upstream/mercurial-mirror Files · mercurial/exewrapper.c

sslutil: config option to specify TLS protocol version...

sslutil: config option to specify TLS protocol version Currently, Mercurial will use TLS 1.0 or newer when connecting to remote servers, selecting the highest TLS version supported by both peers. On older Pythons, only TLS 1.0 is available. On newer Pythons, TLS 1.1 and 1.2 should be available. Security-minded people may want to not take any risks running TLS 1.0 (or even TLS 1.1). This patch gives those people a config option to explicitly control which TLS versions Mercurial should use. By providing this option, one can require newer TLS versions before they are formally deprecated by Mercurial/Python/OpenSSL/etc and lower their security exposure. This option also provides an easy mechanism to change protocol policies in Mercurial. If there is a 0-day and TLS 1.0 is completely broken, we can act quickly without changing much code. Because setting the minimum TLS protocol is something you'll likely want to do globally, this patch introduces a global config option under [hostsecurity] for that purpose. wrapserversocket() has been taught a hidden config option to define the explicit protocol to use. This is queried in this function and not passed as an argument because I don't want to expose this dangerous option as part of the Python API. There is a risk someone could footgun themselves. But the config option is a devel option, has a warning comment, and I doubt most people are using `hg serve` to run a production HTTPS server (I would have something not Mercurial/Python handle TLS). If this is problematic, we can go back to using a custom extension in tests to coerce the server into bad behavior.

Gregory Szorc - - Load All Authors

File last commit:

r29019:210bb28c stable


                r29559:7dec5e44

default

Download file

             exewrapper.c
        
                    175 lines
            
             | 4.4 KiB
            
                | text/x-c
            
             |
                CLexer
            
             / mercurial / exewrapper.c
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      /*

       exewrapper.c - wrapper for calling a python script on Windows

       Copyright 2012 Adrian Buehlmann <adrian@cadifra.com> and others

       This software may be used and distributed according to the terms of the

       GNU General Public License version 2 or any later version.

      */

      #include <stdio.h>

      #include <windows.h>

      #include "hgpythonlib.h"

      #ifdef __GNUC__

      int strcat_s(char *d, size_t n, const char *s)

      {

      	return !strncat(d, s, n);

      }

      int strcpy_s(char *d, size_t n, const char *s)

      {

      	return !strncpy(d, s, n);

      }

      #endif

      static char pyscript[MAX_PATH + 10];

      static char pyhome[MAX_PATH + 10];

      static char envpyhome[MAX_PATH + 10];

      static char pydllfile[MAX_PATH + 10];

      int main(int argc, char *argv[])

      {

      	char *p;

      	int ret;

      	int i;

      	int n;

      	char **pyargv;

      	WIN32_FIND_DATA fdata;

      	HANDLE hfind;

      	const char *err;

      	HMODULE pydll;

      	void (__cdecl *Py_SetPythonHome)(char *home);

      	int (__cdecl *Py_Main)(int argc, char *argv[]);

      	if (GetModuleFileName(NULL, pyscript, sizeof(pyscript)) == 0)

      	{

      		err = "GetModuleFileName failed";

      		goto bail;

      	}

      	p = strrchr(pyscript, '.');

      	if (p == NULL) {

      		err = "malformed module filename";

      		goto bail;

      	}

      	*p = 0; /* cut trailing ".exe" */

      	strcpy_s(pyhome, sizeof(pyhome), pyscript);

      	hfind = FindFirstFile(pyscript, &fdata);

      	if (hfind != INVALID_HANDLE_VALUE) {

      		/* pyscript exists, close handle */

      		FindClose(hfind);

      	} else {

      		/* file pyscript isn't there, take <pyscript>exe.py */

      		strcat_s(pyscript, sizeof(pyscript), "exe.py");

      	}

      	pydll = NULL;

      	/*

      	We first check, that environment variable PYTHONHOME is *not* set.

      	This just mimicks the behavior of the regular python.exe, which uses

      	PYTHONHOME to find its installation directory (if it has been set).

      	Note: Users of HackableMercurial are expected to *not* set PYTHONHOME!

      	*/

      	if (GetEnvironmentVariable("PYTHONHOME", envpyhome,

      				   sizeof(envpyhome)) == 0)

      	{

      		/*

      		Environment var PYTHONHOME is *not* set. Let's see if we are

      		running inside a HackableMercurial.

