static struct ref *get_refs_via_connect(struct transport *transport, int for_push,
const struct argv_array *ref_prefixes)
{
struct git_transport_data *data = transport->data;
struct ref *refs = NULL;
struct packet_reader reader;
connect_setup(transport, for_push);
packet_reader_init(&reader, data->fd[0], NULL, 0,
PACKET_READ_CHOMP_NEWLINE |
PACKET_READ_GENTLE_ON_EOF);
data->version = discover_version(&reader);
switch (data->version) {
case protocol_v2:
get_remote_refs(data->fd[1], &reader, &refs, for_push,
ref_prefixes);
break;
case protocol_v1:
case protocol_v0:
get_remote_heads(&reader, &refs,
for_push ? REF_NORMAL : 0,
&data->extra_have,
&data->shallow);
break;
case protocol_unknown_version:
BUG("unknown protocol version");
}
data->got_remote_heads = 1;
return refs;
}
static struct ref *parse_git_refs(struct discovery *heads, int for_push)
{
struct ref *list = NULL;
struct packet_reader reader;
packet_reader_init(&reader, -1, heads->buf, heads->len,
PACKET_READ_CHOMP_NEWLINE |
PACKET_READ_GENTLE_ON_EOF);
heads->version = discover_version(&reader);
switch (heads->version) {
case protocol_v2:
/*
* Do nothing. This isn't a list of refs but rather a
* capability advertisement. Client would have run
* 'stateless-connect' so we'll dump this capability listing
* and let them request the refs themselves.
*/
break;
case protocol_v1:
case protocol_v0:
get_remote_heads(&reader, &list, for_push ? REF_NORMAL : 0,
NULL, &heads->shallow);
break;
case protocol_unknown_version:
BUG("unknown protocol version");
}
return list;
}
/*
* Obtains the protocol version from the transport and writes it to
* transport->data->version, first connecting if not already connected.
*
* If the protocol version is one that allows skipping the listing of remote
* refs, and must_list_refs is 0, the listing of remote refs is skipped and
* this function returns NULL. Otherwise, this function returns the list of
* remote refs.
*/
static struct ref *handshake(struct transport *transport, int for_push,
const struct argv_array *ref_prefixes,
int must_list_refs)
{
struct git_transport_data *data = transport->data;
struct ref *refs = NULL;
struct packet_reader reader;
connect_setup(transport, for_push);
packet_reader_init(&reader, data->fd[0], NULL, 0,
PACKET_READ_CHOMP_NEWLINE |
PACKET_READ_GENTLE_ON_EOF |
PACKET_READ_DIE_ON_ERR_PACKET);
data->version = discover_version(&reader);
switch (data->version) {
case protocol_v2:
if (must_list_refs)
get_remote_refs(data->fd[1], &reader, &refs, for_push,
ref_prefixes,
transport->server_options);
break;
case protocol_v1:
case protocol_v0:
die_if_server_options(transport);
get_remote_heads(&reader, &refs,
for_push ? REF_NORMAL : 0,
&data->extra_have,
&data->shallow);
break;
case protocol_unknown_version:
BUG("unknown protocol version");
}
data->got_remote_heads = 1;
if (reader.line_peeked)
BUG("buffer must be empty at the end of handshake()");
return refs;
}
static void proxy_state_init(struct proxy_state *p, const char *service_name,
enum protocol_version version)
{
struct strbuf buf = STRBUF_INIT;
memset(p, 0, sizeof(*p));
p->service_name = xstrdup(service_name);
p->in = 0;
p->out = 1;
strbuf_init(&p->request_buffer, 0);
strbuf_addf(&buf, "%s%s", url.buf, p->service_name);
p->service_url = strbuf_detach(&buf, NULL);
p->headers = http_copy_default_headers();
strbuf_addf(&buf, "Content-Type: application/x-%s-request", p->service_name);
p->headers = curl_slist_append(p->headers, buf.buf);
strbuf_reset(&buf);
strbuf_addf(&buf, "Accept: application/x-%s-result", p->service_name);
p->headers = curl_slist_append(p->headers, buf.buf);
strbuf_reset(&buf);
p->headers = curl_slist_append(p->headers, "Transfer-Encoding: chunked");
/* Add the Git-Protocol header */
if (get_protocol_http_header(version, &buf))
p->headers = curl_slist_append(p->headers, buf.buf);
packet_reader_init(&p->reader, p->in, NULL, 0,
PACKET_READ_GENTLE_ON_EOF);
strbuf_release(&buf);
}
int cmd_fetch_pack(int argc, const char **argv, const char *prefix)
{
int i, ret;
struct ref *ref = NULL;
const char *dest = NULL;
struct ref **sought = NULL;
int nr_sought = 0, alloc_sought = 0;
int fd[2];
char *pack_lockfile = NULL;
char **pack_lockfile_ptr = NULL;
struct child_process *conn;
struct fetch_pack_args args;
struct oid_array shallow = OID_ARRAY_INIT;
struct string_list deepen_not = STRING_LIST_INIT_DUP;
