Show More
@@ -1,1375 +1,1379 b'' | |||
|
1 | 1 | # dispatch.py - command dispatching for mercurial |
|
2 | 2 | # |
|
3 | 3 | # Copyright 2005-2007 Matt Mackall <mpm@selenic.com> |
|
4 | 4 | # |
|
5 | 5 | # This software may be used and distributed according to the terms of the |
|
6 | 6 | # GNU General Public License version 2 or any later version. |
|
7 | 7 | |
|
8 | 8 | from __future__ import absolute_import, print_function |
|
9 | 9 | |
|
10 | 10 | import errno |
|
11 | 11 | import getopt |
|
12 | 12 | import io |
|
13 | 13 | import os |
|
14 | 14 | import pdb |
|
15 | 15 | import re |
|
16 | 16 | import signal |
|
17 | 17 | import sys |
|
18 | 18 | import traceback |
|
19 | 19 | |
|
20 | 20 | |
|
21 | 21 | from .i18n import _ |
|
22 | 22 | from .pycompat import getattr |
|
23 | 23 | |
|
24 | 24 | from hgdemandimport import tracing |
|
25 | 25 | |
|
26 | 26 | from . import ( |
|
27 | 27 | cmdutil, |
|
28 | 28 | color, |
|
29 | 29 | commands, |
|
30 | 30 | demandimport, |
|
31 | 31 | encoding, |
|
32 | 32 | error, |
|
33 | 33 | extensions, |
|
34 | 34 | fancyopts, |
|
35 | 35 | help, |
|
36 | 36 | hg, |
|
37 | 37 | hook, |
|
38 | 38 | localrepo, |
|
39 | 39 | profiling, |
|
40 | 40 | pycompat, |
|
41 | 41 | rcutil, |
|
42 | 42 | registrar, |
|
43 | 43 | requirements as requirementsmod, |
|
44 | 44 | scmutil, |
|
45 | 45 | ui as uimod, |
|
46 | 46 | util, |
|
47 | 47 | vfs, |
|
48 | 48 | ) |
|
49 | 49 | |
|
50 | 50 | from .utils import ( |
|
51 | 51 | procutil, |
|
52 | 52 | stringutil, |
|
53 | 53 | ) |
|
54 | 54 | |
|
55 | 55 | |
|
56 | 56 | class request(object): |
|
57 | 57 | def __init__( |
|
58 | 58 | self, |
|
59 | 59 | args, |
|
60 | 60 | ui=None, |
|
61 | 61 | repo=None, |
|
62 | 62 | fin=None, |
|
63 | 63 | fout=None, |
|
64 | 64 | ferr=None, |
|
65 | 65 | fmsg=None, |
|
66 | 66 | prereposetups=None, |
|
67 | 67 | ): |
|
68 | 68 | self.args = args |
|
69 | 69 | self.ui = ui |
|
70 | 70 | self.repo = repo |
|
71 | 71 | |
|
72 | 72 | # input/output/error streams |
|
73 | 73 | self.fin = fin |
|
74 | 74 | self.fout = fout |
|
75 | 75 | self.ferr = ferr |
|
76 | 76 | # separate stream for status/error messages |
|
77 | 77 | self.fmsg = fmsg |
|
78 | 78 | |
|
79 | 79 | # remember options pre-parsed by _earlyparseopts() |
|
80 | 80 | self.earlyoptions = {} |
|
81 | 81 | |
|
82 | 82 | # reposetups which run before extensions, useful for chg to pre-fill |
|
83 | 83 | # low-level repo state (for example, changelog) before extensions. |
|
84 | 84 | self.prereposetups = prereposetups or [] |
|
85 | 85 | |
|
86 | 86 | # store the parsed and canonical command |
|
87 | 87 | self.canonical_command = None |
|
88 | 88 | |
|
89 | 89 | def _runexithandlers(self): |
|
90 | 90 | exc = None |
|
91 | 91 | handlers = self.ui._exithandlers |
|
92 | 92 | try: |
|
93 | 93 | while handlers: |
|
94 | 94 | func, args, kwargs = handlers.pop() |
|
95 | 95 | try: |
|
96 | 96 | func(*args, **kwargs) |
|
97 | 97 | except: # re-raises below |
|
98 | 98 | if exc is None: |
|
99 | 99 | exc = sys.exc_info()[1] |
|
100 | 100 | self.ui.warnnoi18n(b'error in exit handlers:\n') |
|
101 | 101 | self.ui.traceback(force=True) |
|
102 | 102 | finally: |
|
103 | 103 | if exc is not None: |
|
104 | 104 | raise exc |
|
105 | 105 | |
|
106 | 106 | |
|
107 | 107 | def _flushstdio(ui, err): |
|
108 | 108 | status = None |
|
109 | 109 | # In all cases we try to flush stdio streams. |
|
110 | 110 | if util.safehasattr(ui, b'fout'): |
|
111 | 111 | assert ui is not None # help pytype |
|
112 | 112 | assert ui.fout is not None # help pytype |
|
113 | 113 | try: |
|
114 | 114 | ui.fout.flush() |
|
115 | 115 | except IOError as e: |
|
116 | 116 | err = e |
|
117 | 117 | status = -1 |
|
118 | 118 | |
|
119 | 119 | if util.safehasattr(ui, b'ferr'): |
|
120 | 120 | assert ui is not None # help pytype |
|
121 | 121 | assert ui.ferr is not None # help pytype |
|
122 | 122 | try: |
|
123 | 123 | if err is not None and err.errno != errno.EPIPE: |
|
124 | 124 | ui.ferr.write( |
|
125 | 125 | b'abort: %s\n' % encoding.strtolocal(err.strerror) |
|
126 | 126 | ) |
|
127 | 127 | ui.ferr.flush() |
|
128 | 128 | # There's not much we can do about an I/O error here. So (possibly) |
|
129 | 129 | # change the status code and move on. |
|
130 | 130 | except IOError: |
|
131 | 131 | status = -1 |
|
132 | 132 | |
|
133 | 133 | return status |
|
134 | 134 | |
|
135 | 135 | |
|
136 | 136 | def run(): |
|
137 | 137 | """run the command in sys.argv""" |
|
138 | 138 | try: |
|
139 | 139 | initstdio() |
|
140 | 140 | with tracing.log('parse args into request'): |
|
141 | 141 | req = request(pycompat.sysargv[1:]) |
|
142 | 142 | |
|
143 | 143 | status = dispatch(req) |
|
144 | 144 | _silencestdio() |
|
145 | 145 | except KeyboardInterrupt: |
|
146 | 146 | # Catch early/late KeyboardInterrupt as last ditch. Here nothing will |
|
147 | 147 | # be printed to console to avoid another IOError/KeyboardInterrupt. |
|
148 | 148 | status = -1 |
|
149 | 149 | sys.exit(status & 255) |
|
150 | 150 | |
|
151 | 151 | |
|
152 | 152 | if pycompat.ispy3: |
|
153 | 153 | |
|
154 | 154 | def initstdio(): |
|
155 | 155 | # stdio streams on Python 3 are io.TextIOWrapper instances proxying another |
|
156 | 156 | # buffer. These streams will normalize \n to \r\n by default. Mercurial's |
|
157 | 157 | # preferred mechanism for writing output (ui.write()) uses io.BufferedWriter |
|
158 | 158 | # instances, which write to the underlying stdio file descriptor in binary |
|
159 | 159 | # mode. ui.write() uses \n for line endings and no line ending normalization |
|
160 | 160 | # is attempted through this interface. This "just works," even if the system |
|
161 | 161 | # preferred line ending is not \n. |
|
162 | 162 | # |
|
163 | 163 | # But some parts of Mercurial (e.g. hooks) can still send data to sys.stdout |
|
164 | 164 | # and sys.stderr. They will inherit the line ending normalization settings, |
|
165 | 165 | # potentially causing e.g. \r\n to be emitted. Since emitting \n should |
|
166 | 166 | # "just work," here we change the sys.* streams to disable line ending |
|
167 | 167 | # normalization, ensuring compatibility with our ui type. |
|
168 | 168 | |
|
169 | 169 | if sys.stdout is not None: |
|
170 | 170 | # write_through is new in Python 3.7. |
|
171 | 171 | kwargs = { |
|
172 | 172 | "newline": "\n", |
|
173 | 173 | "line_buffering": sys.stdout.line_buffering, |
|
174 | 174 | } |
|
175 | 175 | if util.safehasattr(sys.stdout, "write_through"): |
|
176 | # pytype: disable=attribute-error | |
|
176 | 177 | kwargs["write_through"] = sys.stdout.write_through |
|
178 | # pytype: enable=attribute-error | |
|
177 | 179 | sys.stdout = io.TextIOWrapper( |
|
178 | 180 | sys.stdout.buffer, |
|
179 | 181 | sys.stdout.encoding, |
|
180 | 182 | sys.stdout.errors, |
|
181 | 183 | **kwargs |
|
182 | 184 | ) |
|
183 | 185 | |
|
184 | 186 | if sys.stderr is not None: |
|
185 | 187 | kwargs = { |
|
186 | 188 | "newline": "\n", |
|
187 | 189 | "line_buffering": sys.stderr.line_buffering, |
|
188 | 190 | } |
|
189 | 191 | if util.safehasattr(sys.stderr, "write_through"): |
|
192 | # pytype: disable=attribute-error | |
|
190 | 193 | kwargs["write_through"] = sys.stderr.write_through |
|
194 | # pytype: enable=attribute-error | |
|
191 | 195 | sys.stderr = io.TextIOWrapper( |
|
192 | 196 | sys.stderr.buffer, |
|
193 | 197 | sys.stderr.encoding, |
|
194 | 198 | sys.stderr.errors, |
|
195 | 199 | **kwargs |
|
196 | 200 | ) |
|
197 | 201 | |
|
198 | 202 | if sys.stdin is not None: |
|
199 | 203 | # No write_through on read-only stream. |
|
200 | 204 | sys.stdin = io.TextIOWrapper( |
|
201 | 205 | sys.stdin.buffer, |
|
202 | 206 | sys.stdin.encoding, |
|
203 | 207 | sys.stdin.errors, |
|
204 | 208 | # None is universal newlines mode. |
|
205 | 209 | newline=None, |
|
206 | 210 | line_buffering=sys.stdin.line_buffering, |
|
207 | 211 | ) |
|
208 | 212 | |
|
209 | 213 | def _silencestdio(): |
|
210 | 214 | for fp in (sys.stdout, sys.stderr): |
|
211 | 215 | if fp is None: |
|
212 | 216 | continue |
|
213 | 217 | # Check if the file is okay |
|
214 | 218 | try: |
|
215 | 219 | fp.flush() |
|
216 | 220 | continue |
|
217 | 221 | except IOError: |
|
218 | 222 | pass |
|
219 | 223 | # Otherwise mark it as closed to silence "Exception ignored in" |
|
220 | 224 | # message emitted by the interpreter finalizer. |
|
221 | 225 | try: |
|
222 | 226 | fp.close() |
|
223 | 227 | except IOError: |
|
224 | 228 | pass |
|
225 | 229 | |
|
226 | 230 | |
|
227 | 231 | else: |
|
228 | 232 | |
|
229 | 233 | def initstdio(): |
|
230 | 234 | for fp in (sys.stdin, sys.stdout, sys.stderr): |
|
231 | 235 | procutil.setbinary(fp) |
|
232 | 236 | |
|
233 | 237 | def _silencestdio(): |
|
234 | 238 | pass |
|
235 | 239 | |
|
236 | 240 | |
|
237 | 241 | def _formatargs(args): |
|
238 | 242 | return b' '.join(procutil.shellquote(a) for a in args) |
|
239 | 243 | |
|
240 | 244 | |
|
241 | 245 | def dispatch(req): |
|
242 | 246 | """run the command specified in req.args; returns an integer status code""" |
|
243 | 247 | err = None |
|
244 | 248 | try: |
|
245 | 249 | status = _rundispatch(req) |
|
246 | 250 | except error.StdioError as e: |
|
247 | 251 | err = e |
|
248 | 252 | status = -1 |
|
249 | 253 | |
|
250 | 254 | ret = _flushstdio(req.ui, err) |
|
251 | 255 | if ret: |
|
252 | 256 | status = ret |
|
253 | 257 | return status |
|
254 | 258 | |
|
255 | 259 | |
|
256 | 260 | def _rundispatch(req): |
|
257 | 261 | with tracing.log('dispatch._rundispatch'): |
|
258 | 262 | if req.ferr: |
|
259 | 263 | ferr = req.ferr |
|
260 | 264 | elif req.ui: |
|
261 | 265 | ferr = req.ui.ferr |
|
262 | 266 | else: |
|
263 | 267 | ferr = procutil.stderr |
|
264 | 268 | |
|
265 | 269 | try: |
|
266 | 270 | if not req.ui: |
|
267 | 271 | req.ui = uimod.ui.load() |
|
268 | 272 | req.earlyoptions.update(_earlyparseopts(req.ui, req.args)) |
|
269 | 273 | if req.earlyoptions[b'traceback']: |
|
270 | 274 | req.ui.setconfig(b'ui', b'traceback', b'on', b'--traceback') |
|
271 | 275 | |
|
272 | 276 | # set ui streams from the request |
|
273 | 277 | if req.fin: |
|
274 | 278 | req.ui.fin = req.fin |
|
275 | 279 | if req.fout: |
|
276 | 280 | req.ui.fout = req.fout |
|
277 | 281 | if req.ferr: |
|
278 | 282 | req.ui.ferr = req.ferr |
|
279 | 283 | if req.fmsg: |
|
280 | 284 | req.ui.fmsg = req.fmsg |
|
281 | 285 | except error.Abort as inst: |
|
282 | 286 | ferr.write(inst.format()) |
|
283 | 287 | return -1 |
|
284 | 288 | |
|
285 | 289 | msg = _formatargs(req.args) |
|
286 | 290 | starttime = util.timer() |
|
287 | 291 | ret = 1 # default of Python exit code on unhandled exception |
|
288 | 292 | try: |
|
289 | 293 | ret = _runcatch(req) or 0 |
|
290 | 294 | except error.ProgrammingError as inst: |
|
291 | 295 | req.ui.error(_(b'** ProgrammingError: %s\n') % inst) |
|
292 | 296 | if inst.hint: |
|
293 | 297 | req.ui.error(_(b'** (%s)\n') % inst.hint) |
|
294 | 298 | raise |
|
295 | 299 | except KeyboardInterrupt as inst: |
|
296 | 300 | try: |
|
297 | 301 | if isinstance(inst, error.SignalInterrupt): |
|
298 | 302 | msg = _(b"killed!\n") |
|
299 | 303 | else: |
|
300 | 304 | msg = _(b"interrupted!\n") |
|
301 | 305 | req.ui.error(msg) |
|
302 | 306 | except error.SignalInterrupt: |
|
303 | 307 | # maybe pager would quit without consuming all the output, and |
|
304 | 308 | # SIGPIPE was raised. we cannot print anything in this case. |
|
305 | 309 | pass |
|
306 | 310 | except IOError as inst: |
|
307 | 311 | if inst.errno != errno.EPIPE: |
|
308 | 312 | raise |
|
309 | 313 | ret = -1 |
|
310 | 314 | finally: |
|
311 | 315 | duration = util.timer() - starttime |
|
312 | 316 | req.ui.flush() # record blocked times |
|
313 | 317 | if req.ui.logblockedtimes: |
|
314 | 318 | req.ui._blockedtimes[b'command_duration'] = duration * 1000 |
|
315 | 319 | req.ui.log( |
|
316 | 320 | b'uiblocked', |
|
317 | 321 | b'ui blocked ms\n', |
|
318 | 322 | **pycompat.strkwargs(req.ui._blockedtimes) |
|
319 | 323 | ) |
|
320 | 324 | return_code = ret & 255 |
|
321 | 325 | req.ui.log( |
|
322 | 326 | b"commandfinish", |
|
323 | 327 | b"%s exited %d after %0.2f seconds\n", |
|
324 | 328 | msg, |
|
325 | 329 | return_code, |
|
326 | 330 | duration, |
|
327 | 331 | return_code=return_code, |
|
328 | 332 | duration=duration, |
|
329 | 333 | canonical_command=req.canonical_command, |
|
330 | 334 | ) |
|
331 | 335 | try: |
|
332 | 336 | req._runexithandlers() |
|
333 | 337 | except: # exiting, so no re-raises |
|
334 | 338 | ret = ret or -1 |
|
335 | 339 | # do flush again since ui.log() and exit handlers may write to ui |
|
336 | 340 | req.ui.flush() |
|
337 | 341 | return ret |
|
338 | 342 | |
|
339 | 343 | |
|
340 | 344 | def _runcatch(req): |
|
341 | 345 | with tracing.log('dispatch._runcatch'): |
|
342 | 346 | |
|
343 | 347 | def catchterm(*args): |
|
344 | 348 | raise error.SignalInterrupt |
|
345 | 349 | |
|
346 | 350 | ui = req.ui |
|
347 | 351 | try: |
|
348 | 352 | for name in b'SIGBREAK', b'SIGHUP', b'SIGTERM': |
|
349 | 353 | num = getattr(signal, name, None) |
|
350 | 354 | if num: |
|
351 | 355 | signal.signal(num, catchterm) |
|
352 | 356 | except ValueError: |
|
353 | 357 | pass # happens if called in a thread |
|
354 | 358 | |
|
355 | 359 | def _runcatchfunc(): |
|
356 | 360 | realcmd = None |
|
357 | 361 | try: |
|
358 | 362 | cmdargs = fancyopts.fancyopts( |
|
