2 * Copyright (c) 2018, 2019 Ori Bernstein <ori@openbsd.org>
3 * Copyright (c) 2021 Stefan Sperling <stsp@openbsd.org>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 #include <sys/queue.h>
19 #include <sys/types.h>
20 #include <sys/socket.h>
31 #include "got_error.h"
34 #include "got_lib_dial.h"
38 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
42 #define ssizeof(_x) ((ssize_t)(sizeof(_x)))
46 #define MIN(_a,_b) ((_a) < (_b) ? (_a) : (_b))
49 #ifndef GOT_DIAL_PATH_SSH
50 #define GOT_DIAL_PATH_SSH "/usr/bin/ssh"
54 #define GOT_DEFAULT_GIT_PORT 9418
55 #define GOT_DEFAULT_GIT_PORT_STR "9418"
57 const struct got_error *
58 got_dial_apply_unveil(const char *proto)
60 if (strcmp(proto, "git+ssh") == 0 || strcmp(proto, "ssh") == 0) {
61 if (unveil(GOT_DIAL_PATH_SSH, "x") != 0) {
62 return got_error_from_errno2("unveil",
71 hassuffix(const char *base, const char *suf)
77 if (ns <= nb && strcmp(base + (nb - ns), suf) == 0)
82 const struct got_error *
83 got_dial_parse_uri(char **proto, char **host, char **port,
84 char **server_path, char **repo_name, const char *uri)
86 const struct got_error *err = NULL;
89 *proto = *host = *port = *server_path = *repo_name = NULL;
91 p = strstr(uri, "://");
93 /* Try parsing Git's "scp" style URL syntax. */
94 *proto = strdup("ssh");
96 err = got_error_from_errno("strdup");
102 err = got_error(GOT_ERR_PARSE_URI);
105 /* No slashes allowed before first colon. */
108 err = got_error(GOT_ERR_PARSE_URI);
111 *host = strndup(s, q - s);
113 err = got_error_from_errno("strndup");
116 if ((*host)[0] == '\0') {
117 err = got_error(GOT_ERR_PARSE_URI);
122 *proto = strndup(uri, p - uri);
123 if (*proto == NULL) {
124 err = got_error_from_errno("strndup");
130 if (p == NULL || strlen(p) == 1) {
131 err = got_error(GOT_ERR_PARSE_URI);
135 q = memchr(s, ':', p - s);
137 *host = strndup(s, q - s);
139 err = got_error_from_errno("strndup");
142 if ((*host)[0] == '\0') {
143 err = got_error(GOT_ERR_PARSE_URI);
146 *port = strndup(q + 1, p - (q + 1));
148 err = got_error_from_errno("strndup");
151 if ((*port)[0] == '\0') {
152 err = got_error(GOT_ERR_PARSE_URI);
156 *host = strndup(s, p - s);
158 err = got_error_from_errno("strndup");
161 if ((*host)[0] == '\0') {
162 err = got_error(GOT_ERR_PARSE_URI);
168 while (p[0] == '/' && p[1] == '/')
170 *server_path = strdup(p);
171 if (*server_path == NULL) {
172 err = got_error_from_errno("strdup");
175 got_path_strip_trailing_slashes(*server_path);
176 if ((*server_path)[0] == '\0') {
177 err = got_error(GOT_ERR_PARSE_URI);
181 err = got_path_basename(repo_name, *server_path);
184 if (hassuffix(*repo_name, ".git"))
185 (*repo_name)[strlen(*repo_name) - 4] = '\0';
186 if ((*repo_name)[0] == '\0')
187 err = got_error(GOT_ERR_PARSE_URI);
205 * Escape a given path for the shell which will be started by sshd.
206 * In particular, git-shell is known to require single-quote characters
207 * around its repository path argument and will refuse to run otherwise.
