upstream/mercurial-mirror Commit - r36828:886fba19

hgweb: only recognize wire protocol commands from query string (BC)...

Gregory Szorc -

r36828:886fba19 default

parent child

mercurial/hgweb/hgweb_mod.py

0 +1 -1

             # hgweb/hgweb_mod.py - Web interface for a repository.
             #
             # Copyright 21 May 2005 - (c) 2005 Jake Edge <jake@edge2.net>
             # Copyright 2005-2007 Matt Mackall <mpm@selenic.com>
             #
             # This software may be used and distributed according to the terms of the
             # GNU General Public License version 2 or any later version.
             from __future__ import absolute_import
             import contextlib
             import os
             from .common import (
                 ErrorResponse,
                 HTTP_BAD_REQUEST,
                 HTTP_NOT_FOUND,
                 HTTP_NOT_MODIFIED,
                 HTTP_OK,
                 HTTP_SERVER_ERROR,
                 caching,
                 cspvalues,
                 permhooks,
             )
             from .. import (
                 encoding,
                 error,
                 formatter,
                 hg,
                 hook,
                 profiling,
                 pycompat,
                 repoview,
                 templatefilters,
                 templater,
                 ui as uimod,
                 util,
                 wireprotoserver,
             )
             from . import (
                 request as requestmod,
                 webcommands,
                 webutil,
                 wsgicgi,
             )
             archivespecs = util.sortdict((
                 ('zip', ('application/zip', 'zip', '.zip', None)),
                 ('gz', ('application/x-gzip', 'tgz', '.tar.gz', None)),
                 ('bz2', ('application/x-bzip2', 'tbz2', '.tar.bz2', None)),
             ))
             def getstyle(req, configfn, templatepath):
                 fromreq = req.form.get('style', [None])[0]
                 styles = (
                     fromreq,
                     configfn('web', 'style'),
                     'paper',
                 )
                 return styles, templater.stylemap(styles, templatepath)
             def makebreadcrumb(url, prefix=''):
                 '''Return a 'URL breadcrumb' list
                 A 'URL breadcrumb' is a list of URL-name pairs,
                 corresponding to each of the path items on a URL.
                 This can be used to create path navigation entries.
                 '''
                 if url.endswith('/'):
                     url = url[:-1]
                 if prefix:
                     url = '/' + prefix + url
                 relpath = url
                 if relpath.startswith('/'):
                     relpath = relpath[1:]
                 breadcrumb = []
                 urlel = url
                 pathitems = [''] + relpath.split('/')
                 for pathel in reversed(pathitems):
                     if not pathel or not urlel:
                         break
                     breadcrumb.append({'url': urlel, 'name': pathel})
                     urlel = os.path.dirname(urlel)
                 return reversed(breadcrumb)
             class requestcontext(object):
                 """Holds state/context for an individual request.
                 Servers can be multi-threaded. Holding state on the WSGI application
                 is prone to race conditions. Instances of this class exist to hold
                 mutable and race-free state for requests.
                 """
                 def __init__(self, app, repo):
                     self.repo = repo
                     self.reponame = app.reponame
                     self.archivespecs = archivespecs
                     self.maxchanges = self.configint('web', 'maxchanges')
                     self.stripecount = self.configint('web', 'stripes')
                     self.maxshortchanges = self.configint('web', 'maxshortchanges')
                     self.maxfiles = self.configint('web', 'maxfiles')
                     self.allowpull = self.configbool('web', 'allow-pull')
                     # we use untrusted=False to prevent a repo owner from using
                     # web.templates in .hg/hgrc to get access to any file readable
                     # by the user running the CGI script
                     self.templatepath = self.config('web', 'templates', untrusted=False)
                     # This object is more expensive to build than simple config values.
                     # It is shared across requests. The app will replace the object
                     # if it is updated. Since this is a reference and nothing should
                     # modify the underlying object, it should be constant for the lifetime
                     # of the request.
                     self.websubtable = app.websubtable
                     self.csp, self.nonce = cspvalues(self.repo.ui)
                 # Trust the settings from the .hg/hgrc files by default.
                 def config(self, section, name, default=uimod._unset, untrusted=True):
                     return self.repo.ui.config(section, name, default,
                                                untrusted=untrusted)
                 def configbool(self, section, name, default=uimod._unset, untrusted=True):
                     return self.repo.ui.configbool(section, name, default,
                                                    untrusted=untrusted)
                 def configint(self, section, name, default=uimod._unset, untrusted=True):
                     return self.repo.ui.configint(section, name, default,
                                                   untrusted=untrusted)
                 def configlist(self, section, name, default=uimod._unset, untrusted=True):
                     return self.repo.ui.configlist(section, name, default,
                                                    untrusted=untrusted)
                 def archivelist(self, nodeid):
                     allowed = self.configlist('web', 'allow_archive')
                     for typ, spec in self.archivespecs.iteritems():
                         if typ in allowed or self.configbool('web', 'allow%s' % typ):
                             yield {'type': typ, 'extension': spec[2], 'node': nodeid}
                 def templater(self, wsgireq, req):
                     # determine scheme, port and server name
                     # this is needed to create absolute urls
                     logourl = self.config('web', 'logourl')
                     logoimg = self.config('web', 'logoimg')
                     staticurl = (self.config('web', 'staticurl')
                                  or req.apppath + '/static/')
                     if not staticurl.endswith('/'):
                         staticurl += '/'
                     # some functions for the templater
                     def motd(**map):
                         yield self.config('web', 'motd')
                     # figure out which style to use
                     vars = {}
                     styles, (style, mapfile) = getstyle(wsgireq, self.config,
                                                         self.templatepath)
                     if style == styles[0]:
                         vars['style'] = style
                     sessionvars = webutil.sessionvars(vars, '?')
