ReceivePack.java
/*
* Copyright (C) 2008-2010, Google Inc. and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Distribution License v. 1.0 which is available at
* https://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
package org.eclipse.jgit.transport;
import static java.nio.charset.StandardCharsets.UTF_8;
import static org.eclipse.jgit.lib.Constants.HEAD;
import static org.eclipse.jgit.transport.GitProtocolConstants.CAPABILITY_ATOMIC;
import static org.eclipse.jgit.transport.GitProtocolConstants.CAPABILITY_DELETE_REFS;
import static org.eclipse.jgit.transport.GitProtocolConstants.CAPABILITY_OFS_DELTA;
import static org.eclipse.jgit.transport.GitProtocolConstants.CAPABILITY_PUSH_OPTIONS;
import static org.eclipse.jgit.transport.GitProtocolConstants.CAPABILITY_QUIET;
import static org.eclipse.jgit.transport.GitProtocolConstants.CAPABILITY_REPORT_STATUS;
import static org.eclipse.jgit.transport.GitProtocolConstants.CAPABILITY_SIDE_BAND_64K;
import static org.eclipse.jgit.transport.GitProtocolConstants.OPTION_AGENT;
import static org.eclipse.jgit.transport.SideBandOutputStream.CH_DATA;
import static org.eclipse.jgit.transport.SideBandOutputStream.CH_ERROR;
import static org.eclipse.jgit.transport.SideBandOutputStream.CH_PROGRESS;
import static org.eclipse.jgit.transport.SideBandOutputStream.MAX_BUF;
import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UncheckedIOException;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.eclipse.jgit.annotations.Nullable;
import org.eclipse.jgit.errors.InvalidObjectIdException;
import org.eclipse.jgit.errors.LargeObjectException;
import org.eclipse.jgit.errors.PackProtocolException;
import org.eclipse.jgit.errors.TooLargePackException;
import org.eclipse.jgit.errors.UnpackException;
import org.eclipse.jgit.internal.JGitText;
import org.eclipse.jgit.internal.submodule.SubmoduleValidator;
import org.eclipse.jgit.internal.submodule.SubmoduleValidator.SubmoduleValidationException;
import org.eclipse.jgit.internal.transport.connectivity.FullConnectivityChecker;
import org.eclipse.jgit.internal.transport.parser.FirstCommand;
import org.eclipse.jgit.lib.AnyObjectId;
import org.eclipse.jgit.lib.BatchRefUpdate;
import org.eclipse.jgit.lib.Config;
import org.eclipse.jgit.lib.ConfigConstants;
import org.eclipse.jgit.lib.Constants;
import org.eclipse.jgit.lib.GitmoduleEntry;
import org.eclipse.jgit.lib.NullProgressMonitor;
import org.eclipse.jgit.lib.ObjectChecker;
import org.eclipse.jgit.lib.ObjectDatabase;
import org.eclipse.jgit.lib.ObjectId;
import org.eclipse.jgit.lib.ObjectInserter;
import org.eclipse.jgit.lib.ObjectLoader;
import org.eclipse.jgit.lib.PersonIdent;
import org.eclipse.jgit.lib.ProgressMonitor;
import org.eclipse.jgit.lib.Ref;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.revwalk.RevCommit;
import org.eclipse.jgit.revwalk.RevObject;
import org.eclipse.jgit.revwalk.RevWalk;
import org.eclipse.jgit.transport.ConnectivityChecker.ConnectivityCheckInfo;
import org.eclipse.jgit.transport.PacketLineIn.InputOverLimitIOException;
import org.eclipse.jgit.transport.ReceiveCommand.Result;
import org.eclipse.jgit.transport.RefAdvertiser.PacketLineOutRefAdvertiser;
import org.eclipse.jgit.util.io.InterruptTimer;
import org.eclipse.jgit.util.io.LimitedInputStream;
import org.eclipse.jgit.util.io.TimeoutInputStream;
import org.eclipse.jgit.util.io.TimeoutOutputStream;
/**
* Implements the server side of a push connection, receiving objects.
*/
public class ReceivePack {
/**
* Data in the first line of a request, the line itself plus capabilities.
*
* @deprecated Use {@link FirstCommand} instead.
* @since 5.6
*/
@Deprecated
public static class FirstLine {
private final FirstCommand command;
/**
* Parse the first line of a receive-pack request.
*
* @param line
* line from the client.
*/
public FirstLine(String line) {
command = FirstCommand.fromLine(line);
}
/** @return non-capabilities part of the line. */
public String getLine() {
return command.getLine();
}
/** @return capabilities parsed from the line. */
public Set<String> getCapabilities() {
return command.getCapabilities();
}
}
/** Database we write the stored objects into. */
private final Repository db;
/** Revision traversal support over {@link #db}. */
private final RevWalk walk;
/**
* Is the client connection a bi-directional socket or pipe?
* <p>
* If true, this class assumes it can perform multiple read and write cycles
* with the client over the input and output streams. This matches the
* functionality available with a standard TCP/IP connection, or a local
* operating system or in-memory pipe.
* <p>
* If false, this class runs in a read everything then output results mode,
* making it suitable for single round-trip systems RPCs such as HTTP.
*/
private boolean biDirectionalPipe = true;
/** Expecting data after the pack footer */
private boolean expectDataAfterPackFooter;
/** Should an incoming transfer validate objects? */
private ObjectChecker objectChecker;
/** Should an incoming transfer permit create requests? */
private boolean allowCreates;
/** Should an incoming transfer permit delete requests? */
private boolean allowAnyDeletes;
private boolean allowBranchDeletes;
/** Should an incoming transfer permit non-fast-forward requests? */
private boolean allowNonFastForwards;
/** Should an incoming transfer permit push options? **/
private boolean allowPushOptions;
/**
* Should the requested ref updates be performed as a single atomic
* transaction?