struct packet_reader reader;
enum protocol_version version;
fetch_if_missing = 0;
packet_trace_identity("fetch-pack");
memset(&args, 0, sizeof(args));
args.uploadpack = "git-upload-pack";
for (i = 1; i < argc && *argv[i] == '-'; i++) {
const char *arg = argv[i];
if (skip_prefix(arg, "--upload-pack=", &arg)) {
args.uploadpack = arg;
continue;
}
if (skip_prefix(arg, "--exec=", &arg)) {
args.uploadpack = arg;
continue;
}
if (!strcmp("--quiet", arg) || !strcmp("-q", arg)) {
args.quiet = 1;
continue;
}
if (!strcmp("--keep", arg) || !strcmp("-k", arg)) {
args.lock_pack = args.keep_pack;
args.keep_pack = 1;
continue;
}
if (!strcmp("--thin", arg)) {
args.use_thin_pack = 1;
continue;
}
if (!strcmp("--include-tag", arg)) {
args.include_tag = 1;
continue;
}
if (!strcmp("--all", arg)) {
args.fetch_all = 1;
continue;
}
if (!strcmp("--stdin", arg)) {
args.stdin_refs = 1;
continue;
}
if (!strcmp("--diag-url", arg)) {
args.diag_url = 1;
continue;
}
if (!strcmp("-v", arg)) {
args.verbose = 1;
continue;
}
if (skip_prefix(arg, "--depth=", &arg)) {
args.depth = strtol(arg, NULL, 0);
continue;
}
if (skip_prefix(arg, "--shallow-since=", &arg)) {
args.deepen_since = xstrdup(arg);
continue;
}
if (skip_prefix(arg, "--shallow-exclude=", &arg)) {
string_list_append(&deepen_not, arg);
continue;
}
if (!strcmp(arg, "--deepen-relative")) {
args.deepen_relative = 1;
continue;
}
if (!strcmp("--no-progress", arg)) {
args.no_progress = 1;
continue;
}
if (!strcmp("--stateless-rpc", arg)) {
args.stateless_rpc = 1;
continue;
}
if (!strcmp("--lock-pack", arg)) {
args.lock_pack = 1;
pack_lockfile_ptr = &pack_lockfile;
continue;
}
if (!strcmp("--check-self-contained-and-connected", arg)) {
args.check_self_contained_and_connected = 1;
continue;
}
if (!strcmp("--cloning", arg)) {
args.cloning = 1;
continue;
}
if (!strcmp("--update-shallow", arg)) {
args.update_shallow = 1;
continue;
}
if (!strcmp("--from-promisor", arg)) {
args.from_promisor = 1;
continue;
}
if (!strcmp("--no-dependents", arg)) {
args.no_dependents = 1;
continue;
}
if (skip_prefix(arg, ("--" CL_ARG__FILTER "="), &arg)) {
parse_list_objects_filter(&args.filter_options, arg);
continue;
}
if (!strcmp(arg, ("--no-" CL_ARG__FILTER))) {
list_objects_filter_set_no_filter(&args.filter_options);
continue;
}
usage(fetch_pack_usage);
}
if (deepen_not.nr)
args.deepen_not = &deepen_not;
if (i < argc)
dest = argv[i++];
else
usage(fetch_pack_usage);
/*
* Copy refs from cmdline to growable list, then append any
* refs from the standard input:
*/
for (; i < argc; i++)
add_sought_entry(&sought, &nr_sought, &alloc_sought, argv[i]);
if (args.stdin_refs) {
if (args.stateless_rpc) {
/* in stateless RPC mode we use pkt-line to read
* from stdin, until we get a flush packet
*/
for (;;) {
char *line = packet_read_line(0, NULL);
if (!line)
break;
add_sought_entry(&sought, &nr_sought, &alloc_sought, line);
}
}
else {
/* read from stdin one ref per line, until EOF */
struct strbuf line = STRBUF_INIT;
while (strbuf_getline_lf(&line, stdin) != EOF)
add_sought_entry(&sought, &nr_sought, &alloc_sought, line.buf);
strbuf_release(&line);
}
}
if (args.stateless_rpc) {
conn = NULL;
fd[0] = 0;
fd[1] = 1;
} else {
int flags = args.verbose ? CONNECT_VERBOSE : 0;
if (args.diag_url)
flags |= CONNECT_DIAG_URL;
conn = git_connect(fd, dest, args.uploadpack,
flags);
if (!conn)
return args.diag_url ? 0 : 1;
}
packet_reader_init(&reader, fd[0], NULL, 0,
PACKET_READ_CHOMP_NEWLINE |
PACKET_READ_GENTLE_ON_EOF |
PACKET_READ_DIE_ON_ERR_PACKET);
version = discover_version(&reader);
switch (version) {
case protocol_v2:
get_remote_refs(fd[1], &reader, &ref, 0, NULL, NULL);
break;
case protocol_v1:
case protocol_v0:
get_remote_heads(&reader, &ref, 0, NULL, &shallow);
break;
case protocol_unknown_version:
BUG("unknown protocol version");
}
ref = fetch_pack(&args, fd, conn, ref, dest, sought, nr_sought,
&shallow, pack_lockfile_ptr, version);
if (pack_lockfile) {
printf("lock %s\n", pack_lockfile);
fflush(stdout);
}
if (args.check_self_contained_and_connected &&
args.self_contained_and_connected) {
printf("connectivity-ok\n");
fflush(stdout);
}
close(fd[0]);
close(fd[1]);
if (finish_connect(conn))
return 1;
ret = !ref;
/*
* If the heads to pull were given, we should have consumed
* all of them by matching the remote. Otherwise, 'git fetch
* remote no-such-ref' would silently succeed without issuing
* an error.