                     if not self.reponame:
                         self.reponame = (self.config('web', 'name', '')
                                          or wsgireq.env.get('REPO_NAME')
                                          or req.apppath or self.repo.root)
                     def websubfilter(text):
                         return templatefilters.websub(text, self.websubtable)
                     # create the templater
                     # TODO: export all keywords: defaults = templatekw.keywords.copy()
                     defaults = {
                         'url': req.apppath + '/',
                         'logourl': logourl,
                         'logoimg': logoimg,
                         'staticurl': staticurl,
                         'urlbase': req.advertisedbaseurl,
                         'repo': self.reponame,
                         'encoding': encoding.encoding,
                         'motd': motd,
                         'sessionvars': sessionvars,
                         'pathdef': makebreadcrumb(req.apppath),
                         'style': style,
                         'nonce': self.nonce,
                     }
                     tres = formatter.templateresources(self.repo.ui, self.repo)
                     tmpl = templater.templater.frommapfile(mapfile,
                                                            filters={'websub': websubfilter},
                                                            defaults=defaults,
                                                            resources=tres)
                     return tmpl
             class hgweb(object):
                 """HTTP server for individual repositories.
                 Instances of this class serve HTTP responses for a particular
                 repository.
                 Instances are typically used as WSGI applications.
                 Some servers are multi-threaded. On these servers, there may
                 be multiple active threads inside __call__.
                 """
                 def __init__(self, repo, name=None, baseui=None):
                     if isinstance(repo, str):
                         if baseui:
                             u = baseui.copy()
                         else:
                             u = uimod.ui.load()
                         r = hg.repository(u, repo)
                     else:
                         # we trust caller to give us a private copy
                         r = repo
                     r.ui.setconfig('ui', 'report_untrusted', 'off', 'hgweb')
                     r.baseui.setconfig('ui', 'report_untrusted', 'off', 'hgweb')
                     r.ui.setconfig('ui', 'nontty', 'true', 'hgweb')
                     r.baseui.setconfig('ui', 'nontty', 'true', 'hgweb')
                     # resolve file patterns relative to repo root
                     r.ui.setconfig('ui', 'forcecwd', r.root, 'hgweb')
                     r.baseui.setconfig('ui', 'forcecwd', r.root, 'hgweb')
                     # displaying bundling progress bar while serving feel wrong and may
                     # break some wsgi implementation.
                     r.ui.setconfig('progress', 'disable', 'true', 'hgweb')
                     r.baseui.setconfig('progress', 'disable', 'true', 'hgweb')
                     self._repos = [hg.cachedlocalrepo(self._webifyrepo(r))]
                     self._lastrepo = self._repos[0]
                     hook.redirect(True)
                     self.reponame = name
                 def _webifyrepo(self, repo):
                     repo = getwebview(repo)
                     self.websubtable = webutil.getwebsubs(repo)
                     return repo
                 @contextlib.contextmanager
                 def _obtainrepo(self):
                     """Obtain a repo unique to the caller.
                     Internally we maintain a stack of cachedlocalrepo instances
                     to be handed out. If one is available, we pop it and return it,
                     ensuring it is up to date in the process. If one is not available,
                     we clone the most recently used repo instance and return it.
                     It is currently possible for the stack to grow without bounds
                     if the server allows infinite threads. However, servers should
                     have a thread limit, thus establishing our limit.
                     """
                     if self._repos:
                         cached = self._repos.pop()
                         r, created = cached.fetch()
                     else:
                         cached = self._lastrepo.copy()
                         r, created = cached.fetch()
                     if created:
                         r = self._webifyrepo(r)
                     self._lastrepo = cached
                     self.mtime = cached.mtime
                     try:
                         yield r
                     finally:
                         self._repos.append(cached)
                 def run(self):
                     """Start a server from CGI environment.
                     Modern servers should be using WSGI and should avoid this
                     method, if possible.
                     """
                     if not encoding.environ.get('GATEWAY_INTERFACE',
                                                 '').startswith("CGI/1."):
                         raise RuntimeError("This function is only intended to be "
                                            "called while running as a CGI script.")
                     wsgicgi.launch(self)
                 def __call__(self, env, respond):
                     """Run the WSGI application.