*/
private boolean atomic;
private boolean allowOfsDelta;
private boolean allowQuiet = true;
/** Identity to record action as within the reflog. */
private PersonIdent refLogIdent;
/** Hook used while advertising the refs to the client. */
private AdvertiseRefsHook advertiseRefsHook;
/** Filter used while advertising the refs to the client. */
private RefFilter refFilter;
/** Timeout in seconds to wait for client interaction. */
private int timeout;
/** Timer to manage {@link #timeout}. */
private InterruptTimer timer;
private TimeoutInputStream timeoutIn;
// Original stream passed to init(), since rawOut may be wrapped in a
// sideband.
private OutputStream origOut;
/** Raw input stream. */
private InputStream rawIn;
/** Raw output stream. */
private OutputStream rawOut;
/** Optional message output stream. */
private OutputStream msgOut;
private SideBandOutputStream errOut;
/** Packet line input stream around {@link #rawIn}. */
private PacketLineIn pckIn;
/** Packet line output stream around {@link #rawOut}. */
private PacketLineOut pckOut;
private final MessageOutputWrapper msgOutWrapper = new MessageOutputWrapper();
private PackParser parser;
/** The refs we advertised as existing at the start of the connection. */
private Map<String, Ref> refs;
/** All SHA-1s shown to the client, which can be possible edges. */
private Set<ObjectId> advertisedHaves;
/** Capabilities requested by the client. */
private Set<String> enabledCapabilities;
String userAgent;
private Set<ObjectId> clientShallowCommits;
private List<ReceiveCommand> commands;
private long maxCommandBytes;
private long maxDiscardBytes;
private StringBuilder advertiseError;
/**
* If {@link BasePackPushConnection#CAPABILITY_SIDE_BAND_64K} is enabled.
*/
private boolean sideBand;
private boolean quiet;
/** Lock around the received pack file, while updating refs. */
private PackLock packLock;
private boolean checkReferencedAreReachable;
/** Git object size limit */
private long maxObjectSizeLimit;
/** Total pack size limit */
private long maxPackSizeLimit = -1;
/** The size of the received pack, including index size */
private Long packSize;
private PushCertificateParser pushCertificateParser;
private SignedPushConfig signedPushConfig;
private PushCertificate pushCert;
private ReceivedPackStatistics stats;
/**
* Connectivity checker to use.
* @since 5.7
*/
protected ConnectivityChecker connectivityChecker = new FullConnectivityChecker();
/** Hook to validate the update commands before execution. */
private PreReceiveHook preReceive;
private ReceiveCommandErrorHandler receiveCommandErrorHandler = new ReceiveCommandErrorHandler() {
// Use the default implementation.
};
private UnpackErrorHandler unpackErrorHandler = new DefaultUnpackErrorHandler();
/** Hook to report on the commands after execution. */
private PostReceiveHook postReceive;
/** If {@link BasePackPushConnection#CAPABILITY_REPORT_STATUS} is enabled. */
private boolean reportStatus;
/** Whether the client intends to use push options. */
private boolean usePushOptions;
private List<String> pushOptions;
/**
* Create a new pack receive for an open repository.
*
* @param into
* the destination repository.
*/
public ReceivePack(Repository into) {
db = into;
walk = new RevWalk(db);
walk.setRetainBody(false);
TransferConfig tc = db.getConfig().get(TransferConfig.KEY);
objectChecker = tc.newReceiveObjectChecker();
ReceiveConfig rc = db.getConfig().get(ReceiveConfig::new);
allowCreates = rc.allowCreates;
allowAnyDeletes = true;
allowBranchDeletes = rc.allowDeletes;
allowNonFastForwards = rc.allowNonFastForwards;
allowOfsDelta = rc.allowOfsDelta;
allowPushOptions = rc.allowPushOptions;
maxCommandBytes = rc.maxCommandBytes;
maxDiscardBytes = rc.maxDiscardBytes;
advertiseRefsHook = AdvertiseRefsHook.DEFAULT;
refFilter = RefFilter.DEFAULT;
advertisedHaves = new HashSet<>();
clientShallowCommits = new HashSet<>();
signedPushConfig = rc.signedPush;
preReceive = PreReceiveHook.NULL;
postReceive = PostReceiveHook.NULL;
}
/** Configuration for receive operations. */
private static class ReceiveConfig {
final boolean allowCreates;
final boolean allowDeletes;
final boolean allowNonFastForwards;
final boolean allowOfsDelta;
final boolean allowPushOptions;
final long maxCommandBytes;
final long maxDiscardBytes;
final SignedPushConfig signedPush;
ReceiveConfig(Config config) {
allowCreates = true;
allowDeletes = !config.getBoolean("receive", "denydeletes", false); //$NON-NLS-1$ //$NON-NLS-2$
allowNonFastForwards = !config.getBoolean("receive", //$NON-NLS-1$
"denynonfastforwards", false); //$NON-NLS-1$
allowOfsDelta = config.getBoolean("repack", "usedeltabaseoffset", //$NON-NLS-1$ //$NON-NLS-2$
true);
allowPushOptions = config.getBoolean("receive", "pushoptions", //$NON-NLS-1$ //$NON-NLS-2$
false);
maxCommandBytes = config.getLong("receive", //$NON-NLS-1$
"maxCommandBytes", //$NON-NLS-1$
3 << 20);
maxDiscardBytes = config.getLong("receive", //$NON-NLS-1$
"maxCommandDiscardBytes", //$NON-NLS-1$
-1);
signedPush = SignedPushConfig.KEY.parse(config);
}
}
/**
* Output stream that wraps the current {@link #msgOut}.
* <p>
* We don't want to expose {@link #msgOut} directly because it can change
* several times over the course of a session.
*/
class MessageOutputWrapper extends OutputStream {
@Override
public void write(int ch) {
if (msgOut != null) {
try {
msgOut.write(ch);
} catch (IOException e) {
// Ignore write failures.