359 | 363 | req.args[:], commands.globalopts, {} |
|
360 | 364 | ) |
|
361 | 365 | cmd = cmdargs[0] |
|
362 | 366 | aliases, entry = cmdutil.findcmd(cmd, commands.table, False) |
|
363 | 367 | realcmd = aliases[0] |
|
364 | 368 | except ( |
|
365 | 369 | error.UnknownCommand, |
|
366 | 370 | error.AmbiguousCommand, |
|
367 | 371 | IndexError, |
|
368 | 372 | getopt.GetoptError, |
|
369 | 373 | ): |
|
370 | 374 | # Don't handle this here. We know the command is |
|
371 | 375 | # invalid, but all we're worried about for now is that |
|
372 | 376 | # it's not a command that server operators expect to |
|
373 | 377 | # be safe to offer to users in a sandbox. |
|
374 | 378 | pass |
|
375 | 379 | if realcmd == b'serve' and b'--stdio' in cmdargs: |
|
376 | 380 | # We want to constrain 'hg serve --stdio' instances pretty |
|
377 | 381 | # closely, as many shared-ssh access tools want to grant |
|
378 | 382 | # access to run *only* 'hg -R $repo serve --stdio'. We |
|
379 | 383 | # restrict to exactly that set of arguments, and prohibit |
|
380 | 384 | # any repo name that starts with '--' to prevent |
|
381 | 385 | # shenanigans wherein a user does something like pass |
|
382 | 386 | # --debugger or --config=ui.debugger=1 as a repo |
|
383 | 387 | # name. This used to actually run the debugger. |
|
384 | 388 | if ( |
|
385 | 389 | len(req.args) != 4 |
|
386 | 390 | or req.args[0] != b'-R' |
|
387 | 391 | or req.args[1].startswith(b'--') |
|
388 | 392 | or req.args[2] != b'serve' |
|
389 | 393 | or req.args[3] != b'--stdio' |
|
390 | 394 | ): |
|
391 | 395 | raise error.Abort( |
|
392 | 396 | _(b'potentially unsafe serve --stdio invocation: %s') |
|
393 | 397 | % (stringutil.pprint(req.args),) |
|
394 | 398 | ) |
|
395 | 399 | |
|
396 | 400 | try: |
|
397 | 401 | debugger = b'pdb' |
|
398 | 402 | debugtrace = {b'pdb': pdb.set_trace} |
|
399 | 403 | debugmortem = {b'pdb': pdb.post_mortem} |
|
400 | 404 | |
|
401 | 405 | # read --config before doing anything else |
|
402 | 406 | # (e.g. to change trust settings for reading .hg/hgrc) |
|
403 | 407 | cfgs = _parseconfig(req.ui, req.earlyoptions[b'config']) |
|
404 | 408 | |
|
405 | 409 | if req.repo: |
|
406 | 410 | # copy configs that were passed on the cmdline (--config) to |
|
407 | 411 | # the repo ui |
|
408 | 412 | for sec, name, val in cfgs: |
|
409 | 413 | req.repo.ui.setconfig( |
|
410 | 414 | sec, name, val, source=b'--config' |
|
411 | 415 | ) |
|
412 | 416 | |
|
413 | 417 | # developer config: ui.debugger |
|
414 | 418 | debugger = ui.config(b"ui", b"debugger") |
|
415 | 419 | debugmod = pdb |
|
416 | 420 | if not debugger or ui.plain(): |
|
417 | 421 | # if we are in HGPLAIN mode, then disable custom debugging |
|
418 | 422 | debugger = b'pdb' |
|
419 | 423 | elif req.earlyoptions[b'debugger']: |
|
420 | 424 | # This import can be slow for fancy debuggers, so only |
|
421 | 425 | # do it when absolutely necessary, i.e. when actual |
|
422 | 426 | # debugging has been requested |
|
423 | 427 | with demandimport.deactivated(): |
|
424 | 428 | try: |
|
425 | 429 | debugmod = __import__(debugger) |
|
426 | 430 | except ImportError: |
|
427 | 431 | pass # Leave debugmod = pdb |
|
428 | 432 | |
|
429 | 433 | debugtrace[debugger] = debugmod.set_trace |
|
430 | 434 | debugmortem[debugger] = debugmod.post_mortem |
|
431 | 435 | |
|
432 | 436 | # enter the debugger before command execution |
|
433 | 437 | if req.earlyoptions[b'debugger']: |
|
434 | 438 | ui.warn( |
|
435 | 439 | _( |
|
436 | 440 | b"entering debugger - " |
|
437 | 441 | b"type c to continue starting hg or h for help\n" |
|
438 | 442 | ) |
|
439 | 443 | ) |
|
440 | 444 | |
|
441 | 445 | if ( |
|
442 | 446 | debugger != b'pdb' |
|
443 | 447 | and debugtrace[debugger] == debugtrace[b'pdb'] |
|
444 | 448 | ): |
|
445 | 449 | ui.warn( |
|
446 | 450 | _( |
|
447 | 451 | b"%s debugger specified " |
|
448 | 452 | b"but its module was not found\n" |
|
449 | 453 | ) |
|
450 | 454 | % debugger |
|
451 | 455 | ) |
|
452 | 456 | with demandimport.deactivated(): |
|
453 | 457 | debugtrace[debugger]() |
|
454 | 458 | try: |
|
455 | 459 | return _dispatch(req) |
|
456 | 460 | finally: |
|
457 | 461 | ui.flush() |
|
458 | 462 | except: # re-raises |
|
459 | 463 | # enter the debugger when we hit an exception |
|
460 | 464 | if req.earlyoptions[b'debugger']: |
|
461 | 465 | traceback.print_exc() |
|
462 | 466 | debugmortem[debugger](sys.exc_info()[2]) |
|
463 | 467 | raise |
|
464 | 468 | |
|
465 | 469 | return _callcatch(ui, _runcatchfunc) |
|
466 | 470 | |
|
467 | 471 | |
|
468 | 472 | def _callcatch(ui, func): |
|
469 | 473 | """like scmutil.callcatch but handles more high-level exceptions about |
|
470 | 474 | config parsing and commands. besides, use handlecommandexception to handle |
|
471 | 475 | uncaught exceptions. |
|
472 | 476 | """ |
|
473 | 477 | detailed_exit_code = -1 |
|
474 | 478 | try: |
|
475 | 479 | return scmutil.callcatch(ui, func) |
|
476 | 480 | except error.AmbiguousCommand as inst: |
|
477 | 481 | detailed_exit_code = 10 |
|
478 | 482 | ui.warn( |
|
479 | 483 | _(b"hg: command '%s' is ambiguous:\n %s\n") |
|
480 | 484 | % (inst.prefix, b" ".join(inst.matches)) |
|
481 | 485 | ) |
|
482 | 486 | except error.CommandError as inst: |
|
483 | 487 | detailed_exit_code = 10 |
|
484 | 488 | if inst.command: |
|
485 | 489 | ui.pager(b'help') |
|
486 | 490 | msgbytes = pycompat.bytestr(inst.message) |
|
487 | 491 | ui.warn(_(b"hg %s: %s\n") % (inst.command, msgbytes)) |
|
488 | 492 | commands.help_(ui, inst.command, full=False, command=True) |
|
489 | 493 | else: |
|
490 | 494 | ui.warn(_(b"hg: %s\n") % inst.message) |
|
491 | 495 | ui.warn(_(b"(use 'hg help -v' for a list of global options)\n")) |
|
492 | 496 | except error.UnknownCommand as inst: |
|
493 | 497 | detailed_exit_code = 10 |
|
494 | 498 | nocmdmsg = _(b"hg: unknown command '%s'\n") % inst.command |
|
495 | 499 | try: |
|
496 | 500 | # check if the command is in a disabled extension |
|
497 | 501 | # (but don't check for extensions themselves) |
|
498 | 502 | formatted = help.formattedhelp( |
|
499 | 503 | ui, commands, inst.command, unknowncmd=True |
|
500 | 504 | ) |
|
501 | 505 | ui.warn(nocmdmsg) |
|
502 | 506 | ui.write(formatted) |
|
503 | 507 | except (error.UnknownCommand, error.Abort): |
|
504 | 508 | suggested = False |
|
505 | 509 | if inst.all_commands: |
|
506 | 510 | sim = error.getsimilar(inst.all_commands, inst.command) |
|
507 | 511 | if sim: |
|
508 | 512 | ui.warn(nocmdmsg) |
|
509 | 513 | ui.warn(b"(%s)\n" % error.similarity_hint(sim)) |
|
510 | 514 | suggested = True |
|
511 | 515 | if not suggested: |
|
512 | 516 | ui.warn(nocmdmsg) |
|
513 | 517 | ui.warn(_(b"(use 'hg help' for a list of commands)\n")) |
|
514 | 518 | except IOError: |
|
515 | 519 | raise |
|
516 | 520 | except KeyboardInterrupt: |
|
517 | 521 | raise |
|
518 | 522 | except: # probably re-raises |
|
519 | 523 | if not handlecommandexception(ui): |
|
520 | 524 | raise |
|
521 | 525 | |
|
522 | 526 | if ui.configbool(b'ui', b'detailed-exit-code'): |
|
523 | 527 | return detailed_exit_code |
|
524 | 528 | else: |
|
525 | 529 | return -1 |
|
526 | 530 | |
|
527 | 531 | |
|
528 | 532 | def aliasargs(fn, givenargs): |
|
529 | 533 | args = [] |
|
530 | 534 | # only care about alias 'args', ignore 'args' set by extensions.wrapfunction |
|
531 | 535 | if not util.safehasattr(fn, b'_origfunc'): |
|
532 | 536 | args = getattr(fn, 'args', args) |
|
533 | 537 | if args: |
|
534 | 538 | cmd = b' '.join(map(procutil.shellquote, args)) |
|
535 | 539 | |
|
536 | 540 | nums = [] |
|
537 | 541 | |
|
538 | 542 | def replacer(m): |
|
539 | 543 | num = int(m.group(1)) - 1 |
|
540 | 544 | nums.append(num) |
|
541 | 545 | if num < len(givenargs): |
|
542 | 546 | return givenargs[num] |
|
543 | 547 | raise error.InputError(_(b'too few arguments for command alias')) |
|
544 | 548 | |
|
545 | 549 | cmd = re.sub(br'\$(\d+|\$)', replacer, cmd) |
|
546 | 550 | givenargs = [x for i, x in enumerate(givenargs) if i not in nums] |
|
547 | 551 | args = pycompat.shlexsplit(cmd) |
|
548 | 552 | return args + givenargs |
|
549 | 553 | |
|
550 | 554 | |
|
551 | 555 | def aliasinterpolate(name, args, cmd): |
|
552 | 556 | """interpolate args into cmd for shell aliases |
|
553 | 557 | |
|
554 | 558 | This also handles $0, $@ and "$@". |
|
555 | 559 | """ |
|
556 | 560 | # util.interpolate can't deal with "$@" (with quotes) because it's only |
|
557 | 561 | # built to match prefix + patterns. |
|
558 | 562 | replacemap = {b'$%d' % (i + 1): arg for i, arg in enumerate(args)} |
|
559 | 563 | replacemap[b'$0'] = name |
|
560 | 564 | replacemap[b'$$'] = b'$' |
|
561 | 565 | replacemap[b'$@'] = b' '.join(args) |
|
562 | 566 | # Typical Unix shells interpolate "$@" (with quotes) as all the positional |
|
563 | 567 | # parameters, separated out into words. Emulate the same behavior here by |
|
564 | 568 | # quoting the arguments individually. POSIX shells will then typically |
|
565 | 569 | # tokenize each argument into exactly one word. |
|
566 | 570 | replacemap[b'"$@"'] = b' '.join(procutil.shellquote(arg) for arg in args) |
|
567 | 571 | # escape '\$' for regex |
|
568 | 572 | regex = b'|'.join(replacemap.keys()).replace(b'$', br'\$') |
|
569 | 573 | r = re.compile(regex) |
|
570 | 574 | return r.sub(lambda x: replacemap[x.group()], cmd) |
|
571 | 575 | |
|
572 | 576 | |
|
573 | 577 | class cmdalias(object): |
|
574 | 578 | def __init__(self, ui, name, definition, cmdtable, source): |
|
575 | 579 | self.name = self.cmd = name |
|
576 | 580 | self.cmdname = b'' |
|
577 | 581 | self.definition = definition |
|
578 | 582 | self.fn = None |
|
579 | 583 | self.givenargs = [] |
|
580 | 584 | self.opts = [] |
|
581 | 585 | self.help = b'' |
|
582 | 586 | self.badalias = None |
|
583 | 587 | self.unknowncmd = False |
|
584 | 588 | self.source = source |
|
585 | 589 | |
|
586 | 590 | try: |
|
587 | 591 | aliases, entry = cmdutil.findcmd(self.name, cmdtable) |
|
588 | 592 | for alias, e in pycompat.iteritems(cmdtable): |
|
589 | 593 | if e is entry: |
|
590 | 594 | self.cmd = alias |
|
591 | 595 | break |
|
592 | 596 | self.shadows = True |
|
593 | 597 | except error.UnknownCommand: |
|
594 | 598 | self.shadows = False |
|
595 | 599 | |
|
596 | 600 | if not self.definition: |
|
597 | 601 | self.badalias = _(b"no definition for alias '%s'") % self.name |
|
598 | 602 | return |
|
599 | 603 | |
|
600 | 604 | if self.definition.startswith(b'!'): |
|
601 | 605 | shdef = self.definition[1:] |
|
602 | 606 | self.shell = True |
|
603 | 607 | |
|
604 | 608 | def fn(ui, *args): |
|
605 | 609 | env = {b'HG_ARGS': b' '.join((self.name,) + args)} |
|
606 | 610 | |
|
607 | 611 | def _checkvar(m): |
|
608 | 612 | if m.groups()[0] == b'$': |
|
609 | 613 | return m.group() |
|
610 | 614 | elif int(m.groups()[0]) <= len(args): |
|
611 | 615 | return m.group() |
|
612 | 616 | else: |
|
613 | 617 | ui.debug( |
|
614 | 618 | b"No argument found for substitution " |
|
615 | 619 | b"of %i variable in alias '%s' definition.\n" |
|
616 | 620 | % (int(m.groups()[0]), self.name) |
|
617 | 621 | ) |
|
618 | 622 | return b'' |
|
619 | 623 | |
|
620 | 624 | cmd = re.sub(br'\$(\d+|\$)', _checkvar, shdef) |
|
621 | 625 | cmd = aliasinterpolate(self.name, args, cmd) |
|
622 | 626 | return ui.system( |
|
623 | 627 | cmd, environ=env, blockedtag=b'alias_%s' % self.name |
|
624 | 628 | ) |
|
625 | 629 | |
|
626 | 630 | self.fn = fn |
|
627 | 631 | self.alias = True |
|
628 | 632 | self._populatehelp(ui, name, shdef, self.fn) |
|
629 | 633 | return |
|
630 | 634 | |
|
631 | 635 | try: |
|
632 | 636 | args = pycompat.shlexsplit(self.definition) |
|
633 | 637 | except ValueError as inst: |
|
634 | 638 | self.badalias = _(b"error in definition for alias '%s': %s") % ( |
|
635 | 639 | self.name, |
|
636 | 640 | stringutil.forcebytestr(inst), |
|
637 | 641 | ) |
|
638 | 642 | return |
|
639 | 643 | earlyopts, args = _earlysplitopts(args) |
|
640 | 644 | if earlyopts: |
|
641 | 645 | self.badalias = _( |
|
642 | 646 | b"error in definition for alias '%s': %s may " |
|
643 | 647 | b"only be given on the command line" |
|
644 | 648 | ) % (self.name, b'/'.join(pycompat.ziplist(*earlyopts)[0])) |
|
645 | 649 | return |
|
646 | 650 | self.cmdname = cmd = args.pop(0) |
|
647 | 651 | self.givenargs = args |
|
648 | 652 | |
|
649 | 653 | try: |
|
650 | 654 | tableentry = cmdutil.findcmd(cmd, cmdtable, False)[1] |
|
651 | 655 | if len(tableentry) > 2: |
|
652 | 656 | self.fn, self.opts, cmdhelp = tableentry |
|
653 | 657 | else: |
|
654 | 658 | self.fn, self.opts = tableentry |
|
655 | 659 | cmdhelp = None |
|
656 | 660 | |
|
657 | 661 | self.alias = True |
|
658 | 662 | self._populatehelp(ui, name, cmd, self.fn, cmdhelp) |
|
659 | 663 | |
|
660 | 664 | except error.UnknownCommand: |
|
661 | 665 | self.badalias = _( |
|
662 | 666 | b"alias '%s' resolves to unknown command '%s'" |
|
663 | 667 | ) % ( |
|
664 | 668 | self.name, |
|
665 | 669 | cmd, |
|
666 | 670 | ) |
|
667 | 671 | self.unknowncmd = True |
|
668 | 672 | except error.AmbiguousCommand: |
|
669 | 673 | self.badalias = _( |
|
670 | 674 | b"alias '%s' resolves to ambiguous command '%s'" |
|
671 | 675 | ) % ( |
|
672 | 676 | self.name, |
|
673 | 677 | cmd, |
|
674 | 678 | ) |
|
675 | 679 | |
|
676 | 680 | def _populatehelp(self, ui, name, cmd, fn, defaulthelp=None): |
|
677 | 681 | # confine strings to be passed to i18n.gettext() |