                     This may be called by multiple threads.
                     """
                     req = requestmod.wsgirequest(env, respond)
                     return self.run_wsgi(req)
                 def run_wsgi(self, wsgireq):
                     """Internal method to run the WSGI application.
                     This is typically only called by Mercurial. External consumers
                     should be using instances of this class as the WSGI application.
                     """
                     with self._obtainrepo() as repo:
                         profile = repo.ui.configbool('profiling', 'enabled')
                         with profiling.profile(repo.ui, enabled=profile):
                             for r in self._runwsgi(wsgireq, repo):
                                 yield r
                 def _runwsgi(self, wsgireq, repo):
                     req = requestmod.parserequestfromenv(wsgireq.env)
                     rctx = requestcontext(self, repo)
                     # This state is global across all threads.
                     encoding.encoding = rctx.config('web', 'encoding')
                     rctx.repo.ui.environ = wsgireq.env
                     if rctx.csp:
                         # hgwebdir may have added CSP header. Since we generate our own,
                         # replace it.
                         wsgireq.headers = [h for h in wsgireq.headers
                                            if h[0] != 'Content-Security-Policy']
                         wsgireq.headers.append(('Content-Security-Policy', rctx.csp))
                     if r'PATH_INFO' in wsgireq.env:
                         parts = wsgireq.env[r'PATH_INFO'].strip(r'/').split(r'/')
                         repo_parts = wsgireq.env.get(r'REPO_NAME', r'').split(r'/')
                         if parts[:len(repo_parts)] == repo_parts:
                             parts = parts[len(repo_parts):]
                         query = r'/'.join(parts)
                     else:
                         query = wsgireq.env[r'QUERY_STRING'].partition(r'&')[0]
                         query = query.partition(r';')[0]
                     # Route it to a wire protocol handler if it looks like a wire protocol
                     # request.
-                    protohandler = wireprotoserver.parsehttprequest(rctx, wsgireq, query,
+                    protohandler = wireprotoserver.parsehttprequest(rctx, wsgireq, req,
                                                                     self.check_perm)
                     if protohandler:
                         try:
                             if query:
                                 raise ErrorResponse(HTTP_NOT_FOUND)
                             return protohandler['dispatch']()
                         except ErrorResponse as inst:
                             return protohandler['handleerror'](inst)
                     # translate user-visible url structure to internal structure
                     args = query.split(r'/', 2)
                     if 'cmd' not in wsgireq.form and args and args[0]:
                         cmd = args.pop(0)
                         style = cmd.rfind('-')
                         if style != -1:
                             wsgireq.form['style'] = [cmd[:style]]
                             cmd = cmd[style + 1:]
                         # avoid accepting e.g. style parameter as command
                         if util.safehasattr(webcommands, cmd):
                             wsgireq.form['cmd'] = [cmd]
                         if cmd == 'static':
                             wsgireq.form['file'] = ['/'.join(args)]
                         else:
                             if args and args[0]:
                                 node = args.pop(0).replace('%2F', '/')
                                 wsgireq.form['node'] = [node]
                             if args:
                                 wsgireq.form['file'] = args
                         ua = wsgireq.env.get('HTTP_USER_AGENT', '')
                         if cmd == 'rev' and 'mercurial' in ua:
                             wsgireq.form['style'] = ['raw']
                         if cmd == 'archive':
                             fn = wsgireq.form['node'][0]
                             for type_, spec in rctx.archivespecs.iteritems():
                                 ext = spec[2]
                                 if fn.endswith(ext):
                                     wsgireq.form['node'] = [fn[:-len(ext)]]
                                     wsgireq.form['type'] = [type_]
                     else:
                         cmd = wsgireq.form.get('cmd', [''])[0]
                     # process the web interface request
                     try:
                         tmpl = rctx.templater(wsgireq, req)
                         ctype = tmpl('mimetype', encoding=encoding.encoding)
                         ctype = templater.stringify(ctype)
                         # check read permissions non-static content
                         if cmd != 'static':
                             self.check_perm(rctx, wsgireq, None)
                         if cmd == '':
                             wsgireq.form['cmd'] = [tmpl.cache['default']]
                             cmd = wsgireq.form['cmd'][0]