}
}
}
@Override
public void write(byte[] b, int off, int len) {
if (msgOut != null) {
try {
msgOut.write(b, off, len);
} catch (IOException e) {
// Ignore write failures.
}
}
}
@Override
public void write(byte[] b) {
write(b, 0, b.length);
}
@Override
public void flush() {
if (msgOut != null) {
try {
msgOut.flush();
} catch (IOException e) {
// Ignore write failures.
}
}
}
}
/**
* Get the repository this receive completes into.
*
* @return the repository this receive completes into.
*/
public Repository getRepository() {
return db;
}
/**
* Get the RevWalk instance used by this connection.
*
* @return the RevWalk instance used by this connection.
*/
public RevWalk getRevWalk() {
return walk;
}
/**
* Get refs which were advertised to the client.
*
* @return all refs which were advertised to the client, or null if
* {@link #setAdvertisedRefs(Map, Set)} has not been called yet.
*/
public Map<String, Ref> getAdvertisedRefs() {
return refs;
}
/**
* Set the refs advertised by this ReceivePack.
* <p>
* Intended to be called from a
* {@link org.eclipse.jgit.transport.PreReceiveHook}.
*
* @param allRefs
* explicit set of references to claim as advertised by this
* ReceivePack instance. This overrides any references that may
* exist in the source repository. The map is passed to the
* configured {@link #getRefFilter()}. If null, assumes all refs
* were advertised.
* @param additionalHaves
* explicit set of additional haves to claim as advertised. If
* null, assumes the default set of additional haves from the
* repository.
* @throws IOException
*/
public void setAdvertisedRefs(Map<String, Ref> allRefs,
Set<ObjectId> additionalHaves) throws IOException {
refs = allRefs != null ? allRefs : getAllRefs();
refs = refFilter.filter(refs);
advertisedHaves.clear();
Ref head = refs.get(HEAD);
if (head != null && head.isSymbolic()) {
refs.remove(HEAD);
}
for (Ref ref : refs.values()) {
if (ref.getObjectId() != null) {
advertisedHaves.add(ref.getObjectId());
}
}
if (additionalHaves != null) {
advertisedHaves.addAll(additionalHaves);
} else {
advertisedHaves.addAll(db.getAdditionalHaves());
}
}
/**
* Get objects advertised to the client.
*
* @return the set of objects advertised to the as present in this
* repository, or null if {@link #setAdvertisedRefs(Map, Set)} has
* not been called yet.
*/
public final Set<ObjectId> getAdvertisedObjects() {
return advertisedHaves;
}
/**
* Whether this instance will validate all referenced, but not supplied by
* the client, objects are reachable from another reference.
*
* @return true if this instance will validate all referenced, but not
* supplied by the client, objects are reachable from another
* reference.
*/
public boolean isCheckReferencedObjectsAreReachable() {
return checkReferencedAreReachable;
}
/**
* Validate all referenced but not supplied objects are reachable.
* <p>
* If enabled, this instance will verify that references to objects not
* contained within the received pack are already reachable through at least
* one other reference displayed as part of {@link #getAdvertisedRefs()}.
* <p>
* This feature is useful when the application doesn't trust the client to
* not provide a forged SHA-1 reference to an object, in an attempt to
* access parts of the DAG that they aren't allowed to see and which have
* been hidden from them via the configured
* {@link org.eclipse.jgit.transport.AdvertiseRefsHook} or
* {@link org.eclipse.jgit.transport.RefFilter}.
* <p>
* Enabling this feature may imply at least some, if not all, of the same
* functionality performed by {@link #setCheckReceivedObjects(boolean)}.
* Applications are encouraged to enable both features, if desired.
*
* @param b
* {@code true} to enable the additional check.
*/
public void setCheckReferencedObjectsAreReachable(boolean b) {
this.checkReferencedAreReachable = b;
}
/**
* Whether this class expects a bi-directional pipe opened between the
* client and itself.
*
* @return true if this class expects a bi-directional pipe opened between
* the client and itself. The default is true.
*/
public boolean isBiDirectionalPipe() {
return biDirectionalPipe;
}
/**
* Whether this class will assume the socket is a fully bidirectional pipe
* between the two peers and takes advantage of that by first transmitting
* the known refs, then waiting to read commands.
*
* @param twoWay
* if true, this class will assume the socket is a fully
* bidirectional pipe between the two peers and takes advantage
* of that by first transmitting the known refs, then waiting to
* read commands. If false, this class assumes it must read the
* commands before writing output and does not perform the
* initial advertising.
*/
public void setBiDirectionalPipe(boolean twoWay) {
biDirectionalPipe = twoWay;
}
/**
* Whether there is data expected after the pack footer.
*
* @return {@code true} if there is data expected after the pack footer.
*/
public boolean isExpectDataAfterPackFooter() {
return expectDataAfterPackFooter;
}
/**
* Whether there is additional data in InputStream after pack.
*
* @param e
* {@code true} if there is additional data in InputStream after
* pack.
*/
public void setExpectDataAfterPackFooter(boolean e) {
expectDataAfterPackFooter = e;
}
/**
* Whether this instance will verify received objects are formatted
* correctly.
*
* @return {@code true} if this instance will verify received objects are
* formatted correctly. Validating objects requires more CPU time on
* this side of the connection.
*/
public boolean isCheckReceivedObjects() {
return objectChecker != null;
}
/**
* Whether to enable checking received objects
*
* @param check
* {@code true} to enable checking received objects; false to
* assume all received objects are valid.
* @see #setObjectChecker(ObjectChecker)
*/
public void setCheckReceivedObjects(boolean check) {
if (check && objectChecker == null)
setObjectChecker(new ObjectChecker());
else if (!check && objectChecker != null)
setObjectChecker(null);
}
/**
* Set the object checking instance to verify each received object with
*
* @param impl
* if non-null the object checking instance to verify each
* received object with; null to disable object checking.
