1 b09c1279 2023-03-28 stsp /*
  2 b09c1279 2023-03-28 stsp  * Copyright (c) 2023 Stefan Sperling <stsp@openbsd.org>
  3 b09c1279 2023-03-28 stsp  *
  4 b09c1279 2023-03-28 stsp  * Permission to use, copy, modify, and distribute this software for any
  5 b09c1279 2023-03-28 stsp  * purpose with or without fee is hereby granted, provided that the above
  6 b09c1279 2023-03-28 stsp  * copyright notice and this permission notice appear in all copies.
  7 b09c1279 2023-03-28 stsp  *
  8 b09c1279 2023-03-28 stsp  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  9 b09c1279 2023-03-28 stsp  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 10 b09c1279 2023-03-28 stsp  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 11 b09c1279 2023-03-28 stsp  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 12 b09c1279 2023-03-28 stsp  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 13 b09c1279 2023-03-28 stsp  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 14 b09c1279 2023-03-28 stsp  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 15 b09c1279 2023-03-28 stsp  */
 16 b09c1279 2023-03-28 stsp 
 17 b09c1279 2023-03-28 stsp /*
 18 b09c1279 2023-03-28 stsp  * Resolve path namespace conflicts for git-upload-pack and git-receive-pack.
 19 b09c1279 2023-03-28 stsp  */
 20 b09c1279 2023-03-28 stsp 
 21 b09c1279 2023-03-28 stsp #include <sys/queue.h>
 22 b09c1279 2023-03-28 stsp #include <sys/types.h>
 23 b09c1279 2023-03-28 stsp #include <sys/uio.h>
 24 b09c1279 2023-03-28 stsp #include <sys/wait.h>
 25 b09c1279 2023-03-28 stsp 
 26 b09c1279 2023-03-28 stsp #include <err.h>
 27 b09c1279 2023-03-28 stsp #include <errno.h>
 28 b09c1279 2023-03-28 stsp #include <event.h>
 29 b09c1279 2023-03-28 stsp #include <imsg.h>
 30 b09c1279 2023-03-28 stsp #include <limits.h>
 31 b09c1279 2023-03-28 stsp #include <stdio.h>
 32 b09c1279 2023-03-28 stsp #include <stdlib.h>
 33 b09c1279 2023-03-28 stsp #include <string.h>
 34 b09c1279 2023-03-28 stsp #include <sha1.h>
 35 b09c1279 2023-03-28 stsp #include <sha2.h>
 36 b09c1279 2023-03-28 stsp #include <syslog.h>
 37 b09c1279 2023-03-28 stsp #include <util.h>
 38 b09c1279 2023-03-28 stsp #include <unistd.h>
 39 b09c1279 2023-03-28 stsp 
 40 b09c1279 2023-03-28 stsp #include "got_error.h"
 41 b09c1279 2023-03-28 stsp #include "got_path.h"
 42 b09c1279 2023-03-28 stsp #include "got_serve.h"
 43 b09c1279 2023-03-28 stsp 
 44 b09c1279 2023-03-28 stsp #include "gotd.h"
 45 b09c1279 2023-03-28 stsp #include "log.h"
 46 b09c1279 2023-03-28 stsp 
 47 b09c1279 2023-03-28 stsp #ifndef GITWRAPPER_GIT_LIBEXEC_DIR
 48 b09c1279 2023-03-28 stsp #define GITWRAPPER_GIT_LIBEXEC_DIR "/usr/local/libexec/git"
 49 b09c1279 2023-03-28 stsp #endif
 50 b09c1279 2023-03-28 stsp 
 51 b09c1279 2023-03-28 stsp #ifndef GITWRAPPER_MY_SERVER_PROG
 52 b09c1279 2023-03-28 stsp #define GITWRAPPER_MY_SERVER_PROG "gotsh"
 53 b09c1279 2023-03-28 stsp #endif
 54 b09c1279 2023-03-28 stsp 
 55 b09c1279 2023-03-28 stsp 
 56 b09c1279 2023-03-28 stsp __dead static void
 57 b09c1279 2023-03-28 stsp usage(void)
 58 b09c1279 2023-03-28 stsp {
 59 b09c1279 2023-03-28 stsp 	fprintf(stderr, "usage: %s -c '%s|%s repository-path'\n",
 60 b09c1279 2023-03-28 stsp 	    getprogname(), GOT_SERVE_CMD_SEND, GOT_SERVE_CMD_FETCH);
 61 b09c1279 2023-03-28 stsp 	exit(1);
 62 b09c1279 2023-03-28 stsp }
 63 b09c1279 2023-03-28 stsp 
 64 b09c1279 2023-03-28 stsp /*
 65 b09c1279 2023-03-28 stsp  * Unveil the specific programs we want to start and hide everything else.