                         # Don't enable caching if using a CSP nonce because then it wouldn't
                         # be a nonce.
                         if rctx.configbool('web', 'cache') and not rctx.nonce:
                             caching(self, wsgireq) # sets ETag header or raises NOT_MODIFIED
                         if cmd not in webcommands.__all__:
                             msg = 'no such method: %s' % cmd
                             raise ErrorResponse(HTTP_BAD_REQUEST, msg)
                         elif cmd == 'file' and 'raw' in wsgireq.form.get('style', []):
                             rctx.ctype = ctype
                             content = webcommands.rawfile(rctx, wsgireq, tmpl)
                         else:
                             content = getattr(webcommands, cmd)(rctx, wsgireq, tmpl)
                             wsgireq.respond(HTTP_OK, ctype)
                         return content
                     except (error.LookupError, error.RepoLookupError) as err:
                         wsgireq.respond(HTTP_NOT_FOUND, ctype)
                         msg = pycompat.bytestr(err)
                         if (util.safehasattr(err, 'name') and
                             not isinstance(err,  error.ManifestLookupError)):
                             msg = 'revision not found: %s' % err.name
                         return tmpl('error', error=msg)
                     except (error.RepoError, error.RevlogError) as inst:
                         wsgireq.respond(HTTP_SERVER_ERROR, ctype)
                         return tmpl('error', error=pycompat.bytestr(inst))
                     except ErrorResponse as inst:
                         wsgireq.respond(inst, ctype)
                         if inst.code == HTTP_NOT_MODIFIED:
                             # Not allowed to return a body on a 304
                             return ['']
                         return tmpl('error', error=pycompat.bytestr(inst))
                 def check_perm(self, rctx, req, op):
                     for permhook in permhooks:
                         permhook(rctx, req, op)
             def getwebview(repo):
                 """The 'web.view' config controls changeset filter to hgweb. Possible
                 values are ``served``, ``visible`` and ``all``. Default is ``served``.
                 The ``served`` filter only shows changesets that can be pulled from the
                 hgweb instance.  The``visible`` filter includes secret changesets but
                 still excludes "hidden" one.
                 See the repoview module for details.
                 The option has been around undocumented since Mercurial 2.5, but no
                 user ever asked about it. So we better keep it undocumented for now."""
                 # experimental config: web.view
                 viewconfig = repo.ui.config('web', 'view', untrusted=True)
                 if viewconfig == 'all':
                     return repo.unfiltered()
                 elif viewconfig in repoview.filtertable:
                     return repo.filtered(viewconfig)
                 else:
                     return repo.filtered('served')

mercurial/wireprotoserver.py

0 +4 -3

             # Copyright 21 May 2005 - (c) 2005 Jake Edge <jake@edge2.net>
             # Copyright 2005-2007 Matt Mackall <mpm@selenic.com>
             #
             # This software may be used and distributed according to the terms of the
             # GNU General Public License version 2 or any later version.
             from __future__ import absolute_import
             import contextlib
             import struct
             import sys
             import threading
             from .i18n import _
             from . import (
                 encoding,
                 error,
                 hook,
                 pycompat,
                 util,
                 wireproto,
                 wireprototypes,
             )
             stringio = util.stringio
             urlerr = util.urlerr
             urlreq = util.urlreq
             HTTP_OK = 200
             HGTYPE = 'application/mercurial-0.1'
             HGTYPE2 = 'application/mercurial-0.2'
             HGERRTYPE = 'application/hg-error'
             SSHV1 = wireprototypes.SSHV1
             SSHV2 = wireprototypes.SSHV2
             def decodevaluefromheaders(wsgireq, headerprefix):
                 """Decode a long value from multiple HTTP request headers.
                 Returns the value as a bytes, not a str.
                 """
                 chunks = []
                 i = 1
                 prefix = headerprefix.upper().replace(r'-', r'_')
                 while True:
                     v = wsgireq.env.get(r'HTTP_%s_%d' % (prefix, i))
                     if v is None:
                         break
                     chunks.append(pycompat.bytesurl(v))
                     i += 1
                 return ''.join(chunks)
             class httpv1protocolhandler(wireprototypes.baseprotocolhandler):
                 def __init__(self, wsgireq, ui, checkperm):
                     self._wsgireq = wsgireq
                     self._ui = ui
                     self._checkperm = checkperm
                 @property
                 def name(self):
                     return 'http-v1'
                 def getargs(self, args):
                     knownargs = self._args()
                     data = {}
                     keys = args.split()
                     for k in keys:
                         if k == '*':
                             star = {}
                             for key in knownargs.keys():
                                 if key != 'cmd' and key not in keys:
                                     star[key] = knownargs[key][0]
                             data['*'] = star
                         else:
                             data[k] = knownargs[k][0]
                     return [data[k] for k in keys]
                 def _args(self):
                     args = util.rapply(pycompat.bytesurl, self._wsgireq.form.copy())
                     postlen = int(self._wsgireq.env.get(r'HTTP_X_HGARGS_POST', 0))
                     if postlen:
                         args.update(urlreq.parseqs(
                             self._wsgireq.read(postlen), keep_blank_values=True))
                         return args
                     argvalue = decodevaluefromheaders(self._wsgireq, r'X-HgArg')
                     args.update(urlreq.parseqs(argvalue, keep_blank_values=True))
                     return args
                 def forwardpayload(self, fp):
                     if r'HTTP_CONTENT_LENGTH' in self._wsgireq.env:
                         length = int(self._wsgireq.env[r'HTTP_CONTENT_LENGTH'])
                     else:
                         length = int(self._wsgireq.env[r'CONTENT_LENGTH'])