|
678 | 682 | cfg = {} |
|
679 | 683 | for k in (b'doc', b'help', b'category'): |
|
680 | 684 | v = ui.config(b'alias', b'%s:%s' % (name, k), None) |
|
681 | 685 | if v is None: |
|
682 | 686 | continue |
|
683 | 687 | if not encoding.isasciistr(v): |
|
684 | 688 | self.badalias = _( |
|
685 | 689 | b"non-ASCII character in alias definition '%s:%s'" |
|
686 | 690 | ) % (name, k) |
|
687 | 691 | return |
|
688 | 692 | cfg[k] = v |
|
689 | 693 | |
|
690 | 694 | self.help = cfg.get(b'help', defaulthelp or b'') |
|
691 | 695 | if self.help and self.help.startswith(b"hg " + cmd): |
|
692 | 696 | # drop prefix in old-style help lines so hg shows the alias |
|
693 | 697 | self.help = self.help[4 + len(cmd) :] |
|
694 | 698 | |
|
695 | 699 | self.owndoc = b'doc' in cfg |
|
696 | 700 | doc = cfg.get(b'doc', pycompat.getdoc(fn)) |
|
697 | 701 | if doc is not None: |
|
698 | 702 | doc = pycompat.sysstr(doc) |
|
699 | 703 | self.__doc__ = doc |
|
700 | 704 | |
|
701 | 705 | self.helpcategory = cfg.get( |
|
702 | 706 | b'category', registrar.command.CATEGORY_NONE |
|
703 | 707 | ) |
|
704 | 708 | |
|
705 | 709 | @property |
|
706 | 710 | def args(self): |
|
707 | 711 | args = pycompat.maplist(util.expandpath, self.givenargs) |
|
708 | 712 | return aliasargs(self.fn, args) |
|
709 | 713 | |
|
710 | 714 | def __getattr__(self, name): |
|
711 | 715 | adefaults = { |
|
712 | 716 | 'norepo': True, |
|
713 | 717 | 'intents': set(), |
|
714 | 718 | 'optionalrepo': False, |
|
715 | 719 | 'inferrepo': False, |
|
716 | 720 | } |
|
717 | 721 | if name not in adefaults: |
|
718 | 722 | raise AttributeError(name) |
|
719 | 723 | if self.badalias or util.safehasattr(self, b'shell'): |
|
720 | 724 | return adefaults[name] |
|
721 | 725 | return getattr(self.fn, name) |
|
722 | 726 | |
|
723 | 727 | def __call__(self, ui, *args, **opts): |
|
724 | 728 | if self.badalias: |
|
725 | 729 | hint = None |
|
726 | 730 | if self.unknowncmd: |
|
727 | 731 | try: |
|
728 | 732 | # check if the command is in a disabled extension |
|
729 | 733 | cmd, ext = extensions.disabledcmd(ui, self.cmdname)[:2] |
|
730 | 734 | hint = _(b"'%s' is provided by '%s' extension") % (cmd, ext) |
|
731 | 735 | except error.UnknownCommand: |
|
732 | 736 | pass |
|
733 | 737 | raise error.ConfigError(self.badalias, hint=hint) |
|
734 | 738 | if self.shadows: |
|
735 | 739 | ui.debug( |
|
736 | 740 | b"alias '%s' shadows command '%s'\n" % (self.name, self.cmdname) |
|
737 | 741 | ) |
|
738 | 742 | |
|
739 | 743 | ui.log( |
|
740 | 744 | b'commandalias', |
|
741 | 745 | b"alias '%s' expands to '%s'\n", |
|
742 | 746 | self.name, |
|
743 | 747 | self.definition, |
|
744 | 748 | ) |
|
745 | 749 | if util.safehasattr(self, b'shell'): |
|
746 | 750 | return self.fn(ui, *args, **opts) |
|
747 | 751 | else: |
|
748 | 752 | try: |
|
749 | 753 | return util.checksignature(self.fn)(ui, *args, **opts) |
|
750 | 754 | except error.SignatureError: |
|
751 | 755 | args = b' '.join([self.cmdname] + self.args) |
|
752 | 756 | ui.debug(b"alias '%s' expands to '%s'\n" % (self.name, args)) |
|
753 | 757 | raise |
|
754 | 758 | |
|
755 | 759 | |
|
756 | 760 | class lazyaliasentry(object): |
|
757 | 761 | """like a typical command entry (func, opts, help), but is lazy""" |
|
758 | 762 | |
|
759 | 763 | def __init__(self, ui, name, definition, cmdtable, source): |
|
760 | 764 | self.ui = ui |
|
761 | 765 | self.name = name |
|
762 | 766 | self.definition = definition |
|
763 | 767 | self.cmdtable = cmdtable.copy() |
|
764 | 768 | self.source = source |
|
765 | 769 | self.alias = True |
|
766 | 770 | |
|
767 | 771 | @util.propertycache |
|
768 | 772 | def _aliasdef(self): |
|
769 | 773 | return cmdalias( |
|
770 | 774 | self.ui, self.name, self.definition, self.cmdtable, self.source |
|
771 | 775 | ) |
|
772 | 776 | |
|
773 | 777 | def __getitem__(self, n): |
|
774 | 778 | aliasdef = self._aliasdef |
|
775 | 779 | if n == 0: |
|
776 | 780 | return aliasdef |
|
777 | 781 | elif n == 1: |
|
778 | 782 | return aliasdef.opts |
|
779 | 783 | elif n == 2: |
|
780 | 784 | return aliasdef.help |
|
781 | 785 | else: |
|
782 | 786 | raise IndexError |
|
783 | 787 | |
|
784 | 788 | def __iter__(self): |
|
785 | 789 | for i in range(3): |
|
786 | 790 | yield self[i] |
|
787 | 791 | |
|
788 | 792 | def __len__(self): |
|
789 | 793 | return 3 |
|
790 | 794 | |
|
791 | 795 | |
|
792 | 796 | def addaliases(ui, cmdtable): |
|
793 | 797 | # aliases are processed after extensions have been loaded, so they |
|
794 | 798 | # may use extension commands. Aliases can also use other alias definitions, |
|
795 | 799 | # but only if they have been defined prior to the current definition. |
|
796 | 800 | for alias, definition in ui.configitems(b'alias', ignoresub=True): |
|
797 | 801 | try: |
|
798 | 802 | if cmdtable[alias].definition == definition: |
|
799 | 803 | continue |
|
800 | 804 | except (KeyError, AttributeError): |
|
801 | 805 | # definition might not exist or it might not be a cmdalias |
|
802 | 806 | pass |
|
803 | 807 | |
|
804 | 808 | source = ui.configsource(b'alias', alias) |
|
805 | 809 | entry = lazyaliasentry(ui, alias, definition, cmdtable, source) |
|
806 | 810 | cmdtable[alias] = entry |
|
807 | 811 | |
|
808 | 812 | |
|
809 | 813 | def _parse(ui, args): |
|
810 | 814 | options = {} |
|
811 | 815 | cmdoptions = {} |
|
812 | 816 | |
|
813 | 817 | try: |
|
814 | 818 | args = fancyopts.fancyopts(args, commands.globalopts, options) |
|
815 | 819 | except getopt.GetoptError as inst: |
|
816 | 820 | raise error.CommandError(None, stringutil.forcebytestr(inst)) |
|
817 | 821 | |
|
818 | 822 | if args: |
|
819 | 823 | cmd, args = args[0], args[1:] |
|
820 | 824 | aliases, entry = cmdutil.findcmd( |
|
821 | 825 | cmd, commands.table, ui.configbool(b"ui", b"strict") |
|
822 | 826 | ) |
|
823 | 827 | cmd = aliases[0] |
|
824 | 828 | args = aliasargs(entry[0], args) |
|
825 | 829 | defaults = ui.config(b"defaults", cmd) |
|
826 | 830 | if defaults: |
|
827 | 831 | args = ( |
|
828 | 832 | pycompat.maplist(util.expandpath, pycompat.shlexsplit(defaults)) |
|
829 | 833 | + args |
|
830 | 834 | ) |
|
831 | 835 | c = list(entry[1]) |
|
832 | 836 | else: |
|
833 | 837 | cmd = None |
|
834 | 838 | c = [] |
|
835 | 839 | |
|
836 | 840 | # combine global options into local |
|
837 | 841 | for o in commands.globalopts: |
|
838 | 842 | c.append((o[0], o[1], options[o[1]], o[3])) |
|
839 | 843 | |
|
840 | 844 | try: |
|
841 | 845 | args = fancyopts.fancyopts(args, c, cmdoptions, gnu=True) |
|
842 | 846 | except getopt.GetoptError as inst: |
|
843 | 847 | raise error.CommandError(cmd, stringutil.forcebytestr(inst)) |
|
844 | 848 | |
|
845 | 849 | # separate global options back out |
|
846 | 850 | for o in commands.globalopts: |
|
847 | 851 | n = o[1] |
|
848 | 852 | options[n] = cmdoptions[n] |
|
849 | 853 | del cmdoptions[n] |
|
850 | 854 | |
|
851 | 855 | return (cmd, cmd and entry[0] or None, args, options, cmdoptions) |
|
852 | 856 | |
|
853 | 857 | |
|
854 | 858 | def _parseconfig(ui, config): |
|
855 | 859 | """parse the --config options from the command line""" |
|
856 | 860 | configs = [] |
|
857 | 861 | |
|
858 | 862 | for cfg in config: |
|
859 | 863 | try: |
|
860 | 864 | name, value = [cfgelem.strip() for cfgelem in cfg.split(b'=', 1)] |
|
861 | 865 | section, name = name.split(b'.', 1) |
|
862 | 866 | if not section or not name: |
|
863 | 867 | raise IndexError |
|
864 | 868 | ui.setconfig(section, name, value, b'--config') |
|
865 | 869 | configs.append((section, name, value)) |
|
866 | 870 | except (IndexError, ValueError): |
|
867 | 871 | raise error.InputError( |
|
868 | 872 | _( |
|
869 | 873 | b'malformed --config option: %r ' |
|
870 | 874 | b'(use --config section.name=value)' |
|
871 | 875 | ) |
|
872 | 876 | % pycompat.bytestr(cfg) |
|
873 | 877 | ) |
|
874 | 878 | |
|
875 | 879 | return configs |
|
876 | 880 | |
|
877 | 881 | |
|
878 | 882 | def _earlyparseopts(ui, args): |
|
879 | 883 | options = {} |
|
880 | 884 | fancyopts.fancyopts( |
|
881 | 885 | args, |
|
882 | 886 | commands.globalopts, |
|
883 | 887 | options, |
|
884 | 888 | gnu=not ui.plain(b'strictflags'), |
|
885 | 889 | early=True, |
|
886 | 890 | optaliases={b'repository': [b'repo']}, |
|
887 | 891 | ) |
|
888 | 892 | return options |
|
889 | 893 | |
|
890 | 894 | |
|
891 | 895 | def _earlysplitopts(args): |
|
892 | 896 | """Split args into a list of possible early options and remainder args""" |
|
893 | 897 | shortoptions = b'R:' |
|
894 | 898 | # TODO: perhaps 'debugger' should be included |
|
895 | 899 | longoptions = [b'cwd=', b'repository=', b'repo=', b'config='] |
|
896 | 900 | return fancyopts.earlygetopt( |
|
897 | 901 | args, shortoptions, longoptions, gnu=True, keepsep=True |
|
898 | 902 | ) |
|
899 | 903 | |
|
900 | 904 | |
|
901 | 905 | def runcommand(lui, repo, cmd, fullargs, ui, options, d, cmdpats, cmdoptions): |
|
902 | 906 | # run pre-hook, and abort if it fails |
|
903 | 907 | hook.hook( |
|
904 | 908 | lui, |
|
905 | 909 | repo, |
|
906 | 910 | b"pre-%s" % cmd, |
|
907 | 911 | True, |
|
908 | 912 | args=b" ".join(fullargs), |
|
909 | 913 | pats=cmdpats, |
|
910 | 914 | opts=cmdoptions, |
|
911 | 915 | ) |
|
912 | 916 | try: |
|
913 | 917 | ret = _runcommand(ui, options, cmd, d) |
|
914 | 918 | # run post-hook, passing command result |
|
915 | 919 | hook.hook( |
|
916 | 920 | lui, |
|
917 | 921 | repo, |
|
918 | 922 | b"post-%s" % cmd, |
|
919 | 923 | False, |
|
920 | 924 | args=b" ".join(fullargs), |
|
921 | 925 | result=ret, |
|
922 | 926 | pats=cmdpats, |
|
923 | 927 | opts=cmdoptions, |
|
924 | 928 | ) |
|
925 | 929 | except Exception: |
|
926 | 930 | # run failure hook and re-raise |
|
927 | 931 | hook.hook( |
|
928 | 932 | lui, |
|
929 | 933 | repo, |
|
930 | 934 | b"fail-%s" % cmd, |
|
931 | 935 | False, |
|
932 | 936 | args=b" ".join(fullargs), |
|
933 | 937 | pats=cmdpats, |
|
934 | 938 | opts=cmdoptions, |
|
935 | 939 | ) |
|
936 | 940 | raise |
|
937 | 941 | return ret |
|
938 | 942 | |
|
939 | 943 | |
|
940 | 944 | def _readsharedsourceconfig(ui, path): |
|
941 | 945 | """if the current repository is shared one, this tries to read |
|
942 | 946 | .hg/hgrc of shared source if we are in share-safe mode |
|
943 | 947 | |
|
944 | 948 | Config read is loaded into the ui object passed |
|
945 | 949 | |
|
946 | 950 | This should be called before reading .hg/hgrc or the main repo |
|
947 | 951 | as that overrides config set in shared source""" |
|
948 | 952 | try: |
|
949 | 953 | with open(os.path.join(path, b".hg", b"requires"), "rb") as fp: |
|
950 | 954 | requirements = set(fp.read().splitlines()) |
|
951 | 955 | if not ( |
|
952 | 956 | requirementsmod.SHARESAFE_REQUIREMENT in requirements |
|
953 | 957 | and requirementsmod.SHARED_REQUIREMENT in requirements |
|
954 | 958 | ): |
|
955 | 959 | return |
|
956 | 960 | hgvfs = vfs.vfs(os.path.join(path, b".hg")) |
|
957 | 961 | sharedvfs = localrepo._getsharedvfs(hgvfs, requirements) |
|
958 | 962 | root = sharedvfs.base |
|
959 | 963 | ui.readconfig(sharedvfs.join(b"hgrc"), root) |
|
960 | 964 | except IOError: |
|
961 | 965 | pass |
|
962 | 966 | |
|
963 | 967 | |
|
964 | 968 | def _getlocal(ui, rpath, wd=None): |
|
965 | 969 | """Return (path, local ui object) for the given target path. |
|
966 | 970 | |
|
967 | 971 | Takes paths in [cwd]/.hg/hgrc into account." |
|
968 | 972 | """ |
|
969 | 973 | if wd is None: |
|
970 | 974 | try: |
|
971 | 975 | wd = encoding.getcwd() |
|
972 | 976 | except OSError as e: |
|
973 | 977 | raise error.Abort( |
|
974 | 978 | _(b"error getting current working directory: %s") |
|
975 | 979 | % encoding.strtolocal(e.strerror) |
|
976 | 980 | ) |
|
977 | 981 | |
|
978 | 982 | path = cmdutil.findrepo(wd) or b"" |
|
979 | 983 | if not path: |
|
980 | 984 | lui = ui |
|
981 | 985 | else: |
|
982 | 986 | lui = ui.copy() |
|
983 | 987 | if rcutil.use_repo_hgrc(): |
|
984 | 988 | _readsharedsourceconfig(lui, path) |
|
985 | 989 | lui.readconfig(os.path.join(path, b".hg", b"hgrc"), path) |
|
986 | 990 | lui.readconfig(os.path.join(path, b".hg", b"hgrc-not-shared"), path) |
|
987 | 991 | |
|
988 | 992 | if rpath: |
|
989 | 993 | path = lui.expandpath(rpath) |
|
990 | 994 | lui = ui.copy() |
|
991 | 995 | if rcutil.use_repo_hgrc(): |
|
992 | 996 | _readsharedsourceconfig(lui, path) |
|
993 | 997 | lui.readconfig(os.path.join(path, b".hg", b"hgrc"), path) |
|
994 | 998 | lui.readconfig(os.path.join(path, b".hg", b"hgrc-not-shared"), path) |
|
995 | 999 | |
|
996 | 1000 | return path, lui |
|
997 | 1001 | |
|
998 | 1002 | |
|
999 | 1003 | def _checkshellalias(lui, ui, args): |
|
1000 | 1004 | """Return the function to run the shell alias, if it is required""" |
|
1001 | 1005 | options = {} |
|
1002 | 1006 | |
|
1003 | 1007 | try: |
|
1004 | 1008 | args = fancyopts.fancyopts(args, commands.globalopts, options) |
|
1005 | 1009 | except getopt.GetoptError: |
|
1006 | 1010 | return |
|
1007 | 1011 | |
|
1008 | 1012 | if not args: |
|
1009 | 1013 | return |
|
1010 | 1014 | |
|
1011 | 1015 | cmdtable = commands.table |
|
1012 | 1016 | |
|
1013 | 1017 | cmd = args[0] |
|
1014 | 1018 | try: |
|
1015 | 1019 | strict = ui.configbool(b"ui", b"strict") |
|
1016 | 1020 | aliases, entry = cmdutil.findcmd(cmd, cmdtable, strict) |
|
1017 | 1021 | except (error.AmbiguousCommand, error.UnknownCommand): |
|
1018 | 1022 | return |
