send-pack.con commit send-email: explicitly disable authentication (8dd9b3f)
   1#include "builtin.h"
   2#include "config.h"
   3#include "commit.h"
   4#include "refs.h"
   5#include "object-store.h"
   6#include "pkt-line.h"
   7#include "sideband.h"
   8#include "run-command.h"
   9#include "remote.h"
  10#include "connect.h"
  11#include "send-pack.h"
  12#include "quote.h"
  13#include "transport.h"
  14#include "version.h"
  15#include "sha1-array.h"
  16#include "gpg-interface.h"
  17#include "cache.h"
  18
  19int option_parse_push_signed(const struct option *opt,
  20                             const char *arg, int unset)
  21{
  22        if (unset) {
  23                *(int *)(opt->value) = SEND_PACK_PUSH_CERT_NEVER;
  24                return 0;
  25        }
  26        switch (git_parse_maybe_bool(arg)) {
  27        case 1:
  28                *(int *)(opt->value) = SEND_PACK_PUSH_CERT_ALWAYS;
  29                return 0;
  30        case 0:
  31                *(int *)(opt->value) = SEND_PACK_PUSH_CERT_NEVER;
  32                return 0;
  33        }
  34        if (!strcasecmp("if-asked", arg)) {
  35                *(int *)(opt->value) = SEND_PACK_PUSH_CERT_IF_ASKED;
  36                return 0;
  37        }
  38        die("bad %s argument: %s", opt->long_name, arg);
  39}
  40
  41static void feed_object(const struct object_id *oid, FILE *fh, int negative)
  42{
  43        if (negative && !has_sha1_file(oid->hash))
  44                return;
  45
  46        if (negative)
  47                putc('^', fh);
  48        fputs(oid_to_hex(oid), fh);
  49        putc('\n', fh);
  50}
  51
  52/*
  53 * Make a pack stream and spit it out into file descriptor fd
  54 */
  55static int pack_objects(int fd, struct ref *refs, struct oid_array *extra, struct send_pack_args *args)
  56{
  57        /*
  58         * The child becomes pack-objects --revs; we feed
  59         * the revision parameters to it via its stdin and
  60         * let its stdout go back to the other end.
  61         */
  62        struct child_process po = CHILD_PROCESS_INIT;
  63        FILE *po_in;
  64        int i;
  65        int rc;
  66
  67        argv_array_push(&po.args, "pack-objects");
  68        argv_array_push(&po.args, "--all-progress-implied");
  69        argv_array_push(&po.args, "--revs");
  70        argv_array_push(&po.args, "--stdout");
  71        if (args->use_thin_pack)
  72                argv_array_push(&po.args, "--thin");
  73        if (args->use_ofs_delta)
  74                argv_array_push(&po.args, "--delta-base-offset");
  75        if (args->quiet || !args->progress)
  76                argv_array_push(&po.args, "-q");
  77        if (args->progress)
  78                argv_array_push(&po.args, "--progress");
  79        if (is_repository_shallow(the_repository))
  80                argv_array_push(&po.args, "--shallow");
  81        po.in = -1;
  82        po.out = args->stateless_rpc ? -1 : fd;
  83        po.git_cmd = 1;
  84        if (start_command(&po))
  85                die_errno("git pack-objects failed");
  86
  87        /*
  88         * We feed the pack-objects we just spawned with revision
  89         * parameters by writing to the pipe.