* @since 3.4
*/
public void setObjectChecker(ObjectChecker impl) {
objectChecker = impl;
}
/**
* Whether the client can request refs to be created.
*
* @return {@code true} if the client can request refs to be created.
*/
public boolean isAllowCreates() {
return allowCreates;
}
/**
* Whether to permit create ref commands to be processed.
*
* @param canCreate
* {@code true} to permit create ref commands to be processed.
*/
public void setAllowCreates(boolean canCreate) {
allowCreates = canCreate;
}
/**
* Whether the client can request refs to be deleted.
*
* @return {@code true} if the client can request refs to be deleted.
*/
public boolean isAllowDeletes() {
return allowAnyDeletes;
}
/**
* Whether to permit delete ref commands to be processed.
*
* @param canDelete
* {@code true} to permit delete ref commands to be processed.
*/
public void setAllowDeletes(boolean canDelete) {
allowAnyDeletes = canDelete;
}
/**
* Whether the client can delete from {@code refs/heads/}.
*
* @return {@code true} if the client can delete from {@code refs/heads/}.
* @since 3.6
*/
public boolean isAllowBranchDeletes() {
return allowBranchDeletes;
}
/**
* Configure whether to permit deletion of branches from the
* {@code refs/heads/} namespace.
*
* @param canDelete
* {@code true} to permit deletion of branches from the
* {@code refs/heads/} namespace.
* @since 3.6
*/
public void setAllowBranchDeletes(boolean canDelete) {
allowBranchDeletes = canDelete;
}
/**
* Whether the client can request non-fast-forward updates of a ref,
* possibly making objects unreachable.
*
* @return {@code true} if the client can request non-fast-forward updates
* of a ref, possibly making objects unreachable.
*/
public boolean isAllowNonFastForwards() {
return allowNonFastForwards;
}
/**
* Configure whether to permit the client to ask for non-fast-forward
* updates of an existing ref.
*
* @param canRewind
* {@code true} to permit the client to ask for non-fast-forward
* updates of an existing ref.
*/
public void setAllowNonFastForwards(boolean canRewind) {
allowNonFastForwards = canRewind;
}
/**
* Whether the client's commands should be performed as a single atomic
* transaction.
*
* @return {@code true} if the client's commands should be performed as a
* single atomic transaction.
* @since 4.4
*/
public boolean isAtomic() {
return atomic;
}
/**
* Configure whether to perform the client's commands as a single atomic
* transaction.
*
* @param atomic
* {@code true} to perform the client's commands as a single
* atomic transaction.
* @since 4.4
*/
public void setAtomic(boolean atomic) {
this.atomic = atomic;
}
/**
* Get identity of the user making the changes in the reflog.
*
* @return identity of the user making the changes in the reflog.
*/
public PersonIdent getRefLogIdent() {
return refLogIdent;
}
/**
* Set the identity of the user appearing in the affected reflogs.
* <p>
* The timestamp portion of the identity is ignored. A new identity with the
* current timestamp will be created automatically when the updates occur
* and the log records are written.
*
* @param pi
* identity of the user. If null the identity will be
* automatically determined based on the repository
* configuration.
*/
public void setRefLogIdent(PersonIdent pi) {
refLogIdent = pi;
}
/**
* Get the hook used while advertising the refs to the client
*
* @return the hook used while advertising the refs to the client
*/
public AdvertiseRefsHook getAdvertiseRefsHook() {
return advertiseRefsHook;
}
/**
* Get the filter used while advertising the refs to the client
*
* @return the filter used while advertising the refs to the client
*/
public RefFilter getRefFilter() {
return refFilter;
}
/**
* Set the hook used while advertising the refs to the client.
* <p>
* If the {@link org.eclipse.jgit.transport.AdvertiseRefsHook} chooses to
* call {@link #setAdvertisedRefs(Map,Set)}, only refs set by this hook
* <em>and</em> selected by the {@link org.eclipse.jgit.transport.RefFilter}
* will be shown to the client. Clients may still attempt to create or
* update a reference not advertised by the configured
* {@link org.eclipse.jgit.transport.AdvertiseRefsHook}. These attempts
* should be rejected by a matching
* {@link org.eclipse.jgit.transport.PreReceiveHook}.
*
* @param advertiseRefsHook
* the hook; may be null to show all refs.
*/
public void setAdvertiseRefsHook(AdvertiseRefsHook advertiseRefsHook) {
if (advertiseRefsHook != null)
this.advertiseRefsHook = advertiseRefsHook;
else
this.advertiseRefsHook = AdvertiseRefsHook.DEFAULT;
}
/**
* Set the filter used while advertising the refs to the client.
* <p>
* Only refs allowed by this filter will be shown to the client. The filter
* is run against the refs specified by the
* {@link org.eclipse.jgit.transport.AdvertiseRefsHook} (if applicable).
*
* @param refFilter
* the filter; may be null to show all refs.
*/
public void setRefFilter(RefFilter refFilter) {
this.refFilter = refFilter != null ? refFilter : RefFilter.DEFAULT;
}
/**
* Get timeout (in seconds) before aborting an IO operation.
*
* @return timeout (in seconds) before aborting an IO operation.
*/
public int getTimeout() {
return timeout;
}
/**
* Set the timeout before willing to abort an IO call.
*
* @param seconds
* number of seconds to wait (with no data transfer occurring)
* before aborting an IO read or write operation with the
* connected client.
*/
public void setTimeout(int seconds) {
timeout = seconds;
}
/**
* Set the maximum number of command bytes to read from the client.
*
* @param limit
* command limit in bytes; if 0 there is no limit.
* @since 4.7
*/
public void setMaxCommandBytes(long limit) {
maxCommandBytes = limit;
}
/**
* Set the maximum number of command bytes to discard from the client.