*/
ret |= report_unmatched_refs(sought, nr_sought);
while (ref) {
printf("%s %s\n",
oid_to_hex(&ref->old_oid), ref->name);
ref = ref->next;
}
return ret;
}
static struct ref *do_fetch_pack_v2(struct fetch_pack_args *args,
int fd[2],
const struct ref *orig_ref,
struct ref **sought, int nr_sought,
char **pack_lockfile)
{
struct ref *ref = copy_ref_list(orig_ref);
enum fetch_state state = FETCH_CHECK_LOCAL;
struct oidset common = OIDSET_INIT;
struct packet_reader reader;
int in_vain = 0;
int haves_to_send = INITIAL_FLUSH;
struct fetch_negotiator negotiator;
fetch_negotiator_init(&negotiator, negotiation_algorithm);
packet_reader_init(&reader, fd[0], NULL, 0,
PACKET_READ_CHOMP_NEWLINE);
while (state != FETCH_DONE) {
switch (state) {
case FETCH_CHECK_LOCAL:
sort_ref_list(&ref, ref_compare_name);
QSORT(sought, nr_sought, cmp_ref_by_name);
/* v2 supports these by default */
allow_unadvertised_object_request |= ALLOW_REACHABLE_SHA1;
use_sideband = 2;
if (args->depth > 0 || args->deepen_since || args->deepen_not)
args->deepen = 1;
/* Filter 'ref' by 'sought' and those that aren't local */
if (!args->no_dependents) {
mark_complete_and_common_ref(&negotiator, args, &ref);
filter_refs(args, &ref, sought, nr_sought);
if (everything_local(args, &ref))
state = FETCH_DONE;
else
state = FETCH_SEND_REQUEST;
mark_tips(&negotiator, args->negotiation_tips);
for_each_cached_alternate(&negotiator,
insert_one_alternate_object);
} else {
filter_refs(args, &ref, sought, nr_sought);
state = FETCH_SEND_REQUEST;
}
break;
case FETCH_SEND_REQUEST:
if (send_fetch_request(&negotiator, fd[1], args, ref,
&common,
&haves_to_send, &in_vain))
state = FETCH_GET_PACK;
else
state = FETCH_PROCESS_ACKS;
break;
case FETCH_PROCESS_ACKS:
/* Process ACKs/NAKs */
switch (process_acks(&negotiator, &reader, &common)) {
case 2:
state = FETCH_GET_PACK;
break;
case 1:
in_vain = 0;
/* fallthrough */
default:
state = FETCH_SEND_REQUEST;
break;
}
break;
case FETCH_GET_PACK:
/* Check for shallow-info section */
if (process_section_header(&reader, "shallow-info", 1))
receive_shallow_info(args, &reader);
if (process_section_header(&reader, "wanted-refs", 1))
receive_wanted_refs(&reader, sought, nr_sought);
/* get the pack */
process_section_header(&reader, "packfile", 0);
if (get_pack(args, fd, pack_lockfile))
die(_("git fetch-pack: fetch failed."));
state = FETCH_DONE;
break;
case FETCH_DONE:
continue;
}
}
negotiator.release(&negotiator);
oidset_clear(&common);
return ref;
}
ya_result
xfr_input_stream_init(input_stream* filtering_stream, const u8 *origin, input_stream *xfr_source_stream, message_data *message, u32 current_serial, xfr_copy_flags flags)
{
yassert(filtering_stream != NULL && origin != NULL && xfr_source_stream != NULL && message != NULL);
input_stream *is = xfr_source_stream;
packet_unpack_reader_data reader;
u8 *buffer;
u8 *record;
u8 *ptr;
#if DNSCORE_HAS_TSIG_SUPPORT
const tsig_item *tsig;
#endif
ya_result record_len;
ya_result return_value;
u32 origin_len;
u32 last_serial = 0;
u16 tcplen;
u16 qtype;
u16 qclass;
u16 old_mac_size;
bool last_message_had_tsig;
bool need_cleanup_tsig = FALSE;
#if DNSCORE_HAS_TSIG_SUPPORT
u8 old_mac[64];
#endif
/*
* ensure the stream will be unusable if the initialisation fails
*/
input_stream_set_void(filtering_stream);
/*
* Start by reading the first packet, and determine if it's an AXFR or an IXFR (for the name)
* note: it's read and converted to the host endianness
*/
if(!is_fd_input_stream(is))
{
// expected file input stream
return INVALID_ARGUMENT_ERROR;
}
//buffer_input_stream_init(is, is, 4096);
/* TCP length */
if(FAIL(return_value = input_stream_read_nu16(is, &tcplen)))
{
return return_value;
}
if(return_value != 2)
{
return UNEXPECTED_EOF;
}
/* if the length is not enough, return the most appropriate error code */
origin_len = dnsname_len(origin);
if(tcplen < DNS_HEADER_LENGTH + origin_len + 4)
{
return_value = UNEXPECTED_EOF;
if(tcplen >= DNS_HEADER_LENGTH)
{
if(ISOK(return_value = input_stream_read_fully(is, message->pool_buffer, DNS_HEADER_LENGTH)))
{
return_value = MAKE_DNSMSG_ERROR(MESSAGE_RCODE(message->pool_buffer));
}
}
return return_value;
}
/* read the whole message */
buffer = &message->buffer[0];
record = &message->pool_buffer[0];
assert(sizeof(message->pool_buffer) >= 255 + 10 + 65535);