  90         */
  91        po_in = xfdopen(po.in, "w");
  92        for (i = 0; i < extra->nr; i++)
  93                feed_object(&extra->oid[i], po_in, 1);
  94
  95        while (refs) {
  96                if (!is_null_oid(&refs->old_oid))
  97                        feed_object(&refs->old_oid, po_in, 1);
  98                if (!is_null_oid(&refs->new_oid))
  99                        feed_object(&refs->new_oid, po_in, 0);
 100                refs = refs->next;
 101        }
 102
 103        fflush(po_in);
 104        if (ferror(po_in))
 105                die_errno("error writing to pack-objects");
 106        fclose(po_in);
 107
 108        if (args->stateless_rpc) {
 109                char *buf = xmalloc(LARGE_PACKET_MAX);
 110                while (1) {
 111                        ssize_t n = xread(po.out, buf, LARGE_PACKET_MAX);
 112                        if (n <= 0)
 113                                break;
 114                        send_sideband(fd, -1, buf, n, LARGE_PACKET_MAX);
 115                }
 116                free(buf);
 117                close(po.out);
 118                po.out = -1;
 119        }
 120
 121        rc = finish_command(&po);
 122        if (rc) {
 123                /*
 124                 * For a normal non-zero exit, we assume pack-objects wrote
 125                 * something useful to stderr. For death by signal, though,
 126                 * we should mention it to the user. The exception is SIGPIPE
 127                 * (141), because that's a normal occurrence if the remote end
 128                 * hangs up (and we'll report that by trying to read the unpack
 129                 * status).
 130                 */
 131                if (rc > 128 && rc != 141)
 132                        error("pack-objects died of signal %d", rc - 128);
 133                return -1;
 134        }
 135        return 0;
 136}
 137
 138static int receive_unpack_status(int in)
 139{
 140        const char *line = packet_read_line(in, NULL);
 141        if (!line)
 142                return error(_("unexpected flush packet while reading remote unpack status"));
 143        if (!skip_prefix(line, "unpack ", &line))
 144                return error(_("unable to parse remote unpack status: %s"), line);
 145        if (strcmp(line, "ok"))
 146                return error(_("remote unpack failed: %s"), line);
 147        return 0;
 148}
 149
 150static int receive_status(int in, struct ref *refs)
 151{
 152        struct ref *hint;
 153        int ret;
 154
 155        hint = NULL;
 156        ret = receive_unpack_status(in);
 157        while (1) {
 158                char *refname;
 159                char *msg;
 160                char *line = packet_read_line(in, NULL);
 161                if (!line)
 162                        break;
 163                if (!starts_with(line, "ok ") && !starts_with(line, "ng ")) {
 164                        error("invalid ref status from remote: %s", line);
 165                        ret = -1;
 166                        break;
 167                }
 168
 169                refname = line + 3;
 170                msg = strchr(refname, ' ');
 171                if (msg)
 172                        *msg++ = '\0';
 173
 174                /* first try searching at our hint, falling back to all refs */
 175                if (hint)
 176                        hint = find_ref_by_name(hint, refname);
 177                if (!hint)
 178                        hint = find_ref_by_name(refs, refname);
 179                if (!hint) {
 180                        warning("remote reported status on unknown ref: %s",
 181                                        refname);
 182                        continue;
 183                }
 184                if (hint->status != REF_STATUS_EXPECTING_REPORT) {
 185                        warning("remote reported status on unexpected ref: %s",
 186                                        refname);
 187                        continue;
 188                }
 189
 190                if (line[0] == 'o' && line[1] == 'k')
 191                        hint->status = REF_STATUS_OK;
 192                else {
 193                        hint->status = REF_STATUS_REMOTE_REJECT;