|
1019 | 1023 | |
|
1020 | 1024 | cmd = aliases[0] |
|
1021 | 1025 | fn = entry[0] |
|
1022 | 1026 | |
|
1023 | 1027 | if cmd and util.safehasattr(fn, b'shell'): |
|
1024 | 1028 | # shell alias shouldn't receive early options which are consumed by hg |
|
1025 | 1029 | _earlyopts, args = _earlysplitopts(args) |
|
1026 | 1030 | d = lambda: fn(ui, *args[1:]) |
|
1027 | 1031 | return lambda: runcommand( |
|
1028 | 1032 | lui, None, cmd, args[:1], ui, options, d, [], {} |
|
1029 | 1033 | ) |
|
1030 | 1034 | |
|
1031 | 1035 | |
|
1032 | 1036 | def _dispatch(req): |
|
1033 | 1037 | args = req.args |
|
1034 | 1038 | ui = req.ui |
|
1035 | 1039 | |
|
1036 | 1040 | # check for cwd |
|
1037 | 1041 | cwd = req.earlyoptions[b'cwd'] |
|
1038 | 1042 | if cwd: |
|
1039 | 1043 | os.chdir(cwd) |
|
1040 | 1044 | |
|
1041 | 1045 | rpath = req.earlyoptions[b'repository'] |
|
1042 | 1046 | path, lui = _getlocal(ui, rpath) |
|
1043 | 1047 | |
|
1044 | 1048 | uis = {ui, lui} |
|
1045 | 1049 | |
|
1046 | 1050 | if req.repo: |
|
1047 | 1051 | uis.add(req.repo.ui) |
|
1048 | 1052 | |
|
1049 | 1053 | if ( |
|
1050 | 1054 | req.earlyoptions[b'verbose'] |
|
1051 | 1055 | or req.earlyoptions[b'debug'] |
|
1052 | 1056 | or req.earlyoptions[b'quiet'] |
|
1053 | 1057 | ): |
|
1054 | 1058 | for opt in (b'verbose', b'debug', b'quiet'): |
|
1055 | 1059 | val = pycompat.bytestr(bool(req.earlyoptions[opt])) |
|
1056 | 1060 | for ui_ in uis: |
|
1057 | 1061 | ui_.setconfig(b'ui', opt, val, b'--' + opt) |
|
1058 | 1062 | |
|
1059 | 1063 | if req.earlyoptions[b'profile']: |
|
1060 | 1064 | for ui_ in uis: |
|
1061 | 1065 | ui_.setconfig(b'profiling', b'enabled', b'true', b'--profile') |
|
1062 | 1066 | |
|
1063 | 1067 | profile = lui.configbool(b'profiling', b'enabled') |
|
1064 | 1068 | with profiling.profile(lui, enabled=profile) as profiler: |
|
1065 | 1069 | # Configure extensions in phases: uisetup, extsetup, cmdtable, and |
|
1066 | 1070 | # reposetup |
|
1067 | 1071 | extensions.loadall(lui) |
|
1068 | 1072 | # Propagate any changes to lui.__class__ by extensions |
|
1069 | 1073 | ui.__class__ = lui.__class__ |
|
1070 | 1074 | |
|
1071 | 1075 | # (uisetup and extsetup are handled in extensions.loadall) |
|
1072 | 1076 | |
|
1073 | 1077 | # (reposetup is handled in hg.repository) |
|
1074 | 1078 | |
|
1075 | 1079 | addaliases(lui, commands.table) |
|
1076 | 1080 | |
|
1077 | 1081 | # All aliases and commands are completely defined, now. |
|
1078 | 1082 | # Check abbreviation/ambiguity of shell alias. |
|
1079 | 1083 | shellaliasfn = _checkshellalias(lui, ui, args) |
|
1080 | 1084 | if shellaliasfn: |
|
1081 | 1085 | # no additional configs will be set, set up the ui instances |
|
1082 | 1086 | for ui_ in uis: |
|
1083 | 1087 | extensions.populateui(ui_) |
|
1084 | 1088 | return shellaliasfn() |
|
1085 | 1089 | |
|
1086 | 1090 | # check for fallback encoding |
|
1087 | 1091 | fallback = lui.config(b'ui', b'fallbackencoding') |
|
1088 | 1092 | if fallback: |
|
1089 | 1093 | encoding.fallbackencoding = fallback |
|
1090 | 1094 | |
|
1091 | 1095 | fullargs = args |
|
1092 | 1096 | cmd, func, args, options, cmdoptions = _parse(lui, args) |
|
1093 | 1097 | |
|
1094 | 1098 | # store the canonical command name in request object for later access |
|
1095 | 1099 | req.canonical_command = cmd |
|
1096 | 1100 | |
|
1097 | 1101 | if options[b"config"] != req.earlyoptions[b"config"]: |
|
1098 | 1102 | raise error.InputError(_(b"option --config may not be abbreviated")) |
|
1099 | 1103 | if options[b"cwd"] != req.earlyoptions[b"cwd"]: |
|
1100 | 1104 | raise error.InputError(_(b"option --cwd may not be abbreviated")) |
|
1101 | 1105 | if options[b"repository"] != req.earlyoptions[b"repository"]: |
|
1102 | 1106 | raise error.InputError( |
|
1103 | 1107 | _( |
|
1104 | 1108 | b"option -R has to be separated from other options (e.g. not " |
|
1105 | 1109 | b"-qR) and --repository may only be abbreviated as --repo" |
|
1106 | 1110 | ) |
|
1107 | 1111 | ) |
|
1108 | 1112 | if options[b"debugger"] != req.earlyoptions[b"debugger"]: |
|
1109 | 1113 | raise error.InputError( |
|
1110 | 1114 | _(b"option --debugger may not be abbreviated") |
|
1111 | 1115 | ) |
|
1112 | 1116 | # don't validate --profile/--traceback, which can be enabled from now |
|
1113 | 1117 | |
|
1114 | 1118 | if options[b"encoding"]: |
|
1115 | 1119 | encoding.encoding = options[b"encoding"] |
|
1116 | 1120 | if options[b"encodingmode"]: |
|
1117 | 1121 | encoding.encodingmode = options[b"encodingmode"] |
|
1118 | 1122 | if options[b"time"]: |
|
1119 | 1123 | |
|
1120 | 1124 | def get_times(): |
|
1121 | 1125 | t = os.times() |
|
1122 | 1126 | if t[4] == 0.0: |
|
1123 | 1127 | # Windows leaves this as zero, so use time.perf_counter() |
|
1124 | 1128 | t = (t[0], t[1], t[2], t[3], util.timer()) |
|
1125 | 1129 | return t |
|
1126 | 1130 | |
|
1127 | 1131 | s = get_times() |
|
1128 | 1132 | |
|
1129 | 1133 | def print_time(): |
|
1130 | 1134 | t = get_times() |
|
1131 | 1135 | ui.warn( |
|
1132 | 1136 | _(b"time: real %.3f secs (user %.3f+%.3f sys %.3f+%.3f)\n") |
|
1133 | 1137 | % ( |
|
1134 | 1138 | t[4] - s[4], |
|
1135 | 1139 | t[0] - s[0], |
|
1136 | 1140 | t[2] - s[2], |
|
1137 | 1141 | t[1] - s[1], |
|
1138 | 1142 | t[3] - s[3], |
|
1139 | 1143 | ) |
|
1140 | 1144 | ) |
|
1141 | 1145 | |
|
1142 | 1146 | ui.atexit(print_time) |
|
1143 | 1147 | if options[b"profile"]: |
|
1144 | 1148 | profiler.start() |
|
1145 | 1149 | |
|
1146 | 1150 | # if abbreviated version of this were used, take them in account, now |
|
1147 | 1151 | if options[b'verbose'] or options[b'debug'] or options[b'quiet']: |
|
1148 | 1152 | for opt in (b'verbose', b'debug', b'quiet'): |
|
1149 | 1153 | if options[opt] == req.earlyoptions[opt]: |
|
1150 | 1154 | continue |
|
1151 | 1155 | val = pycompat.bytestr(bool(options[opt])) |
|
1152 | 1156 | for ui_ in uis: |
|
1153 | 1157 | ui_.setconfig(b'ui', opt, val, b'--' + opt) |
|
1154 | 1158 | |
|
1155 | 1159 | if options[b'traceback']: |
|
1156 | 1160 | for ui_ in uis: |
|
1157 | 1161 | ui_.setconfig(b'ui', b'traceback', b'on', b'--traceback') |
|
1158 | 1162 | |
|
1159 | 1163 | if options[b'noninteractive']: |
|
1160 | 1164 | for ui_ in uis: |
|
1161 | 1165 | ui_.setconfig(b'ui', b'interactive', b'off', b'-y') |
|
1162 | 1166 | |
|
1163 | 1167 | if cmdoptions.get(b'insecure', False): |
|
1164 | 1168 | for ui_ in uis: |
|
1165 | 1169 | ui_.insecureconnections = True |
|
1166 | 1170 | |
|
1167 | 1171 | # setup color handling before pager, because setting up pager |
|
1168 | 1172 | # might cause incorrect console information |
|
1169 | 1173 | coloropt = options[b'color'] |
|
1170 | 1174 | for ui_ in uis: |
|
1171 | 1175 | if coloropt: |
|
1172 | 1176 | ui_.setconfig(b'ui', b'color', coloropt, b'--color') |
|
1173 | 1177 | color.setup(ui_) |
|
1174 | 1178 | |
|
1175 | 1179 | if stringutil.parsebool(options[b'pager']): |
|
1176 | 1180 | # ui.pager() expects 'internal-always-' prefix in this case |
|
1177 | 1181 | ui.pager(b'internal-always-' + cmd) |
|
1178 | 1182 | elif options[b'pager'] != b'auto': |
|
1179 | 1183 | for ui_ in uis: |
|
1180 | 1184 | ui_.disablepager() |
|
1181 | 1185 | |
|
1182 | 1186 | # configs are fully loaded, set up the ui instances |
|
1183 | 1187 | for ui_ in uis: |
|
1184 | 1188 | extensions.populateui(ui_) |
|
1185 | 1189 | |
|
1186 | 1190 | if options[b'version']: |
|
1187 | 1191 | return commands.version_(ui) |
|
1188 | 1192 | if options[b'help']: |
|
1189 | 1193 | return commands.help_(ui, cmd, command=cmd is not None) |
|
1190 | 1194 | elif not cmd: |
|
1191 | 1195 | return commands.help_(ui, b'shortlist') |
|
1192 | 1196 | |
|
1193 | 1197 | repo = None |
|
1194 | 1198 | cmdpats = args[:] |
|
1195 | 1199 | assert func is not None # help out pytype |
|
1196 | 1200 | if not func.norepo: |
|
1197 | 1201 | # use the repo from the request only if we don't have -R |
|
1198 | 1202 | if not rpath and not cwd: |
|
1199 | 1203 | repo = req.repo |
|
1200 | 1204 | |
|
1201 | 1205 | if repo: |
|
1202 | 1206 | # set the descriptors of the repo ui to those of ui |
|
1203 | 1207 | repo.ui.fin = ui.fin |
|
1204 | 1208 | repo.ui.fout = ui.fout |
|
1205 | 1209 | repo.ui.ferr = ui.ferr |
|
1206 | 1210 | repo.ui.fmsg = ui.fmsg |
|
1207 | 1211 | else: |
|
1208 | 1212 | try: |
|
1209 | 1213 | repo = hg.repository( |
|
1210 | 1214 | ui, |
|
1211 | 1215 | path=path, |
|
1212 | 1216 | presetupfuncs=req.prereposetups, |
|
1213 | 1217 | intents=func.intents, |
|
1214 | 1218 | ) |
|
1215 | 1219 | if not repo.local(): |
|
1216 | 1220 | raise error.InputError( |
|
1217 | 1221 | _(b"repository '%s' is not local") % path |
|
1218 | 1222 | ) |
|
1219 | 1223 | repo.ui.setconfig( |
|
1220 | 1224 | b"bundle", b"mainreporoot", repo.root, b'repo' |
|
1221 | 1225 | ) |
|
1222 | 1226 | except error.RequirementError: |
|
1223 | 1227 | raise |
|
1224 | 1228 | except error.RepoError: |
|
1225 | 1229 | if rpath: # invalid -R path |
|
1226 | 1230 | raise |
|
1227 | 1231 | if not func.optionalrepo: |
|
1228 | 1232 | if func.inferrepo and args and not path: |
|
1229 | 1233 | # try to infer -R from command args |
|
1230 | 1234 | repos = pycompat.maplist(cmdutil.findrepo, args) |
|
1231 | 1235 | guess = repos[0] |
|
1232 | 1236 | if guess and repos.count(guess) == len(repos): |
|
1233 | 1237 | req.args = [b'--repository', guess] + fullargs |
|
1234 | 1238 | req.earlyoptions[b'repository'] = guess |
|
1235 | 1239 | return _dispatch(req) |
|
1236 | 1240 | if not path: |
|
1237 | 1241 | raise error.InputError( |
|
1238 | 1242 | _( |
|
1239 | 1243 | b"no repository found in" |
|
1240 | 1244 | b" '%s' (.hg not found)" |
|
1241 | 1245 | ) |
|
1242 | 1246 | % encoding.getcwd() |
|
1243 | 1247 | ) |
|
1244 | 1248 | raise |
|
1245 | 1249 | if repo: |
|
1246 | 1250 | ui = repo.ui |
|
1247 | 1251 | if options[b'hidden']: |
|
1248 | 1252 | repo = repo.unfiltered() |
|
1249 | 1253 | args.insert(0, repo) |
|
1250 | 1254 | elif rpath: |
|
1251 | 1255 | ui.warn(_(b"warning: --repository ignored\n")) |
|
1252 | 1256 | |
|
1253 | 1257 | msg = _formatargs(fullargs) |
|
1254 | 1258 | ui.log(b"command", b'%s\n', msg) |
|
1255 | 1259 | strcmdopt = pycompat.strkwargs(cmdoptions) |
|
1256 | 1260 | d = lambda: util.checksignature(func)(ui, *args, **strcmdopt) |
|
1257 | 1261 | try: |
|
1258 | 1262 | return runcommand( |
|
1259 | 1263 | lui, repo, cmd, fullargs, ui, options, d, cmdpats, cmdoptions |
|
1260 | 1264 | ) |
|
1261 | 1265 | finally: |
|
1262 | 1266 | if repo and repo != req.repo: |
|
1263 | 1267 | repo.close() |
|
1264 | 1268 | |
|
1265 | 1269 | |
|
1266 | 1270 | def _runcommand(ui, options, cmd, cmdfunc): |
|
1267 | 1271 | """Run a command function, possibly with profiling enabled.""" |
|
1268 | 1272 | try: |
|
1269 | 1273 | with tracing.log("Running %s command" % cmd): |
|
1270 | 1274 | return cmdfunc() |
|
1271 | 1275 | except error.SignatureError: |
|
1272 | 1276 | raise error.CommandError(cmd, _(b'invalid arguments')) |
|
1273 | 1277 | |
|
1274 | 1278 | |
|
1275 | 1279 | def _exceptionwarning(ui): |
|
1276 | 1280 | """Produce a warning message for the current active exception""" |
|
1277 | 1281 | |
|
1278 | 1282 | # For compatibility checking, we discard the portion of the hg |
|
1279 | 1283 | # version after the + on the assumption that if a "normal |
|
1280 | 1284 | # user" is running a build with a + in it the packager |
|
1281 | 1285 | # probably built from fairly close to a tag and anyone with a |
|
1282 | 1286 | # 'make local' copy of hg (where the version number can be out |
|
1283 | 1287 | # of date) will be clueful enough to notice the implausible |
|
1284 | 1288 | # version number and try updating. |
|
1285 | 1289 | ct = util.versiontuple(n=2) |
|
1286 | 1290 | worst = None, ct, b'', b'' |
|
1287 | 1291 | if ui.config(b'ui', b'supportcontact') is None: |
|
1288 | 1292 | for name, mod in extensions.extensions(): |
|
1289 | 1293 | # 'testedwith' should be bytes, but not all extensions are ported |
|
1290 | 1294 | # to py3 and we don't want UnicodeException because of that. |
|
1291 | 1295 | testedwith = stringutil.forcebytestr( |
|
1292 | 1296 | getattr(mod, 'testedwith', b'') |
|
1293 | 1297 | ) |
|
1294 | 1298 | version = extensions.moduleversion(mod) |
|
1295 | 1299 | report = getattr(mod, 'buglink', _(b'the extension author.')) |
|
1296 | 1300 | if not testedwith.strip(): |
|
1297 | 1301 | # We found an untested extension. It's likely the culprit. |
|
1298 | 1302 | worst = name, b'unknown', report, version |
|
1299 | 1303 | break |
|
1300 | 1304 | |
|
1301 | 1305 | # Never blame on extensions bundled with Mercurial. |
|
1302 | 1306 | if extensions.ismoduleinternal(mod): |
|
1303 | 1307 | continue |
|
1304 | 1308 | |
|
1305 | 1309 | tested = [util.versiontuple(t, 2) for t in testedwith.split()] |
|
1306 | 1310 | if ct in tested: |
|
1307 | 1311 | continue |
|
1308 | 1312 | |
|
1309 | 1313 | lower = [t for t in tested if t < ct] |
|
1310 | 1314 | nearest = max(lower or tested) |
|
1311 | 1315 | if worst[0] is None or nearest < worst[1]: |
|
1312 | 1316 | worst = name, nearest, report, version |
|
1313 | 1317 | if worst[0] is not None: |
|
1314 | 1318 | name, testedwith, report, version = worst |
|
1315 | 1319 | if not isinstance(testedwith, (bytes, str)): |
|
1316 | 1320 | testedwith = b'.'.join( |
|
1317 | 1321 | [stringutil.forcebytestr(c) for c in testedwith] |
|
1318 | 1322 | ) |
|
