op public repos

Blob

Date:: Thu Feb 23 08:38:04 2023 UTC
Message:: include sha2.h too where sha1.h is included In preparation for wide sha256 support; stsp@ agrees. Change done mechanically with find . -iname \*.[cy] -exec sam {} + X ,x/<sha1\.h>/i/\n#include <sha2.h>
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2020 Stefan Sperling <stsp@openbsd.org>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <sys/types.h>
18 #include <sys/queue.h>
19 #include <sys/uio.h>
20 #include <sys/time.h>
21 
22 #include <stdint.h>
23 #include <imsg.h>
24 #include <limits.h>
25 #include <signal.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <sha1.h>
30 #include <sha2.h>
31 #include <unistd.h>
32 #include <zlib.h>
33 
34 #include "got_error.h"
35 #include "got_object.h"
36 #include "got_path.h"
37 #include "got_repository.h"
38 
39 #include "got_lib_delta.h"
40 #include "got_lib_object.h"
41 #include "got_lib_privsep.h"
42 
43 #include "gotconfig.h"
44 
45 /* parse.y */
46 static volatile sig_atomic_t sigint_received;
47 
48 static void
49 catch_sigint(int signo)
50 {
51 	sigint_received = 1;
52 }
53 
54 static const struct got_error *
55 make_fetch_url(char **url, struct gotconfig_remote_repo *repo)
56 {
57 	const struct got_error *err = NULL;
58 	char *s = NULL, *p = NULL;
59 	const char *protocol, *server, *repo_path;
60 	int port;
61 
62 	*url = NULL;
63 
64 	if (repo->fetch_config && repo->fetch_config->protocol)
65 		protocol = repo->fetch_config->protocol;
66 	else
67 		protocol = repo->protocol;
68 	if (protocol == NULL)
69 		return got_error_fmt(GOT_ERR_PARSE_CONFIG,
70 		    "fetch protocol required for remote repository \"%s\"",
71 		    repo->name);
72 	if (asprintf(&s, "%s://", protocol) == -1)
73 		return got_error_from_errno("asprintf");
74 
75 	if (repo->fetch_config && repo->fetch_config->server)
76 		server = repo->fetch_config->server;
77 	else
78 		server = repo->server;
79 	if (server == NULL)
80 		return got_error_fmt(GOT_ERR_PARSE_CONFIG,
81 		    "fetch server required for remote repository \"%s\"",
82 		    repo->name);
83 	p = s;
84 	s = NULL;
85 	if (asprintf(&s, "%s%s", p, server) == -1) {
86 		err = got_error_from_errno("asprintf");
87 		goto done;
88 	}
89 	free(p);
90 	p = NULL;
91 
92 	if (repo->fetch_config && repo->fetch_config->server)
93 		port = repo->fetch_config->port;
94 	else
95 		port = repo->port;
96 	if (port) {
97 		p = s;
98 		s = NULL;
99 		if (asprintf(&s, "%s:%d", p, repo->port) == -1) {
100 			err = got_error_from_errno("asprintf");
101 			goto done;
102 		}
103 		free(p);
104 		p = NULL;
105 	}
106 
107 	if (repo->fetch_config && repo->fetch_config->repository)
108 		repo_path = repo->fetch_config->repository;
109 	else
110 		repo_path = repo->repository;
111 	if (repo_path == NULL)
112 		return got_error_fmt(GOT_ERR_PARSE_CONFIG,
113 		    "fetch repository path required for remote "
114 		    "repository \"%s\"", repo->name);
115 
116 	while (repo_path[0] == '/')
117 		repo_path++;
118 	p = s;
119 	s = NULL;
120 	if (asprintf(&s, "%s/%s", p, repo_path) == -1) {
121 		err = got_error_from_errno("asprintf");
122 		goto done;
123 	}
124 	free(p);
125 	p = NULL;
126 
127 	got_path_strip_trailing_slashes(s);
128 done:
129 	if (err) {
130 		free(s);
131 		free(p);
132 	} else
133 		*url = s;
134 	return err;
135 }
136 
137 static const struct got_error *