 194                        ret = -1;
 195                }
 196                hint->remote_status = xstrdup_or_null(msg);
 197                /* start our next search from the next ref */
 198                hint = hint->next;
 199        }
 200        return ret;
 201}
 202
 203static int sideband_demux(int in, int out, void *data)
 204{
 205        int *fd = data, ret;
 206#ifdef NO_PTHREADS
 207        close(fd[1]);
 208#endif
 209        ret = recv_sideband("send-pack", fd[0], out);
 210        close(out);
 211        return ret;
 212}
 213
 214static int advertise_shallow_grafts_cb(const struct commit_graft *graft, void *cb)
 215{
 216        struct strbuf *sb = cb;
 217        if (graft->nr_parent == -1)
 218                packet_buf_write(sb, "shallow %s\n", oid_to_hex(&graft->oid));
 219        return 0;
 220}
 221
 222static void advertise_shallow_grafts_buf(struct strbuf *sb)
 223{
 224        if (!is_repository_shallow(the_repository))
 225                return;
 226        for_each_commit_graft(advertise_shallow_grafts_cb, sb);
 227}
 228
 229#define CHECK_REF_NO_PUSH -1
 230#define CHECK_REF_STATUS_REJECTED -2
 231#define CHECK_REF_UPTODATE -3
 232static int check_to_send_update(const struct ref *ref, const struct send_pack_args *args)
 233{
 234        if (!ref->peer_ref && !args->send_mirror)
 235                return CHECK_REF_NO_PUSH;
 236
 237        /* Check for statuses set by set_ref_status_for_push() */
 238        switch (ref->status) {
 239        case REF_STATUS_REJECT_NONFASTFORWARD:
 240        case REF_STATUS_REJECT_ALREADY_EXISTS:
 241        case REF_STATUS_REJECT_FETCH_FIRST:
 242        case REF_STATUS_REJECT_NEEDS_FORCE:
 243        case REF_STATUS_REJECT_STALE:
 244        case REF_STATUS_REJECT_NODELETE:
 245                return CHECK_REF_STATUS_REJECTED;
 246        case REF_STATUS_UPTODATE:
 247                return CHECK_REF_UPTODATE;
 248        default:
 249                return 0;
 250        }
 251}
 252
 253/*
 254 * the beginning of the next line, or the end of buffer.
 255 *
 256 * NEEDSWORK: perhaps move this to git-compat-util.h or somewhere and
 257 * convert many similar uses found by "git grep -A4 memchr".
 258 */
 259static const char *next_line(const char *line, size_t len)
 260{
 261        const char *nl = memchr(line, '\n', len);
 262        if (!nl)
 263                return line + len; /* incomplete line */
 264        return nl + 1;
 265}
 266
 267static int generate_push_cert(struct strbuf *req_buf,
 268                              const struct ref *remote_refs,
 269                              struct send_pack_args *args,
 270                              const char *cap_string,
 271                              const char *push_cert_nonce)
 272{
 273        const struct ref *ref;
 274        struct string_list_item *item;
 275        char *signing_key = xstrdup(get_signing_key());
 276        const char *cp, *np;
 277        struct strbuf cert = STRBUF_INIT;
 278        int update_seen = 0;
 279
 280        strbuf_addstr(&cert, "certificate version 0.1\n");
 281        strbuf_addf(&cert, "pusher %s ", signing_key);
 282        datestamp(&cert);
 283        strbuf_addch(&cert, '\n');
 284        if (args->url && *args->url) {
 285                char *anon_url = transport_anonymize_url(args->url);
 286                strbuf_addf(&cert, "pushee %s\n", anon_url);
 287                free(anon_url);
 288        }
 289        if (push_cert_nonce[0])
 290                strbuf_addf(&cert, "nonce %s\n", push_cert_nonce);
 291        if (args->push_options)
 292                for_each_string_list_item(item, args->push_options)
 293                        strbuf_addf(&cert, "push-option %s\n", item->string);
 294        strbuf_addstr(&cert, "\n");
 295
 296        for (ref = remote_refs; ref; ref = ref->next) {
 297                if (check_to_send_update(ref, args) < 0)
 298                        continue;
 299                update_seen = 1;
 300                strbuf_addf(&cert, "%s %s %s\n",
 301                            oid_to_hex(&ref->old_oid),
 302                            oid_to_hex(&ref->new_oid),
 303                            ref->name);
 304        }
 305        if (!update_seen)