if(FAIL(return_value = input_stream_read_fully(is, buffer, tcplen)))
{
return return_value;
}
#if DEBUG_XFR_INPUT_STREAM
log_memdump(g_system_logger, MSG_DEBUG1, &message->buffer[0], tcplen, 32);
#endif
message->received = return_value;
/* check the message makes sense */
const u64 *h64 = (u64*)buffer;
u64 m64 = AXFR_MESSAGE_HEADER_MASK;
u64 r64 = AXFR_MESSAGE_HEADER_RESULT;
if(((*h64&m64) != r64) || (MESSAGE_NS(message->buffer) != 0))
{
u8 code = MESSAGE_RCODE(message->buffer);
if(code != 0)
{
return_value = MAKE_DNSMSG_ERROR(code);
}
else
{
return_value = UNPROCESSABLE_MESSAGE;
}
return return_value;
}
//m64 = AXFR_NEXT_MESSAGE_HEADER_MASK;
//r64 = AXFR_NEXT_MESSAGE_HEADER_RESULT;
packet_reader_init(&reader, buffer, tcplen);
reader.offset = DNS_HEADER_LENGTH;
packet_reader_read_fqdn(&reader, record, RDATA_MAX_LENGTH + 1);
if(!dnsname_equals(record, origin))
{
return INVALID_PROTOCOL;
}
if(FAIL(return_value = packet_reader_read_u16(&reader, &qtype)))
{
return return_value;
}
if(return_value != 2)
{
return UNEXPECTED_EOF;
}
/*
* check that we are allowed to process this particular kind of transfer
* note : this does not determine what is REALLY begin transferred
*/
switch(qtype)
{
case TYPE_AXFR:
{
if((flags & XFR_ALLOW_AXFR) == 0)
{
return INVALID_PROTOCOL;
}
break;
}
case TYPE_IXFR:
{
if((flags & XFR_ALLOW_IXFR) == 0)
{
return INVALID_PROTOCOL;
}
break;
}
default:
{
return INVALID_PROTOCOL;
}
}
if(FAIL(return_value = packet_reader_read_u16(&reader, &qclass)))
{
return return_value;
}
if(qclass != CLASS_IN)
{
/** wrong answer */
return INVALID_PROTOCOL;
}
/* check for TSIG and verify */
u16 ancount = ntohs(MESSAGE_AN(buffer));
#if DNSCORE_HAS_TSIG_SUPPORT
if((last_message_had_tsig = ((tsig = message->tsig.tsig) != NULL)))
{
/* verify the TSIG
*
* AR > 0
* skip ALL the records until the last AR
* it MUST be a TSIG
* It's the first TSIG answering to our query
* verify it
*
*/
message->tsig.tsig = NULL;
old_mac_size = message->tsig.mac_size;
memcpy(old_mac, message->tsig.mac, old_mac_size);
if(FAIL(return_value = tsig_message_extract(message)))
{
log_debug("xfr_input_stream: error extracting the signature");
return return_value;
}
if(return_value == 0)
{
log_debug("xfr_input_stream: no signature when one was requested");
return TSIG_BADSIG; /* no signature, when one was requested, is a bad signature */
}
if(message->tsig.tsig != tsig)
{
/* This is not the one we started with */
log_debug("xfr_input_stream: signature key does not match");
return TSIG_BADSIG;
}
/// check that the tsig in the message matches the one that was sent
if(FAIL(return_value = tsig_verify_tcp_first_message(message, old_mac, old_mac_size)))
{
return return_value;
}
reader.packet_size = message->received;
need_cleanup_tsig = TRUE;
}
#endif
log_debug("xfr_input_stream: expecting %5d answer records", ancount);
/*
* read the SOA (it MUST be an SOA)
*/
if(FAIL(record_len = packet_reader_read_record(&reader, record, RDATA_MAX_LENGTH + 1)))
{
return record_len;
}
if(!dnsname_equals(record, origin))
{
return INVALID_PROTOCOL;
}
ptr = &record[origin_len];
if(GET_U16_AT(*ptr) != TYPE_SOA)
{
return INVALID_PROTOCOL;
}
ptr += 8; /* type class ttl */
u16 rdata_size = ntohs(GET_U16_AT(*ptr));
if(rdata_size < 22)
{
return INVALID_PROTOCOL;
}
rdata_size -= 16;
ptr += 2; /* rdata size */
s32 len = dnsname_len(ptr);
if(len >= rdata_size)
{
return INVALID_PROTOCOL;
}
rdata_size -= len;
ptr += len;
len = dnsname_len(ptr);
if(len >= rdata_size)
{
return INVALID_PROTOCOL;
}
rdata_size -= len;
if(rdata_size != 4)
{
return INVALID_PROTOCOL;
}
ptr += len;
// if the serial of the SOA is the same one as we know, then there is no
// need to download the zone
last_serial = ntohl(GET_U32_AT(*ptr));
if(last_serial == current_serial)
{
//args->out_loaded_serial = args->current_serial;
return ZONE_ALREADY_UP_TO_DATE;
}
xfr_input_stream_data *data;
ZALLOC_OR_DIE(xfr_input_stream_data*, data, xfr_input_stream_data, XFRISDTA_TAG);
ZEROMEMORY(data, sizeof(xfr_input_stream_data));
/*
* We have got the first SOA
* Next time we find this SOA (second next time for IXFR) the stream, it will be the end of the stream
*/
/*
* The stream can be AXFR or IXFR.
* The only way to know this is to look at the records, maybe on many packets.
* If there are two SOA (different serial numbers) for the start, then it's an IXFR, else it's an AXFR.
