1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
|
package ssh
import (
"context"
"fmt"
"io"
"strings"
"sync"
"github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus"
log "github.com/sirupsen/logrus"
"gitlab.com/gitlab-org/gitaly/v15/internal/command"
"gitlab.com/gitlab-org/gitaly/v15/internal/git"
"gitlab.com/gitlab-org/gitaly/v15/internal/git/pktline"
"gitlab.com/gitlab-org/gitaly/v15/internal/git/stats"
"gitlab.com/gitlab-org/gitaly/v15/internal/helper"
"gitlab.com/gitlab-org/gitaly/v15/internal/sidechannel"
"gitlab.com/gitlab-org/gitaly/v15/internal/stream"
"gitlab.com/gitlab-org/gitaly/v15/proto/go/gitalypb"
"gitlab.com/gitlab-org/gitaly/v15/streamio"
)
func (s *server) SSHUploadPack(stream gitalypb.SSHService_SSHUploadPackServer) error {
ctx := stream.Context()
req, err := stream.Recv() // First request contains Repository only
if err != nil {
return helper.ErrInternal(err)
}
ctxlogrus.Extract(ctx).WithFields(log.Fields{
"GlRepository": req.GetRepository().GetGlRepository(),
"GitConfigOptions": req.GitConfigOptions,
"GitProtocol": req.GitProtocol,
}).Debug("SSHUploadPack")
if err = validateFirstUploadPackRequest(req); err != nil {
return helper.ErrInvalidArgument(err)
}
stdin := streamio.NewReader(func() ([]byte, error) {
request, err := stream.Recv()
return request.GetStdin(), err
})
// gRPC doesn't allow concurrent writes to a stream, so we need to
// synchronize writing stdout and stderr.
var m sync.Mutex
stdout := streamio.NewSyncWriter(&m, func(p []byte) error {
return stream.Send(&gitalypb.SSHUploadPackResponse{Stdout: p})
})
stderr := streamio.NewSyncWriter(&m, func(p []byte) error {
return stream.Send(&gitalypb.SSHUploadPackResponse{Stderr: p})
})
if status, err := s.sshUploadPack(ctx, req, stdin, stdout, stderr); err != nil {
if errSend := stream.Send(&gitalypb.SSHUploadPackResponse{
ExitStatus: &gitalypb.ExitStatus{Value: int32(status)},
}); errSend != nil {
ctxlogrus.Extract(ctx).WithError(errSend).Error("send final status code")
}
return helper.ErrInternal(err)
}
return nil
}
type sshUploadPackRequest interface {
GetRepository() *gitalypb.Repository
GetGitConfigOptions() []string
GetGitProtocol() string
}
func (s *server) sshUploadPack(ctx context.Context, req sshUploadPackRequest, stdin io.Reader, stdout, stderr io.Writer) (int, error) {
ctx, cancelCtx := context.WithCancel(ctx)
defer cancelCtx()
stdoutCounter := &helper.CountingWriter{W: stdout}
// Use large copy buffer to reduce the number of system calls
stdout = &largeBufferReaderFrom{Writer: stdoutCounter}
repo := req.GetRepository()
repoPath, err := s.locator.GetRepoPath(repo)
if err != nil {
return 0, err
}
git.WarnIfTooManyBitmaps(ctx, s.locator, repo.StorageName, repoPath)
config, err := git.ConvertConfigOptions(req.GetGitConfigOptions())
if err != nil {
return 0, err
}
var wg sync.WaitGroup
pr, pw := io.Pipe()
defer func() {
pw.Close()
wg.Wait()
}()
stdin = io.TeeReader(stdin, pw)
wg.Add(1)
go func() {
defer func() {
wg.Done()
pr.Close()
}()
stats, err := stats.ParsePackfileNegotiation(pr)
if err != nil {
ctxlogrus.Extract(ctx).WithError(err).Debug("failed parsing packfile negotiation")
return
}
stats.UpdateMetrics(s.packfileNegotiationMetrics)
}()
commandOpts := []git.CmdOpt{
git.WithGitProtocol(req),
git.WithConfig(config...),
git.WithPackObjectsHookEnv(repo, "ssh"),
}
var stderrBuilder strings.Builder
stderr = io.MultiWriter(stderr, &stderrBuilder)
cmd, monitor, err := monitorStdinCommand(ctx, s.gitCmdFactory, stdin, stdout, stderr, git.SubCmd{
Name: "upload-pack",
Args: []string{repoPath},
}, commandOpts...)
if err != nil {
return 0, err
}
timeoutTicker := helper.NewTimerTicker(s.uploadPackRequestTimeout)
// upload-pack negotiation is terminated by either a flush, or the "done"
// packet: https://github.com/git/git/blob/v2.20.0/Documentation/technical/pack-protocol.txt#L335
//
// "flush" tells the server it can terminate, while "done" tells it to start
// generating a packfile. Add a timeout to the second case to mitigate
// use-after-check attacks.
go monitor.Monitor(ctx, pktline.PktDone(), timeoutTicker, cancelCtx)
if err := cmd.Wait(); err != nil {
status, _ := command.ExitStatus(err)
// A common error case is that the client is terminating the request prematurely,
// e.g. by killing their git-fetch(1) process because it's taking too long. This is
// an expected failure, but we're not in a position to easily tell this error apart
// from other errors returned by git-upload-pack(1). So we have to resort to parsing
// the error message returned by Git, and if we see that it matches we return an
// error with a `Canceled` error code.
//
// Note that we're being quite strict with how we match the error for now. We may
// have to make it more lenient in case we see that this doesn't catch all cases.
if stderrBuilder.String() == "fatal: the remote end hung up unexpectedly\n" {
return status, helper.ErrCanceledf("user canceled the fetch")
}
return status, fmt.Errorf("cmd wait: %w, stderr: %q", err, stderrBuilder.String())
}
ctxlogrus.Extract(ctx).WithField("response_bytes", stdoutCounter.N).Info("request details")
return 0, nil
}
func validateFirstUploadPackRequest(req *gitalypb.SSHUploadPackRequest) error {
if req.Stdin != nil {
return fmt.Errorf("non-empty stdin in first request")
}
return nil
}
type largeBufferReaderFrom struct {
io.Writer
}
func (rf *largeBufferReaderFrom) ReadFrom(r io.Reader) (int64, error) {
return io.CopyBuffer(rf.Writer, r, make([]byte, 64*1024))
}
func (s *server) SSHUploadPackWithSidechannel(ctx context.Context, req *gitalypb.SSHUploadPackWithSidechannelRequest) (*gitalypb.SSHUploadPackWithSidechannelResponse, error) {
conn, err := sidechannel.OpenSidechannel(ctx)
if err != nil {
return nil, helper.ErrUnavailable(err)
}
defer conn.Close()
sidebandWriter := pktline.NewSidebandWriter(conn)
stdout := sidebandWriter.Writer(stream.BandStdout)
stderr := sidebandWriter.Writer(stream.BandStderr)
if _, err := s.sshUploadPack(ctx, req, conn, stdout, stderr); err != nil {
return nil, helper.ErrInternal(err)
}
if err := conn.Close(); err != nil {
return nil, helper.ErrInternalf("close sidechannel: %w", err)
}
return &gitalypb.SSHUploadPackWithSidechannelResponse{}, nil
}
|