 66 b09c1279 2023-03-28 stsp  * This is important to limit the impact of our "exec" pledge.
 67 b09c1279 2023-03-28 stsp  */
 68 b09c1279 2023-03-28 stsp static const struct got_error *
 69 b09c1279 2023-03-28 stsp apply_unveil(const char *myserver)
 70 b09c1279 2023-03-28 stsp {
 71 b09c1279 2023-03-28 stsp 	const char *fetchcmd = GITWRAPPER_GIT_LIBEXEC_DIR "/" \
 72 b09c1279 2023-03-28 stsp 		GOT_SERVE_CMD_FETCH;
 73 b09c1279 2023-03-28 stsp 	const char *sendcmd = GITWRAPPER_GIT_LIBEXEC_DIR "/" \
 74 b09c1279 2023-03-28 stsp 		GOT_SERVE_CMD_SEND;
 75 b09c1279 2023-03-28 stsp 
 76 b09c1279 2023-03-28 stsp #ifdef PROFILE
 77 b09c1279 2023-03-28 stsp 	if (unveil("gmon.out", "rwc") != 0)
 78 b09c1279 2023-03-28 stsp 		return got_error_from_errno2("unveil", "gmon.out");
 79 b09c1279 2023-03-28 stsp #endif
 80 b09c1279 2023-03-28 stsp 	if (unveil(fetchcmd, "x") != 0)
 81 b09c1279 2023-03-28 stsp 		return got_error_from_errno2("unveil", fetchcmd);
 82 b09c1279 2023-03-28 stsp 
 83 b09c1279 2023-03-28 stsp 	if (unveil(sendcmd, "x") != 0)
 84 b09c1279 2023-03-28 stsp 		return got_error_from_errno2("unveil", sendcmd);
 85 b09c1279 2023-03-28 stsp 
 86 b09c1279 2023-03-28 stsp 	if (myserver && unveil(myserver, "x") != 0)
 87 b09c1279 2023-03-28 stsp 		return got_error_from_errno2("unveil", myserver);
 88 b09c1279 2023-03-28 stsp 
 89 b09c1279 2023-03-28 stsp 	if (unveil(NULL, NULL) != 0)
 90 b09c1279 2023-03-28 stsp 		return got_error_from_errno("unveil");
 91 b09c1279 2023-03-28 stsp 
 92 b09c1279 2023-03-28 stsp 	return NULL;
 93 b09c1279 2023-03-28 stsp }
 94 b09c1279 2023-03-28 stsp 
 95 b09c1279 2023-03-28 stsp int
 96 b09c1279 2023-03-28 stsp main(int argc, char *argv[])
 97 b09c1279 2023-03-28 stsp {
 98 b09c1279 2023-03-28 stsp 	const struct got_error *error;
 99 b09c1279 2023-03-28 stsp 	const char *confpath = NULL;
100 b09c1279 2023-03-28 stsp 	char *command = NULL, *repo_name = NULL; /* for matching gotd.conf */
101 b09c1279 2023-03-28 stsp 	char *myserver = NULL;
102 b09c1279 2023-03-28 stsp 	const char *repo_path = NULL; /* as passed on the command line */
103 b09c1279 2023-03-28 stsp 	const char *relpath;
104 b09c1279 2023-03-28 stsp 	char *gitcommand = NULL;
105 b09c1279 2023-03-28 stsp 	struct gotd gotd;
106 b09c1279 2023-03-28 stsp 	struct gotd_repo *repo = NULL;
107 b09c1279 2023-03-28 stsp 	pid_t pid;
108 b09c1279 2023-03-28 stsp 	int st = -1;
109 b09c1279 2023-03-28 stsp 
110 b09c1279 2023-03-28 stsp 	log_init(1, LOG_USER); /* Log to stderr. */
111 b09c1279 2023-03-28 stsp 
112 b09c1279 2023-03-28 stsp #ifndef PROFILE
113 b09c1279 2023-03-28 stsp 	if (pledge("stdio rpath proc exec unveil", NULL) == -1)
114 b09c1279 2023-03-28 stsp 		err(1, "pledge");
115 b09c1279 2023-03-28 stsp #endif
116 b09c1279 2023-03-28 stsp 
117 b09c1279 2023-03-28 stsp 	/*
118 b09c1279 2023-03-28 stsp 	 * Look up our own server program in PATH so we can unveil(2) it.