1319 | 1323 | extver = version or _(b"(version N/A)") |
|
1320 | 1324 | warning = _( |
|
1321 | 1325 | b'** Unknown exception encountered with ' |
|
1322 | 1326 | b'possibly-broken third-party extension "%s" %s\n' |
|
1323 | 1327 | b'** which supports versions %s of Mercurial.\n' |
|
1324 | 1328 | b'** Please disable "%s" and try your action again.\n' |
|
1325 | 1329 | b'** If that fixes the bug please report it to %s\n' |
|
1326 | 1330 | ) % (name, extver, testedwith, name, stringutil.forcebytestr(report)) |
|
1327 | 1331 | else: |
|
1328 | 1332 | bugtracker = ui.config(b'ui', b'supportcontact') |
|
1329 | 1333 | if bugtracker is None: |
|
1330 | 1334 | bugtracker = _(b"https://mercurial-scm.org/wiki/BugTracker") |
|
1331 | 1335 | warning = ( |
|
1332 | 1336 | _( |
|
1333 | 1337 | b"** unknown exception encountered, " |
|
1334 | 1338 | b"please report by visiting\n** " |
|
1335 | 1339 | ) |
|
1336 | 1340 | + bugtracker |
|
1337 | 1341 | + b'\n' |
|
1338 | 1342 | ) |
|
1339 | 1343 | sysversion = pycompat.sysbytes(sys.version).replace(b'\n', b'') |
|
1340 | 1344 | |
|
1341 | 1345 | def ext_with_ver(x): |
|
1342 | 1346 | ext = x[0] |
|
1343 | 1347 | ver = extensions.moduleversion(x[1]) |
|
1344 | 1348 | if ver: |
|
1345 | 1349 | ext += b' ' + ver |
|
1346 | 1350 | return ext |
|
1347 | 1351 | |
|
1348 | 1352 | warning += ( |
|
1349 | 1353 | (_(b"** Python %s\n") % sysversion) |
|
1350 | 1354 | + (_(b"** Mercurial Distributed SCM (version %s)\n") % util.version()) |
|
1351 | 1355 | + ( |
|
1352 | 1356 | _(b"** Extensions loaded: %s\n") |
|
1353 | 1357 | % b", ".join( |
|
1354 | 1358 | [ext_with_ver(x) for x in sorted(extensions.extensions())] |
|
1355 | 1359 | ) |
|
1356 | 1360 | ) |
|
1357 | 1361 | ) |
|
1358 | 1362 | return warning |
|
1359 | 1363 | |
|
1360 | 1364 | |
|
1361 | 1365 | def handlecommandexception(ui): |
|
1362 | 1366 | """Produce a warning message for broken commands |
|
1363 | 1367 | |
|
1364 | 1368 | Called when handling an exception; the exception is reraised if |
|
1365 | 1369 | this function returns False, ignored otherwise. |
|
1366 | 1370 | """ |
|
1367 | 1371 | warning = _exceptionwarning(ui) |
|
1368 | 1372 | ui.log( |
|
1369 | 1373 | b"commandexception", |
|
1370 | 1374 | b"%s\n%s\n", |
|
1371 | 1375 | warning, |
|
1372 | 1376 | pycompat.sysbytes(traceback.format_exc()), |
|
1373 | 1377 | ) |
|
1374 | 1378 | ui.warn(warning) |
|
1375 | 1379 | return False # re-raise the exception |
@@ -1,305 +1,305 b'' | |||
|
1 | 1 | # osutil.py - pure Python version of osutil.c |
|
2 | 2 | # |
|
3 | 3 | # Copyright 2009 Matt Mackall <mpm@selenic.com> and others |
|
4 | 4 | # |
|
5 | 5 | # This software may be used and distributed according to the terms of the |
|
6 | 6 | # GNU General Public License version 2 or any later version. |
|
7 | 7 | |
|
8 | 8 | from __future__ import absolute_import, division |
|
9 | 9 | |
|
10 | 10 | import ctypes |
|
11 | 11 | import ctypes.util |
|
12 | 12 | import os |
|
13 | 13 | import socket |
|
14 | 14 | import stat as statmod |
|
15 | 15 | |
|
16 | 16 | from ..pycompat import getattr |
|
17 | 17 | from .. import ( |
|
18 | 18 | encoding, |
|
19 | 19 | pycompat, |
|
20 | 20 | ) |
|
21 | 21 | |
|
22 | 22 | |
|
23 | 23 | def _mode_to_kind(mode): |
|
24 | 24 | if statmod.S_ISREG(mode): |
|
25 | 25 | return statmod.S_IFREG |
|
26 | 26 | if statmod.S_ISDIR(mode): |
|
27 | 27 | return statmod.S_IFDIR |
|
28 | 28 | if statmod.S_ISLNK(mode): |
|
29 | 29 | return statmod.S_IFLNK |
|
30 | 30 | if statmod.S_ISBLK(mode): |
|
31 | 31 | return statmod.S_IFBLK |
|
32 | 32 | if statmod.S_ISCHR(mode): |
|
33 | 33 | return statmod.S_IFCHR |
|
34 | 34 | if statmod.S_ISFIFO(mode): |
|
35 | 35 | return statmod.S_IFIFO |
|
36 | 36 | if statmod.S_ISSOCK(mode): |
|
37 | 37 | return statmod.S_IFSOCK |
|
38 | 38 | return mode |
|
39 | 39 | |
|
40 | 40 | |
|
41 | 41 | def listdir(path, stat=False, skip=None): |
|
42 | 42 | """listdir(path, stat=False) -> list_of_tuples |
|
43 | 43 | |
|
44 | 44 | Return a sorted list containing information about the entries |
|
45 | 45 | in the directory. |
|
46 | 46 | |
|
47 | 47 | If stat is True, each element is a 3-tuple: |
|
48 | 48 | |
|
49 | 49 | (name, type, stat object) |
|
50 | 50 | |
|
51 | 51 | Otherwise, each element is a 2-tuple: |
|
52 | 52 | |
|
53 | 53 | (name, type) |
|
54 | 54 | """ |
|
55 | 55 | result = [] |
|
56 | 56 | prefix = path |
|
57 | 57 | if not prefix.endswith(pycompat.ossep): |
|
58 | 58 | prefix += pycompat.ossep |
|
59 | 59 | names = os.listdir(path) |
|
60 | 60 | names.sort() |
|
61 | 61 | for fn in names: |
|
62 | 62 | st = os.lstat(prefix + fn) |
|
63 | 63 | if fn == skip and statmod.S_ISDIR(st.st_mode): |
|
64 | 64 | return [] |
|
65 | 65 | if stat: |
|
66 | 66 | result.append((fn, _mode_to_kind(st.st_mode), st)) |
|
67 | 67 | else: |
|
68 | 68 | result.append((fn, _mode_to_kind(st.st_mode))) |
|
69 | 69 | return result |
|
70 | 70 | |
|
71 | 71 | |
|
72 | 72 | if not pycompat.iswindows: |
|
73 | 73 | posixfile = open |
|
74 | 74 | |
|
75 | 75 | _SCM_RIGHTS = 0x01 |
|
76 | 76 | _socklen_t = ctypes.c_uint |
|
77 | 77 | |
|
78 | 78 | if pycompat.sysplatform.startswith(b'linux'): |
|
79 | 79 | # socket.h says "the type should be socklen_t but the definition of |
|
80 | 80 | # the kernel is incompatible with this." |
|
81 | 81 | _cmsg_len_t = ctypes.c_size_t |
|
82 | 82 | _msg_controllen_t = ctypes.c_size_t |
|
83 | 83 | _msg_iovlen_t = ctypes.c_size_t |
|
84 | 84 | else: |
|
85 | 85 | _cmsg_len_t = _socklen_t |
|
86 | 86 | _msg_controllen_t = _socklen_t |
|
87 | 87 | _msg_iovlen_t = ctypes.c_int |
|
88 | 88 | |
|
89 | 89 | class _iovec(ctypes.Structure): |
|
90 | 90 | _fields_ = [ |
|
91 | 91 | (u'iov_base', ctypes.c_void_p), |
|
92 | 92 | (u'iov_len', ctypes.c_size_t), |
|
93 | 93 | ] |
|
94 | 94 | |
|
95 | 95 | class _msghdr(ctypes.Structure): |
|
96 | 96 | _fields_ = [ |
|
97 | 97 | (u'msg_name', ctypes.c_void_p), |
|
98 | 98 | (u'msg_namelen', _socklen_t), |
|
99 | 99 | (u'msg_iov', ctypes.POINTER(_iovec)), |
|
100 | 100 | (u'msg_iovlen', _msg_iovlen_t), |
|
101 | 101 | (u'msg_control', ctypes.c_void_p), |
|
102 | 102 | (u'msg_controllen', _msg_controllen_t), |
|
103 | 103 | (u'msg_flags', ctypes.c_int), |
|
104 | 104 | ] |
|
105 | 105 | |
|
106 | 106 | class _cmsghdr(ctypes.Structure): |
|
107 | 107 | _fields_ = [ |
|
108 | 108 | (u'cmsg_len', _cmsg_len_t), |
|
109 | 109 | (u'cmsg_level', ctypes.c_int), |
|
110 | 110 | (u'cmsg_type', ctypes.c_int), |
|
111 | 111 | (u'cmsg_data', ctypes.c_ubyte * 0), |
|
112 | 112 | ] |
|
113 | 113 | |
|
114 | 114 | _libc = ctypes.CDLL(ctypes.util.find_library(u'c'), use_errno=True) |
|
115 | 115 | _recvmsg = getattr(_libc, 'recvmsg', None) |
|
116 | 116 | if _recvmsg: |
|
117 | 117 | _recvmsg.restype = getattr(ctypes, 'c_ssize_t', ctypes.c_long) |
|
118 | 118 | _recvmsg.argtypes = ( |
|
119 | 119 | ctypes.c_int, |
|
120 | 120 | ctypes.POINTER(_msghdr), |
|
121 | 121 | ctypes.c_int, |
|
122 | 122 | ) |
|
123 | 123 | else: |
|
124 | 124 | # recvmsg isn't always provided by libc; such systems are unsupported |
|
125 | 125 | def _recvmsg(sockfd, msg, flags): |
|
126 | 126 | raise NotImplementedError(b'unsupported platform') |
|
127 | 127 | |
|
128 | 128 | def _CMSG_FIRSTHDR(msgh): |
|
129 | 129 | if msgh.msg_controllen < ctypes.sizeof(_cmsghdr): |
|
130 | 130 | return |
|
131 | 131 | cmsgptr = ctypes.cast(msgh.msg_control, ctypes.POINTER(_cmsghdr)) |
|
132 | 132 | return cmsgptr.contents |
|
133 | 133 | |
|
134 | 134 | # The pure version is less portable than the native version because the |
|
135 | 135 | # handling of socket ancillary data heavily depends on C preprocessor. |
|
136 | 136 | # Also, some length fields are wrongly typed in Linux kernel. |
|
137 | 137 | def recvfds(sockfd): |
|
138 | 138 | """receive list of file descriptors via socket""" |
|
139 | 139 | dummy = (ctypes.c_ubyte * 1)() |
|
140 | 140 | iov = _iovec(ctypes.cast(dummy, ctypes.c_void_p), ctypes.sizeof(dummy)) |
|
141 | 141 | cbuf = ctypes.create_string_buffer(256) |
|
142 | 142 | msgh = _msghdr( |
|
143 | 143 | None, |
|
144 | 144 | 0, |
|
145 | 145 | ctypes.pointer(iov), |
|
146 | 146 | 1, |
|
147 | 147 | ctypes.cast(cbuf, ctypes.c_void_p), |
|
148 | 148 | ctypes.sizeof(cbuf), |
|
149 | 149 | 0, |
|
150 | 150 | ) |
|
151 | 151 | r = _recvmsg(sockfd, ctypes.byref(msgh), 0) |
|
152 | 152 | if r < 0: |
|
153 | 153 | e = ctypes.get_errno() |
|
154 | 154 | raise OSError(e, os.strerror(e)) |
|
155 | 155 | # assumes that the first cmsg has fds because it isn't easy to write |
|
156 | 156 | # portable CMSG_NXTHDR() with ctypes. |
|
157 | 157 | cmsg = _CMSG_FIRSTHDR(msgh) |
|
158 | 158 | if not cmsg: |
|
159 | 159 | return [] |
|
160 | 160 | if ( |
|
161 | 161 | cmsg.cmsg_level != socket.SOL_SOCKET |
|
162 | 162 | or cmsg.cmsg_type != _SCM_RIGHTS |
|
163 | 163 | ): |
|
164 | 164 | return [] |
|
165 | 165 | rfds = ctypes.cast(cmsg.cmsg_data, ctypes.POINTER(ctypes.c_int)) |
|
166 | 166 | rfdscount = ( |
|
167 | 167 | cmsg.cmsg_len - _cmsghdr.cmsg_data.offset |
|
168 | 168 | ) // ctypes.sizeof(ctypes.c_int) |
|
169 | 169 | return [rfds[i] for i in pycompat.xrange(rfdscount)] |
|
170 | 170 | |
|
171 | 171 | |
|
172 | 172 | else: |
|
173 | 173 | import msvcrt |
|
174 | 174 | |
|
175 | _kernel32 = ctypes.windll.kernel32 | |
|
175 | _kernel32 = ctypes.windll.kernel32 # pytype: disable=module-attr | |
|
176 | 176 | |
|
177 | 177 | _DWORD = ctypes.c_ulong |
|
178 | 178 | _LPCSTR = _LPSTR = ctypes.c_char_p |
|
179 | 179 | _HANDLE = ctypes.c_void_p |
|
180 | 180 | |
|
181 | 181 | _INVALID_HANDLE_VALUE = _HANDLE(-1).value |
|
182 | 182 | |
|
183 | 183 | # CreateFile |
|
184 | 184 | _FILE_SHARE_READ = 0x00000001 |
|
185 | 185 | _FILE_SHARE_WRITE = 0x00000002 |
|
186 | 186 | _FILE_SHARE_DELETE = 0x00000004 |
|
187 | 187 | |
|
188 | 188 | _CREATE_ALWAYS = 2 |
|
189 | 189 | _OPEN_EXISTING = 3 |
|
190 | 190 | _OPEN_ALWAYS = 4 |
|
191 | 191 | |
|
192 | 192 | _GENERIC_READ = 0x80000000 |
|
193 | 193 | _GENERIC_WRITE = 0x40000000 |
|
194 | 194 | |
|
195 | 195 | _FILE_ATTRIBUTE_NORMAL = 0x80 |
|
196 | 196 | |
|
197 | 197 | # open_osfhandle flags |
|
198 | 198 | _O_RDONLY = 0x0000 |
|
199 | 199 | _O_RDWR = 0x0002 |
|
200 | 200 | _O_APPEND = 0x0008 |
|
201 | 201 | |
|
202 | 202 | _O_TEXT = 0x4000 |
|
203 | 203 | _O_BINARY = 0x8000 |
|
204 | 204 | |
|
205 | 205 | # types of parameters of C functions used (required by pypy) |
|
206 | 206 | |
|
207 | 207 | _kernel32.CreateFileA.argtypes = [ |
|
208 | 208 | _LPCSTR, |
|
209 | 209 | _DWORD, |
|
210 | 210 | _DWORD, |
|
211 | 211 | ctypes.c_void_p, |
|
212 | 212 | _DWORD, |
|
213 | 213 | _DWORD, |
|
214 | 214 | _HANDLE, |
|
215 | 215 | ] |
|
216 | 216 | _kernel32.CreateFileA.restype = _HANDLE |
|
217 | 217 | |
|
218 | 218 | def _raiseioerror(name): |
|
219 | err = ctypes.WinError() | |
|
219 | err = ctypes.WinError() # pytype: disable=module-attr | |
|
220 | 220 | raise IOError( |
|
221 | 221 | err.errno, '%s: %s' % (encoding.strfromlocal(name), err.strerror) |
|
222 | 222 | ) |
|
223 | 223 | |
|
224 | 224 | class posixfile(object): |
|
225 | 225 | """a file object aiming for POSIX-like semantics |
|
226 | 226 | |
|
227 | 227 | CPython's open() returns a file that was opened *without* setting the |
|
228 | 228 | _FILE_SHARE_DELETE flag, which causes rename and unlink to abort. |
|
229 | 229 | This even happens if any hardlinked copy of the file is in open state. |
|
230 | 230 | We set _FILE_SHARE_DELETE here, so files opened with posixfile can be |
|
231 | 231 | renamed and deleted while they are held open. |
|
232 | 232 | Note that if a file opened with posixfile is unlinked, the file |
|
233 | 233 | remains but cannot be opened again or be recreated under the same name, |
|
234 | 234 | until all reading processes have closed the file.""" |
|
235 | 235 | |
|
236 | 236 | def __init__(self, name, mode=b'r', bufsize=-1): |
|
237 | 237 | if b'b' in mode: |
|
238 | 238 | flags = _O_BINARY |
|
239 | 239 | else: |
|
240 | 240 | flags = _O_TEXT |
|
241 | 241 | |
|
242 | 242 | m0 = mode[0:1] |
|
243 | 243 | if m0 == b'r' and b'+' not in mode: |
|
244 | 244 | flags |= _O_RDONLY |
|
245 | 245 | access = _GENERIC_READ |
|
246 | 246 | else: |
|
247 | 247 | # work around http://support.microsoft.com/kb/899149 and |
|
248 | 248 | # set _O_RDWR for 'w' and 'a', even if mode has no '+' |
|
249 | 249 | flags |= _O_RDWR |
|
250 | 250 | access = _GENERIC_READ | _GENERIC_WRITE |
|
251 | 251 | |
|
252 | 252 | if m0 == b'r': |
|
253 | 253 | creation = _OPEN_EXISTING |
|
254 | 254 | elif m0 == b'w': |
|
255 | 255 | creation = _CREATE_ALWAYS |
|
256 | 256 | elif m0 == b'a': |
|
257 | 257 | creation = _OPEN_ALWAYS |
|
258 | 258 | flags |= _O_APPEND |
|
259 | 259 | else: |
|
260 | 260 | raise ValueError("invalid mode: %s" % pycompat.sysstr(mode)) |
|
261 | 261 | |
|
262 | 262 | fh = _kernel32.CreateFileA( |
|
263 | 263 | name, |
|
264 | 264 | access, |
|
265 | 265 | _FILE_SHARE_READ | _FILE_SHARE_WRITE | _FILE_SHARE_DELETE, |
|
266 | 266 | None, |
|
267 | 267 | creation, |
|
268 | 268 | _FILE_ATTRIBUTE_NORMAL, |
|
269 | 269 | None, |
|
270 | 270 | ) |
|
271 | 271 | if fh == _INVALID_HANDLE_VALUE: |
|
272 | 272 | _raiseioerror(name) |
|
273 | 273 | |
|
274 | fd = msvcrt.open_osfhandle(fh, flags) | |
|
274 | fd = msvcrt.open_osfhandle(fh, flags) # pytype: disable=module-attr | |
|
275 | 275 | if fd == -1: |
|