138 make_send_url(char **url, struct gotconfig_remote_repo *repo)
139 {
140 	const struct got_error *err = NULL;
141 	char *s = NULL, *p = NULL;
142 	const char *protocol, *server, *repo_path;
143 	int port;
144 
145 	*url = NULL;
146 
147 	if (repo->send_config && repo->send_config->protocol)
148 		protocol = repo->send_config->protocol;
149 	else
150 		protocol = repo->protocol;
151 	if (protocol == NULL)
152 		return got_error_fmt(GOT_ERR_PARSE_CONFIG,
153 		    "send protocol required for remote repository \"%s\"",
154 		    repo->name);
155 	if (asprintf(&s, "%s://", protocol) == -1)
156 		return got_error_from_errno("asprintf");
157 
158 	if (repo->send_config && repo->send_config->server)
159 		server = repo->send_config->server;
160 	else
161 		server = repo->server;
162 	if (server == NULL)
163 		return got_error_fmt(GOT_ERR_PARSE_CONFIG,
164 		    "send server required for remote repository \"%s\"",
165 		    repo->name);
166 	p = s;
167 	s = NULL;
168 	if (asprintf(&s, "%s%s", p, server) == -1) {
169 		err = got_error_from_errno("asprintf");
170 		goto done;
171 	}
172 	free(p);
173 	p = NULL;
174 
175 	if (repo->send_config && repo->send_config->server)
176 		port = repo->send_config->port;
177 	else
178 		port = repo->port;
179 	if (port) {
180 		p = s;
181 		s = NULL;
182 		if (asprintf(&s, "%s:%d", p, repo->port) == -1) {
183 			err = got_error_from_errno("asprintf");
184 			goto done;
185 		}
186 		free(p);
187 		p = NULL;
188 	}
189 
190 	if (repo->send_config && repo->send_config->repository)
191 		repo_path = repo->send_config->repository;
192 	else
193 		repo_path = repo->repository;
194 	if (repo_path == NULL)
195 		return got_error_fmt(GOT_ERR_PARSE_CONFIG,
196 		    "send repository path required for remote "
197 		    "repository \"%s\"", repo->name);
198 
199 	while (repo_path[0] == '/')
200 		repo_path++;
201 	p = s;
202 	s = NULL;
203 	if (asprintf(&s, "%s/%s", p, repo_path) == -1) {
204 		err = got_error_from_errno("asprintf");
205 		goto done;
206 	}
207 	free(p);
208 	p = NULL;
209 
210 	got_path_strip_trailing_slashes(s);
211 done:
212 	if (err) {
213 		free(s);
214 		free(p);
215 	} else
216 		*url = s;
217 	return err;
218 }
219 
220 static const struct got_error *
221 send_gotconfig_str(struct imsgbuf *ibuf, const char *value)
222 {
223 	size_t len = value ? strlen(value) : 0;
224 
225 	if (imsg_compose(ibuf, GOT_IMSG_GOTCONFIG_STR_VAL, 0, 0, -1,
226 	    value, len) == -1)
227 		return got_error_from_errno("imsg_compose GOTCONFIG_STR_VAL");
228 
229 	return got_privsep_flush_imsg(ibuf);
230 }
231 
232 static const struct got_error *
233 send_gotconfig_remotes(struct imsgbuf *ibuf,
234     struct gotconfig_remote_repo_list *remotes, int nremotes)
235 {
236 	const struct got_error *err = NULL;
237 	struct got_imsg_remotes iremotes;
238 	struct gotconfig_remote_repo *repo;
239 	char *fetch_url = NULL, *send_url = NULL;
240 
241 	iremotes.nremotes = nremotes;
242 	if (imsg_compose(ibuf, GOT_IMSG_GOTCONFIG_REMOTES, 0, 0, -1,
243 	    &iremotes, sizeof(iremotes)) == -1)
244 		return got_error_from_errno("imsg_compose GOTCONFIG_REMOTES");
245 
246 	err = got_privsep_flush_imsg(ibuf);
247 	imsg_clear(ibuf);
248 	if (err)
249 		return err;
250 
251 	TAILQ_FOREACH(repo, remotes, entry) {
252 		struct got_imsg_remote iremote;
253 		size_t len = sizeof(iremote);
