Blob


1 /*
2 * Copyright (c) 2023 Stefan Sperling <stsp@openbsd.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
17 /*
18 * Resolve path namespace conflicts for git-upload-pack and git-receive-pack.
19 */
21 #include <sys/queue.h>
22 #include <sys/tree.h>
23 #include <sys/types.h>
24 #include <sys/uio.h>
26 #include <err.h>
27 #include <errno.h>
28 #include <event.h>
29 #include <imsg.h>
30 #include <limits.h>
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <string.h>
34 #include <sha1.h>
35 #include <sha2.h>
36 #include <syslog.h>
37 #include <util.h>
38 #include <unistd.h>
40 #include "got_error.h"
41 #include "got_object.h"
42 #include "got_path.h"
44 #include "got_lib_dial.h"
46 #include "gotd.h"
47 #include "log.h"
48 #include "secrets.h"
50 #ifndef GITWRAPPER_GIT_LIBEXEC_DIR
51 #define GITWRAPPER_GIT_LIBEXEC_DIR "/usr/local/libexec/git"
52 #endif
54 #ifndef GITWRAPPER_MY_SERVER_PROG
55 #define GITWRAPPER_MY_SERVER_PROG "gotsh"
56 #endif
58 /* only needed to satisfy the linker */
59 struct gotd_secret *
60 gotd_secrets_get(struct gotd_secrets *secrets, enum gotd_secret_type t,
61 const char *label)
62 {
63 return NULL;
64 }
66 __dead static void
67 usage(void)
68 {
69 fprintf(stderr, "usage: %s -c '%s|%s repository-path'\n",
70 getprogname(), GOT_DIAL_CMD_SEND, GOT_DIAL_CMD_FETCH);
71 exit(1);
72 }
74 /*
75 * Unveil the specific programs we want to start and hide everything else.
76 * This is important to limit the impact of our "exec" pledge.
77 */
78 static const struct got_error *
79 apply_unveil(const char *myserver)
80 {
81 const char *fetchcmd = GITWRAPPER_GIT_LIBEXEC_DIR "/" \
82 GOT_DIAL_CMD_FETCH;
83 const char *sendcmd = GITWRAPPER_GIT_LIBEXEC_DIR "/" \
84 GOT_DIAL_CMD_SEND;
86 #ifdef PROFILE
87 if (unveil("gmon.out", "rwc") != 0)
88 return got_error_from_errno2("unveil", "gmon.out");
89 #endif
90 if (unveil(fetchcmd, "x") != 0 && errno != ENOENT)
91 return got_error_from_errno2("unveil", fetchcmd);
93 if (unveil(sendcmd, "x") != 0 && errno != ENOENT)
94 return got_error_from_errno2("unveil", sendcmd);
96 if (myserver && unveil(myserver, "x") != 0 && errno != ENOENT)
97 return got_error_from_errno2("unveil", myserver);
99 if (unveil(NULL, NULL) != 0)
100 return got_error_from_errno("unveil");
102 return NULL;
105 int
106 main(int argc, char *argv[])
108 const struct got_error *error;
109 const char *confpath = NULL;
110 char *command = NULL, *repo_name = NULL; /* for matching gotd.conf */
111 char *myserver = NULL;
112 const char *repo_path = NULL; /* as passed on the command line */
113 const char *relpath;
114 char *gitcommand = NULL;
115 struct gotd gotd;
116 struct gotd_repo *repo = NULL;
118 log_init(1, LOG_USER); /* Log to stderr. */
120 #ifndef PROFILE
121 if (pledge("stdio rpath exec unveil", NULL) == -1)
122 err(1, "pledge");
123 #endif
125 /*
126 * Look up our own server program in PATH so we can unveil(2) it.
127 * This call only errors out upon memory allocation failure.
128 * If the program cannot be found then myserver will be set to NULL.
129 */
130 error = got_path_find_prog(&myserver, GITWRAPPER_MY_SERVER_PROG);
131 if (error)
132 goto done;
134 /*
135 * Run parse_config() before unveil(2) because parse_config()
136 * checks whether repository paths exist on disk.
137 * Parsing errors and warnings will be logged to stderr.
138 * Upon failure we will run Git's native tooling so do not
139 * bother checking for errors here.
140 */
141 confpath = getenv("GOTD_CONF_PATH");
142 if (confpath == NULL)
143 confpath = GOTD_CONF_PATH;
144 parse_config(confpath, PROC_GITWRAPPER, NULL, &gotd);
146 error = apply_unveil(myserver);
147 if (error)
148 goto done;
150 #ifndef PROFILE
151 if (pledge("stdio exec", NULL) == -1)
152 err(1, "pledge");
153 #endif
155 if (strcmp(getprogname(), GOT_DIAL_CMD_SEND) == 0 ||
156 strcmp(getprogname(), GOT_DIAL_CMD_FETCH) == 0) {
157 if (argc != 2)
158 usage();
159 command = strdup(getprogname());
160 if (command == NULL) {
161 error = got_error_from_errno("strdup");
162 goto done;
164 repo_path = argv[1];
165 relpath = argv[1];
166 while (relpath[0] == '/')
167 relpath++;
168 repo_name = strdup(relpath);
169 if (repo_name == NULL) {
170 error = got_error_from_errno("strdup");
171 goto done;
173 } else {
174 if (argc != 3 || strcmp(argv[1], "-c") != 0)
175 usage();
176 repo_path = argv[2];
177 error = got_dial_parse_command(&command, &repo_name,
178 repo_path);
179 if (error && error->code == GOT_ERR_BAD_PACKET)
180 usage();
181 if (error)
182 goto done;
185 repo = gotd_find_repo_by_name(repo_name, &gotd.repos);
187 /*
188 * Invoke our custom Git server if the repository was found
189 * in gotd.conf. Otherwise invoke native git(1) tooling.
190 */
191 if (repo) {
192 if (myserver == NULL) {
193 error = got_error_fmt(GOT_ERR_NO_PROG,
194 "cannot run '%s'",
195 GITWRAPPER_MY_SERVER_PROG);
196 goto done;
198 execl(myserver, command, repo_name, (char *)NULL);
199 error = got_error_from_errno2("execl", myserver);
200 } else {
201 if (asprintf(&gitcommand, "%s/%s",
202 GITWRAPPER_GIT_LIBEXEC_DIR, command) == -1) {
203 error = got_error_from_errno("asprintf");
204 goto done;
206 execl(gitcommand, gitcommand, repo_path, (char *)NULL);
207 error = got_error_from_errno2("execl", gitcommand);
210 done:
211 free(command);
212 free(repo_name);
213 free(myserver);
214 free(gitcommand);
215 if (error) {
216 fprintf(stderr, "%s: %s\n", getprogname(), error->msg);
217 return 1;
220 return 0;