                     # If httppostargs is used, we need to read Content-Length
                     # minus the amount that was consumed by args.
                     length -= int(self._wsgireq.env.get(r'HTTP_X_HGARGS_POST', 0))
                     for s in util.filechunkiter(self._wsgireq, limit=length):
                         fp.write(s)
                 @contextlib.contextmanager
                 def mayberedirectstdio(self):
                     oldout = self._ui.fout
                     olderr = self._ui.ferr
                     out = util.stringio()
                     try:
                         self._ui.fout = out
                         self._ui.ferr = out
                         yield out
                     finally:
                         self._ui.fout = oldout
                         self._ui.ferr = olderr
                 def client(self):
                     return 'remote:%s:%s:%s' % (
                         self._wsgireq.env.get('wsgi.url_scheme') or 'http',
                         urlreq.quote(self._wsgireq.env.get('REMOTE_HOST', '')),
                         urlreq.quote(self._wsgireq.env.get('REMOTE_USER', '')))
                 def addcapabilities(self, repo, caps):
                     caps.append('httpheader=%d' %
                                 repo.ui.configint('server', 'maxhttpheaderlen'))
                     if repo.ui.configbool('experimental', 'httppostargs'):
                         caps.append('httppostargs')
                     # FUTURE advertise 0.2rx once support is implemented
                     # FUTURE advertise minrx and mintx after consulting config option
                     caps.append('httpmediatype=0.1rx,0.1tx,0.2tx')
                     compengines = wireproto.supportedcompengines(repo.ui, util.SERVERROLE)
                     if compengines:
                         comptypes = ','.join(urlreq.quote(e.wireprotosupport().name)
                                              for e in compengines)
                         caps.append('compression=%s' % comptypes)
                     return caps
                 def checkperm(self, perm):
                     return self._checkperm(perm)
             # This method exists mostly so that extensions like remotefilelog can
             # disable a kludgey legacy method only over http. As of early 2018,
             # there are no other known users, so with any luck we can discard this
             # hook if remotefilelog becomes a first-party extension.
             def iscmd(cmd):
                 return cmd in wireproto.commands
-            def parsehttprequest(rctx, wsgireq, query, checkperm):
+            def parsehttprequest(rctx, wsgireq, req, checkperm):
                 """Parse the HTTP request for a wire protocol request.
                 If the current request appears to be a wire protocol request, this
                 function returns a dict with details about that request, including
                 an ``abstractprotocolserver`` instance suitable for handling the
                 request. Otherwise, ``None`` is returned.
                 ``wsgireq`` is a ``wsgirequest`` instance.
+                ``req`` is a ``parsedrequest`` instance.
                 """
                 repo = rctx.repo
                 # HTTP version 1 wire protocol requests are denoted by a "cmd" query
                 # string parameter. If it isn't present, this isn't a wire protocol
                 # request.
-                if 'cmd' not in wsgireq.form:
+                if 'cmd' not in req.querystringdict:
                     return None
-                cmd = wsgireq.form['cmd'][0]
+                cmd = req.querystringdict['cmd'][0]
                 # The "cmd" request parameter is used by both the wire protocol and hgweb.
                 # While not all wire protocol commands are available for all transports,
                 # if we see a "cmd" value that resembles a known wire protocol command, we
                 # route it to a protocol handler. This is better than routing possible
                 # wire protocol requests to hgweb because it prevents hgweb from using
                 # known wire protocol commands and it is less confusing for machine
                 # clients.
                 if not iscmd(cmd):
                     return None
                 proto = httpv1protocolhandler(wsgireq, repo.ui,
                                               lambda perm: checkperm(rctx, wsgireq, perm))
                 return {
                     'cmd': cmd,
                     'proto': proto,
                     'dispatch': lambda: _callhttp(repo, wsgireq, proto, cmd),
                     'handleerror': lambda ex: _handlehttperror(ex, wsgireq, cmd),
                 }
             def _httpresponsetype(ui, wsgireq, prefer_uncompressed):
                 """Determine the appropriate response type and compression settings.
                 Returns a tuple of (mediatype, compengine, engineopts).
                 """
                 # Determine the response media type and compression engine based
                 # on the request parameters.
                 protocaps = decodevaluefromheaders(wsgireq, r'X-HgProto').split(' ')
                 if '0.2' in protocaps:
                     # All clients are expected to support uncompressed data.
                     if prefer_uncompressed:
                         return HGTYPE2, util._noopengine(), {}
                     # Default as defined by wire protocol spec.
                     compformats = ['zlib', 'none']
                     for cap in protocaps:
                         if cap.startswith('comp='):
                             compformats = cap[5:].split(',')
                             break
                     # Now find an agreed upon compression format.
                     for engine in wireproto.supportedcompengines(ui, util.SERVERROLE):
                         if engine.wireprotosupport().name in compformats:
                             opts = {}
                             level = ui.configint('server', '%slevel' % engine.name())
                             if level is not None:
                                 opts['level'] = level
                             return HGTYPE2, engine, opts
                     # No mutually supported compression format. Fall back to the
                     # legacy protocol.
                 # Don't allow untrusted settings because disabling compression or
                 # setting a very high compression level could lead to flooding
                 # the server's network or CPU.
                 opts = {'level': ui.configint('server', 'zliblevel')}
                 return HGTYPE, util.compengines['zlib'], opts
             def _callhttp(repo, wsgireq, proto, cmd):
                 def genversion2(gen, engine, engineopts):
                     # application/mercurial-0.2 always sends a payload header
                     # identifying the compression engine.
                     name = engine.wireprotosupport().name
                     assert 0 < len(name) < 256
                     yield struct.pack('B', len(name))
                     yield name
                     for chunk in gen:
                         yield chunk
                 if not wireproto.commands.commandavailable(cmd, proto):
                     wsgireq.respond(HTTP_OK, HGERRTYPE,
                                     body=_('requested wire protocol command is not '
                                            'available over HTTP'))
                     return []
                 proto.checkperm(wireproto.commands[cmd].permission)
                 rsp = wireproto.dispatch(repo, proto, cmd)
                 if isinstance(rsp, bytes):
                     wsgireq.respond(HTTP_OK, HGTYPE, body=rsp)
                     return []
                 elif isinstance(rsp, wireprototypes.bytesresponse):
                     wsgireq.respond(HTTP_OK, HGTYPE, body=rsp.data)
                     return []
                 elif isinstance(rsp, wireprototypes.streamreslegacy):
                     gen = rsp.gen
                     wsgireq.respond(HTTP_OK, HGTYPE)
                     return gen
                 elif isinstance(rsp, wireprototypes.streamres):
                     gen = rsp.gen
                     # This code for compression should not be streamres specific. It
                     # is here because we only compress streamres at the moment.
                     mediatype, engine, engineopts = _httpresponsetype(
                         repo.ui, wsgireq, rsp.prefer_uncompressed)
                     gen = engine.compressstream(gen, engineopts)
                     if mediatype == HGTYPE2:
                         gen = genversion2(gen, engine, engineopts)
                     wsgireq.respond(HTTP_OK, mediatype)
                     return gen
                 elif isinstance(rsp, wireprototypes.pushres):
                     rsp = '%d\n%s' % (rsp.res, rsp.output)
                     wsgireq.respond(HTTP_OK, HGTYPE, body=rsp)
                     return []
                 elif isinstance(rsp, wireprototypes.pusherr):
                     # This is the httplib workaround documented in _handlehttperror().
                     wsgireq.drain()
                     rsp = '0\n%s\n' % rsp.res
                     wsgireq.respond(HTTP_OK, HGTYPE, body=rsp)
                     return []
                 elif isinstance(rsp, wireprototypes.ooberror):
                     rsp = rsp.message
                     wsgireq.respond(HTTP_OK, HGERRTYPE, body=rsp)
                     return []
                 raise error.ProgrammingError('hgweb.protocol internal failure', rsp)
             def _handlehttperror(e, wsgireq, cmd):
                 """Called when an ErrorResponse is raised during HTTP request processing."""
                 # Clients using Python's httplib are stateful: the HTTP client
                 # won't process an HTTP response until all request data is
                 # sent to the server. The intent of this code is to ensure
                 # we always read HTTP request data from the client, thus
                 # ensuring httplib transitions to a state that allows it to read
                 # the HTTP response. In other words, it helps prevent deadlocks
                 # on clients using httplib.
                 if (wsgireq.env[r'REQUEST_METHOD'] == r'POST' and
                     # But not if Expect: 100-continue is being used.
                     (wsgireq.env.get('HTTP_EXPECT',
                                      '').lower() != '100-continue') or
                     # Or the non-httplib HTTP library is being advertised by
                     # the client.
                     wsgireq.env.get('X-HgHttp2', '')):
                     wsgireq.drain()
                 else:
                     wsgireq.headers.append((r'Connection', r'Close'))
                 # TODO This response body assumes the failed command was
                 # "unbundle." That assumption is not always valid.
                 wsgireq.respond(e, HGTYPE, body='0\n%s\n' % pycompat.bytestr(e))
                 return ''
             def _sshv1respondbytes(fout, value):
                 """Send a bytes response for protocol version 1."""
                 fout.write('%d\n' % len(value))
                 fout.write(value)
                 fout.flush()
             def _sshv1respondstream(fout, source):
                 write = fout.write
                 for chunk in source.gen:
                     write(chunk)
                 fout.flush()
             def _sshv1respondooberror(fout, ferr, rsp):
                 ferr.write(b'%s\n-\n' % rsp)
                 ferr.flush()
                 fout.write(b'\n')
                 fout.flush()
             class sshv1protocolhandler(wireprototypes.baseprotocolhandler):
                 """Handler for requests services via version 1 of SSH protocol."""