209 static const struct got_error *
210 escape_path(char *buf, size_t bufsize, const char *path)
221 while (*p != '\0' && (q - buf < bufsize)) {
222 /* git escapes ! too */
223 if (*p != '\'' && *p != '!') {
228 if (q - buf + 4 >= bufsize)
236 if (*p == '\0' && (q - buf + 1 < bufsize)) {
242 return got_error_fmt(GOT_ERR_NO_SPACE, "overlong path: %s", path);
245 const struct got_error *
246 got_dial_ssh(pid_t *newpid, int *newfd, const char *host,
247 const char *port, const char *path, const char *command, int verbosity)
249 const struct got_error *error = NULL;
252 char escaped_path[PATH_MAX];
253 const char *argv[11];
259 error = escape_path(escaped_path, sizeof(escaped_path), path);
263 argv[i++] = GOT_DIAL_PATH_SSH;
266 argv[i++] = (char *)port;
268 if (verbosity == -1) {
271 /* ssh(1) allows up to 3 "-v" options. */
272 for (j = 0; j < MIN(3, verbosity); j++)
276 argv[i++] = (char *)host;
277 argv[i++] = (char *)cmd;
278 argv[i++] = (char *)escaped_path;
280 assert(i <= nitems(argv));
282 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pfd) == -1)
283 return got_error_from_errno("socketpair");
287 error = got_error_from_errno("fork");
291 } else if (pid == 0) {
292 if (close(pfd[1]) == -1)
294 if (dup2(pfd[0], 0) == -1)
296 if (dup2(pfd[0], 1) == -1)
298 if (strlcpy(cmd, command, sizeof(cmd)) >= sizeof(cmd))
300 if (execv(GOT_DIAL_PATH_SSH, (char *const *)argv) == -1)
302 abort(); /* not reached */
304 if (close(pfd[0]) == -1)
305 return got_error_from_errno("close");
312 const struct got_error *
313 got_dial_git(int *newfd, const char *host, const char *port,
314 const char *path, const char *command)
316 const struct got_error *err = NULL;
317 struct addrinfo hints, *servinfo, *p;
319 int fd = -1, len, r, eaicode;
324 port = GOT_DEFAULT_GIT_PORT_STR;
326 memset(&hints, 0, sizeof hints);
327 hints.ai_family = AF_UNSPEC;
328 hints.ai_socktype = SOCK_STREAM;
329 eaicode = getaddrinfo(host, port, &hints, &servinfo);
332 snprintf(msg, sizeof(msg), "%s: %s", host,
333 gai_strerror(eaicode));
334 return got_error_msg(GOT_ERR_ADDRINFO, msg);
337 for (p = servinfo; p != NULL; p = p->ai_next) {
338 if ((fd = socket(p->ai_family, p->ai_socktype,
339 p->ai_protocol)) == -1)
341 if (connect(fd, p->ai_addr, p->ai_addrlen) == 0) {
345 err = got_error_from_errno("connect");
348 freeaddrinfo(servinfo);
352 if (asprintf(&cmd, "%s %s", command, path) == -1) {
353 err = got_error_from_errno("asprintf");
356 len = 4 + strlen(cmd) + 1 + strlen("host=") + strlen(host) + 1;
357 r = dprintf(fd, "%04x%s%chost=%s%c", len, cmd, '\0', host, '\0');
359 err = got_error_from_errno("dprintf");
370 const struct got_error *
371 got_dial_parse_command(char **command, char **repo_path, const char *gitcmd)
373 const struct got_error *err = NULL;
374 size_t len, cmdlen, pathlen;
375 char *path0 = NULL, *path, *abspath = NULL, *canonpath = NULL;
381 len = strlen(gitcmd);
383 if (len >= strlen(GOT_DIAL_CMD_SEND) &&
384 strncmp(gitcmd, GOT_DIAL_CMD_SEND,
385 strlen(GOT_DIAL_CMD_SEND)) == 0)
386 cmdlen = strlen(GOT_DIAL_CMD_SEND);
387 else if (len >= strlen(GOT_DIAL_CMD_FETCH) &&
388 strncmp(gitcmd, GOT_DIAL_CMD_FETCH,
389 strlen(GOT_DIAL_CMD_FETCH)) == 0)
390 cmdlen = strlen(GOT_DIAL_CMD_FETCH);
392 return got_error(GOT_ERR_BAD_PACKET);
394 if (len <= cmdlen + 1 || gitcmd[cmdlen] != ' ')
395 return got_error(GOT_ERR_BAD_PACKET);
397 if (memchr(&gitcmd[cmdlen + 1], '\0', len - cmdlen) == NULL)
398 return got_error(GOT_ERR_BAD_PATH);
400 /* Forbid linefeeds in paths, like Git does. */
401 if (memchr(&gitcmd[cmdlen + 1], '\n', len - cmdlen) != NULL)
402 return got_error(GOT_ERR_BAD_PATH);
404 path0 = strdup(&gitcmd[cmdlen + 1]);
406 return got_error_from_errno("strdup");
408 pathlen = strlen(path);
411 * Git clients send a shell command.
412 * Trim spaces and quotes around the path.
414 while (path[0] == '\'' || path[0] == '\"' || path[0] == ' ') {
418 while (pathlen > 0 &&
419 (path[pathlen - 1] == '\'' || path[pathlen - 1] == '\"' ||
420 path[pathlen - 1] == ' ')) {
421 path[pathlen - 1] = '\0';
425 /* Deny an empty repository path. */
426 if (path[0] == '\0' || got_path_is_root_dir(path)) {
427 err = got_error(GOT_ERR_NOT_GIT_REPO);
431 if (asprintf(&abspath, "/%s", path) == -1) {
432 err = got_error_from_errno("asprintf");
435 pathlen = strlen(abspath);
436 canonpath = malloc(pathlen + 1);
437 if (canonpath == NULL) {
438 err = got_error_from_errno("malloc");
441 err = got_canonpath(abspath, canonpath, pathlen + 1);
446 while (relpath[0] == '/')
448 *repo_path = strdup(relpath);
449 if (*repo_path == NULL) {
450 err = got_error_from_errno("strdup");
453 *command = strndup(gitcmd, cmdlen);
454 if (*command == NULL)
455 err = got_error_from_errno("strndup");