      		*/

      		p = strrchr(pyhome, '\\');

      		if (p == NULL) {

      			err = "can't find backslash in module filename";

      			goto bail;

      		}

      		*p = 0; /* cut at directory */

      		/* check for private Python of HackableMercurial */

      		strcat_s(pyhome, sizeof(pyhome), "\\hg-python");

      		hfind = FindFirstFile(pyhome, &fdata);

      		if (hfind != INVALID_HANDLE_VALUE) {

      			/* path pyhome exists, let's use it */

      			FindClose(hfind);

      			strcpy_s(pydllfile, sizeof(pydllfile), pyhome);

      			strcat_s(pydllfile, sizeof(pydllfile),

      				 "\\" HGPYTHONLIB ".dll");

      			pydll = LoadLibrary(pydllfile);

      			if (pydll == NULL) {

      				err = "failed to load private Python DLL "

      				      HGPYTHONLIB ".dll";

      				goto bail;

      			}

      			Py_SetPythonHome = (void*)GetProcAddress(pydll,

      							"Py_SetPythonHome");

      			if (Py_SetPythonHome == NULL) {

      				err = "failed to get Py_SetPythonHome";

      				goto bail;

      			}

      			Py_SetPythonHome(pyhome);

      		}

      	}

      	if (pydll == NULL) {

      		pydll = LoadLibrary(HGPYTHONLIB ".dll");

      		if (pydll == NULL) {

      			err = "failed to load Python DLL " HGPYTHONLIB ".dll";

      			goto bail;

      		}

      	}

      	Py_Main = (void*)GetProcAddress(pydll, "Py_Main");

      	if (Py_Main == NULL) {

      		err = "failed to get Py_Main";

      		goto bail;

      	}

      	/*

      	Only add the pyscript to the args, if it's not already there. It may

      	already be there, if the script spawned a child process of itself, in

      	the same way as it got called, that is, with the pyscript already in

      	place. So we optionally accept the pyscript as the first argument

      	(argv[1]), letting our exe taking the role of the python interpreter.

      	*/

      	if (argc >= 2 && strcmp(argv[1], pyscript) == 0) {

      		/*

      		pyscript is already in the args, so there is no need to copy

      		the args and we can directly call the python interpreter with

      		the original args.

      		*/

      		return Py_Main(argc, argv);

      	}

      	/*

      	Start assembling the args for the Python interpreter call. We put the

      	name of our exe (argv[0]) in the position where the python.exe

      	canonically is, and insert the pyscript next.

      	*/

      	pyargv = malloc((argc + 5) * sizeof(char*));

      	if (pyargv == NULL) {

      		err = "not enough memory";

      		goto bail;

      	}

      	n = 0;

      	pyargv[n++] = argv[0];

      	pyargv[n++] = pyscript;

      	/* copy remaining args from the command line */

      	for (i = 1; i < argc; i++)

      		pyargv[n++] = argv[i];

      	/* argv[argc] is guaranteed to be NULL, so we forward that guarantee */

      	pyargv[n] = NULL;

      	ret = Py_Main(n, pyargv); /* The Python interpreter call */

      	free(pyargv);

      	return ret;

      bail:

      	fprintf(stderr, "abort: %s\n", err);

      	return 255;

      }

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				/*
				exewrapper.c - wrapper for calling a python script on Windows

				Copyright 2012 Adrian Buehlmann <adrian@cadifra.com> and others

				This software may be used and distributed according to the terms of the
				GNU General Public License version 2 or any later version.
				*/

				#include <stdio.h>
				#include <windows.h>

				#include "hgpythonlib.h"

				#ifdef __GNUC__
				int strcat_s(char d, size_t n, const char s)
				{
				return !strncat(d, s, n);
				}
				int strcpy_s(char d, size_t n, const char s)
				{
				return !strncpy(d, s, n);
				}
				#endif


				static char pyscript[MAX_PATH + 10];
				static char pyhome[MAX_PATH + 10];
				static char envpyhome[MAX_PATH + 10];
				static char pydllfile[MAX_PATH + 10];

				int main(int argc, char *argv[])
				{
				char *p;
				int ret;
				int i;
				int n;
				char **pyargv;
				WIN32_FIND_DATA fdata;
				HANDLE hfind;
				const char *err;
				HMODULE pydll;
				void (__cdecl Py_SetPythonHome)(char home);
				int (__cdecl Py_Main)(int argc, char argv[]);