*
* OPEN A PIPE STREAM "XFRs"
*
* Save the first SOA
*/
MALLOC_OR_DIE(u8*, data->first_soa_record, record_len, XFRISSOA_TAG);
MEMCOPY(data->first_soa_record, record, record_len);
data->first_soa_record_size = record_len;
filtering_stream->vtbl = &xfr_input_stream_vtbl;
filtering_stream->data = data;
pipe_stream_init(&data->pipe_stream_output, &data->pipe_stream_input, 65536);
MEMCOPY(&data->reader, &reader, sizeof(packet_unpack_reader_data));
data->origin = origin;
data->message = message;
data->ancount = ancount - 1;
data->record_index++;
data->last_serial = last_serial;
data->xfr_mode = TYPE_ANY;
data->ixfr_mark = FALSE;
data->last_message_had_tsig = last_message_had_tsig;
data->source_stream = *is;
data->need_cleanup_tsig = need_cleanup_tsig;
/*
* Then we read all records for all packets
* If we find an SOA ...
* AXFR: it has to be the last serial and it is the end of the stream.
* IXFR: if it's not the last serial it has to go from step to step
* AND once we have reached the "last serial" once, the next hit is the end of the stream.
*/
data->eos = FALSE;
/*
* In order to know what the type is, read the first packet.
*/
return_value = xfr_input_stream_read_packet(data);
if(FAIL(return_value))
{
xfr_input_stream_close(filtering_stream);
}
return return_value;
}
static ya_result
xfr_input_stream_read(input_stream *is, u8 *buffer, u32 len)
{
xfr_input_stream_data *data = (xfr_input_stream_data*)is->data;
input_stream *source_stream = &data->source_stream;
message_data *message = data->message;
#if DNSCORE_HAS_TSIG_SUPPORT
const tsig_item *tsig = message->tsig.tsig;
#endif
packet_unpack_reader_data *reader = &data->reader;
if(FAIL(data->last_error))
{
return data->last_error;
}
ya_result return_value = SUCCESS;
/* while there is not enough bytes on the input */
while(pipe_stream_read_available(&data->pipe_stream_input) < len)
{
/* read the packet and write on the output (so it can be read back on the input) */
if(FAIL(return_value = xfr_input_stream_read_packet(data)))
{
break;
}
if(data->eos)
{
break;
}
if(data->ancount > 0)
{
break;
}
/* next TCP chunk */
#ifdef DEBUG
memset(&message->buffer[0], 0xee, sizeof(message->buffer));
#endif
u16 tcplen;
return_value = input_stream_read_nu16(source_stream, &tcplen); /* this is wrong ... */
if(return_value != 2)
{
#ifdef DEBUG
log_debug("xfr_input_stream_read: next message is %ld bytes long", return_value);
#endif
break;
}
if(tcplen == 0)
{
return_value = UNEXPECTED_EOF;
break;
}
if(FAIL(return_value = input_stream_read_fully(source_stream, message->buffer, tcplen)))
{
break;
}
#if DEBUG_XFR_INPUT_STREAM
log_memdump(g_system_logger, MSG_DEBUG1, &message->buffer[0], tcplen, 32);
#endif
message->received = return_value;
#ifdef DEBUG
memset(&message->buffer[tcplen], 0xdd, DNSPACKET_MAX_LENGTH + 1 - tcplen);
#endif
/*
* Check the headers
*/
const u64 *h64 = (u64*)message->buffer;
const u64 m64 = AXFR_NEXT_MESSAGE_HEADER_MASK;
const u64 r64 = AXFR_NEXT_MESSAGE_HEADER_RESULT;
if(((*h64&m64) != r64) || (MESSAGE_NS(message->buffer) != 0))
{
u8 code = MESSAGE_RCODE(message->buffer);
if(code != 0)
{
return_value = MAKE_DNSMSG_ERROR(code);
}
else
{
return_value = UNPROCESSABLE_MESSAGE;
}
break;
}
#if DNSCORE_HAS_TSIG_SUPPORT
if((data->last_message_had_tsig = (tsig != NULL)))
{
/* verify the TSIG
*
* AR > 0
* skip ALL the records until the last AR
* it MUST be a TSIG
* It's the first TSIG answering to our query
* verify it
*
*/
message->tsig.tsig = NULL;
if(FAIL(return_value = tsig_message_extract(message)))
{
break;
}
if((return_value == 1) && (message->tsig.tsig != tsig))
{
/* This is not the one we started with */
log_debug("xfr_input_stream: signature key does not match");
return_value = TSIG_BADSIG;
break;
}
if(FAIL(return_value = tsig_verify_tcp_next_message(message)))
{
break;
}
}
#endif
message_header *header = (message_header*)message->buffer;
data->ancount = ntohs(header->ancount);
packet_reader_init(reader, message->buffer, message->received);
reader->offset = DNS_HEADER_LENGTH;
u16 n = ntohs(header->qdcount);
while(n > 0)
{
if(FAIL(return_value = packet_reader_skip_fqdn(reader)))
{
break;
}
packet_reader_skip(reader, 4);
n--;
}
} // for(;;) /* process all TCP chunks */
if(ISOK(return_value))
{
if((return_value = pipe_stream_read_available(&data->pipe_stream_input)) > 0) // never fails
{
if(FAIL(return_value = input_stream_read(&data->pipe_stream_input, buffer, len)))
{
#if DNSCORE_HAS_TSIG_SUPPORT
if(data->need_cleanup_tsig)
{
tsig_verify_tcp_last_message(message);
data->need_cleanup_tsig = FALSE;
}
#endif
}
}
else
{
// here, return_value == 0
#if DNSCORE_HAS_TSIG_SUPPORT
if(tsig != NULL)
{
tsig_verify_tcp_last_message(message);
data->need_cleanup_tsig = FALSE;
if(!data->last_message_had_tsig)
{
/*
* The stream didn't end with a TSIG
* It's bad.