 306                goto free_return;
 307
 308        if (sign_buffer(&cert, &cert, signing_key))
 309                die(_("failed to sign the push certificate"));
 310
 311        packet_buf_write(req_buf, "push-cert%c%s", 0, cap_string);
 312        for (cp = cert.buf; cp < cert.buf + cert.len; cp = np) {
 313                np = next_line(cp, cert.buf + cert.len - cp);
 314                packet_buf_write(req_buf,
 315                                 "%.*s", (int)(np - cp), cp);
 316        }
 317        packet_buf_write(req_buf, "push-cert-end\n");
 318
 319free_return:
 320        free(signing_key);
 321        strbuf_release(&cert);
 322        return update_seen;
 323}
 324
 325
 326static int atomic_push_failure(struct send_pack_args *args,
 327                               struct ref *remote_refs,
 328                               struct ref *failing_ref)
 329{
 330        struct ref *ref;
 331        /* Mark other refs as failed */
 332        for (ref = remote_refs; ref; ref = ref->next) {
 333                if (!ref->peer_ref && !args->send_mirror)
 334                        continue;
 335
 336                switch (ref->status) {
 337                case REF_STATUS_EXPECTING_REPORT:
 338                        ref->status = REF_STATUS_ATOMIC_PUSH_FAILED;
 339                        continue;
 340                default:
 341                        break; /* do nothing */
 342                }
 343        }
 344        return error("atomic push failed for ref %s. status: %d\n",
 345                     failing_ref->name, failing_ref->status);
 346}
 347
 348#define NONCE_LEN_LIMIT 256
 349
 350static void reject_invalid_nonce(const char *nonce, int len)
 351{
 352        int i = 0;
 353
 354        if (NONCE_LEN_LIMIT <= len)
 355                die("the receiving end asked to sign an invalid nonce <%.*s>",
 356                    len, nonce);
 357
 358        for (i = 0; i < len; i++) {
 359                int ch = nonce[i] & 0xFF;
 360                if (isalnum(ch) ||
 361                    ch == '-' || ch == '.' ||
 362                    ch == '/' || ch == '+' ||
 363                    ch == '=' || ch == '_')
 364                        continue;
 365                die("the receiving end asked to sign an invalid nonce <%.*s>",
 366                    len, nonce);
 367        }
 368}
 369
 370int send_pack(struct send_pack_args *args,
 371              int fd[], struct child_process *conn,
 372              struct ref *remote_refs,
 373              struct oid_array *extra_have)
 374{
 375        int in = fd[0];
 376        int out = fd[1];
 377        struct strbuf req_buf = STRBUF_INIT;
 378        struct strbuf cap_buf = STRBUF_INIT;
 379        struct ref *ref;
 380        int need_pack_data = 0;
 381        int allow_deleting_refs = 0;
 382        int status_report = 0;
 383        int use_sideband = 0;
 384        int quiet_supported = 0;
 385        int agent_supported = 0;
 386        int use_atomic = 0;
 387        int atomic_supported = 0;
 388        int use_push_options = 0;
 389        int push_options_supported = 0;
 390        unsigned cmds_sent = 0;
 391        int ret;
 392        struct async demux;
 393        const char *push_cert_nonce = NULL;
 394
 395        /* Does the other end support the reporting? */
 396        if (server_supports("report-status"))
 397                status_report = 1;
 398        if (server_supports("delete-refs"))
 399                allow_deleting_refs = 1;
 400        if (server_supports("ofs-delta"))
 401                args->use_ofs_delta = 1;
 402        if (server_supports("side-band-64k"))
 403                use_sideband = 1;
 404        if (server_supports("quiet"))
 405                quiet_supported = 1;
 406        if (server_supports("agent"))
 407                agent_supported = 1;
 408        if (server_supports("no-thin"))
 409                args->use_thin_pack = 0;
 410        if (server_supports("atomic"))
 411                atomic_supported = 1;
 412        if (server_supports("push-options"))
 413                push_options_supported = 1;
 414
 415        if (args->push_cert != SEND_PACK_PUSH_CERT_NEVER) {
 416                int len;
 417                push_cert_nonce = server_feature_value("push-cert", &len);
