(GOT_ERR_BAD_PACKFILE,
338 		    "short pack file");
339 
340 	if (memcmp(hcomp, hexpect, SHA1_DIGEST_LENGTH) != 0)
341 		return got_error_msg(GOT_ERR_BAD_PACKFILE,
342 		    "packfile checksum mismatch");
343 
344 	return NULL;
345 }
346 
347 const struct got_error*
348 got_fetch_pack(struct got_object_id **pack_hash, struct got_pathlist_head *refs,
349     struct got_pathlist_head *symrefs, int fetchfd, struct got_repository *repo,
350     got_fetch_progress_cb progress_cb, void *progress_arg)
351 {
352 	int imsg_fetchfds[2], imsg_idxfds[2];
353 	int packfd = -1, npackfd = -1, idxfd = -1, nidxfd = -1, nfetchfd = -1;
354 	int tmpfd = -1;
355 	int fetchstatus, idxstatus, done = 0;
356 	const struct got_error *err;
357 	struct imsgbuf fetchibuf, idxibuf;
358 	pid_t fetchpid, idxpid;
359 	char *tmppackpath = NULL, *tmpidxpath = NULL;
360 	char *packpath = NULL, *idxpath = NULL, *id_str = NULL;
361 	const char *repo_path = got_repo_get_path(repo);
362 	struct got_pathlist_head have_refs;
363 	struct got_pathlist_entry *pe;
364 	off_t packfile_size = 0;
365 	char *path;
366 
367 	*pack_hash = NULL;
368 
369 	TAILQ_INIT(&have_refs);
370 
371 	if (asprintf(&path, "%s/%s/fetching.pack",
372 	    repo_path, GOT_OBJECTS_PACK_DIR) == -1) {
373 		err = got_error_from_errno("asprintf");
374 		goto done;
375 	}
376 	err = got_opentemp_named_fd(&tmppackpath, &packfd, path);
377 	free(path);
378 	if (err)
379 		goto done;
380 	npackfd = dup(packfd);
381 	if (npackfd == -1) {
382 		err = got_error_from_errno("dup");
383 		goto done;
384 	}
385 	if (asprintf(&path, "%s/%s/fetching.idx",
386 	    repo_path, GOT_OBJECTS_PACK_DIR) == -1) {
387 		err = got_error_from_errno("asprintf");
388 		goto done;
389 	}
390 	err = got_opentemp_named_fd(&tmpidxpath, &idxfd, path);
391 	free(path);
392 	if (err)
393 		goto done;
394 	nidxfd = dup(idxfd);
395 	if (nidxfd == -1) {
396 		err = got_error_from_errno("dup");
397 		goto done;
398 	}
399 
400 	tmpfd = got_opentempfd();
401 	if (tmpfd == -1) {
402 		err = got_error_from_errno("got_opentempfd");
403 		goto done;
404 	}
405 
406 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fetchfds) == -1) {
407 		err = got_error_from_errno("socketpair");
408 		goto done;
409 	}
410 
411 	fetchpid = fork();
412 	if (fetchpid == -1) {
413 		err = got_error_from_errno("fork");
414 		goto done;
415 	} else if (fetchpid == 0){
416 		got_privsep_exec_child(imsg_fetchfds,
417 		    GOT_PATH_PROG_FETCH_PACK, tmppackpath);
418 	}
419 
420 	if (close(imsg_fetchfds[1]) != 0) {
421 		err = got_error_from_errno("close");
422 		goto done;
423 	}
424 	imsg_init(&fetchibuf, imsg_fetchfds[0]);
425 	nfetchfd = dup(fetchfd);
426 	if (nfetchfd == -1) {
427 		err = got_error_from_errno("dup");
428 		goto done;
429 	}
430 	err = got_privsep_send_fetch_req(&fetchibuf, nfetchfd, &have_refs);
431 	if (err != NULL)
432 		goto done;
433 	nfetchfd = -1;
434 	err = got_privsep_send_fetch_outfd(&fetchibuf, npackfd);
435 	if (err != NULL)
436 		goto done;
437 	npackfd = dup(packfd);
438 	if (npackfd == -1) {
439 		err = got_error_from_errno("dup");
440 		goto done;
441 	}
442 
443 	packfile_size = 0;
444 	while (!done) {
445 		struct got_object_id *id = NULL;
446 		char *refname = NULL;
447 		char *server_progress = NULL;
448 		off_t packfile_size_cur;
449 
450 		err = got_privsep_recv_fetch_progress(&done,
451 		    &id, &refname, symrefs, &server_progress,
452 		    &packfile_size_cur, &fetchibuf);
453 		if (err != NULL)
454 			goto done;
455 		if (done)
456 			*pack_hash = id;
457 		else if (refname && id) {
458 			err = got_pathlist_append(refs, refname, id);
459 			if (err)
460 				goto done;
461 		} else if (server_progress) {
462 			char *s, *s0 = server_progress;
463 			while ((s = strsep(&s0, "\r")) != NULL) {
464 				if (*s == '\0')
465 					continue;
466 				err = progress_cb(progress_arg, s,
467 				    packfile_size_cur, 0, 0, 0, 0);
468 				if (err)
469 					break;
470 			}
471 			free(server_progress);
472 			if (err)
