Gotweb

Blob

Date:: Sun Apr 14 16:00:32 2024 UTC
Message:: Rename got-http helper to got-fetch-http to match naming scheme. We aren't planning to support sending anyway. ok stsp@
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2018, 2019 Ori Bernstein <ori@openbsd.org>
3  * Copyright (c) 2021 Stefan Sperling <stsp@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <sys/queue.h>
19 #include <sys/types.h>
20 #include <sys/socket.h>
21 #include <sys/uio.h>
22 #include <netdb.h>
23 
24 #include <assert.h>
25 #include <err.h>
26 #include <limits.h>
27 #include <sha1.h>
28 #include <stdint.h>
29 #include <limits.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <unistd.h>
34 #include <imsg.h>
35 
36 #include "got_error.h"
37 #include "got_path.h"
38 #include "got_object.h"
39 
40 #include "got_lib_dial.h"
41 #include "got_lib_delta.h"
42 #include "got_lib_object.h"
43 #include "got_lib_privsep.h"
44 #include "got_dial.h"
45 
46 #ifndef nitems
47 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
48 #endif
49 
50 #ifndef ssizeof
51 #define ssizeof(_x) ((ssize_t)(sizeof(_x)))
52 #endif
53 
54 #ifndef MIN
55 #define	MIN(_a,_b) ((_a) < (_b) ? (_a) : (_b))
56 #endif
57 
58 #ifndef GOT_DIAL_PATH_SSH
59 #define GOT_DIAL_PATH_SSH	"/usr/bin/ssh"
60 #endif
61 
62 /* IANA assigned */
63 #define GOT_DEFAULT_GIT_PORT		9418
64 #define GOT_DEFAULT_GIT_PORT_STR	"9418"
65 
66 const struct got_error *
67 got_dial_apply_unveil(const char *proto)
68 {
69 	if (strcmp(proto, "git+ssh") == 0 || strcmp(proto, "ssh") == 0) {
70 		if (unveil(GOT_DIAL_PATH_SSH, "x") != 0) {
71 			return got_error_from_errno2("unveil",
72 			    GOT_DIAL_PATH_SSH);
73 		}
74 	}
75 
76 	if (strstr(proto, "http") != NULL) {
77 		if (unveil(GOT_PATH_PROG_FETCH_HTTP, "x") != 0) {
78 			return got_error_from_errno2("unveil",
79 			    GOT_PATH_PROG_FETCH_HTTP);
80 		}
81 	}
82 
83 	return NULL;
84 }
85 
86 static int
87 hassuffix(const char *base, const char *suf)
88 {
89 	int nb, ns;
90 
91 	nb = strlen(base);
92 	ns = strlen(suf);
93 	if (ns <= nb && strcmp(base + (nb - ns), suf) == 0)
94 		return 1;
95 	return 0;
96 }
97 
98 const struct got_error *
99 got_dial_parse_uri(char **proto, char **host, char **port,
100     char **server_path, char **repo_name, const char *uri)
101 {
102 	const struct got_error *err = NULL;
103 	char *s, *p, *q;
104 
105 	*proto = *host = *port = *server_path = *repo_name = NULL;
106 
107 	p = strstr(uri, "://");
108 	if (!p) {
109 		/* Try parsing Git's "scp" style URL syntax. */
110 		*proto = strdup("ssh");
111 		if (*proto == NULL) {
112 			err = got_error_from_errno("strdup");
113 			goto done;
114 		}
115 		s = (char *)uri;
116 		q = strchr(s, ':');
117 		if (q == NULL) {
118 			err = got_error(GOT_ERR_PARSE_URI);
119 			goto done;
120 		}
121 		/* No slashes allowed before first colon. */
122 		p = strchr(s, '/');
123 		if (p && q > p) {
124 			err = got_error(GOT_ERR_PARSE_URI);
125 			goto done;
126 		}
127 		*host = strndup(s, q - s);
128 		if (*host == NULL) {
129 			err = got_error_from_errno("strndup");
130 			goto done;
131 		}
132 		if ((*host)[0] == '\0') {
133 			err = got_error(GOT_ERR_PARSE_URI);
134 			goto done;
135 		}
136 		p = q + 1;
137 	} else {
138 		*proto = strndup(uri, p - uri);
139 		if (*proto == NULL) {
140 			err = got_error_from_errno("strndup");
141 			goto done;
142 		}
143 		s = p + 3;
144 
145 		p = strstr(s, "/");
146 		if (p == NULL || strlen(p) == 1) {
147 			err = got_error(GOT_ERR_PARSE_URI);