 418                if (push_cert_nonce) {
 419                        reject_invalid_nonce(push_cert_nonce, len);
 420                        push_cert_nonce = xmemdupz(push_cert_nonce, len);
 421                } else if (args->push_cert == SEND_PACK_PUSH_CERT_ALWAYS) {
 422                        die(_("the receiving end does not support --signed push"));
 423                } else if (args->push_cert == SEND_PACK_PUSH_CERT_IF_ASKED) {
 424                        warning(_("not sending a push certificate since the"
 425                                  " receiving end does not support --signed"
 426                                  " push"));
 427                }
 428        }
 429
 430        if (!remote_refs) {
 431                fprintf(stderr, "No refs in common and none specified; doing nothing.\n"
 432                        "Perhaps you should specify a branch such as 'master'.\n");
 433                return 0;
 434        }
 435        if (args->atomic && !atomic_supported)
 436                die(_("the receiving end does not support --atomic push"));
 437
 438        use_atomic = atomic_supported && args->atomic;
 439
 440        if (args->push_options && !push_options_supported)
 441                die(_("the receiving end does not support push options"));
 442
 443        use_push_options = push_options_supported && args->push_options;
 444
 445        if (status_report)
 446                strbuf_addstr(&cap_buf, " report-status");
 447        if (use_sideband)
 448                strbuf_addstr(&cap_buf, " side-band-64k");
 449        if (quiet_supported && (args->quiet || !args->progress))
 450                strbuf_addstr(&cap_buf, " quiet");
 451        if (use_atomic)
 452                strbuf_addstr(&cap_buf, " atomic");
 453        if (use_push_options)
 454                strbuf_addstr(&cap_buf, " push-options");
 455        if (agent_supported)
 456                strbuf_addf(&cap_buf, " agent=%s", git_user_agent_sanitized());
 457
 458        /*
 459         * NEEDSWORK: why does delete-refs have to be so specific to
 460         * send-pack machinery that set_ref_status_for_push() cannot
 461         * set this bit for us???
 462         */
 463        for (ref = remote_refs; ref; ref = ref->next)
 464                if (ref->deletion && !allow_deleting_refs)
 465                        ref->status = REF_STATUS_REJECT_NODELETE;
 466
 467        if (!args->dry_run)
 468                advertise_shallow_grafts_buf(&req_buf);
 469
 470        if (!args->dry_run && push_cert_nonce)
 471                cmds_sent = generate_push_cert(&req_buf, remote_refs, args,
 472                                               cap_buf.buf, push_cert_nonce);
 473
 474        /*
 475         * Clear the status for each ref and see if we need to send
 476         * the pack data.
 477         */
 478        for (ref = remote_refs; ref; ref = ref->next) {
 479                switch (check_to_send_update(ref, args)) {
 480                case 0: /* no error */
 481                        break;
 482                case CHECK_REF_STATUS_REJECTED:
 483                        /*
 484                         * When we know the server would reject a ref update if
 485                         * we were to send it and we're trying to send the refs
 486                         * atomically, abort the whole operation.
 487                         */
 488                        if (use_atomic) {
 489                                strbuf_release(&req_buf);
 490                                strbuf_release(&cap_buf);
 491                                return atomic_push_failure(args, remote_refs, ref);
 492                        }
 493                        /* else fallthrough */
 494                default:
 495                        continue;
 496                }
 497                if (!ref->deletion)
 498                        need_pack_data = 1;
 499
 500                if (args->dry_run || !status_report)
 501                        ref->status = REF_STATUS_OK;
 502                else
 503                        ref->status = REF_STATUS_EXPECTING_REPORT;
 504        }
 505
 506        /*
 507         * Finally, tell the other end!