                 def __init__(self, ui, fin, fout):
                     self._ui = ui
                     self._fin = fin
                     self._fout = fout
                 @property
                 def name(self):
                     return wireprototypes.SSHV1
                 def getargs(self, args):
                     data = {}
                     keys = args.split()
                     for n in xrange(len(keys)):
                         argline = self._fin.readline()[:-1]
                         arg, l = argline.split()
                         if arg not in keys:
                             raise error.Abort(_("unexpected parameter %r") % arg)
                         if arg == '*':
                             star = {}
                             for k in xrange(int(l)):
                                 argline = self._fin.readline()[:-1]
                                 arg, l = argline.split()
                                 val = self._fin.read(int(l))
                                 star[arg] = val
                             data['*'] = star
                         else:
                             val = self._fin.read(int(l))
                             data[arg] = val
                     return [data[k] for k in keys]
                 def forwardpayload(self, fpout):
                     # We initially send an empty response. This tells the client it is
                     # OK to start sending data. If a client sees any other response, it
                     # interprets it as an error.
                     _sshv1respondbytes(self._fout, b'')
                     # The file is in the form:
                     #
                     # <chunk size>\n<chunk>
                     # ...
                     # 0\n
                     count = int(self._fin.readline())
                     while count:
                         fpout.write(self._fin.read(count))
                         count = int(self._fin.readline())
                 @contextlib.contextmanager
                 def mayberedirectstdio(self):
                     yield None
                 def client(self):
                     client = encoding.environ.get('SSH_CLIENT', '').split(' ', 1)[0]
                     return 'remote:ssh:' + client
                 def addcapabilities(self, repo, caps):
                     return caps
                 def checkperm(self, perm):
                     pass
             class sshv2protocolhandler(sshv1protocolhandler):
                 """Protocol handler for version 2 of the SSH protocol."""
                 @property
                 def name(self):
                     return wireprototypes.SSHV2
             def _runsshserver(ui, repo, fin, fout, ev):
                 # This function operates like a state machine of sorts. The following
                 # states are defined:
                 #
                 # protov1-serving
                 #    Server is in protocol version 1 serving mode. Commands arrive on
                 #    new lines. These commands are processed in this state, one command
                 #    after the other.
                 #
                 # protov2-serving
                 #    Server is in protocol version 2 serving mode.
                 #
                 # upgrade-initial
                 #    The server is going to process an upgrade request.
                 #
                 # upgrade-v2-filter-legacy-handshake
                 #    The protocol is being upgraded to version 2. The server is expecting
                 #    the legacy handshake from version 1.
                 #
                 # upgrade-v2-finish
                 #    The upgrade to version 2 of the protocol is imminent.
                 #
                 # shutdown
                 #    The server is shutting down, possibly in reaction to a client event.
                 #
                 # And here are their transitions:
                 #
                 # protov1-serving -> shutdown
                 #    When server receives an empty request or encounters another
                 #    error.
                 #
                 # protov1-serving -> upgrade-initial
                 #    An upgrade request line was seen.
                 #
                 # upgrade-initial -> upgrade-v2-filter-legacy-handshake
                 #    Upgrade to version 2 in progress. Server is expecting to
                 #    process a legacy handshake.
                 #
                 # upgrade-v2-filter-legacy-handshake -> shutdown
                 #    Client did not fulfill upgrade handshake requirements.
                 #
                 # upgrade-v2-filter-legacy-handshake -> upgrade-v2-finish
                 #    Client fulfilled version 2 upgrade requirements. Finishing that
                 #    upgrade.
                 #
                 # upgrade-v2-finish -> protov2-serving
                 #    Protocol upgrade to version 2 complete. Server can now speak protocol
                 #    version 2.
                 #
                 # protov2-serving -> protov1-serving
                 #    Ths happens by default since protocol version 2 is the same as
                 #    version 1 except for the handshake.
                 state = 'protov1-serving'
                 proto = sshv1protocolhandler(ui, fin, fout)
                 protoswitched = False
                 while not ev.is_set():
                     if state == 'protov1-serving':
                         # Commands are issued on new lines.
                         request = fin.readline()[:-1]
                         # Empty lines signal to terminate the connection.
                         if not request:
                             state = 'shutdown'
                             continue
                         # It looks like a protocol upgrade request. Transition state to
                         # handle it.
                         if request.startswith(b'upgrade '):
                             if protoswitched:
                                 _sshv1respondooberror(fout, ui.ferr,
                                                       b'cannot upgrade protocols multiple '
                                                       b'times')
                                 state = 'shutdown'
                                 continue
                             state = 'upgrade-initial'
                             continue
                         available = wireproto.commands.commandavailable(request, proto)