148 			goto done;
149 		}
150 
151 		q = memchr(s, ':', p - s);
152 		if (q) {
153 			*host = strndup(s, q - s);
154 			if (*host == NULL) {
155 				err = got_error_from_errno("strndup");
156 				goto done;
157 			}
158 			if ((*host)[0] == '\0') {
159 				err = got_error(GOT_ERR_PARSE_URI);
160 				goto done;
161 			}
162 			*port = strndup(q + 1, p - (q + 1));
163 			if (*port == NULL) {
164 				err = got_error_from_errno("strndup");
165 				goto done;
166 			}
167 			if ((*port)[0] == '\0') {
168 				err = got_error(GOT_ERR_PARSE_URI);
169 				goto done;
170 			}
171 		} else {
172 			*host = strndup(s, p - s);
173 			if (*host == NULL) {
174 				err = got_error_from_errno("strndup");
175 				goto done;
176 			}
177 			if ((*host)[0] == '\0') {
178 				err = got_error(GOT_ERR_PARSE_URI);
179 				goto done;
180 			}
181 		}
182 	}
183 
184 	while (p[0] == '/' && p[1] == '/')
185 		p++;
186 	*server_path = strdup(p);
187 	if (*server_path == NULL) {
188 		err = got_error_from_errno("strdup");
189 		goto done;
190 	}
191 	got_path_strip_trailing_slashes(*server_path);
192 	if ((*server_path)[0] == '\0') {
193 		err = got_error(GOT_ERR_PARSE_URI);
194 		goto done;
195 	}
196 
197 	err = got_path_basename(repo_name, *server_path);
198 	if (err)
199 		goto done;
200 	if (hassuffix(*repo_name, ".git"))
201 		(*repo_name)[strlen(*repo_name) - 4] = '\0';
202 	if ((*repo_name)[0] == '\0')
203 		err = got_error(GOT_ERR_PARSE_URI);
204 done:
205 	if (err) {
206 		free(*proto);
207 		*proto = NULL;
208 		free(*host);
209 		*host = NULL;
210 		free(*port);
211 		*port = NULL;
212 		free(*server_path);
213 		*server_path = NULL;
214 		free(*repo_name);
215 		*repo_name = NULL;
216 	}
217 	return err;
218 }
219 
220 /*
221  * Escape a given path for the shell which will be started by sshd.
222  * In particular, git-shell is known to require single-quote characters
223  * around its repository path argument and will refuse to run otherwise.
224  */
225 static const struct got_error *
226 escape_path(char *buf, size_t bufsize, const char *path)
227 {
228 	const char	*p;
229 	char		*q;
230 
231 	p = path;
232 	q = buf;
233 
234 	if (bufsize > 1)
235 		*q++ = '\'';
236 
237 	while (*p != '\0' && (q - buf < bufsize)) {
238 		/* git escapes ! too */
239 		if (*p != '\'' && *p != '!') {
240 			*q++ = *p++;
241 			continue;
242 		}
243 
244 		if (q - buf + 4 >= bufsize)
245 			break;
246 		*q++ = '\'';
247 		*q++ = '\\';
248 		*q++ = *p++;
249 		*q++ = '\'';
250 	}
251 
252 	if (*p == '\0' && (q - buf + 1 < bufsize)) {
253 		*q++ = '\'';
254 		*q = '\0';
255 		return NULL;
256 	}
257 
258 	return got_error_fmt(GOT_ERR_NO_SPACE, "overlong path: %s", path);
259 }
260 
261 const struct got_error *
262 got_dial_ssh(pid_t *newpid, int *newfd, const char *host,
263     const char *port, const char *path, const char *command, int verbosity)
264 {
265 	const struct got_error *error = NULL;
266 	int pid, pfd[2];
267 	char cmd[64];
268 	char escaped_path[PATH_MAX];
269 	const char *argv[11];
270 	int i = 0, j;
271 
272 	*newpid = -1;
273 	*newfd = -1;
274 
275 	error = escape_path(escaped_path, sizeof(escaped_path), path);
276 	if (error)
277 		return error;
278 
279 	argv[i++] = GOT_DIAL_PATH_SSH;
280 	if (port != NULL) {
281 		argv[i++] = "-p";
282 		argv[i++] = (char *)port;
283 	}
284 	if (verbosity == -1) {
285 		argv[i++] = "-q";
286 	} else {
287 		/* ssh(1) allows up to 3 "-v" options. */
288 		for (j = 0; j < MIN(3, verbosity); j++)