*
*/
log_err("xfr_input_stream: TSIG enabled answer didn't ended with a signed packet");
return_value = TSIG_BADSIG;
}
}
#endif
}
}
else
{
#if DNSCORE_HAS_TSIG_SUPPORT
// cleanup
tsig_verify_tcp_last_message(message);
data->need_cleanup_tsig = FALSE;
#endif
}
data->last_error = return_value;
return return_value;
}
int send_pack(struct send_pack_args *args,
int fd[], struct child_process *conn,
struct ref *remote_refs,
struct oid_array *extra_have)
{
int in = fd[0];
int out = fd[1];
struct strbuf req_buf = STRBUF_INIT;
struct strbuf cap_buf = STRBUF_INIT;
struct ref *ref;
int need_pack_data = 0;
int allow_deleting_refs = 0;
int status_report = 0;
int use_sideband = 0;
int quiet_supported = 0;
int agent_supported = 0;
int use_atomic = 0;
int atomic_supported = 0;
int use_push_options = 0;
int push_options_supported = 0;
unsigned cmds_sent = 0;
int ret;
struct async demux;
const char *push_cert_nonce = NULL;
struct packet_reader reader;
git_config(send_pack_config, NULL);
/* Does the other end support the reporting? */
if (server_supports("report-status"))
status_report = 1;
if (server_supports("delete-refs"))
allow_deleting_refs = 1;
if (server_supports("ofs-delta"))
args->use_ofs_delta = 1;
if (config_use_sideband && server_supports("side-band-64k"))
use_sideband = 1;
if (server_supports("quiet"))
quiet_supported = 1;
if (server_supports("agent"))
agent_supported = 1;
if (server_supports("no-thin"))
args->use_thin_pack = 0;
if (server_supports("atomic"))
atomic_supported = 1;
if (server_supports("push-options"))
push_options_supported = 1;
if (args->push_cert != SEND_PACK_PUSH_CERT_NEVER) {
int len;
push_cert_nonce = server_feature_value("push-cert", &len);
if (push_cert_nonce) {
reject_invalid_nonce(push_cert_nonce, len);
push_cert_nonce = xmemdupz(push_cert_nonce, len);
} else if (args->push_cert == SEND_PACK_PUSH_CERT_ALWAYS) {
die(_("the receiving end does not support --signed push"));
} else if (args->push_cert == SEND_PACK_PUSH_CERT_IF_ASKED) {
warning(_("not sending a push certificate since the"
" receiving end does not support --signed"
" push"));
}
}
if (!remote_refs) {
fprintf(stderr, "No refs in common and none specified; doing nothing.\n"
"Perhaps you should specify a branch such as 'master'.\n");
return 0;
}
if (args->atomic && !atomic_supported)
die(_("the receiving end does not support --atomic push"));
use_atomic = atomic_supported && args->atomic;
if (args->push_options && !push_options_supported)
die(_("the receiving end does not support push options"));
use_push_options = push_options_supported && args->push_options;
if (status_report)
strbuf_addstr(&cap_buf, " report-status");
if (use_sideband)
strbuf_addstr(&cap_buf, " side-band-64k");
if (quiet_supported && (args->quiet || !args->progress))
strbuf_addstr(&cap_buf, " quiet");
if (use_atomic)
strbuf_addstr(&cap_buf, " atomic");
if (use_push_options)
strbuf_addstr(&cap_buf, " push-options");
if (agent_supported)
strbuf_addf(&cap_buf, " agent=%s", git_user_agent_sanitized());
/*
* NEEDSWORK: why does delete-refs have to be so specific to
* send-pack machinery that set_ref_status_for_push() cannot
* set this bit for us???
*/
for (ref = remote_refs; ref; ref = ref->next)
if (ref->deletion && !allow_deleting_refs)
ref->status = REF_STATUS_REJECT_NODELETE;
if (!args->dry_run)
advertise_shallow_grafts_buf(&req_buf);
if (!args->dry_run && push_cert_nonce)
cmds_sent = generate_push_cert(&req_buf, remote_refs, args,
cap_buf.buf, push_cert_nonce);
/*
* Clear the status for each ref and see if we need to send
* the pack data.
*/
for (ref = remote_refs; ref; ref = ref->next) {
switch (check_to_send_update(ref, args)) {
case 0: /* no error */
break;
case CHECK_REF_STATUS_REJECTED:
/*
* When we know the server would reject a ref update if
* we were to send it and we're trying to send the refs
* atomically, abort the whole operation.
*/
if (use_atomic) {
strbuf_release(&req_buf);
strbuf_release(&cap_buf);
return atomic_push_failure(args, remote_refs, ref);
}
/* else fallthrough */
default:
continue;
}
if (!ref->deletion)
need_pack_data = 1;
if (args->dry_run || !status_report)
ref->status = REF_STATUS_OK;
else
ref->status = REF_STATUS_EXPECTING_REPORT;
}
/*
* Finally, tell the other end!