				if (GetModuleFileName(NULL, pyscript, sizeof(pyscript)) == 0)
				{
				err = "GetModuleFileName failed";
				goto bail;
				}

				p = strrchr(pyscript, '.');
				if (p == NULL) {
				err = "malformed module filename";
				goto bail;
				}
				p = 0; / cut trailing ".exe" */
				strcpy_s(pyhome, sizeof(pyhome), pyscript);

				hfind = FindFirstFile(pyscript, &fdata);
				if (hfind != INVALID_HANDLE_VALUE) {
				/* pyscript exists, close handle */
				FindClose(hfind);
				} else {
				/* file pyscript isn't there, take <pyscript>exe.py */
				strcat_s(pyscript, sizeof(pyscript), "exe.py");
				}

				pydll = NULL;
				/*
				We first check, that environment variable PYTHONHOME is not set.
				This just mimicks the behavior of the regular python.exe, which uses
				PYTHONHOME to find its installation directory (if it has been set).
				Note: Users of HackableMercurial are expected to not set PYTHONHOME!
				*/
				if (GetEnvironmentVariable("PYTHONHOME", envpyhome,
				sizeof(envpyhome)) == 0)
				{
				/*
				Environment var PYTHONHOME is not set. Let's see if we are
				running inside a HackableMercurial.
				*/

				p = strrchr(pyhome, '\\');
				if (p == NULL) {
				err = "can't find backslash in module filename";
				goto bail;
				}
				p = 0; / cut at directory */

				/* check for private Python of HackableMercurial */
				strcat_s(pyhome, sizeof(pyhome), "\\hg-python");

				hfind = FindFirstFile(pyhome, &fdata);
				if (hfind != INVALID_HANDLE_VALUE) {
				/* path pyhome exists, let's use it */
				FindClose(hfind);
				strcpy_s(pydllfile, sizeof(pydllfile), pyhome);
				strcat_s(pydllfile, sizeof(pydllfile),
				"\\" HGPYTHONLIB ".dll");
				pydll = LoadLibrary(pydllfile);
				if (pydll == NULL) {
				err = "failed to load private Python DLL "
				HGPYTHONLIB ".dll";
				goto bail;
				}
				Py_SetPythonHome = (void*)GetProcAddress(pydll,
				"Py_SetPythonHome");
				if (Py_SetPythonHome == NULL) {
				err = "failed to get Py_SetPythonHome";
				goto bail;
				}
				Py_SetPythonHome(pyhome);
				}
				}

				if (pydll == NULL) {
				pydll = LoadLibrary(HGPYTHONLIB ".dll");
				if (pydll == NULL) {
				err = "failed to load Python DLL " HGPYTHONLIB ".dll";
				goto bail;
				}
				}

				Py_Main = (void*)GetProcAddress(pydll, "Py_Main");
				if (Py_Main == NULL) {
				err = "failed to get Py_Main";
				goto bail;
				}

				/*
				Only add the pyscript to the args, if it's not already there. It may
				already be there, if the script spawned a child process of itself, in
				the same way as it got called, that is, with the pyscript already in
				place. So we optionally accept the pyscript as the first argument
				(argv[1]), letting our exe taking the role of the python interpreter.
				*/
				if (argc >= 2 && strcmp(argv[1], pyscript) == 0) {
				/*
				pyscript is already in the args, so there is no need to copy
				the args and we can directly call the python interpreter with
				the original args.
				*/
				return Py_Main(argc, argv);
				}

				/*
				Start assembling the args for the Python interpreter call. We put the
				name of our exe (argv[0]) in the position where the python.exe
				canonically is, and insert the pyscript next.
				*/
				pyargv = malloc((argc + 5) * sizeof(char*));
				if (pyargv == NULL) {
				err = "not enough memory";
				goto bail;
				}
				n = 0;
				pyargv[n++] = argv[0];
				pyargv[n++] = pyscript;

				/* copy remaining args from the command line */
				for (i = 1; i < argc; i++)
				pyargv[n++] = argv[i];
				/* argv[argc] is guaranteed to be NULL, so we forward that guarantee */
				pyargv[n] = NULL;

				ret = Py_Main(n, pyargv); /* The Python interpreter call */

				free(pyargv);
				return ret;

				bail:
				fprintf(stderr, "abort: %s\n", err);
				return 255;
				}