276 | 276 | _kernel32.CloseHandle(fh) |
|
277 | 277 | _raiseioerror(name) |
|
278 | 278 | |
|
279 | 279 | f = os.fdopen(fd, pycompat.sysstr(mode), bufsize) |
|
280 | 280 | # unfortunately, f.name is '<fdopen>' at this point -- so we store |
|
281 | 281 | # the name on this wrapper. We cannot just assign to f.name, |
|
282 | 282 | # because that attribute is read-only. |
|
283 | 283 | object.__setattr__(self, 'name', name) |
|
284 | 284 | object.__setattr__(self, '_file', f) |
|
285 | 285 | |
|
286 | 286 | def __iter__(self): |
|
287 | 287 | return self._file |
|
288 | 288 | |
|
289 | 289 | def __getattr__(self, name): |
|
290 | 290 | return getattr(self._file, name) |
|
291 | 291 | |
|
292 | 292 | def __setattr__(self, name, value): |
|
293 | 293 | """mimics the read-only attributes of Python file objects |
|
294 | 294 | by raising 'TypeError: readonly attribute' if someone tries: |
|
295 | 295 | f = posixfile('foo.txt') |
|
296 | 296 | f.name = 'bla' |
|
297 | 297 | """ |
|
298 | 298 | return self._file.__setattr__(name, value) |
|
299 | 299 | |
|
300 | 300 | def __enter__(self): |
|
301 | 301 | self._file.__enter__() |
|
302 | 302 | return self |
|
303 | 303 | |
|
304 | 304 | def __exit__(self, exc_type, exc_value, exc_tb): |
|
305 | 305 | return self._file.__exit__(exc_type, exc_value, exc_tb) |
@@ -1,836 +1,838 b'' | |||
|
1 | 1 | # sslutil.py - SSL handling for mercurial |
|
2 | 2 | # |
|
3 | 3 | # Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com> |
|
4 | 4 | # Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br> |
|
5 | 5 | # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> |
|
6 | 6 | # |
|
7 | 7 | # This software may be used and distributed according to the terms of the |
|
8 | 8 | # GNU General Public License version 2 or any later version. |
|
9 | 9 | |
|
10 | 10 | from __future__ import absolute_import |
|
11 | 11 | |
|
12 | 12 | import hashlib |
|
13 | 13 | import os |
|
14 | 14 | import re |
|
15 | 15 | import ssl |
|
16 | 16 | |
|
17 | 17 | from .i18n import _ |
|
18 | 18 | from .pycompat import getattr |
|
19 | 19 | from .node import hex |
|
20 | 20 | from . import ( |
|
21 | 21 | encoding, |
|
22 | 22 | error, |
|
23 | 23 | pycompat, |
|
24 | 24 | util, |
|
25 | 25 | ) |
|
26 | 26 | from .utils import ( |
|
27 | 27 | hashutil, |
|
28 | 28 | resourceutil, |
|
29 | 29 | stringutil, |
|
30 | 30 | ) |
|
31 | 31 | |
|
32 | 32 | # Python 2.7.9+ overhauled the built-in SSL/TLS features of Python. It added |
|
33 | 33 | # support for TLS 1.1, TLS 1.2, SNI, system CA stores, etc. These features are |
|
34 | 34 | # all exposed via the "ssl" module. |
|
35 | 35 | # |
|
36 | 36 | # We require in setup.py the presence of ssl.SSLContext, which indicates modern |
|
37 | 37 | # SSL/TLS support. |
|
38 | 38 | |
|
39 | 39 | configprotocols = { |
|
40 | 40 | b'tls1.0', |
|
41 | 41 | b'tls1.1', |
|
42 | 42 | b'tls1.2', |
|
43 | 43 | } |
|
44 | 44 | |
|
45 | 45 | hassni = getattr(ssl, 'HAS_SNI', False) |
|
46 | 46 | |
|
47 | 47 | # ssl.HAS_TLSv1* are preferred to check support but they were added in Python |
|
48 | 48 | # 3.7. Prior to CPython commit 6e8cda91d92da72800d891b2fc2073ecbc134d98 |
|
49 | 49 | # (backported to the 3.7 branch), ssl.PROTOCOL_TLSv1_1 / ssl.PROTOCOL_TLSv1_2 |
|
50 | 50 | # were defined only if compiled against a OpenSSL version with TLS 1.1 / 1.2 |
|
51 | 51 | # support. At the mentioned commit, they were unconditionally defined. |
|
52 | 52 | supportedprotocols = set() |
|
53 | 53 | if getattr(ssl, 'HAS_TLSv1', util.safehasattr(ssl, 'PROTOCOL_TLSv1')): |
|
54 | 54 | supportedprotocols.add(b'tls1.0') |
|
55 | 55 | if getattr(ssl, 'HAS_TLSv1_1', util.safehasattr(ssl, 'PROTOCOL_TLSv1_1')): |
|
56 | 56 | supportedprotocols.add(b'tls1.1') |
|
57 | 57 | if getattr(ssl, 'HAS_TLSv1_2', util.safehasattr(ssl, 'PROTOCOL_TLSv1_2')): |
|
58 | 58 | supportedprotocols.add(b'tls1.2') |
|
59 | 59 | |
|
60 | 60 | |
|
61 | 61 | def _hostsettings(ui, hostname): |
|
62 | 62 | """Obtain security settings for a hostname. |
|
63 | 63 | |
|
64 | 64 | Returns a dict of settings relevant to that hostname. |
|
65 | 65 | """ |
|
66 | 66 | bhostname = pycompat.bytesurl(hostname) |
|
67 | 67 | s = { |
|
68 | 68 | # Whether we should attempt to load default/available CA certs |
|
69 | 69 | # if an explicit ``cafile`` is not defined. |
|
70 | 70 | b'allowloaddefaultcerts': True, |
|
71 | 71 | # List of 2-tuple of (hash algorithm, hash). |
|
72 | 72 | b'certfingerprints': [], |
|
73 | 73 | # Path to file containing concatenated CA certs. Used by |
|
74 | 74 | # SSLContext.load_verify_locations(). |
|
75 | 75 | b'cafile': None, |
|
76 | 76 | # Whether certificate verification should be disabled. |
|
77 | 77 | b'disablecertverification': False, |
|
78 | 78 | # Whether the legacy [hostfingerprints] section has data for this host. |
|
79 | 79 | b'legacyfingerprint': False, |
|
80 | 80 | # String representation of minimum protocol to be used for UI |
|
81 | 81 | # presentation. |
|
82 | 82 | b'minimumprotocol': None, |
|
83 | 83 | # ssl.CERT_* constant used by SSLContext.verify_mode. |
|
84 | 84 | b'verifymode': None, |
|
85 | 85 | # OpenSSL Cipher List to use (instead of default). |
|
86 | 86 | b'ciphers': None, |
|
87 | 87 | } |
|
88 | 88 | |
|
89 | 89 | # Allow minimum TLS protocol to be specified in the config. |
|
90 | 90 | def validateprotocol(protocol, key): |
|
91 | 91 | if protocol not in configprotocols: |
|
92 | 92 | raise error.Abort( |
|
93 | 93 | _(b'unsupported protocol from hostsecurity.%s: %s') |
|
94 | 94 | % (key, protocol), |
|
95 | 95 | hint=_(b'valid protocols: %s') |
|
96 | 96 | % b' '.join(sorted(configprotocols)), |
|
97 | 97 | ) |
|
98 | 98 | |
|
99 | 99 | # We default to TLS 1.1+ because TLS 1.0 has known vulnerabilities (like |
|
100 | 100 | # BEAST and POODLE). We allow users to downgrade to TLS 1.0+ via config |
|
101 | 101 | # options in case a legacy server is encountered. |
|
102 | 102 | |
|
103 | 103 | # setup.py checks that TLS 1.1 or TLS 1.2 is present, so the following |
|
104 | 104 | # assert should not fail. |
|
105 | 105 | assert supportedprotocols - {b'tls1.0'} |
|
106 | 106 | defaultminimumprotocol = b'tls1.1' |
|
107 | 107 | |
|
108 | 108 | key = b'minimumprotocol' |
|
109 | 109 | minimumprotocol = ui.config(b'hostsecurity', key, defaultminimumprotocol) |
|
110 | 110 | validateprotocol(minimumprotocol, key) |
|
111 | 111 | |
|
112 | 112 | key = b'%s:minimumprotocol' % bhostname |
|
113 | 113 | minimumprotocol = ui.config(b'hostsecurity', key, minimumprotocol) |
|
114 | 114 | validateprotocol(minimumprotocol, key) |
|
115 | 115 | |
|
116 | 116 | # If --insecure is used, we allow the use of TLS 1.0 despite config options. |
|
117 | 117 | # We always print a "connection security to %s is disabled..." message when |
|
118 | 118 | # --insecure is used. So no need to print anything more here. |
|
119 | 119 | if ui.insecureconnections: |
|
120 | 120 | minimumprotocol = b'tls1.0' |
|
121 | 121 | |
|
122 | 122 | s[b'minimumprotocol'] = minimumprotocol |
|
123 | 123 | |
|
124 | 124 | ciphers = ui.config(b'hostsecurity', b'ciphers') |
|
125 | 125 | ciphers = ui.config(b'hostsecurity', b'%s:ciphers' % bhostname, ciphers) |
|
126 | 126 | s[b'ciphers'] = ciphers |
|
127 | 127 | |
|
128 | 128 | # Look for fingerprints in [hostsecurity] section. Value is a list |
|
129 | 129 | # of <alg>:<fingerprint> strings. |
|
130 | 130 | fingerprints = ui.configlist( |
|
131 | 131 | b'hostsecurity', b'%s:fingerprints' % bhostname |
|
132 | 132 | ) |
|
133 | 133 | for fingerprint in fingerprints: |
|
134 | 134 | if not (fingerprint.startswith((b'sha1:', b'sha256:', b'sha512:'))): |
|
135 | 135 | raise error.Abort( |
|
136 | 136 | _(b'invalid fingerprint for %s: %s') % (bhostname, fingerprint), |
|
137 | 137 | hint=_(b'must begin with "sha1:", "sha256:", or "sha512:"'), |
|
138 | 138 | ) |
|
139 | 139 | |
|
140 | 140 | alg, fingerprint = fingerprint.split(b':', 1) |
|
141 | 141 | fingerprint = fingerprint.replace(b':', b'').lower() |
|
142 | 142 | s[b'certfingerprints'].append((alg, fingerprint)) |
|
143 | 143 | |
|
144 | 144 | # Fingerprints from [hostfingerprints] are always SHA-1. |
|
145 | 145 | for fingerprint in ui.configlist(b'hostfingerprints', bhostname): |
|
146 | 146 | fingerprint = fingerprint.replace(b':', b'').lower() |
|
147 | 147 | s[b'certfingerprints'].append((b'sha1', fingerprint)) |
|
148 | 148 | s[b'legacyfingerprint'] = True |
|
149 | 149 | |
|
150 | 150 | # If a host cert fingerprint is defined, it is the only thing that |
|
151 | 151 | # matters. No need to validate CA certs. |
|
152 | 152 | if s[b'certfingerprints']: |
|
153 | 153 | s[b'verifymode'] = ssl.CERT_NONE |
|
154 | 154 | s[b'allowloaddefaultcerts'] = False |
|
155 | 155 | |
|
156 | 156 | # If --insecure is used, don't take CAs into consideration. |
|
157 | 157 | elif ui.insecureconnections: |
|
158 | 158 | s[b'disablecertverification'] = True |
|
159 | 159 | s[b'verifymode'] = ssl.CERT_NONE |
|
160 | 160 | s[b'allowloaddefaultcerts'] = False |
|
161 | 161 | |
|
162 | 162 | if ui.configbool(b'devel', b'disableloaddefaultcerts'): |
|
163 | 163 | s[b'allowloaddefaultcerts'] = False |
|
164 | 164 | |
|
165 | 165 | # If both fingerprints and a per-host ca file are specified, issue a warning |
|
166 | 166 | # because users should not be surprised about what security is or isn't |
|
167 | 167 | # being performed. |
|
168 | 168 | cafile = ui.config(b'hostsecurity', b'%s:verifycertsfile' % bhostname) |
|
169 | 169 | if s[b'certfingerprints'] and cafile: |
|
170 | 170 | ui.warn( |
|
171 | 171 | _( |
|
172 | 172 | b'(hostsecurity.%s:verifycertsfile ignored when host ' |
|
173 | 173 | b'fingerprints defined; using host fingerprints for ' |
|
174 | 174 | b'verification)\n' |
|
175 | 175 | ) |
|
176 | 176 | % bhostname |
|
177 | 177 | ) |
|
178 | 178 | |
|
179 | 179 | # Try to hook up CA certificate validation unless something above |
|
180 | 180 | # makes it not necessary. |
|
181 | 181 | if s[b'verifymode'] is None: |
|
182 | 182 | # Look at per-host ca file first. |
|
183 | 183 | if cafile: |
|
184 | 184 | cafile = util.expandpath(cafile) |
|
185 | 185 | if not os.path.exists(cafile): |
|
186 | 186 | raise error.Abort( |
|
187 | 187 | _(b'path specified by %s does not exist: %s') |
|
188 | 188 | % ( |
|
189 | 189 | b'hostsecurity.%s:verifycertsfile' % (bhostname,), |
|
190 | 190 | cafile, |
|
191 | 191 | ) |
|
192 | 192 | ) |
|
193 | 193 | s[b'cafile'] = cafile |
|
194 | 194 | else: |
|
195 | 195 | # Find global certificates file in config. |
|
196 | 196 | cafile = ui.config(b'web', b'cacerts') |
|
197 | 197 | |
|
198 | 198 | if cafile: |
|
199 | 199 | cafile = util.expandpath(cafile) |
|
200 | 200 | if not os.path.exists(cafile): |
|
201 | 201 | raise error.Abort( |
|
202 | 202 | _(b'could not find web.cacerts: %s') % cafile |
|
203 | 203 | ) |
|
204 | 204 | elif s[b'allowloaddefaultcerts']: |
|
205 | 205 | # CAs not defined in config. Try to find system bundles. |
|
206 | 206 | cafile = _defaultcacerts(ui) |
|
207 | 207 | if cafile: |
|
208 | 208 | ui.debug(b'using %s for CA file\n' % cafile) |
|
209 | 209 | |
|
210 | 210 | s[b'cafile'] = cafile |
|
211 | 211 | |
|
212 | 212 | # Require certificate validation if CA certs are being loaded and |
|
213 | 213 | # verification hasn't been disabled above. |
|
214 | 214 | if cafile or s[b'allowloaddefaultcerts']: |
|
215 | 215 | s[b'verifymode'] = ssl.CERT_REQUIRED |
|
216 | 216 | else: |
|
217 | 217 | # At this point we don't have a fingerprint, aren't being |
|
218 | 218 | # explicitly insecure, and can't load CA certs. Connecting |
|
219 | 219 | # is insecure. We allow the connection and abort during |
|
220 | 220 | # validation (once we have the fingerprint to print to the |
|
221 | 221 | # user). |
|
222 | 222 | s[b'verifymode'] = ssl.CERT_NONE |
|
223 | 223 | |
|
224 | 224 | assert s[b'verifymode'] is not None |
|
225 | 225 | |
|
226 | 226 | return s |
|
227 | 227 | |
|
228 | 228 | |
|
229 | 229 | def commonssloptions(minimumprotocol): |
|
230 | 230 | """Return SSLContext options common to servers and clients.""" |
|
231 | 231 | if minimumprotocol not in configprotocols: |
|
232 | 232 | raise ValueError(b'protocol value not supported: %s' % minimumprotocol) |
|
233 | 233 | |
|
234 | 234 | # SSLv2 and SSLv3 are broken. We ban them outright. |
|
235 | 235 | options = ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 |
|
236 | 236 | |
|
237 | 237 | if minimumprotocol == b'tls1.0': |
|
238 | 238 | # Defaults above are to use TLS 1.0+ |
|
239 | 239 | pass |
|
240 | 240 | elif minimumprotocol == b'tls1.1': |
|
241 | 241 | options |= ssl.OP_NO_TLSv1 |
|
242 | 242 | elif minimumprotocol == b'tls1.2': |
|
243 | 243 | options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 |
|
244 | 244 | else: |
|
245 | 245 | raise error.Abort(_(b'this should not happen')) |
|
246 | 246 | |
|
247 | 247 | # Prevent CRIME. |
|
248 | 248 | # There is no guarantee this attribute is defined on the module. |
|
249 | 249 | options |= getattr(ssl, 'OP_NO_COMPRESSION', 0) |
|
250 | 250 | |
|
251 | 251 | return options |
|
252 | 252 | |
|
253 | 253 | |
|
254 | 254 | def wrapsocket(sock, keyfile, certfile, ui, serverhostname=None): |
|
255 | 255 | """Add SSL/TLS to a socket. |
|
256 | 256 | |
|
257 | 257 | This is a glorified wrapper for ``ssl.wrap_socket()``. It makes sane |
|
258 | 258 | choices based on what security options are available. |