473 				goto done;
474 		} else if (packfile_size_cur != packfile_size) {
475 			err = progress_cb(progress_arg, NULL,
476 			    packfile_size_cur, 0, 0, 0, 0);
477 			if (err)
478 				break;
479 			packfile_size = packfile_size_cur;
480 		}
481 	}
482 	if (waitpid(fetchpid, &fetchstatus, 0) == -1) {
483 		err = got_error_from_errno("waitpid");
484 		goto done;
485 	}
486 
487 	if (lseek(packfd, 0, SEEK_SET) == -1) {
488 		err = got_error_from_errno("lseek");
489 		goto done;
490 	}
491 	err = check_pack_hash(packfd, packfile_size, (*pack_hash)->sha1);
492 	if (err)
493 		goto done;
494  
495 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_idxfds) == -1) {
496 		err = got_error_from_errno("socketpair");
497 		goto done;
498 	}
499 	idxpid = fork();
500 	if (idxpid == -1) {
501 		err= got_error_from_errno("fork");
502 		goto done;
503 	} else if (idxpid == 0)
504 		got_privsep_exec_child(imsg_idxfds,
505 		    GOT_PATH_PROG_INDEX_PACK, tmppackpath);
506 	if (close(imsg_idxfds[1]) != 0) {
507 		err = got_error_from_errno("close");
508 		goto done;
509 	}
510 	imsg_init(&idxibuf, imsg_idxfds[0]);
511 
512 	err = got_privsep_send_index_pack_req(&idxibuf, (*pack_hash)->sha1,
513 	    npackfd);
514 	if (err != NULL)
515 		goto done;
516 	npackfd = -1;
517 	err = got_privsep_send_index_pack_outfd(&idxibuf, nidxfd);
518 	if (err != NULL)
519 		goto done;
520 	nidxfd = -1;
521 	err = got_privsep_send_tmpfd(&idxibuf, tmpfd);
522 	if (err != NULL)
523 		goto done;
524 	tmpfd = -1;
525 	done = 0;
526 	while (!done) {
527 		int nobj_total, nobj_indexed, nobj_loose, nobj_resolved;
528 
529 		err = got_privsep_recv_index_progress(&done, &nobj_total,
530 		    &nobj_indexed, &nobj_loose, &nobj_resolved,
531 		    &idxibuf);
532 		if (err != NULL)
533 			goto done;
534 		if (nobj_indexed != 0) {
535 			err = progress_cb(progress_arg, NULL,
536 			    packfile_size, nobj_total,
537 			    nobj_indexed, nobj_loose, nobj_resolved);
538 			if (err)
539 				break;
540 		}
541 		imsg_clear(&idxibuf);
542 	}
543 	if (close(imsg_idxfds[0]) == -1) {
544 		err = got_error_from_errno("close");
545 		goto done;
546 	}
547 	if (waitpid(idxpid, &idxstatus, 0) == -1) {
548 		err = got_error_from_errno("waitpid");
549 		goto done;
550 	}
551 
552 	err = got_object_id_str(&id_str, *pack_hash);
553 	if (err)
554 		goto done;
555 	if (asprintf(&packpath, "%s/%s/pack-%s.pack",
556 	    repo_path, GOT_OBJECTS_PACK_DIR, id_str) == -1) {
557 		err = got_error_from_errno("asprintf");
558 		goto done;
559 	}
560 
561 	if (asprintf(&idxpath, "%s/%s/pack-%s.idx",
562 	    repo_path, GOT_OBJECTS_PACK_DIR, id_str) == -1) {
563 		err = got_error_from_errno("asprintf");
564 		goto done;
565 	}
566 
567 	if (rename(tmppackpath, packpath) == -1) {
568 		err = got_error_from_errno3("rename", tmppackpath, packpath);
569 		goto done;
570 	}
571 	if (rename(tmpidxpath, idxpath) == -1) {
572 		err = got_error_from_errno3("rename", tmpidxpath, idxpath);
573 		goto done;
574 	}
575 
576 done:
577 	if (nfetchfd != -1 && close(nfetchfd) == -1 && err == NULL)
578 		err = got_error_from_errno("close");
579 	if (npackfd != -1 && close(npackfd) == -1 && err == NULL)
580 		err = got_error_from_errno("close");
581 	if (packfd != -1 && close(packfd) == -1 && err == NULL)
582 		err = got_error_from_errno("close");
583 	if (idxfd != -1 && close(idxfd) == -1 && err == NULL)
584 		err = got_error_from_errno("close");
585 	if (tmpfd != -1 && close(tmpfd) == -1 && err == NULL)
586 		err = got_error_from_errno("close");
587 	free(tmppackpath);
588 	free(tmpidxpath);
589 	free(idxpath);
590 	free(packpath);
591 
592 	if (err) {
593 		free(*pack_hash);
594 		*pack_hash = NULL;
595 		TAILQ_FOREACH(pe, refs, entry) {
596 			free((void *)pe->path);
597 			free(pe->data);
598 		}
599 		got_pathlist_free(refs);
600 		TAILQ_FOREACH(pe, symrefs, entry) {
601 			free((void *)pe->path);
602 			free(pe->data);
603 		}
604 		got_pathlist_free(symrefs);
605 	}
606 	return err;
607 }