* <p>
* Discarding remaining bytes allows this instance to consume the rest of
* the command block and send a human readable over-limit error via the
* side-band channel. If the client sends an excessive number of bytes this
* limit kicks in and the instance disconnects, resulting in a non-specific
* 'pipe closed', 'end of stream', or similar generic error at the client.
* <p>
* When the limit is set to {@code -1} the implementation will default to
* the larger of {@code 3 * maxCommandBytes} or {@code 3 MiB}.
*
* @param limit
* discard limit in bytes; if 0 there is no limit; if -1 the
* implementation tries to set a reasonable default.
* @since 4.7
*/
public void setMaxCommandDiscardBytes(long limit) {
maxDiscardBytes = limit;
}
/**
* Set the maximum allowed Git object size.
* <p>
* If an object is larger than the given size the pack-parsing will throw an
* exception aborting the receive-pack operation.
*
* @param limit
* the Git object size limit. If zero then there is not limit.
*/
public void setMaxObjectSizeLimit(long limit) {
maxObjectSizeLimit = limit;
}
/**
* Set the maximum allowed pack size.
* <p>
* A pack exceeding this size will be rejected.
*
* @param limit
* the pack size limit, in bytes
* @since 3.3
*/
public void setMaxPackSizeLimit(long limit) {
if (limit < 0)
throw new IllegalArgumentException(
MessageFormat.format(JGitText.get().receivePackInvalidLimit,
Long.valueOf(limit)));
maxPackSizeLimit = limit;
}
/**
* Check whether the client expects a side-band stream.
*
* @return true if the client has advertised a side-band capability, false
* otherwise.
* @throws org.eclipse.jgit.transport.RequestNotYetReadException
* if the client's request has not yet been read from the wire,
* so we do not know if they expect side-band. Note that the
* client may have already written the request, it just has not
* been read.
*/
public boolean isSideBand() throws RequestNotYetReadException {
checkRequestWasRead();
return enabledCapabilities.contains(CAPABILITY_SIDE_BAND_64K);
}
/**
* Whether clients may request avoiding noisy progress messages.
*
* @return true if clients may request avoiding noisy progress messages.
* @since 4.0
*/
public boolean isAllowQuiet() {
return allowQuiet;
}
/**
* Configure if clients may request the server skip noisy messages.
*
* @param allow
* true to allow clients to request quiet behavior; false to
* refuse quiet behavior and send messages anyway. This may be
* necessary if processing is slow and the client-server network
* connection can timeout.
* @since 4.0
*/
public void setAllowQuiet(boolean allow) {
allowQuiet = allow;
}
/**
* Whether the server supports receiving push options.
*
* @return true if the server supports receiving push options.
* @since 4.5
*/
public boolean isAllowPushOptions() {
return allowPushOptions;
}
/**
* Configure if the server supports receiving push options.
*
* @param allow
* true to optionally accept option strings from the client.
* @since 4.5
*/
public void setAllowPushOptions(boolean allow) {
allowPushOptions = allow;
}
/**
* True if the client wants less verbose output.
*
* @return true if the client has requested the server to be less verbose.
* @throws org.eclipse.jgit.transport.RequestNotYetReadException
* if the client's request has not yet been read from the wire,
* so we do not know if they expect side-band. Note that the
* client may have already written the request, it just has not
* been read.
* @since 4.0
*/
public boolean isQuiet() throws RequestNotYetReadException {
checkRequestWasRead();
return quiet;
}
/**
* Set the configuration for push certificate verification.
*
* @param cfg
* new configuration; if this object is null or its
* {@link SignedPushConfig#getCertNonceSeed()} is null, push
* certificate verification will be disabled.
* @since 4.1
*/
public void setSignedPushConfig(SignedPushConfig cfg) {
signedPushConfig = cfg;
}
private PushCertificateParser getPushCertificateParser() {
if (pushCertificateParser == null) {
pushCertificateParser = new PushCertificateParser(db,
signedPushConfig);
}
return pushCertificateParser;
}
/**
* Get the user agent of the client.
* <p>
* If the client is new enough to use {@code agent=} capability that value
* will be returned. Older HTTP clients may also supply their version using
* the HTTP {@code User-Agent} header. The capability overrides the HTTP
* header if both are available.
* <p>
* When an HTTP request has been received this method returns the HTTP
* {@code User-Agent} header value until capabilities have been parsed.
*
* @return user agent supplied by the client. Available only if the client
* is new enough to advertise its user agent.
* @since 4.0
*/
public String getPeerUserAgent() {
return UserAgent.getAgent(enabledCapabilities, userAgent);
}
/**
* Get all of the command received by the current request.
*
* @return all of the command received by the current request.
*/
public List<ReceiveCommand> getAllCommands() {
return Collections.unmodifiableList(commands);
}
/**
* Set an error handler for {@link ReceiveCommand}.
*
* @param receiveCommandErrorHandler
* @since 5.7
*/
public void setReceiveCommandErrorHandler(
ReceiveCommandErrorHandler receiveCommandErrorHandler) {
this.receiveCommandErrorHandler = receiveCommandErrorHandler;
}
/**
* Send an error message to the client.
* <p>
* If any error messages are sent before the references are advertised to
* the client, the errors will be sent instead of the advertisement and the
* receive operation will be aborted. All clients should receive and display
* such early stage errors.
* <p>
* If the reference advertisements have already been sent, messages are sent
* in a side channel. If the client doesn't support receiving messages, the
* message will be discarded, with no other indication to the caller or to
* the client.
* <p>
* {@link org.eclipse.jgit.transport.PreReceiveHook}s should always try to
* use
* {@link org.eclipse.jgit.transport.ReceiveCommand#setResult(Result, String)}
* with a result status of
* {@link org.eclipse.jgit.transport.ReceiveCommand.Result#REJECTED_OTHER_REASON}
* to indicate any reasons for rejecting an update. Messages attached to a
* command are much more likely to be returned to the client.
