1 /*
2  * Copyright (c) 2023 Stefan Sperling <stsp@openbsd.org>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 /*
18  * Resolve path namespace conflicts for git-upload-pack and git-receive-pack.
19  */
20 
21 #include <sys/queue.h>
22 #include <sys/types.h>
23 #include <sys/uio.h>
24 #include <sys/wait.h>
25 
26 #include <err.h>
27 #include <errno.h>
28 #include <event.h>
29 #include <imsg.h>
30 #include <limits.h>
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <string.h>
34 #include <sha1.h>
35 #include <sha2.h>
36 #include <syslog.h>
37 #include <util.h>
38 #include <unistd.h>
39 
40 #include "got_error.h"
41 #include "got_path.h"
42 #include "got_serve.h"
43 
44 #include "gotd.h"
45 #include "log.h"
46 
47 #ifndef GITWRAPPER_GIT_LIBEXEC_DIR
48 #define GITWRAPPER_GIT_LIBEXEC_DIR "/usr/local/libexec/git"
49 #endif
50 
51 #ifndef GITWRAPPER_MY_SERVER_PROG
52 #define GITWRAPPER_MY_SERVER_PROG "gotsh"
53 #endif
54 
55 
56 __dead static void
57 usage(void)
58 {
59 	fprintf(stderr, "usage: %s -c '%s|%s repository-path'\n",
60 	    getprogname(), GOT_SERVE_CMD_SEND, GOT_SERVE_CMD_FETCH);
61 	exit(1);
62 }
63 
64 /*
65  * Unveil the specific programs we want to start and hide everything else.
66  * This is important to limit the impact of our "exec" pledge.
67  */
68 static const struct got_error *
69 apply_unveil(const char *myserver)
70 {
71 	const char *fetchcmd = GITWRAPPER_GIT_LIBEXEC_DIR "/" \
72 		GOT_SERVE_CMD_FETCH;
73 	const char *sendcmd = GITWRAPPER_GIT_LIBEXEC_DIR "/" \
74 		GOT_SERVE_CMD_SEND;
75 
76 #ifdef PROFILE
77 	if (unveil("gmon.out", "rwc") != 0)
78 		return got_error_from_errno2("unveil", "gmon.out");
79 #endif
80 	if (unveil(fetchcmd, "x") != 0)
81 		return got_error_from_errno2("unveil", fetchcmd);
82 
83 	if (unveil(sendcmd, "x") != 0)
84 		return got_error_from_errno2("unveil", sendcmd);
85 
86 	if (myserver && unveil(myserver, "x") != 0)
87 		return got_error_from_errno2("unveil", myserver);
88 
89 	if (unveil(NULL, NULL) != 0)
90 		return got_error_from_errno("unveil");
91 
92 	return NULL;
93 }
94 
95 int
96 main(int argc, char *argv[])
97 {
98 	const struct got_error *error;
99 	const char *confpath = NULL;
100 	char *command = NULL, *repo_name = NULL; /* for matching gotd.conf */
101 	char *myserver = NULL;
102 	const char *repo_path = NULL; /* as passed on the command line */
103 	const char *relpath;
104 	char *gitcommand = NULL;
105 	struct gotd gotd;
106 	struct gotd_repo *repo = NULL;
107 	pid_t pid;
108 	int st = -1;
109 
110 	log_init(1, LOG_USER); /* Log to stderr. */
111 
112 #ifndef PROFILE
113 	if (pledge("stdio rpath proc exec unveil", NULL) == -1)
114 		err(1, "pledge");
115 #endif
116 
117 	/*
118 	 * Look up our own server program in PATH so we can unveil(2) it.
119 	 * This call only errors out upon memory allocation failure.
120 	 * If the program cannot be found then myserver will be set to NULL.
121 	 */
122 	error = got_path_find_prog(&myserver, GITWRAPPER_MY_SERVER_PROG);
123 	if (error)
124 		goto done;
125 
126 	/*
127 	 * Run parse_config() before unveil(2) because parse_config()
128 	 * checks whether repository paths exist on disk.
129 	 * Parsing errors and warnings will be logged to stderr.
130 	 * Upon failure we will run Git's native tooling so do not
131 	 * bother checking for errors here.
132 	 */
133 	confpath = getenv("GOTD_CONF_PATH");
134 	if (confpath == NULL)
135 		confpath = GOTD_CONF_PATH;
136 	parse_config(confpath, PROC_GOTD, &gotd);
137 
138 	error = apply_unveil(myserver);
139 	if (error)
140 		goto done;
141 
142 #ifndef PROFILE
143 	if (pledge("stdio proc exec", NULL) == -1)
144 		err(1, "pledge");
145 #endif
146 
147 	if (strcmp(getprogname(), GOT_SERVE_CMD_SEND) == 0 ||
148 	    strcmp(getprogname(), GOT_SERVE_CMD_FETCH) == 0) {
149 		if (argc != 2)
150 			usage();
151 		command = strdup(getprogname());
152 		if (command == NULL) {
153 			error = got_error_from_errno("strdup");
154 			goto done;
155 		}
156 		repo_path = argv[1];
157 		relpath = argv[1];
158 		while (relpath[0] == '/')
159 			relpath++;
160 		repo_name = strdup(relpath);
161 		if (repo_name == NULL) {
162 			error = got_error_from_errno("strdup");
163 			goto done;
164 		}
165 	} else {
166 		if (argc != 3 || strcmp(argv[1], "-c") != 0)
167 			usage();
168 		repo_path = argv[2];
169 		error = got_serve_parse_command(&command, &repo_name,
170 		    repo_path);
171 		if (error && error->code == GOT_ERR_BAD_PACKET)
172 			usage();
173 		if (error)
174 			goto done;
175 	}
176 
177 	repo = gotd_find_repo_by_name(repo_name, &gotd);
178 
179 	/*
180 	 * Invoke our custom Git server if it was found in PATH and
181 	 * if the repository was found in gotd.conf.
182 	 * Otherwise invoke native git(1) tooling.
183 	 */
184 	switch (pid = fork()) {
185 	case -1:
186 		goto done;
187 	case 0:
188 		if (repo && myserver) {
189 			if (execl(myserver, command, repo_name,
190 			    (char *)NULL) ==  -1) {
191 				error = got_error_from_errno2("execl",
192 				    myserver);
193 				goto done;
194 			 }
195 		} else {
196 			if (asprintf(&gitcommand, "%s/%s",
197 			    GITWRAPPER_GIT_LIBEXEC_DIR, command) == -1) {
198 				error = got_error_from_errno("asprintf");
199 				goto done;
200 			}
201 			if (execl(gitcommand, gitcommand, repo_path,
202 			    (char *)NULL) == -1) {
203 				error = got_error_from_errno2("execl",
204 				    gitcommand);
205 				goto done;
206 			 }
207 		}
208 		_exit(127);
209 	}
210 
211 	while (waitpid(pid, &st, 0) == -1) {
212 		if (errno != EINTR)
213 			break;
214 	}
215 done:
216 	free(command);
217 	free(repo_name);
218 	free(myserver);
219 	free(gitcommand);
220 	if (error) {
221 		fprintf(stderr, "%s: %s\n", getprogname(), error->msg);
222 		return 1;
223 	}
224 
225 	return 0;
226 }