*/
for (ref = remote_refs; ref; ref = ref->next) {
char *old_hex, *new_hex;
if (args->dry_run || push_cert_nonce)
continue;
if (check_to_send_update(ref, args) < 0)
continue;
old_hex = oid_to_hex(&ref->old_oid);
new_hex = oid_to_hex(&ref->new_oid);
if (!cmds_sent) {
packet_buf_write(&req_buf,
"%s %s %s%c%s",
old_hex, new_hex, ref->name, 0,
cap_buf.buf);
cmds_sent = 1;
} else {
packet_buf_write(&req_buf, "%s %s %s",
old_hex, new_hex, ref->name);
}
}
if (use_push_options) {
struct string_list_item *item;
packet_buf_flush(&req_buf);
for_each_string_list_item(item, args->push_options)
packet_buf_write(&req_buf, "%s", item->string);
}
if (args->stateless_rpc) {
if (!args->dry_run && (cmds_sent || is_repository_shallow(the_repository))) {
packet_buf_flush(&req_buf);
send_sideband(out, -1, req_buf.buf, req_buf.len, LARGE_PACKET_MAX);
}
} else {
write_or_die(out, req_buf.buf, req_buf.len);
packet_flush(out);
}
strbuf_release(&req_buf);
strbuf_release(&cap_buf);
if (use_sideband && cmds_sent) {
memset(&demux, 0, sizeof(demux));
demux.proc = sideband_demux;
demux.data = fd;
demux.out = -1;
demux.isolate_sigpipe = 1;
if (start_async(&demux))
die("send-pack: unable to fork off sideband demultiplexer");
in = demux.out;
}
packet_reader_init(&reader, in, NULL, 0,
PACKET_READ_CHOMP_NEWLINE |
PACKET_READ_DIE_ON_ERR_PACKET);
if (need_pack_data && cmds_sent) {
if (pack_objects(out, remote_refs, extra_have, args) < 0) {
for (ref = remote_refs; ref; ref = ref->next)
ref->status = REF_STATUS_NONE;
if (args->stateless_rpc)
close(out);
if (git_connection_is_socket(conn))
shutdown(fd[0], SHUT_WR);
/*
* Do not even bother with the return value; we know we
* are failing, and just want the error() side effects.
*/
if (status_report)
receive_unpack_status(&reader);
if (use_sideband) {
close(demux.out);
finish_async(&demux);
}
fd[1] = -1;
return -1;
}
if (!args->stateless_rpc)
/* Closed by pack_objects() via start_command() */
fd[1] = -1;
}
if (args->stateless_rpc && cmds_sent)
packet_flush(out);
if (status_report && cmds_sent)
ret = receive_status(&reader, remote_refs);
else
ret = 0;
if (args->stateless_rpc)
packet_flush(out);
if (use_sideband && cmds_sent) {
close(demux.out);
if (finish_async(&demux)) {
error("error in sideband demultiplexer");
ret = -1;
}
}
if (ret < 0)
return ret;
if (args->porcelain)
return 0;
for (ref = remote_refs; ref; ref = ref->next) {
switch (ref->status) {
case REF_STATUS_NONE:
case REF_STATUS_UPTODATE:
case REF_STATUS_OK:
break;
default:
return -1;
}
}
return 0;
}
static int find_common(struct fetch_negotiator *negotiator,
struct fetch_pack_args *args,
int fd[2], struct object_id *result_oid,
struct ref *refs)
{
int fetching;
int count = 0, flushes = 0, flush_at = INITIAL_FLUSH, retval;
const struct object_id *oid;
unsigned in_vain = 0;
int got_continue = 0;
int got_ready = 0;
struct strbuf req_buf = STRBUF_INIT;
size_t state_len = 0;
struct packet_reader reader;
if (args->stateless_rpc && multi_ack == 1)
die(_("--stateless-rpc requires multi_ack_detailed"));
packet_reader_init(&reader, fd[0], NULL, 0,
PACKET_READ_CHOMP_NEWLINE |
PACKET_READ_DIE_ON_ERR_PACKET);
if (!args->no_dependents) {
mark_tips(negotiator, args->negotiation_tips);
for_each_cached_alternate(negotiator, insert_one_alternate_object);
}
fetching = 0;
for ( ; refs ; refs = refs->next) {
struct object_id *remote = &refs->old_oid;
const char *remote_hex;
struct object *o;
/*
* If that object is complete (i.e. it is an ancestor of a
* local ref), we tell them we have it but do not have to
* tell them about its ancestors, which they already know
* about.
*
* We use lookup_object here because we are only
* interested in the case we *know* the object is
* reachable and we have already scanned it.
*
* Do this only if args->no_dependents is false (if it is true,
* we cannot trust the object flags).