*
* @param what
* string describing the problem identified by the hook. The
* string must not end with an LF, and must not contain an LF.
*/
public void sendError(String what) {
if (refs == null) {
if (advertiseError == null)
advertiseError = new StringBuilder();
advertiseError.append(what).append('\n');
} else {
msgOutWrapper.write(Constants.encode("error: " + what + "\n")); //$NON-NLS-1$ //$NON-NLS-2$
}
}
private void fatalError(String msg) {
if (errOut != null) {
try {
errOut.write(Constants.encode(msg));
errOut.flush();
} catch (IOException e) {
// Ignore write failures
}
} else {
sendError(msg);
}
}
/**
* Send a message to the client, if it supports receiving them.
* <p>
* If the client doesn't support receiving messages, the message will be
* discarded, with no other indication to the caller or to the client.
*
* @param what
* string describing the problem identified by the hook. The
* string must not end with an LF, and must not contain an LF.
*/
public void sendMessage(String what) {
msgOutWrapper.write(Constants.encode(what + "\n")); //$NON-NLS-1$
}
/**
* Get an underlying stream for sending messages to the client.
*
* @return an underlying stream for sending messages to the client.
*/
public OutputStream getMessageOutputStream() {
return msgOutWrapper;
}
/**
* Get whether or not a pack has been received.
*
* This can be called before calling {@link #getPackSize()} to avoid causing
* {@code IllegalStateException} when the pack size was not set because no
* pack was received.
*
* @return true if a pack has been received.
* @since 5.6
*/
public boolean hasReceivedPack() {
return packSize != null;
}
/**
* Get the size of the received pack file including the index size.
*
* This can only be called if the pack is already received.
*
* @return the size of the received pack including index size
* @throws java.lang.IllegalStateException
* if called before the pack has been received
* @since 3.3
*/
public long getPackSize() {
if (packSize != null)
return packSize.longValue();
throw new IllegalStateException(JGitText.get().packSizeNotSetYet);
}
/**
* Get the commits from the client's shallow file.
*
* @return if the client is a shallow repository, the list of edge commits
* that define the client's shallow boundary. Empty set if the
* client is earlier than Git 1.9, or is a full clone.
*/
private Set<ObjectId> getClientShallowCommits() {
return clientShallowCommits;
}
/**
* Whether any commands to be executed have been read.
*
* @return {@code true} if any commands to be executed have been read.
*/
private boolean hasCommands() {
return !commands.isEmpty();
}
/**
* Whether an error occurred that should be advertised.
*
* @return true if an error occurred that should be advertised.
*/
private boolean hasError() {
return advertiseError != null;
}
/**
* Initialize the instance with the given streams.
*
* Visible for out-of-tree subclasses (e.g. tests that need to set the
* streams without going through the {@link #service()} method).
*
* @param input
* raw input to read client commands and pack data from. Caller
* must ensure the input is buffered, otherwise read performance
* may suffer.
* @param output
* response back to the Git network client. Caller must ensure
* the output is buffered, otherwise write performance may
* suffer.
* @param messages
* secondary "notice" channel to send additional messages out
* through. When run over SSH this should be tied back to the
* standard error channel of the command execution. For most
* other network connections this should be null.
*/
protected void init(final InputStream input, final OutputStream output,
final OutputStream messages) {
origOut = output;
rawIn = input;
rawOut = output;
msgOut = messages;
if (timeout > 0) {
final Thread caller = Thread.currentThread();
timer = new InterruptTimer(caller.getName() + "-Timer"); //$NON-NLS-1$
timeoutIn = new TimeoutInputStream(rawIn, timer);
TimeoutOutputStream o = new TimeoutOutputStream(rawOut, timer);
timeoutIn.setTimeout(timeout * 1000);
o.setTimeout(timeout * 1000);
rawIn = timeoutIn;
rawOut = o;
}
pckIn = new PacketLineIn(rawIn);
pckOut = new PacketLineOut(rawOut);
pckOut.setFlushOnEnd(false);
enabledCapabilities = new HashSet<>();
commands = new ArrayList<>();
}
/**
* Get advertised refs, or the default if not explicitly advertised.
*
* @return advertised refs, or the default if not explicitly advertised.
* @throws IOException
*/
private Map<String, Ref> getAdvertisedOrDefaultRefs() throws IOException {
if (refs == null)
setAdvertisedRefs(null, null);
return refs;
}
/**
* Receive a pack from the stream and check connectivity if necessary.
*
* Visible for out-of-tree subclasses. Subclasses overriding this method
* should invoke this implementation, as it alters the instance state (e.g.
* it reads the pack from the input and parses it before running the
* connectivity checks).
*
* @throws java.io.IOException
* an error occurred during unpacking or connectivity checking.
* @throws LargeObjectException
* an large object needs to be opened for the check.
* @throws SubmoduleValidationException
* fails to validate the submodule.
*/
protected void receivePackAndCheckConnectivity() throws IOException,
LargeObjectException, SubmoduleValidationException {
receivePack();
if (needCheckConnectivity()) {
checkSubmodules();
checkConnectivity();
}
parser = null;
}
/**
* Unlock the pack written by this object.
*
* @throws java.io.IOException
* the pack could not be unlocked.
*/
private void unlockPack() throws IOException {
if (packLock != null) {
packLock.unlock();
packLock = null;
}
}
/**
* Generate an advertisement of available refs and capabilities.
*
* @param adv
* the advertisement formatter.
* @throws java.io.IOException
* the formatter failed to write an advertisement.
* @throws org.eclipse.jgit.transport.ServiceMayNotContinueException
* the hook denied advertisement.
*/
public void sendAdvertisedRefs(RefAdvertiser adv)
throws IOException, ServiceMayNotContinueException {
if (advertiseError != null) {
adv.writeOne("ERR " + advertiseError); //$NON-NLS-1$
return;
}
try {
advertiseRefsHook.advertiseRefs(this);
} catch (ServiceMayNotContinueException fail) {
if (fail.getMessage() != null) {
adv.writeOne("ERR " + fail.getMessage()); //$NON-NLS-1$
fail.setOutput();
}
throw fail;
}
adv.init(db);
adv.advertiseCapability(CAPABILITY_SIDE_BAND_64K);
adv.advertiseCapability(CAPABILITY_DELETE_REFS);
adv.advertiseCapability(CAPABILITY_REPORT_STATUS);
if (allowQuiet)
adv.advertiseCapability(CAPABILITY_QUIET);
String nonce = getPushCertificateParser().getAdvertiseNonce();
if (nonce != null) {
adv.advertiseCapability(nonce);
}
if (db.getRefDatabase().performsAtomicTransactions())
adv.advertiseCapability(CAPABILITY_ATOMIC);
if (allowOfsDelta)
adv.advertiseCapability(CAPABILITY_OFS_DELTA);
if (allowPushOptions) {
adv.advertiseCapability(CAPABILITY_PUSH_OPTIONS);
}
adv.advertiseCapability(OPTION_AGENT, UserAgent.get());
adv.send(getAdvertisedOrDefaultRefs().values());
for (ObjectId obj : advertisedHaves)
adv.advertiseHave(obj);
if (adv.isEmpty())
adv.advertiseId(ObjectId.zeroId(), "capabilities^{}"); //$NON-NLS-1$
adv.end();
}
/**
* Returns the statistics on the received pack if available. This should be
* called after {@link #receivePack} is called.
*
* @return ReceivedPackStatistics
* @since 4.6
*/
@Nullable
public ReceivedPackStatistics getReceivedPackStatistics() {
return stats;
}
/**
* Extract the full list of refs from the ref-db.
*
* @return Map of all refname/ref
*/
private Map<String, Ref> getAllRefs() {
try {
return db.getRefDatabase().getRefs().stream()
.collect(Collectors.toMap(Ref::getName,
Function.identity()));
} catch (IOException e) {
throw new UncheckedIOException(e);
}
}
/**
* Receive a list of commands from the input.
*
* @throws java.io.IOException
*/
private void recvCommands() throws IOException {
PacketLineIn pck = maxCommandBytes > 0
? new PacketLineIn(rawIn, maxCommandBytes)
: pckIn;
PushCertificateParser certParser = getPushCertificateParser();
boolean firstPkt = true;
try {
for (;;) {
String line;
try {
line = pck.readString();
} catch (EOFException eof) {
if (commands.isEmpty())
return;
throw eof;
}
if (PacketLineIn.isEnd(line)) {
break;
}
if (line.length() >= 48 && line.startsWith("shallow ")) { //$NON-NLS-1$
parseShallow(line.substring(8, 48));
continue;
}
if (firstPkt) {
firstPkt = false;
FirstCommand firstLine = FirstCommand.fromLine(line);
enabledCapabilities = firstLine.getCapabilities();
line = firstLine.getLine();
enableCapabilities();
if (line.equals(GitProtocolConstants.OPTION_PUSH_CERT)) {
certParser.receiveHeader(pck, !isBiDirectionalPipe());
continue;
}
}
if (line.equals(PushCertificateParser.BEGIN_SIGNATURE)) {
certParser.receiveSignature(pck);
continue;
}
ReceiveCommand cmd = parseCommand(line);
if (cmd.getRefName().equals(Constants.HEAD)) {
cmd.setResult(Result.REJECTED_CURRENT_BRANCH);
} else {
cmd.setRef(refs.get(cmd.getRefName()));
}
commands.add(cmd);
if (certParser.enabled()) {
certParser.addCommand(cmd);
}
}
pushCert = certParser.build();
if (hasCommands()) {
readPostCommands(pck);
}
} catch (Throwable t) {
discardCommands();
throw t;
}
}
private void discardCommands() {
if (sideBand) {
long max = maxDiscardBytes;
if (max < 0) {
max = Math.max(3 * maxCommandBytes, 3L << 20);
}
try {
new PacketLineIn(rawIn, max).discardUntilEnd();
} catch (IOException e) {
// Ignore read failures attempting to discard.
}
}
}
private void parseShallow(String idStr) throws PackProtocolException {
ObjectId id;
try {
id = ObjectId.fromString(idStr);
} catch (InvalidObjectIdException e) {
throw new PackProtocolException(e.getMessage(), e);
}
clientShallowCommits.add(id);
}
/**
* @param in
* request stream.
* @throws IOException
* request line cannot be read.
*/
void readPostCommands(PacketLineIn in) throws IOException {
if (usePushOptions) {
pushOptions = new ArrayList<>(4);
for (;;) {
String option = in.readString();
if (PacketLineIn.isEnd(option)) {
break;
}
pushOptions.add(option);
}
}
}
/**
* Enable capabilities based on a previously read capabilities line.
*/
private void enableCapabilities() {
reportStatus = isCapabilityEnabled(CAPABILITY_REPORT_STATUS);
usePushOptions = isCapabilityEnabled(CAPABILITY_PUSH_OPTIONS);
sideBand = isCapabilityEnabled(CAPABILITY_SIDE_BAND_64K);
quiet = allowQuiet && isCapabilityEnabled(CAPABILITY_QUIET);
if (sideBand) {
OutputStream out = rawOut;
rawOut = new SideBandOutputStream(CH_DATA, MAX_BUF, out);
msgOut = new SideBandOutputStream(CH_PROGRESS, MAX_BUF, out);
errOut = new SideBandOutputStream(CH_ERROR, MAX_BUF, out);
pckOut = new PacketLineOut(rawOut);
pckOut.setFlushOnEnd(false);
}
}
/**
* Check if the peer requested a capability.
*
* @param name
* protocol name identifying the capability.
* @return true if the peer requested the capability to be enabled.