 508         */
 509        for (ref = remote_refs; ref; ref = ref->next) {
 510                char *old_hex, *new_hex;
 511
 512                if (args->dry_run || push_cert_nonce)
 513                        continue;
 514
 515                if (check_to_send_update(ref, args) < 0)
 516                        continue;
 517
 518                old_hex = oid_to_hex(&ref->old_oid);
 519                new_hex = oid_to_hex(&ref->new_oid);
 520                if (!cmds_sent) {
 521                        packet_buf_write(&req_buf,
 522                                         "%s %s %s%c%s",
 523                                         old_hex, new_hex, ref->name, 0,
 524                                         cap_buf.buf);
 525                        cmds_sent = 1;
 526                } else {
 527                        packet_buf_write(&req_buf, "%s %s %s",
 528                                         old_hex, new_hex, ref->name);
 529                }
 530        }
 531
 532        if (use_push_options) {
 533                struct string_list_item *item;
 534
 535                packet_buf_flush(&req_buf);
 536                for_each_string_list_item(item, args->push_options)
 537                        packet_buf_write(&req_buf, "%s", item->string);
 538        }
 539
 540        if (args->stateless_rpc) {
 541                if (!args->dry_run && (cmds_sent || is_repository_shallow(the_repository))) {
 542                        packet_buf_flush(&req_buf);
 543                        send_sideband(out, -1, req_buf.buf, req_buf.len, LARGE_PACKET_MAX);
 544                }
 545        } else {
 546                write_or_die(out, req_buf.buf, req_buf.len);
 547                packet_flush(out);
 548        }
 549        strbuf_release(&req_buf);
 550        strbuf_release(&cap_buf);
 551
 552        if (use_sideband && cmds_sent) {
 553                memset(&demux, 0, sizeof(demux));
 554                demux.proc = sideband_demux;
 555                demux.data = fd;
 556                demux.out = -1;
 557                demux.isolate_sigpipe = 1;
 558                if (start_async(&demux))
 559                        die("send-pack: unable to fork off sideband demultiplexer");
 560                in = demux.out;
 561        }
 562
 563        if (need_pack_data && cmds_sent) {
 564                if (pack_objects(out, remote_refs, extra_have, args) < 0) {
 565                        for (ref = remote_refs; ref; ref = ref->next)
 566                                ref->status = REF_STATUS_NONE;
 567                        if (args->stateless_rpc)
 568                                close(out);
 569                        if (git_connection_is_socket(conn))
 570                                shutdown(fd[0], SHUT_WR);
 571
 572                        /*
 573                         * Do not even bother with the return value; we know we
 574                         * are failing, and just want the error() side effects.
 575                         */
 576                        if (status_report)
 577                                receive_unpack_status(in);
 578
 579                        if (use_sideband) {
 580                                close(demux.out);
 581                                finish_async(&demux);
 582                        }
 583                        fd[1] = -1;
 584                        return -1;
 585                }
 586                if (!args->stateless_rpc)
 587                        /* Closed by pack_objects() via start_command() */
 588                        fd[1] = -1;
 589        }
 590        if (args->stateless_rpc && cmds_sent)
 591                packet_flush(out);
 592
 593        if (status_report && cmds_sent)
 594                ret = receive_status(in, remote_refs);
 595        else
 596                ret = 0;
 597        if (args->stateless_rpc)
 598                packet_flush(out);
 599
 600        if (use_sideband && cmds_sent) {
 601                close(demux.out);
 602                if (finish_async(&demux)) {
 603                        error("error in sideband demultiplexer");
 604                        ret = -1;
 605                }
 606        }
 607
 608        if (ret < 0)
 609                return ret;
 610
 611        if (args->porcelain)
 612                return 0;
 613
 614        for (ref = remote_refs; ref; ref = ref->next) {
 615                switch (ref->status) {
 616                case REF_STATUS_NONE:
 617                case REF_STATUS_UPTODATE:
 618                case REF_STATUS_OK:
 619                        break;
 620                default:
 621                        return -1;
 622                }
 623        }
 624        return 0;
 625}