                         # This command isn't available. Send an empty response and go
                         # back to waiting for a new command.
                         if not available:
                             _sshv1respondbytes(fout, b'')
                             continue
                         rsp = wireproto.dispatch(repo, proto, request)
                         if isinstance(rsp, bytes):
                             _sshv1respondbytes(fout, rsp)
                         elif isinstance(rsp, wireprototypes.bytesresponse):
                             _sshv1respondbytes(fout, rsp.data)
                         elif isinstance(rsp, wireprototypes.streamres):
                             _sshv1respondstream(fout, rsp)
                         elif isinstance(rsp, wireprototypes.streamreslegacy):
                             _sshv1respondstream(fout, rsp)
                         elif isinstance(rsp, wireprototypes.pushres):
                             _sshv1respondbytes(fout, b'')
                             _sshv1respondbytes(fout, b'%d' % rsp.res)
                         elif isinstance(rsp, wireprototypes.pusherr):
                             _sshv1respondbytes(fout, rsp.res)
                         elif isinstance(rsp, wireprototypes.ooberror):
                             _sshv1respondooberror(fout, ui.ferr, rsp.message)
                         else:
                             raise error.ProgrammingError('unhandled response type from '
                                                          'wire protocol command: %s' % rsp)
                     # For now, protocol version 2 serving just goes back to version 1.
                     elif state == 'protov2-serving':
                         state = 'protov1-serving'
                         continue
                     elif state == 'upgrade-initial':
                         # We should never transition into this state if we've switched
                         # protocols.
                         assert not protoswitched
                         assert proto.name == wireprototypes.SSHV1
                         # Expected: upgrade <token> <capabilities>
                         # If we get something else, the request is malformed. It could be
                         # from a future client that has altered the upgrade line content.
                         # We treat this as an unknown command.
                         try:
                             token, caps = request.split(b' ')[1:]
                         except ValueError:
                             _sshv1respondbytes(fout, b'')
                             state = 'protov1-serving'
                             continue
                         # Send empty response if we don't support upgrading protocols.
                         if not ui.configbool('experimental', 'sshserver.support-v2'):
                             _sshv1respondbytes(fout, b'')
                             state = 'protov1-serving'
                             continue
                         try:
                             caps = urlreq.parseqs(caps)
                         except ValueError:
                             _sshv1respondbytes(fout, b'')
                             state = 'protov1-serving'
                             continue
                         # We don't see an upgrade request to protocol version 2. Ignore
                         # the upgrade request.
                         wantedprotos = caps.get(b'proto', [b''])[0]
                         if SSHV2 not in wantedprotos:
                             _sshv1respondbytes(fout, b'')
                             state = 'protov1-serving'
                             continue
                         # It looks like we can honor this upgrade request to protocol 2.
                         # Filter the rest of the handshake protocol request lines.
                         state = 'upgrade-v2-filter-legacy-handshake'
                         continue
                     elif state == 'upgrade-v2-filter-legacy-handshake':
                         # Client should have sent legacy handshake after an ``upgrade``
                         # request. Expected lines:
                         #
                         #    hello
                         #    between
                         #    pairs 81
                         #    0000...-0000...
                         ok = True
                         for line in (b'hello', b'between', b'pairs 81'):
                             request = fin.readline()[:-1]
                             if request != line:
                                 _sshv1respondooberror(fout, ui.ferr,
                                                       b'malformed handshake protocol: '
                                                       b'missing %s' % line)
                                 ok = False
                                 state = 'shutdown'
                                 break
                         if not ok:
                             continue
                         request = fin.read(81)
                         if request != b'%s-%s' % (b'0' * 40, b'0' * 40):
                             _sshv1respondooberror(fout, ui.ferr,
                                                   b'malformed handshake protocol: '
                                                   b'missing between argument value')
                             state = 'shutdown'
                             continue
                         state = 'upgrade-v2-finish'
                         continue
                     elif state == 'upgrade-v2-finish':
                         # Send the upgrade response.
                         fout.write(b'upgraded %s %s\n' % (token, SSHV2))
                         servercaps = wireproto.capabilities(repo, proto)
                         rsp = b'capabilities: %s' % servercaps.data
                         fout.write(b'%d\n%s\n' % (len(rsp), rsp))
                         fout.flush()
                         proto = sshv2protocolhandler(ui, fin, fout)
                         protoswitched = True
                         state = 'protov2-serving'
                         continue
                     elif state == 'shutdown':
                         break
                     else:
                         raise error.ProgrammingError('unhandled ssh server state: %s' %
                                                      state)
             class sshserver(object):
                 def __init__(self, ui, repo, logfh=None):
                     self._ui = ui
                     self._repo = repo
                     self._fin = ui.fin
                     self._fout = ui.fout
                     # Log write I/O to stdout and stderr if configured.
                     if logfh:
                         self._fout = util.makeloggingfileobject(
                             logfh, self._fout, 'o', logdata=True)
                         ui.ferr = util.makeloggingfileobject(
                             logfh, ui.ferr, 'e', logdata=True)
                     hook.redirect(True)
                     ui.fout = repo.ui.fout = ui.ferr
                     # Prevent insertion/deletion of CRs
                     util.setbinary(self._fin)
                     util.setbinary(self._fout)
                 def serve_forever(self):
                     self.serveuntil(threading.Event())
                     sys.exit(0)
                 def serveuntil(self, ev):
                     """Serve until a threading.Event is set."""
                     _runsshserver(self._ui, self._repo, self._fin, self._fout, ev)

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages