1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
package ssh
import (
"context"
"fmt"
grpc_logrus "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus"
log "github.com/sirupsen/logrus"
"gitlab.com/gitlab-org/gitaly/internal/command"
"gitlab.com/gitlab-org/gitaly/internal/git"
"gitlab.com/gitlab-org/gitaly/internal/git/pktline"
"gitlab.com/gitlab-org/gitaly/internal/helper"
"gitlab.com/gitlab-org/gitaly/internal/service/inspect"
"gitlab.com/gitlab-org/gitaly/proto/go/gitalypb"
"gitlab.com/gitlab-org/gitaly/streamio"
)
func (s *server) SSHUploadPack(stream gitalypb.SSHService_SSHUploadPackServer) error {
req, err := stream.Recv() // First request contains Repository only
if err != nil {
return helper.ErrInternal(err)
}
repository := ""
if req.Repository != nil {
repository = req.Repository.GlRepository
}
grpc_logrus.Extract(stream.Context()).WithFields(log.Fields{
"GlRepository": repository,
"GitConfigOptions": req.GitConfigOptions,
"GitProtocol": req.GitProtocol,
}).Debug("SSHUploadPack")
if err = validateFirstUploadPackRequest(req); err != nil {
return helper.ErrInvalidArgument(err)
}
if err = s.sshUploadPack(stream, req); err != nil {
return helper.ErrInternal(err)
}
return nil
}
func (s *server) sshUploadPack(stream gitalypb.SSHService_SSHUploadPackServer, req *gitalypb.SSHUploadPackRequest) error {
ctx, cancelCtx := context.WithCancel(stream.Context())
defer cancelCtx()
stdin := streamio.NewReader(func() ([]byte, error) {
request, err := stream.Recv()
return request.GetStdin(), err
})
stdoutWriter := streamio.NewWriter(func(p []byte) error {
return stream.Send(&gitalypb.SSHUploadPackResponse{Stdout: p})
})
// TODO: it is first step of the https://gitlab.com/gitlab-org/gitaly/issues/1519
// needs to be removed after we get some statistics on this
stdout := inspect.NewWriter(stdoutWriter, inspect.LogPackInfoStatistic(ctx))
defer stdout.Close()
stderr := streamio.NewWriter(func(p []byte) error {
return stream.Send(&gitalypb.SSHUploadPackResponse{Stderr: p})
})
env := git.AddGitProtocolEnv(ctx, req, command.GitEnv)
repoPath, err := helper.GetRepoPath(req.Repository)
if err != nil {
return err
}
git.WarnIfTooManyBitmaps(ctx, repoPath)
var globalOpts []git.Option
for _, o := range req.GitConfigOptions {
globalOpts = append(globalOpts, git.ValueFlag{"-c", o})
}
cmd, monitor, err := monitorStdinCommand(ctx, stdin, stdout, stderr, env, globalOpts, git.SubCmd{
Name: "upload-pack",
Args: []string{repoPath},
})
if err != nil {
return err
}
// upload-pack negotiation is terminated by either a flush, or the "done"
// packet: https://github.com/git/git/blob/v2.20.0/Documentation/technical/pack-protocol.txt#L335
//
// "flush" tells the server it can terminate, while "done" tells it to start
// generating a packfile. Add a timeout to the second case to mitigate
// use-after-check attacks.
go monitor.Monitor(pktline.PktDone(), s.uploadPackRequestTimeout, cancelCtx)
if err := cmd.Wait(); err != nil {
if status, ok := command.ExitStatus(err); ok {
return stream.Send(&gitalypb.SSHUploadPackResponse{
ExitStatus: &gitalypb.ExitStatus{Value: int32(status)},
})
}
return fmt.Errorf("cmd wait: %v", err)
}
return nil
}
func validateFirstUploadPackRequest(req *gitalypb.SSHUploadPackRequest) error {
if req.Stdin != nil {
return fmt.Errorf("non-empty stdin in first request")
}
return nil
}
|