254 		struct ibuf *wbuf;
255 		struct node_branch *branch;
256 		struct node_ref *ref;
257 		int nfetch_branches = 0, nsend_branches = 0, nfetch_refs = 0;
258 
259 		if (repo->fetch_config && repo->fetch_config->branch)
260 			branch = repo->fetch_config->branch;
261 		else
262 			branch = repo->branch;
263 		while (branch) {
264 			branch = branch->next;
265 			nfetch_branches++;
266 		}
267 
268 		if (repo->send_config && repo->send_config->branch)
269 			branch = repo->send_config->branch;
270 		else
271 			branch = repo->branch;
272 		while (branch) {
273 			branch = branch->next;
274 			nsend_branches++;
275 		}
276 
277 		ref = repo->fetch_ref;
278 		while (ref) {
279 			ref = ref->next;
280 			nfetch_refs++;
281 		}
282 
283 		iremote.nfetch_branches = nfetch_branches;
284 		iremote.nsend_branches = nsend_branches;
285 		iremote.nfetch_refs = nfetch_refs;
286 		iremote.mirror_references = repo->mirror_references;
287 		iremote.fetch_all_branches = repo->fetch_all_branches;
288 
289 		iremote.name_len = strlen(repo->name);
290 		len += iremote.name_len;
291 
292 		err = make_fetch_url(&fetch_url, repo);
293 		if (err)
294 			break;
295 		iremote.fetch_url_len = strlen(fetch_url);
296 		len += iremote.fetch_url_len;
297 
298 		err = make_send_url(&send_url, repo);
299 		if (err)
300 			break;
301 		iremote.send_url_len = strlen(send_url);
302 		len += iremote.send_url_len;
303 
304 		wbuf = imsg_create(ibuf, GOT_IMSG_GOTCONFIG_REMOTE, 0, 0, len);
305 		if (wbuf == NULL) {
306 			err = got_error_from_errno(
307 			    "imsg_create GOTCONFIG_REMOTE");
308 			break;
309 		}
310 
311 		if (imsg_add(wbuf, &iremote, sizeof(iremote)) == -1) {
312 			err = got_error_from_errno(
313 			    "imsg_add GOTCONFIG_REMOTE");
314 			break;
315 		}
316 
317 		if (imsg_add(wbuf, repo->name, iremote.name_len) == -1) {
318 			err = got_error_from_errno(
319 			    "imsg_add GOTCONFIG_REMOTE");
320 			break;
321 		}
322 		if (imsg_add(wbuf, fetch_url, iremote.fetch_url_len) == -1) {
323 			err = got_error_from_errno(
324 			    "imsg_add GOTCONFIG_REMOTE");
325 			break;
326 		}
327 		if (imsg_add(wbuf, send_url, iremote.send_url_len) == -1) {
328 			err = got_error_from_errno(
329 			    "imsg_add GOTCONFIG_REMOTE");
330 			break;
331 		}
332 
333 		wbuf->fd = -1;
334 		imsg_close(ibuf, wbuf);
335 		err = got_privsep_flush_imsg(ibuf);
336 		if (err)
337 			break;
338 
339 		free(fetch_url);
340 		fetch_url = NULL;
341 		free(send_url);
342 		send_url = NULL;
343 
344 		if (repo->fetch_config && repo->fetch_config->branch)
345 			branch = repo->fetch_config->branch;
346 		else
347 			branch = repo->branch;
348 		while (branch) {
349 			err = send_gotconfig_str(ibuf, branch->branch_name);
350 			if (err)
351 				break;
352 			branch = branch->next;
353 		}
354 
355 		if (repo->send_config && repo->send_config->branch)
356 			branch = repo->send_config->branch;
357 		else
358 			branch = repo->branch;
359 		while (branch) {
360 			err = send_gotconfig_str(ibuf, branch->branch_name);
361 			if (err)
362 				break;
363 			branch = branch->next;
364 		}
365 
366 		ref = repo->fetch_ref;
367 		while (ref) {
368 			err = send_gotconfig_str(ibuf, ref->ref_name);
369 			if (err)
370 				break;
371 			ref = ref->next;
372 		}
373 	}
374 
375 	free(fetch_url);
376 	free(send_url);
377 	return err;
378 }
379 