119 b09c1279 2023-03-28 stsp 	 * This call only errors out upon memory allocation failure.
120 b09c1279 2023-03-28 stsp 	 * If the program cannot be found then myserver will be set to NULL.
121 b09c1279 2023-03-28 stsp 	 */
122 b09c1279 2023-03-28 stsp 	error = got_path_find_prog(&myserver, GITWRAPPER_MY_SERVER_PROG);
123 b09c1279 2023-03-28 stsp 	if (error)
124 b09c1279 2023-03-28 stsp 		goto done;
125 b09c1279 2023-03-28 stsp 
126 b09c1279 2023-03-28 stsp 	/*
127 b09c1279 2023-03-28 stsp 	 * Run parse_config() before unveil(2) because parse_config()
128 b09c1279 2023-03-28 stsp 	 * checks whether repository paths exist on disk.
129 b09c1279 2023-03-28 stsp 	 * Parsing errors and warnings will be logged to stderr.
130 b09c1279 2023-03-28 stsp 	 * Upon failure we will run Git's native tooling so do not
131 b09c1279 2023-03-28 stsp 	 * bother checking for errors here.
132 b09c1279 2023-03-28 stsp 	 */
133 b09c1279 2023-03-28 stsp 	confpath = getenv("GOTD_CONF_PATH");
134 b09c1279 2023-03-28 stsp 	if (confpath == NULL)
135 b09c1279 2023-03-28 stsp 		confpath = GOTD_CONF_PATH;
136 b09c1279 2023-03-28 stsp 	parse_config(confpath, PROC_GOTD, &gotd);
137 b09c1279 2023-03-28 stsp 
138 b09c1279 2023-03-28 stsp 	error = apply_unveil(myserver);
139 b09c1279 2023-03-28 stsp 	if (error)
140 b09c1279 2023-03-28 stsp 		goto done;
141 b09c1279 2023-03-28 stsp 
142 b09c1279 2023-03-28 stsp #ifndef PROFILE
143 b09c1279 2023-03-28 stsp 	if (pledge("stdio proc exec", NULL) == -1)
144 b09c1279 2023-03-28 stsp 		err(1, "pledge");
145 b09c1279 2023-03-28 stsp #endif
146 b09c1279 2023-03-28 stsp 
147 b09c1279 2023-03-28 stsp 	if (strcmp(getprogname(), GOT_SERVE_CMD_SEND) == 0 ||
148 b09c1279 2023-03-28 stsp 	    strcmp(getprogname(), GOT_SERVE_CMD_FETCH) == 0) {
149 b09c1279 2023-03-28 stsp 		if (argc != 2)
150 b09c1279 2023-03-28 stsp 			usage();
151 b09c1279 2023-03-28 stsp 		command = strdup(getprogname());
152 b09c1279 2023-03-28 stsp 		if (command == NULL) {
153 b09c1279 2023-03-28 stsp 			error = got_error_from_errno("strdup");
154 b09c1279 2023-03-28 stsp 			goto done;
155 b09c1279 2023-03-28 stsp 		}
156 b09c1279 2023-03-28 stsp 		repo_path = argv[1];
157 b09c1279 2023-03-28 stsp 		relpath = argv[1];
158 b09c1279 2023-03-28 stsp 		while (relpath[0] == '/')
159 b09c1279 2023-03-28 stsp 			relpath++;
160 b09c1279 2023-03-28 stsp 		repo_name = strdup(relpath);
161 b09c1279 2023-03-28 stsp 		if (repo_name == NULL) {
162 b09c1279 2023-03-28 stsp 			error = got_error_from_errno("strdup");
163 b09c1279 2023-03-28 stsp 			goto done;
164 b09c1279 2023-03-28 stsp 		}
165 b09c1279 2023-03-28 stsp 	} else {
166 b09c1279 2023-03-28 stsp 		if (argc != 3 || strcmp(argv[1], "-c") != 0)
167 b09c1279 2023-03-28 stsp 			usage();
168 b09c1279 2023-03-28 stsp 		repo_path = argv[2];
169 b09c1279 2023-03-28 stsp 		error = got_serve_parse_command(&command, &repo_name,
170 b09c1279 2023-03-28 stsp 		    repo_path);
171 b09c1279 2023-03-28 stsp 		if (error && error->code == GOT_ERR_BAD_PACKET)
172 b09c1279 2023-03-28 stsp 			usage();
173 b09c1279 2023-03-28 stsp 		if (error)
174 b09c1279 2023-03-28 stsp 			goto done;
175 b09c1279 2023-03-28 stsp 	}
176 b09c1279 2023-03-28 stsp 
177 b09c1279 2023-03-28 stsp 	repo = gotd_find_repo_by_name(repo_name, &gotd);
178 b09c1279 2023-03-28 stsp 
179 b09c1279 2023-03-28 stsp 	/*
180 b09c1279 2023-03-28 stsp 	 * Invoke our custom Git server if it was found in PATH and
181 b09c1279 2023-03-28 stsp 	 * if the repository was found in gotd.conf.