|
259 | 259 | |
|
260 | 260 | In addition to the arguments supported by ``ssl.wrap_socket``, we allow |
|
261 | 261 | the following additional arguments: |
|
262 | 262 | |
|
263 | 263 | * serverhostname - The expected hostname of the remote server. If the |
|
264 | 264 | server (and client) support SNI, this tells the server which certificate |
|
265 | 265 | to use. |
|
266 | 266 | """ |
|
267 | 267 | if not serverhostname: |
|
268 | 268 | raise error.Abort(_(b'serverhostname argument is required')) |
|
269 | 269 | |
|
270 | 270 | if b'SSLKEYLOGFILE' in encoding.environ: |
|
271 | 271 | try: |
|
272 | 272 | import sslkeylog # pytype: disable=import-error |
|
273 | 273 | |
|
274 | 274 | sslkeylog.set_keylog( |
|
275 | 275 | pycompat.fsdecode(encoding.environ[b'SSLKEYLOGFILE']) |
|
276 | 276 | ) |
|
277 | 277 | ui.warnnoi18n( |
|
278 | 278 | b'sslkeylog enabled by SSLKEYLOGFILE environment variable\n' |
|
279 | 279 | ) |
|
280 | 280 | except ImportError: |
|
281 | 281 | ui.warnnoi18n( |
|
282 | 282 | b'sslkeylog module missing, ' |
|
283 | 283 | b'but SSLKEYLOGFILE set in environment\n' |
|
284 | 284 | ) |
|
285 | 285 | |
|
286 | 286 | for f in (keyfile, certfile): |
|
287 | 287 | if f and not os.path.exists(f): |
|
288 | 288 | raise error.Abort( |
|
289 | 289 | _(b'certificate file (%s) does not exist; cannot connect to %s') |
|
290 | 290 | % (f, pycompat.bytesurl(serverhostname)), |
|
291 | 291 | hint=_( |
|
292 | 292 | b'restore missing file or fix references ' |
|
293 | 293 | b'in Mercurial config' |
|
294 | 294 | ), |
|
295 | 295 | ) |
|
296 | 296 | |
|
297 | 297 | settings = _hostsettings(ui, serverhostname) |
|
298 | 298 | |
|
299 | 299 | # We can't use ssl.create_default_context() because it calls |
|
300 | 300 | # load_default_certs() unless CA arguments are passed to it. We want to |
|
301 | 301 | # have explicit control over CA loading because implicitly loading |
|
302 | 302 | # CAs may undermine the user's intent. For example, a user may define a CA |
|
303 | 303 | # bundle with a specific CA cert removed. If the system/default CA bundle |
|
304 | 304 | # is loaded and contains that removed CA, you've just undone the user's |
|
305 | 305 | # choice. |
|
306 | 306 | # |
|
307 | 307 | # Despite its name, PROTOCOL_SSLv23 selects the highest protocol that both |
|
308 | 308 | # ends support, including TLS protocols. commonssloptions() restricts the |
|
309 | 309 | # set of allowed protocols. |
|
310 | 310 | sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) |
|
311 | 311 | sslcontext.options |= commonssloptions(settings[b'minimumprotocol']) |
|
312 | 312 | sslcontext.verify_mode = settings[b'verifymode'] |
|
313 | 313 | |
|
314 | 314 | if settings[b'ciphers']: |
|
315 | 315 | try: |
|
316 | 316 | sslcontext.set_ciphers(pycompat.sysstr(settings[b'ciphers'])) |
|
317 | 317 | except ssl.SSLError as e: |
|
318 | 318 | raise error.Abort( |
|
319 | 319 | _(b'could not set ciphers: %s') |
|
320 | 320 | % stringutil.forcebytestr(e.args[0]), |
|
321 | 321 | hint=_(b'change cipher string (%s) in config') |
|
322 | 322 | % settings[b'ciphers'], |
|
323 | 323 | ) |
|
324 | 324 | |
|
325 | 325 | if certfile is not None: |
|
326 | 326 | |
|
327 | 327 | def password(): |
|
328 | 328 | f = keyfile or certfile |
|
329 | 329 | return ui.getpass(_(b'passphrase for %s: ') % f, b'') |
|
330 | 330 | |
|
331 | 331 | sslcontext.load_cert_chain(certfile, keyfile, password) |
|
332 | 332 | |
|
333 | 333 | if settings[b'cafile'] is not None: |
|
334 | 334 | try: |
|
335 | 335 | sslcontext.load_verify_locations(cafile=settings[b'cafile']) |
|
336 | 336 | except ssl.SSLError as e: |
|
337 | 337 | if len(e.args) == 1: # pypy has different SSLError args |
|
338 | 338 | msg = e.args[0] |
|
339 | 339 | else: |
|
340 | 340 | msg = e.args[1] |
|
341 | 341 | raise error.Abort( |
|
342 | 342 | _(b'error loading CA file %s: %s') |
|
343 | 343 | % (settings[b'cafile'], stringutil.forcebytestr(msg)), |
|
344 | 344 | hint=_(b'file is empty or malformed?'), |
|
345 | 345 | ) |
|
346 | 346 | caloaded = True |
|
347 | 347 | elif settings[b'allowloaddefaultcerts']: |
|
348 | 348 | # This is a no-op on old Python. |
|
349 | 349 | sslcontext.load_default_certs() |
|
350 | 350 | caloaded = True |
|
351 | 351 | else: |
|
352 | 352 | caloaded = False |
|
353 | 353 | |
|
354 | 354 | try: |
|
355 | 355 | sslsocket = sslcontext.wrap_socket(sock, server_hostname=serverhostname) |
|
356 | 356 | except ssl.SSLError as e: |
|
357 | 357 | # If we're doing certificate verification and no CA certs are loaded, |
|
358 | 358 | # that is almost certainly the reason why verification failed. Provide |
|
359 | 359 | # a hint to the user. |
|
360 | 360 | # The exception handler is here to handle bugs around cert attributes: |
|
361 | 361 | # https://bugs.python.org/issue20916#msg213479. (See issues5313.) |
|
362 | 362 | # When the main 20916 bug occurs, 'sslcontext.get_ca_certs()' is a |
|
363 | 363 | # non-empty list, but the following conditional is otherwise True. |
|
364 | 364 | try: |
|
365 | 365 | if ( |
|
366 | 366 | caloaded |
|
367 | 367 | and settings[b'verifymode'] == ssl.CERT_REQUIRED |
|
368 | 368 | and not sslcontext.get_ca_certs() |
|
369 | 369 | ): |
|
370 | 370 | ui.warn( |
|
371 | 371 | _( |
|
372 | 372 | b'(an attempt was made to load CA certificates but ' |
|
373 | 373 | b'none were loaded; see ' |
|
374 | 374 | b'https://mercurial-scm.org/wiki/SecureConnections ' |
|
375 | 375 | b'for how to configure Mercurial to avoid this ' |
|
376 | 376 | b'error)\n' |
|
377 | 377 | ) |
|
378 | 378 | ) |
|
379 | 379 | except ssl.SSLError: |
|
380 | 380 | pass |
|
381 | 381 | |
|
382 | 382 | # Try to print more helpful error messages for known failures. |
|
383 | 383 | if util.safehasattr(e, b'reason'): |
|
384 | 384 | # This error occurs when the client and server don't share a |
|
385 | 385 | # common/supported SSL/TLS protocol. We've disabled SSLv2 and SSLv3 |
|
386 | 386 | # outright. Hopefully the reason for this error is that we require |
|
387 | 387 | # TLS 1.1+ and the server only supports TLS 1.0. Whatever the |
|
388 | 388 | # reason, try to emit an actionable warning. |
|
389 | 389 | if e.reason == 'UNSUPPORTED_PROTOCOL': |
|
390 | 390 | # We attempted TLS 1.0+. |
|
391 | 391 | if settings[b'minimumprotocol'] == b'tls1.0': |
|
392 | 392 | # We support more than just TLS 1.0+. If this happens, |
|
393 | 393 | # the likely scenario is either the client or the server |
|
394 | 394 | # is really old. (e.g. server doesn't support TLS 1.0+ or |
|
395 | 395 | # client doesn't support modern TLS versions introduced |
|
396 | 396 | # several years from when this comment was written). |
|
397 | 397 | if supportedprotocols != {b'tls1.0'}: |
|
398 | 398 | ui.warn( |
|
399 | 399 | _( |
|
400 | 400 | b'(could not communicate with %s using security ' |
|
401 | 401 | b'protocols %s; if you are using a modern Mercurial ' |
|
402 | 402 | b'version, consider contacting the operator of this ' |
|
403 | 403 | b'server; see ' |
|
404 | 404 | b'https://mercurial-scm.org/wiki/SecureConnections ' |
|
405 | 405 | b'for more info)\n' |
|
406 | 406 | ) |
|
407 | 407 | % ( |
|
408 | 408 | pycompat.bytesurl(serverhostname), |
|
409 | 409 | b', '.join(sorted(supportedprotocols)), |
|
410 | 410 | ) |
|
411 | 411 | ) |
|
412 | 412 | else: |
|
413 | 413 | ui.warn( |
|
414 | 414 | _( |
|
415 | 415 | b'(could not communicate with %s using TLS 1.0; the ' |
|
416 | 416 | b'likely cause of this is the server no longer ' |
|
417 | 417 | b'supports TLS 1.0 because it has known security ' |
|
418 | 418 | b'vulnerabilities; see ' |
|
419 | 419 | b'https://mercurial-scm.org/wiki/SecureConnections ' |
|
420 | 420 | b'for more info)\n' |
|
421 | 421 | ) |
|
422 | 422 | % pycompat.bytesurl(serverhostname) |
|
423 | 423 | ) |
|
424 | 424 | else: |
|
425 | 425 | # We attempted TLS 1.1+. We can only get here if the client |
|
426 | 426 | # supports the configured protocol. So the likely reason is |
|
427 | 427 | # the client wants better security than the server can |
|
428 | 428 | # offer. |
|
429 | 429 | ui.warn( |
|
430 | 430 | _( |
|
431 | 431 | b'(could not negotiate a common security protocol (%s+) ' |
|
432 | 432 | b'with %s; the likely cause is Mercurial is configured ' |
|
433 | 433 | b'to be more secure than the server can support)\n' |
|
434 | 434 | ) |
|
435 | 435 | % ( |
|
436 | 436 | settings[b'minimumprotocol'], |
|
437 | 437 | pycompat.bytesurl(serverhostname), |
|
438 | 438 | ) |
|
439 | 439 | ) |
|
440 | 440 | ui.warn( |
|
441 | 441 | _( |
|
442 | 442 | b'(consider contacting the operator of this ' |
|
443 | 443 | b'server and ask them to support modern TLS ' |
|
444 | 444 | b'protocol versions; or, set ' |
|
445 | 445 | b'hostsecurity.%s:minimumprotocol=tls1.0 to allow ' |
|
446 | 446 | b'use of legacy, less secure protocols when ' |
|
447 | 447 | b'communicating with this server)\n' |
|
448 | 448 | ) |
|
449 | 449 | % pycompat.bytesurl(serverhostname) |
|
450 | 450 | ) |
|
451 | 451 | ui.warn( |
|
452 | 452 | _( |
|
453 | 453 | b'(see https://mercurial-scm.org/wiki/SecureConnections ' |
|
454 | 454 | b'for more info)\n' |
|
455 | 455 | ) |
|
456 | 456 | ) |
|
457 | 457 | |
|
458 | 458 | elif e.reason == 'CERTIFICATE_VERIFY_FAILED' and pycompat.iswindows: |
|
459 | 459 | |
|
460 | 460 | ui.warn( |
|
461 | 461 | _( |
|
462 | 462 | b'(the full certificate chain may not be available ' |
|
463 | 463 | b'locally; see "hg help debugssl")\n' |
|
464 | 464 | ) |
|
465 | 465 | ) |
|
466 | 466 | raise |
|
467 | 467 | |
|
468 | 468 | # check if wrap_socket failed silently because socket had been |
|
469 | 469 | # closed |
|
470 | 470 | # - see http://bugs.python.org/issue13721 |
|
471 | 471 | if not sslsocket.cipher(): |
|
472 | 472 | raise error.SecurityError(_(b'ssl connection failed')) |
|
473 | 473 | |
|
474 | 474 | sslsocket._hgstate = { |
|
475 | 475 | b'caloaded': caloaded, |
|
476 | 476 | b'hostname': serverhostname, |
|
477 | 477 | b'settings': settings, |
|
478 | 478 | b'ui': ui, |
|
479 | 479 | } |
|
480 | 480 | |
|
481 | 481 | return sslsocket |
|
482 | 482 | |
|
483 | 483 | |
|
484 | 484 | def wrapserversocket( |
|
485 | 485 | sock, ui, certfile=None, keyfile=None, cafile=None, requireclientcert=False |
|
486 | 486 | ): |
|
487 | 487 | """Wrap a socket for use by servers. |
|
488 | 488 | |
|
489 | 489 | ``certfile`` and ``keyfile`` specify the files containing the certificate's |
|
490 | 490 | public and private keys, respectively. Both keys can be defined in the same |
|
491 | 491 | file via ``certfile`` (the private key must come first in the file). |
|
492 | 492 | |
|
493 | 493 | ``cafile`` defines the path to certificate authorities. |
|
494 | 494 | |
|
495 | 495 | ``requireclientcert`` specifies whether to require client certificates. |
|
496 | 496 | |
|
497 | 497 | Typically ``cafile`` is only defined if ``requireclientcert`` is true. |
|
498 | 498 | """ |
|
499 | 499 | # This function is not used much by core Mercurial, so the error messaging |
|
500 | 500 | # doesn't have to be as detailed as for wrapsocket(). |
|
501 | 501 | for f in (certfile, keyfile, cafile): |
|
502 | 502 | if f and not os.path.exists(f): |
|
503 | 503 | raise error.Abort( |
|
504 | 504 | _(b'referenced certificate file (%s) does not exist') % f |
|
505 | 505 | ) |
|
506 | 506 | |
|
507 | 507 | # Despite its name, PROTOCOL_SSLv23 selects the highest protocol that both |
|
508 | 508 | # ends support, including TLS protocols. commonssloptions() restricts the |
|
509 | 509 | # set of allowed protocols. |
|
510 | 510 | protocol = ssl.PROTOCOL_SSLv23 |
|
511 | 511 | options = commonssloptions(b'tls1.0') |
|
512 | 512 | |
|
513 | 513 | # This config option is intended for use in tests only. It is a giant |
|
514 | 514 | # footgun to kill security. Don't define it. |
|
515 | 515 | exactprotocol = ui.config(b'devel', b'serverexactprotocol') |
|
516 | 516 | if exactprotocol == b'tls1.0': |
|
517 | 517 | if b'tls1.0' not in supportedprotocols: |
|
518 | 518 | raise error.Abort(_(b'TLS 1.0 not supported by this Python')) |
|
519 | 519 | protocol = ssl.PROTOCOL_TLSv1 |
|
520 | 520 | elif exactprotocol == b'tls1.1': |
|
521 | 521 | if b'tls1.1' not in supportedprotocols: |
|
522 | 522 | raise error.Abort(_(b'TLS 1.1 not supported by this Python')) |
|
523 | 523 | protocol = ssl.PROTOCOL_TLSv1_1 |
|
524 | 524 | elif exactprotocol == b'tls1.2': |
|
525 | 525 | if b'tls1.2' not in supportedprotocols: |
|
526 | 526 | raise error.Abort(_(b'TLS 1.2 not supported by this Python')) |
|
527 | 527 | protocol = ssl.PROTOCOL_TLSv1_2 |
|
528 | 528 | elif exactprotocol: |
|
529 | 529 | raise error.Abort( |
|
530 | 530 | _(b'invalid value for serverexactprotocol: %s') % exactprotocol |
|
531 | 531 | ) |
|
532 | 532 | |
|
533 | 533 | # We /could/ use create_default_context() here since it doesn't load |
|
534 | 534 | # CAs when configured for client auth. However, it is hard-coded to |
|
535 | 535 | # use ssl.PROTOCOL_SSLv23 which may not be appropriate here. |
|
536 | 536 | sslcontext = ssl.SSLContext(protocol) |
|
537 | 537 | sslcontext.options |= options |
|
538 | 538 | |
|
539 | 539 | # Improve forward secrecy. |
|
540 | 540 | sslcontext.options |= getattr(ssl, 'OP_SINGLE_DH_USE', 0) |
|
541 | 541 | sslcontext.options |= getattr(ssl, 'OP_SINGLE_ECDH_USE', 0) |
|
542 | 542 | |
|