380 static const struct got_error *
381 validate_protocol(const char *protocol, const char *repo_name)
382 {
383 	static char msg[512];
384 
385 	if (strcmp(protocol, "ssh") != 0 &&
386 	    strcmp(protocol, "git+ssh") != 0 &&
387 	    strcmp(protocol, "git") != 0) {
388 		snprintf(msg, sizeof(msg),"unknown protocol \"%s\" "
389 		    "for remote repository \"%s\"", protocol, repo_name);
390 		return got_error_msg(GOT_ERR_PARSE_CONFIG, msg);
391 	}
392 
393 	return NULL;
394 }
395 
396 static const struct got_error *
397 validate_config(struct gotconfig *gotconfig)
398 {
399 	const struct got_error *err;
400 	struct gotconfig_remote_repo *repo, *repo2;
401 	static char msg[512];
402 
403 	TAILQ_FOREACH(repo, &gotconfig->remotes, entry) {
404 		if (repo->name == NULL) {
405 			return got_error_msg(GOT_ERR_PARSE_CONFIG,
406 			    "name required for remote repository");
407 		}
408 
409 		TAILQ_FOREACH(repo2, &gotconfig->remotes, entry) {
410 			if (repo == repo2 ||
411 			    strcmp(repo->name, repo2->name) != 0)
412 				continue;
413 			snprintf(msg, sizeof(msg),
414 			    "duplicate remote repository name '%s'",
415 			    repo->name);
416 			return got_error_msg(GOT_ERR_PARSE_CONFIG, msg);
417 		}
418 
419 		if (repo->server == NULL &&
420 		    (repo->fetch_config == NULL ||
421 		    repo->fetch_config->server == NULL) &&
422 		    (repo->send_config == NULL ||
423 		    repo->send_config->server == NULL)) {
424 			snprintf(msg, sizeof(msg),
425 			    "server required for remote repository \"%s\"",
426 			    repo->name);
427 			return got_error_msg(GOT_ERR_PARSE_CONFIG, msg);
428 		}
429 
430 		if (repo->protocol == NULL &&
431 		    (repo->fetch_config == NULL ||
432 		    repo->fetch_config->protocol == NULL) &&
433 		    (repo->send_config == NULL ||
434 		    repo->send_config->protocol == NULL)) {
435 			snprintf(msg, sizeof(msg),
436 			    "protocol required for remote repository \"%s\"",
437 			    repo->name);
438 			return got_error_msg(GOT_ERR_PARSE_CONFIG, msg);
439 		}
440 
441 		if (repo->protocol) {
442 			err = validate_protocol(repo->protocol, repo->name);
443 			if (err)
444 				return err;
445 		}
446 		if (repo->fetch_config && repo->fetch_config->protocol) {
447 			err = validate_protocol(repo->fetch_config->protocol,
448 			    repo->name);
449 			if (err)
450 				return err;
451 		}
452 		if (repo->send_config && repo->send_config->protocol) {
453 			err = validate_protocol(repo->send_config->protocol,
454 			    repo->name);
455 			if (err)
456 				return err;
457 		}
458 
459 		if (repo->repository == NULL &&
460 		    (repo->fetch_config == NULL ||
461 		    repo->fetch_config->repository == NULL) &&
462 		    (repo->send_config == NULL ||
463 		    repo->send_config->repository == NULL)) {
464 			snprintf(msg, sizeof(msg),
465 			    "repository path required for remote "
466 			    "repository \"%s\"", repo->name);
467 			return got_error_msg(GOT_ERR_PARSE_CONFIG, msg);
468 		}
469 	}
470 
471 	return NULL;
472 }
473 
474 int
475 main(int argc, char *argv[])
476 {
477 	const struct got_error *err = NULL;
478 	struct imsgbuf ibuf;
479 	struct gotconfig *gotconfig = NULL;
480 	size_t datalen;
481 	const char *filename = "got.conf";
482 #if 0
483 	static int attached;
484 
485 	while (!attached)
486 		sleep(1);
487 #endif
488 	signal(SIGINT, catch_sigint);
489 