182 b09c1279 2023-03-28 stsp 	 * Otherwise invoke native git(1) tooling.
183 b09c1279 2023-03-28 stsp 	 */
184 b09c1279 2023-03-28 stsp 	switch (pid = fork()) {
185 b09c1279 2023-03-28 stsp 	case -1:
186 b09c1279 2023-03-28 stsp 		goto done;
187 b09c1279 2023-03-28 stsp 	case 0:
188 b09c1279 2023-03-28 stsp 		if (repo && myserver) {
189 b09c1279 2023-03-28 stsp 			if (execl(myserver, command, repo_name,
190 b09c1279 2023-03-28 stsp 			    (char *)NULL) ==  -1) {
191 b09c1279 2023-03-28 stsp 				error = got_error_from_errno2("execl",
192 b09c1279 2023-03-28 stsp 				    myserver);
193 b09c1279 2023-03-28 stsp 				goto done;
194 b09c1279 2023-03-28 stsp 			 }
195 b09c1279 2023-03-28 stsp 		} else {
196 b09c1279 2023-03-28 stsp 			if (asprintf(&gitcommand, "%s/%s",
197 b09c1279 2023-03-28 stsp 			    GITWRAPPER_GIT_LIBEXEC_DIR, command) == -1) {
198 b09c1279 2023-03-28 stsp 				error = got_error_from_errno("asprintf");
199 b09c1279 2023-03-28 stsp 				goto done;
200 b09c1279 2023-03-28 stsp 			}
201 b09c1279 2023-03-28 stsp 			if (execl(gitcommand, gitcommand, repo_path,
202 b09c1279 2023-03-28 stsp 			    (char *)NULL) == -1) {
203 b09c1279 2023-03-28 stsp 				error = got_error_from_errno2("execl",
204 b09c1279 2023-03-28 stsp 				    gitcommand);
205 b09c1279 2023-03-28 stsp 				goto done;
206 b09c1279 2023-03-28 stsp 			 }
207 b09c1279 2023-03-28 stsp 		}
208 b09c1279 2023-03-28 stsp 		_exit(127);
209 b09c1279 2023-03-28 stsp 	}
210 b09c1279 2023-03-28 stsp 
211 b09c1279 2023-03-28 stsp 	while (waitpid(pid, &st, 0) == -1) {
212 b09c1279 2023-03-28 stsp 		if (errno != EINTR)
213 b09c1279 2023-03-28 stsp 			break;
214 b09c1279 2023-03-28 stsp 	}
215 b09c1279 2023-03-28 stsp done:
216 b09c1279 2023-03-28 stsp 	free(command);
217 b09c1279 2023-03-28 stsp 	free(repo_name);
218 b09c1279 2023-03-28 stsp 	free(myserver);
219 b09c1279 2023-03-28 stsp 	free(gitcommand);
220 b09c1279 2023-03-28 stsp 	if (error) {
221 b09c1279 2023-03-28 stsp 		fprintf(stderr, "%s: %s\n", getprogname(), error->msg);
222 b09c1279 2023-03-28 stsp 		return 1;
223 b09c1279 2023-03-28 stsp 	}
224 b09c1279 2023-03-28 stsp 
225 b09c1279 2023-03-28 stsp 	return 0;
226 b09c1279 2023-03-28 stsp }