289 			argv[i++] = "-v";
290 	}
291 	argv[i++] = "--";
292 	argv[i++] = (char *)host;
293 	argv[i++] = (char *)cmd;
294 	argv[i++] = (char *)escaped_path;
295 	argv[i++] = NULL;
296 	assert(i <= nitems(argv));
297 
298 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pfd) == -1)
299 		return got_error_from_errno("socketpair");
300 
301 	pid = fork();
302 	if (pid == -1) {
303 		error = got_error_from_errno("fork");
304 		close(pfd[0]);
305 		close(pfd[1]);
306 		return error;
307 	} else if (pid == 0) {
308 		if (close(pfd[1]) == -1)
309 			err(1, "close");
310 		if (dup2(pfd[0], 0) == -1)
311 			err(1, "dup2");
312 		if (dup2(pfd[0], 1) == -1)
313 			err(1, "dup2");
314 		if (strlcpy(cmd, command, sizeof(cmd)) >= sizeof(cmd))
315 			err(1, "snprintf");
316 		if (execv(GOT_DIAL_PATH_SSH, (char *const *)argv) == -1)
317 			err(1, "execv %s", GOT_DIAL_PATH_SSH);
318 		abort(); /* not reached */
319 	} else {
320 		if (close(pfd[0]) == -1)
321 			return got_error_from_errno("close");
322 		*newpid = pid;
323 		*newfd = pfd[1];
324 		return NULL;
325 	}
326 }
327 
328 const struct got_error *
329 got_dial_git(int *newfd, const char *host, const char *port,
330     const char *path, const char *command)
331 {
332 	const struct got_error *err = NULL;
333 	struct addrinfo hints, *servinfo, *p;
334 	char *cmd = NULL;
335 	int fd = -1, len, r, eaicode;
336 
337 	*newfd = -1;
338 
339 	if (port == NULL)
340 		port = GOT_DEFAULT_GIT_PORT_STR;
341 
342 	memset(&hints, 0, sizeof hints);
343 	hints.ai_family = AF_UNSPEC;
344 	hints.ai_socktype = SOCK_STREAM;
345 	eaicode = getaddrinfo(host, port, &hints, &servinfo);
346 	if (eaicode) {
347 		char msg[512];
348 		snprintf(msg, sizeof(msg), "%s: %s", host,
349 		    gai_strerror(eaicode));
350 		return got_error_msg(GOT_ERR_ADDRINFO, msg);
351 	}
352 
353 	for (p = servinfo; p != NULL; p = p->ai_next) {
354 		if ((fd = socket(p->ai_family, p->ai_socktype,
355 		    p->ai_protocol)) == -1)
356 			continue;
357 		if (connect(fd, p->ai_addr, p->ai_addrlen) == 0) {
358 			err = NULL;
359 			break;
360 		}
361 		err = got_error_from_errno("connect");
362 		close(fd);
363 	}
364 	freeaddrinfo(servinfo);
365 	if (p == NULL)
366 		goto done;
367 
368 	if (asprintf(&cmd, "%s %s", command, path) == -1) {
369 		err = got_error_from_errno("asprintf");
370 		goto done;
371 	}
372 	len = 4 + strlen(cmd) + 1 + strlen("host=") + strlen(host) + 1;
373 	r = dprintf(fd, "%04x%s%chost=%s%c", len, cmd, '\0', host, '\0');
374 	if (r < 0)
375 		err = got_error_from_errno("dprintf");
376 done:
377 	free(cmd);
378 	if (err) {
379 		if (fd != -1)
380 			close(fd);
381 	} else
382 		*newfd = fd;
383 	return err;
384 }
385 
386 const struct got_error *
387 got_dial_http(pid_t *newpid, int *newfd, const char *host,
388     const char *port, const char *path, int verbosity, int tls)
389 {
390 	const struct got_error *error = NULL;
391 	int pid, pfd[2];
392 	const char *argv[8];
393 	int i = 0;
394 
395 	*newpid = -1;
396 	*newfd = -1;
397 
398 	if (!port)
399 		port = tls ? "443" : "80";
400 
401 	argv[i++] = GOT_PATH_PROG_FETCH_HTTP;
402 	if (verbosity == -1)
403 		argv[i++] = "-q";
404 	else if (verbosity > 0)
405 		argv[i++] = "-v";
406 	argv[i++] = "--";
407 	argv[i++] = tls ? "https" : "http";
408 	argv[i++] = host;
409 	argv[i++] = port;
410 	argv[i++] = path;
411 	argv[i++] = NULL;
412 	assert(i <= nitems(argv));
413 
414 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pfd) == -1)