490 	imsg_init(&ibuf, GOT_IMSG_FD_CHILD);
491 
492 #ifndef PROFILE
493 	/* revoke access to most system calls */
494 	if (pledge("stdio recvfd", NULL) == -1) {
495 		err = got_error_from_errno("pledge");
496 		got_privsep_send_error(&ibuf, err);
497 		return 1;
498 	}
499 #endif
500 
501 	if (argc > 1)
502 		filename = argv[1];
503 
504 	for (;;) {
505 		struct imsg imsg;
506 
507 		memset(&imsg, 0, sizeof(imsg));
508 		imsg.fd = -1;
509 
510 		if (sigint_received) {
511 			err = got_error(GOT_ERR_CANCELLED);
512 			break;
513 		}
514 
515 		err = got_privsep_recv_imsg(&imsg, &ibuf, 0);
516 		if (err) {
517 			if (err->code == GOT_ERR_PRIVSEP_PIPE)
518 				err = NULL;
519 			break;
520 		}
521 
522 		if (imsg.hdr.type == GOT_IMSG_STOP)
523 			break;
524 
525 		switch (imsg.hdr.type) {
526 		case GOT_IMSG_GOTCONFIG_PARSE_REQUEST:
527 			datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
528 			if (datalen != 0) {
529 				err = got_error(GOT_ERR_PRIVSEP_LEN);
530 				break;
531 			}
532 			if (imsg.fd == -1){
533 				err = got_error(GOT_ERR_PRIVSEP_NO_FD);
534 				break;
535 			}
536 
537 			if (gotconfig)
538 				gotconfig_free(gotconfig);
539 			err = gotconfig_parse(&gotconfig, filename, &imsg.fd);
540 			if (err)
541 				break;
542 			err = validate_config(gotconfig);
543 			break;
544 		case GOT_IMSG_GOTCONFIG_AUTHOR_REQUEST:
545 			if (gotconfig == NULL) {
546 				err = got_error(GOT_ERR_PRIVSEP_MSG);
547 				break;
548 			}
549 			err = send_gotconfig_str(&ibuf,
550 			    gotconfig->author ?  gotconfig->author : "");
551 			break;
552 		case GOT_IMSG_GOTCONFIG_ALLOWEDSIGNERS_REQUEST:
553 			if (gotconfig == NULL) {
554 				err = got_error(GOT_ERR_PRIVSEP_MSG);
555 				break;
556 			}
557 			err = send_gotconfig_str(&ibuf,
558 			    gotconfig->allowed_signers_file ?
559 			        gotconfig->allowed_signers_file : "");
560 			break;
561 		case GOT_IMSG_GOTCONFIG_REVOKEDSIGNERS_REQUEST:
562 			if (gotconfig == NULL) {
563 				err = got_error(GOT_ERR_PRIVSEP_MSG);
564 				break;
565 			}
566 			err = send_gotconfig_str(&ibuf,
567 			    gotconfig->revoked_signers_file ?
568 			        gotconfig->revoked_signers_file : "");
569 			break;
570 		case GOT_IMSG_GOTCONFIG_SIGNERID_REQUEST:
571 			if (gotconfig == NULL) {
572 				err = got_error(GOT_ERR_PRIVSEP_MSG);
573 				break;
574 			}
575 			err = send_gotconfig_str(&ibuf,
576 			    gotconfig->signer_id ? gotconfig->signer_id : "");
577 			break;
578 		case GOT_IMSG_GOTCONFIG_REMOTES_REQUEST:
579 			if (gotconfig == NULL) {
580 				err = got_error(GOT_ERR_PRIVSEP_MSG);
581 				break;
582 			}
583 			err = send_gotconfig_remotes(&ibuf,
584 			    &gotconfig->remotes, gotconfig->nremotes);
585 			break;
586 		default:
587 			err = got_error(GOT_ERR_PRIVSEP_MSG);
588 			break;
589 		}
590 
591 		if (imsg.fd != -1) {
592 			if (close(imsg.fd) == -1 && err == NULL)
593 				err = got_error_from_errno("close");
594 		}
595 
596 		imsg_free(&imsg);
597 		if (err)
598 			break;
599 	}
600 
601 	imsg_clear(&ibuf);
602 	if (err) {
603 		if (!sigint_received && err->code != GOT_ERR_PRIVSEP_PIPE) {
604 			fprintf(stderr, "%s: %s\n", getprogname(), err->msg);
605 			got_privsep_send_error(&ibuf, err);
606 		}
607 	}
608 	if (close(GOT_IMSG_FD_CHILD) == -1 && err == NULL)
609 		err = got_error_from_errno("close");
610 	return err ? 1 : 0;
611 }