543 | 543 | # Use the list of more secure ciphers if found in the ssl module. |
|
544 | 544 | if util.safehasattr(ssl, b'_RESTRICTED_SERVER_CIPHERS'): |
|
545 | 545 | sslcontext.options |= getattr(ssl, 'OP_CIPHER_SERVER_PREFERENCE', 0) |
|
546 | # pytype: disable=module-attr | |
|
546 | 547 | sslcontext.set_ciphers(ssl._RESTRICTED_SERVER_CIPHERS) |
|
548 | # pytype: enable=module-attr | |
|
547 | 549 | |
|
548 | 550 | if requireclientcert: |
|
549 | 551 | sslcontext.verify_mode = ssl.CERT_REQUIRED |
|
550 | 552 | else: |
|
551 | 553 | sslcontext.verify_mode = ssl.CERT_NONE |
|
552 | 554 | |
|
553 | 555 | if certfile or keyfile: |
|
554 | 556 | sslcontext.load_cert_chain(certfile=certfile, keyfile=keyfile) |
|
555 | 557 | |
|
556 | 558 | if cafile: |
|
557 | 559 | sslcontext.load_verify_locations(cafile=cafile) |
|
558 | 560 | |
|
559 | 561 | return sslcontext.wrap_socket(sock, server_side=True) |
|
560 | 562 | |
|
561 | 563 | |
|
562 | 564 | class wildcarderror(Exception): |
|
563 | 565 | """Represents an error parsing wildcards in DNS name.""" |
|
564 | 566 | |
|
565 | 567 | |
|
566 | 568 | def _dnsnamematch(dn, hostname, maxwildcards=1): |
|
567 | 569 | """Match DNS names according RFC 6125 section 6.4.3. |
|
568 | 570 | |
|
569 | 571 | This code is effectively copied from CPython's ssl._dnsname_match. |
|
570 | 572 | |
|
571 | 573 | Returns a bool indicating whether the expected hostname matches |
|
572 | 574 | the value in ``dn``. |
|
573 | 575 | """ |
|
574 | 576 | pats = [] |
|
575 | 577 | if not dn: |
|
576 | 578 | return False |
|
577 | 579 | dn = pycompat.bytesurl(dn) |
|
578 | 580 | hostname = pycompat.bytesurl(hostname) |
|
579 | 581 | |
|
580 | 582 | pieces = dn.split(b'.') |
|
581 | 583 | leftmost = pieces[0] |
|
582 | 584 | remainder = pieces[1:] |
|
583 | 585 | wildcards = leftmost.count(b'*') |
|
584 | 586 | if wildcards > maxwildcards: |
|
585 | 587 | raise wildcarderror( |
|
586 | 588 | _(b'too many wildcards in certificate DNS name: %s') % dn |
|
587 | 589 | ) |
|
588 | 590 | |
|
589 | 591 | # speed up common case w/o wildcards |
|
590 | 592 | if not wildcards: |
|
591 | 593 | return dn.lower() == hostname.lower() |
|
592 | 594 | |
|
593 | 595 | # RFC 6125, section 6.4.3, subitem 1. |
|
594 | 596 | # The client SHOULD NOT attempt to match a presented identifier in which |
|
595 | 597 | # the wildcard character comprises a label other than the left-most label. |
|
596 | 598 | if leftmost == b'*': |
|
597 | 599 | # When '*' is a fragment by itself, it matches a non-empty dotless |
|
598 | 600 | # fragment. |
|
599 | 601 | pats.append(b'[^.]+') |
|
600 | 602 | elif leftmost.startswith(b'xn--') or hostname.startswith(b'xn--'): |
|
601 | 603 | # RFC 6125, section 6.4.3, subitem 3. |
|
602 | 604 | # The client SHOULD NOT attempt to match a presented identifier |
|
603 | 605 | # where the wildcard character is embedded within an A-label or |
|
604 | 606 | # U-label of an internationalized domain name. |
|
605 | 607 | pats.append(stringutil.reescape(leftmost)) |
|
606 | 608 | else: |
|
607 | 609 | # Otherwise, '*' matches any dotless string, e.g. www* |
|
608 | 610 | pats.append(stringutil.reescape(leftmost).replace(br'\*', b'[^.]*')) |
|
609 | 611 | |
|
610 | 612 | # add the remaining fragments, ignore any wildcards |
|
611 | 613 | for frag in remainder: |
|
612 | 614 | pats.append(stringutil.reescape(frag)) |
|
613 | 615 | |
|
614 | 616 | pat = re.compile(br'\A' + br'\.'.join(pats) + br'\Z', re.IGNORECASE) |
|
615 | 617 | return pat.match(hostname) is not None |
|
616 | 618 | |
|
617 | 619 | |
|
618 | 620 | def _verifycert(cert, hostname): |
|
619 | 621 | """Verify that cert (in socket.getpeercert() format) matches hostname. |
|
620 | 622 | CRLs is not handled. |
|
621 | 623 | |
|
622 | 624 | Returns error message if any problems are found and None on success. |
|
623 | 625 | """ |
|
624 | 626 | if not cert: |
|
625 | 627 | return _(b'no certificate received') |
|
626 | 628 | |
|
627 | 629 | dnsnames = [] |
|
628 | 630 | san = cert.get('subjectAltName', []) |
|
629 | 631 | for key, value in san: |
|
630 | 632 | if key == 'DNS': |
|
631 | 633 | try: |
|
632 | 634 | if _dnsnamematch(value, hostname): |
|
633 | 635 | return |
|
634 | 636 | except wildcarderror as e: |
|
635 | 637 | return stringutil.forcebytestr(e.args[0]) |
|
636 | 638 | |
|
637 | 639 | dnsnames.append(value) |
|
638 | 640 | |
|
639 | 641 | if not dnsnames: |
|
640 | 642 | # The subject is only checked when there is no DNS in subjectAltName. |
|
641 | 643 | for sub in cert.get('subject', []): |
|
642 | 644 | for key, value in sub: |
|
643 | 645 | # According to RFC 2818 the most specific Common Name must |
|
644 | 646 | # be used. |
|
645 | 647 | if key == 'commonName': |
|
646 | 648 | # 'subject' entries are unicode. |
|
647 | 649 | try: |
|
648 | 650 | value = value.encode('ascii') |
|
649 | 651 | except UnicodeEncodeError: |
|
650 | 652 | return _(b'IDN in certificate not supported') |
|
651 | 653 | |
|
652 | 654 | try: |
|
653 | 655 | if _dnsnamematch(value, hostname): |
|
654 | 656 | return |
|
655 | 657 | except wildcarderror as e: |
|
656 | 658 | return stringutil.forcebytestr(e.args[0]) |
|
657 | 659 | |
|
658 | 660 | dnsnames.append(value) |
|
659 | 661 | |
|
660 | 662 | dnsnames = [pycompat.bytesurl(d) for d in dnsnames] |
|
661 | 663 | if len(dnsnames) > 1: |
|
662 | 664 | return _(b'certificate is for %s') % b', '.join(dnsnames) |
|
663 | 665 | elif len(dnsnames) == 1: |
|
664 | 666 | return _(b'certificate is for %s') % dnsnames[0] |
|
665 | 667 | else: |
|
666 | 668 | return _(b'no commonName or subjectAltName found in certificate') |
|
667 | 669 | |
|
668 | 670 | |
|
669 | 671 | def _plainapplepython(): |
|
670 | 672 | """return true if this seems to be a pure Apple Python that |
|
671 | 673 | * is unfrozen and presumably has the whole mercurial module in the file |
|
672 | 674 | system |
|
673 | 675 | * presumably is an Apple Python that uses Apple OpenSSL which has patches |
|
674 | 676 | for using system certificate store CAs in addition to the provided |
|
675 | 677 | cacerts file |
|
676 | 678 | """ |
|
677 | 679 | if ( |
|
678 | 680 | not pycompat.isdarwin |
|
679 | 681 | or resourceutil.mainfrozen() |
|
680 | 682 | or not pycompat.sysexecutable |
|
681 | 683 | ): |
|
682 | 684 | return False |
|
683 | 685 | exe = os.path.realpath(pycompat.sysexecutable).lower() |
|
684 | 686 | return exe.startswith(b'/usr/bin/python') or exe.startswith( |
|
685 | 687 | b'/system/library/frameworks/python.framework/' |
|
686 | 688 | ) |
|
687 | 689 | |
|
688 | 690 | |
|
689 | 691 | def _defaultcacerts(ui): |
|
690 | 692 | """return path to default CA certificates or None. |
|
691 | 693 | |
|
692 | 694 | It is assumed this function is called when the returned certificates |
|
693 | 695 | file will actually be used to validate connections. Therefore this |
|
694 | 696 | function may print warnings or debug messages assuming this usage. |
|
695 | 697 | |
|
696 | 698 | We don't print a message when the Python is able to load default |
|
697 | 699 | CA certs because this scenario is detected at socket connect time. |
|
698 | 700 | """ |
|
699 | 701 | # The "certifi" Python package provides certificates. If it is installed |
|
700 | 702 | # and usable, assume the user intends it to be used and use it. |
|
701 | 703 | try: |
|
702 | 704 | import certifi |
|
703 | 705 | |
|
704 | 706 | certs = certifi.where() |
|
705 | 707 | if os.path.exists(certs): |
|
706 | 708 | ui.debug(b'using ca certificates from certifi\n') |
|
707 | 709 | return pycompat.fsencode(certs) |
|
708 | 710 | except (ImportError, AttributeError): |
|
709 | 711 | pass |
|
710 | 712 | |
|
711 | 713 | # Apple's OpenSSL has patches that allow a specially constructed certificate |
|
712 | 714 | # to load the system CA store. If we're running on Apple Python, use this |
|
713 | 715 | # trick. |
|
714 | 716 | if _plainapplepython(): |
|
715 | 717 | dummycert = os.path.join( |
|
716 | 718 | os.path.dirname(pycompat.fsencode(__file__)), b'dummycert.pem' |
|
717 | 719 | ) |
|
718 | 720 | if os.path.exists(dummycert): |
|
719 | 721 | return dummycert |
|
720 | 722 | |
|
721 | 723 | return None |
|
722 | 724 | |
|
723 | 725 | |
|
724 | 726 | def validatesocket(sock): |
|
725 | 727 | """Validate a socket meets security requirements. |
|
726 | 728 | |
|
727 | 729 | The passed socket must have been created with ``wrapsocket()``. |
|
728 | 730 | """ |
|
729 | 731 | shost = sock._hgstate[b'hostname'] |
|
730 | 732 | host = pycompat.bytesurl(shost) |
|
731 | 733 | ui = sock._hgstate[b'ui'] |
|
732 | 734 | settings = sock._hgstate[b'settings'] |
|
733 | 735 | |
|
734 | 736 | try: |
|
735 | 737 | peercert = sock.getpeercert(True) |
|
736 | 738 | peercert2 = sock.getpeercert() |
|
737 | 739 | except AttributeError: |
|
738 | 740 | raise error.SecurityError(_(b'%s ssl connection error') % host) |
|
739 | 741 | |
|
740 | 742 | if not peercert: |
|
741 | 743 | raise error.SecurityError( |
|
742 | 744 | _(b'%s certificate error: no certificate received') % host |
|
743 | 745 | ) |
|
744 | 746 | |
|
745 | 747 | if settings[b'disablecertverification']: |
|
746 | 748 | # We don't print the certificate fingerprint because it shouldn't |
|
747 | 749 | # be necessary: if the user requested certificate verification be |
|
748 | 750 | # disabled, they presumably already saw a message about the inability |
|
749 | 751 | # to verify the certificate and this message would have printed the |
|
750 | 752 | # fingerprint. So printing the fingerprint here adds little to no |
|
751 | 753 | # value. |
|
752 | 754 | ui.warn( |
|
753 | 755 | _( |
|
754 | 756 | b'warning: connection security to %s is disabled per current ' |
|
755 | 757 | b'settings; communication is susceptible to eavesdropping ' |
|
756 | 758 | b'and tampering\n' |
|
757 | 759 | ) |
|
758 | 760 | % host |
|
759 | 761 | ) |
|
760 | 762 | return |
|
761 | 763 | |
|
762 | 764 | # If a certificate fingerprint is pinned, use it and only it to |
|
763 | 765 | # validate the remote cert. |
|
764 | 766 | peerfingerprints = { |
|
765 | 767 | b'sha1': hex(hashutil.sha1(peercert).digest()), |
|
766 | 768 | b'sha256': hex(hashlib.sha256(peercert).digest()), |
|
767 | 769 | b'sha512': hex(hashlib.sha512(peercert).digest()), |
|
768 | 770 | } |
|
769 | 771 | |
|
770 | 772 | def fmtfingerprint(s): |
|
771 | 773 | return b':'.join([s[x : x + 2] for x in range(0, len(s), 2)]) |
|
772 | 774 | |
|
773 | 775 | nicefingerprint = b'sha256:%s' % fmtfingerprint(peerfingerprints[b'sha256']) |
|
774 | 776 | |
|
775 | 777 | if settings[b'certfingerprints']: |
|
776 | 778 | for hash, fingerprint in settings[b'certfingerprints']: |
|
777 | 779 | if peerfingerprints[hash].lower() == fingerprint: |
|
778 | 780 | ui.debug( |
|
779 | 781 | b'%s certificate matched fingerprint %s:%s\n' |
|
780 | 782 | % (host, hash, fmtfingerprint(fingerprint)) |
|
781 | 783 | ) |
|
782 | 784 | if settings[b'legacyfingerprint']: |
|
783 | 785 | ui.warn( |
|
784 | 786 | _( |
|
785 | 787 | b'(SHA-1 fingerprint for %s found in legacy ' |
|
786 | 788 | b'[hostfingerprints] section; ' |
|
787 | 789 | b'if you trust this fingerprint, remove the old ' |
|
788 | 790 | b'SHA-1 fingerprint from [hostfingerprints] and ' |
|
789 | 791 | b'add the following entry to the new ' |
|
790 | 792 | b'[hostsecurity] section: %s:fingerprints=%s)\n' |
|
791 | 793 | ) |
|
792 | 794 | % (host, host, nicefingerprint) |
|
793 | 795 | ) |
|
794 | 796 | return |
|
795 | 797 | |
|
796 | 798 | # Pinned fingerprint didn't match. This is a fatal error. |
|
797 | 799 | if settings[b'legacyfingerprint']: |
|
798 | 800 | section = b'hostfingerprint' |
|
799 | 801 | nice = fmtfingerprint(peerfingerprints[b'sha1']) |
|
800 | 802 | else: |
|
801 | 803 | section = b'hostsecurity' |
|
802 | 804 | nice = b'%s:%s' % (hash, fmtfingerprint(peerfingerprints[hash])) |
|
803 | 805 | raise error.SecurityError( |
|
804 | 806 | _(b'certificate for %s has unexpected fingerprint %s') |
|
805 | 807 | % (host, nice), |
|
806 | 808 | hint=_(b'check %s configuration') % section, |
|
807 | 809 | ) |
|
808 | 810 | |
|
809 | 811 | # Security is enabled but no CAs are loaded. We can't establish trust |
|
810 | 812 | # for the cert so abort. |
|
811 | 813 | if not sock._hgstate[b'caloaded']: |
|
812 | 814 | raise error.SecurityError( |
|
813 | 815 | _( |
|
814 | 816 | b'unable to verify security of %s (no loaded CA certificates); ' |
|
815 | 817 | b'refusing to connect' |
|
816 | 818 | ) |
|
817 | 819 | % host, |
|
818 | 820 | hint=_( |
|
819 | 821 | b'see https://mercurial-scm.org/wiki/SecureConnections for ' |
|
820 | 822 | b'how to configure Mercurial to avoid this error or set ' |
|
821 | 823 | b'hostsecurity.%s:fingerprints=%s to trust this server' |
|
822 | 824 | ) |
|
823 | 825 | % (host, nicefingerprint), |
|
824 | 826 | ) |
|
825 | 827 | |
|
826 | 828 | msg = _verifycert(peercert2, shost) |
|
827 | 829 | if msg: |
|
828 | 830 | raise error.SecurityError( |
|
829 | 831 | _(b'%s certificate error: %s') % (host, msg), |
|
830 | 832 | hint=_( |
|
831 | 833 | b'set hostsecurity.%s:certfingerprints=%s ' |
|
832 | 834 | b'config setting or use --insecure to connect ' |
|
833 | 835 | b'insecurely' |
|
834 | 836 | ) |
|
835 | 837 | % (host, nicefingerprint), |
|
836 | 838 | ) |
General Comments 0
You need to be logged in to leave comments.
Login now