415 		return got_error_from_errno("socketpair");
416 
417 	pid = fork();
418 	if (pid == -1) {
419 		error = got_error_from_errno("fork");
420 		close(pfd[0]);
421 		close(pfd[1]);
422 		return error;
423 	} else if (pid == 0) {
424 		if (close(pfd[1]) == -1)
425 			err(1, "close");
426 		if (dup2(pfd[0], 0) == -1)
427 			err(1, "dup2");
428 		if (dup2(pfd[0], 1) == -1)
429 			err(1, "dup2");
430 		if (execv(GOT_PATH_PROG_FETCH_HTTP, (char *const *)argv) == -1)
431 			err(1, "execv");
432 		abort(); /* not reached */
433 	} else {
434 		if (close(pfd[0]) == -1)
435 			return got_error_from_errno("close");
436 		*newpid = pid;
437 		*newfd = pfd[1];
438 		return NULL;
439 	}
440 }
441 
442 const struct got_error *
443 got_dial_parse_command(char **command, char **repo_path, const char *gitcmd)
444 {
445 	const struct got_error *err = NULL;
446 	size_t len, cmdlen, pathlen;
447 	char *path0 = NULL, *path, *abspath = NULL, *canonpath = NULL;
448 	const char *relpath;
449 
450 	*command = NULL;
451 	*repo_path = NULL;
452 
453 	len = strlen(gitcmd);
454 
455 	if (len >= strlen(GOT_DIAL_CMD_SEND) &&
456 	    strncmp(gitcmd, GOT_DIAL_CMD_SEND,
457 	    strlen(GOT_DIAL_CMD_SEND)) == 0)
458 		cmdlen = strlen(GOT_DIAL_CMD_SEND);
459 	else if (len >= strlen(GOT_DIAL_CMD_FETCH) &&
460 	    strncmp(gitcmd, GOT_DIAL_CMD_FETCH,
461 	    strlen(GOT_DIAL_CMD_FETCH)) == 0)
462 		cmdlen = strlen(GOT_DIAL_CMD_FETCH);
463 	else
464 		return got_error(GOT_ERR_BAD_PACKET);
465 
466 	if (len <= cmdlen + 1 || gitcmd[cmdlen] != ' ')
467 		return got_error(GOT_ERR_BAD_PACKET);
468 
469 	if (memchr(&gitcmd[cmdlen + 1], '\0', len - cmdlen) == NULL)
470 		return got_error(GOT_ERR_BAD_PATH);
471 
472 	/* Forbid linefeeds in paths, like Git does. */
473 	if (memchr(&gitcmd[cmdlen + 1], '\n', len - cmdlen) != NULL)
474 		return got_error(GOT_ERR_BAD_PATH);
475 
476 	path0 = strdup(&gitcmd[cmdlen + 1]);
477 	if (path0 == NULL)
478 		return got_error_from_errno("strdup");
479 	path = path0;
480 	pathlen = strlen(path);
481 
482 	/*
483 	 * Git clients send a shell command.
484 	 * Trim spaces and quotes around the path.
485 	 */
486 	while (path[0] == '\'' || path[0] == '\"' || path[0] == ' ') {
487 		path++;
488 		pathlen--;
489 	}
490 	while (pathlen > 0 &&
491 	    (path[pathlen - 1] == '\'' || path[pathlen - 1] == '\"' ||
492 	    path[pathlen - 1] == ' ')) {
493 		path[pathlen - 1] = '\0';
494 		pathlen--;
495 	}
496 
497 	/* Deny an empty repository path. */
498 	if (path[0] == '\0' || got_path_is_root_dir(path)) {
499 		err = got_error(GOT_ERR_NOT_GIT_REPO);
500 		goto done;
501 	}
502 
503 	if (asprintf(&abspath, "/%s", path) == -1) {
504 		err = got_error_from_errno("asprintf");
505 		goto done;
506 	}
507 	pathlen = strlen(abspath);
508 	canonpath = malloc(pathlen + 1);
509 	if (canonpath == NULL) {
510 		err = got_error_from_errno("malloc");
511 		goto done;
512 	}
513 	err = got_canonpath(abspath, canonpath, pathlen + 1);
514 	if (err)
515 		goto done;
516 
517 	relpath = canonpath;
518 	while (relpath[0] == '/')
519 		relpath++;
520 	*repo_path = strdup(relpath);
521 	if (*repo_path == NULL) {
522 		err = got_error_from_errno("strdup");
523 		goto done;
524 	}
525 	*command = strndup(gitcmd, cmdlen);
526 	if (*command == NULL)
527 		err = got_error_from_errno("strndup");
528 done:
529 	free(path0);
530 	free(abspath);
531 	free(canonpath);
532 	if (err) {
533 		free(*repo_path);
534 		*repo_path = NULL;
535 	}
536 	return err;
537 }