*/
if (!args->no_dependents &&
((o = lookup_object(the_repository, remote->hash)) != NULL) &&
(o->flags & COMPLETE)) {
continue;
}
remote_hex = oid_to_hex(remote);
if (!fetching) {
struct strbuf c = STRBUF_INIT;
if (multi_ack == 2) strbuf_addstr(&c, " multi_ack_detailed");
if (multi_ack == 1) strbuf_addstr(&c, " multi_ack");
if (no_done) strbuf_addstr(&c, " no-done");
if (use_sideband == 2) strbuf_addstr(&c, " side-band-64k");
if (use_sideband == 1) strbuf_addstr(&c, " side-band");
if (args->deepen_relative) strbuf_addstr(&c, " deepen-relative");
if (args->use_thin_pack) strbuf_addstr(&c, " thin-pack");
if (args->no_progress) strbuf_addstr(&c, " no-progress");
if (args->include_tag) strbuf_addstr(&c, " include-tag");
if (prefer_ofs_delta) strbuf_addstr(&c, " ofs-delta");
if (deepen_since_ok) strbuf_addstr(&c, " deepen-since");
if (deepen_not_ok) strbuf_addstr(&c, " deepen-not");
if (agent_supported) strbuf_addf(&c, " agent=%s",
git_user_agent_sanitized());
if (args->filter_options.choice)
strbuf_addstr(&c, " filter");
packet_buf_write(&req_buf, "want %s%s\n", remote_hex, c.buf);
strbuf_release(&c);
} else
packet_buf_write(&req_buf, "want %s\n", remote_hex);
fetching++;
}
if (!fetching) {
strbuf_release(&req_buf);
packet_flush(fd[1]);
return 1;
}
if (is_repository_shallow(the_repository))
write_shallow_commits(&req_buf, 1, NULL);
if (args->depth > 0)
packet_buf_write(&req_buf, "deepen %d", args->depth);
if (args->deepen_since) {
timestamp_t max_age = approxidate(args->deepen_since);
packet_buf_write(&req_buf, "deepen-since %"PRItime, max_age);
}
if (args->deepen_not) {
int i;
for (i = 0; i < args->deepen_not->nr; i++) {
struct string_list_item *s = args->deepen_not->items + i;
packet_buf_write(&req_buf, "deepen-not %s", s->string);
}
}
if (server_supports_filtering && args->filter_options.choice) {
struct strbuf expanded_filter_spec = STRBUF_INIT;
expand_list_objects_filter_spec(&args->filter_options,
&expanded_filter_spec);
packet_buf_write(&req_buf, "filter %s",
expanded_filter_spec.buf);
strbuf_release(&expanded_filter_spec);
}
packet_buf_flush(&req_buf);
state_len = req_buf.len;
if (args->deepen) {
const char *arg;
struct object_id oid;
send_request(args, fd[1], &req_buf);
while (packet_reader_read(&reader) == PACKET_READ_NORMAL) {
if (skip_prefix(reader.line, "shallow ", &arg)) {
if (get_oid_hex(arg, &oid))
die(_("invalid shallow line: %s"), reader.line);
register_shallow(the_repository, &oid);
continue;
}
if (skip_prefix(reader.line, "unshallow ", &arg)) {
if (get_oid_hex(arg, &oid))
die(_("invalid unshallow line: %s"), reader.line);
if (!lookup_object(the_repository, oid.hash))
die(_("object not found: %s"), reader.line);
/* make sure that it is parsed as shallow */
if (!parse_object(the_repository, &oid))
die(_("error in object: %s"), reader.line);
if (unregister_shallow(&oid))
die(_("no shallow found: %s"), reader.line);
continue;
}
die(_("expected shallow/unshallow, got %s"), reader.line);
}
} else if (!args->stateless_rpc)
send_request(args, fd[1], &req_buf);
if (!args->stateless_rpc) {
/* If we aren't using the stateless-rpc interface
* we don't need to retain the headers.
*/
strbuf_setlen(&req_buf, 0);
state_len = 0;
}
flushes = 0;
retval = -1;
if (args->no_dependents)
goto done;
while ((oid = negotiator->next(negotiator))) {
packet_buf_write(&req_buf, "have %s\n", oid_to_hex(oid));
print_verbose(args, "have %s", oid_to_hex(oid));
in_vain++;
if (flush_at <= ++count) {
int ack;
packet_buf_flush(&req_buf);
send_request(args, fd[1], &req_buf);
strbuf_setlen(&req_buf, state_len);
flushes++;
flush_at = next_flush(args->stateless_rpc, count);
/*
* We keep one window "ahead" of the other side, and
* will wait for an ACK only on the next one
*/
if (!args->stateless_rpc && count == INITIAL_FLUSH)
continue;
consume_shallow_list(args, &reader);
do {
ack = get_ack(&reader, result_oid);
if (ack)
print_verbose(args, _("got %s %d %s"), "ack",
ack, oid_to_hex(result_oid));
switch (ack) {
case ACK:
flushes = 0;
multi_ack = 0;
retval = 0;
goto done;
case ACK_common:
case ACK_ready:
case ACK_continue: {
struct commit *commit =
lookup_commit(the_repository,
result_oid);
int was_common;
if (!commit)
die(_("invalid commit %s"), oid_to_hex(result_oid));
was_common = negotiator->ack(negotiator, commit);
if (args->stateless_rpc
&& ack == ACK_common
&& !was_common) {
/* We need to replay the have for this object
* on the next RPC request so the peer knows
* it is in common with us.
*/
const char *hex = oid_to_hex(result_oid);
packet_buf_write(&req_buf, "have %s\n", hex);
state_len = req_buf.len;
/*
* Reset in_vain because an ack
* for this commit has not been
* seen.
*/
in_vain = 0;
} else if (!args->stateless_rpc
|| ack != ACK_common)
in_vain = 0;
retval = 0;
got_continue = 1;
if (ack == ACK_ready)
got_ready = 1;
break;
}
}
} while (ack);
flushes--;
if (got_continue && MAX_IN_VAIN < in_vain) {
print_verbose(args, _("giving up"));
break; /* give up */
}
if (got_ready)
break;
}
}
done:
if (!got_ready || !no_done) {
packet_buf_write(&req_buf, "done\n");
send_request(args, fd[1], &req_buf);
}
print_verbose(args, _("done"));
if (retval != 0) {
multi_ack = 0;
flushes++;
}
strbuf_release(&req_buf);
if (!got_ready || !no_done)
consume_shallow_list(args, &reader);
while (flushes || multi_ack) {
int ack = get_ack(&reader, result_oid);
if (ack) {
print_verbose(args, _("got %s (%d) %s"), "ack",
ack, oid_to_hex(result_oid));
if (ack == ACK)
return 0;
multi_ack = 1;
continue;
}
flushes--;
}
/* it is no error to fetch into a completely empty repo */
return count ? retval : 0;
}