*/
private boolean isCapabilityEnabled(String name) {
return enabledCapabilities.contains(name);
}
private void checkRequestWasRead() {
if (enabledCapabilities == null)
throw new RequestNotYetReadException();
}
/**
* Whether a pack is expected based on the list of commands.
*
* @return {@code true} if a pack is expected based on the list of commands.
*/
private boolean needPack() {
for (ReceiveCommand cmd : commands) {
if (cmd.getType() != ReceiveCommand.Type.DELETE)
return true;
}
return false;
}
/**
* Receive a pack from the input and store it in the repository.
*
* @throws IOException
* an error occurred reading or indexing the pack.
*/
private void receivePack() throws IOException {
// It might take the client a while to pack the objects it needs
// to send to us. We should increase our timeout so we don't
// abort while the client is computing.
//
if (timeoutIn != null)
timeoutIn.setTimeout(10 * timeout * 1000);
ProgressMonitor receiving = NullProgressMonitor.INSTANCE;
ProgressMonitor resolving = NullProgressMonitor.INSTANCE;
if (sideBand && !quiet)
resolving = new SideBandProgressMonitor(msgOut);
try (ObjectInserter ins = db.newObjectInserter()) {
String lockMsg = "jgit receive-pack"; //$NON-NLS-1$
if (getRefLogIdent() != null)
lockMsg += " from " + getRefLogIdent().toExternalString(); //$NON-NLS-1$
parser = ins.newPackParser(packInputStream());
parser.setAllowThin(true);
parser.setNeedNewObjectIds(checkReferencedAreReachable);
parser.setNeedBaseObjectIds(checkReferencedAreReachable);
parser.setCheckEofAfterPackFooter(!biDirectionalPipe
&& !isExpectDataAfterPackFooter());
parser.setExpectDataAfterPackFooter(isExpectDataAfterPackFooter());
parser.setObjectChecker(objectChecker);
parser.setLockMessage(lockMsg);
parser.setMaxObjectSizeLimit(maxObjectSizeLimit);
packLock = parser.parse(receiving, resolving);
packSize = Long.valueOf(parser.getPackSize());
stats = parser.getReceivedPackStatistics();
ins.flush();
}
if (timeoutIn != null)
timeoutIn.setTimeout(timeout * 1000);
}
private InputStream packInputStream() {
InputStream packIn = rawIn;
if (maxPackSizeLimit >= 0) {
packIn = new LimitedInputStream(packIn, maxPackSizeLimit) {
@Override
protected void limitExceeded() throws TooLargePackException {
throw new TooLargePackException(limit);
}
};
}
return packIn;
}
private boolean needCheckConnectivity() {
return isCheckReceivedObjects()
|| isCheckReferencedObjectsAreReachable()
|| !getClientShallowCommits().isEmpty();
}
private void checkSubmodules() throws IOException, LargeObjectException,
SubmoduleValidationException {
ObjectDatabase odb = db.getObjectDatabase();
if (objectChecker == null) {
return;
}
for (GitmoduleEntry entry : objectChecker.getGitsubmodules()) {
AnyObjectId blobId = entry.getBlobId();
ObjectLoader blob = odb.open(blobId, Constants.OBJ_BLOB);
SubmoduleValidator.assertValidGitModulesFile(
new String(blob.getBytes(), UTF_8));
}
}
private void checkConnectivity() throws IOException {
ProgressMonitor checking = NullProgressMonitor.INSTANCE;
if (sideBand && !quiet) {
SideBandProgressMonitor m = new SideBandProgressMonitor(msgOut);
m.setDelayStart(750, TimeUnit.MILLISECONDS);
checking = m;
}
connectivityChecker.checkConnectivity(createConnectivityCheckInfo(),
advertisedHaves, checking);
}
private ConnectivityCheckInfo createConnectivityCheckInfo() {
ConnectivityCheckInfo info = new ConnectivityCheckInfo();
info.setCheckObjects(checkReferencedAreReachable);
info.setCommands(getAllCommands());
info.setRepository(db);
info.setParser(parser);
info.setWalk(walk);
return info;
}
/**
* Validate the command list.
*/
private void validateCommands() {
for (ReceiveCommand cmd : commands) {
final Ref ref = cmd.getRef();
if (cmd.getResult() != Result.NOT_ATTEMPTED)
continue;
if (cmd.getType() == ReceiveCommand.Type.DELETE) {
if (!isAllowDeletes()) {
// Deletes are not supported on this repository.
cmd.setResult(Result.REJECTED_NODELETE);
continue;
}
if (!isAllowBranchDeletes()
&& ref.getName().startsWith(Constants.R_HEADS)) {
// Branches cannot be deleted, but other refs can.
cmd.setResult(Result.REJECTED_NODELETE);
continue;
}
}
if (cmd.getType() == ReceiveCommand.Type.CREATE) {
if (!isAllowCreates()) {
cmd.setResult(Result.REJECTED_NOCREATE);
continue;
}
if (ref != null && !isAllowNonFastForwards()) {
// Creation over an existing ref is certainly not going
// to be a fast-forward update. We can reject it early.
//
cmd.setResult(Result.REJECTED_NONFASTFORWARD);
continue;
}
if (ref != null) {
// A well behaved client shouldn't have sent us a
// create command for a ref we advertised to it.
//
cmd.setResult(Result.REJECTED_OTHER_REASON,
JGitText.get().refAlreadyExists);
continue;
}
}
if (cmd.getType() == ReceiveCommand.Type.DELETE && ref != null) {
ObjectId id = ref.getObjectId();
if (id == null) {
id = ObjectId.zeroId();
}
if (!ObjectId.zeroId().equals(cmd.getOldId())
&& !id.equals(cmd.getOldId())) {
// Delete commands can be sent with the old id matching our
// advertised value, *OR* with the old id being 0{40}. Any
// other requested old id is invalid.
//
cmd.setResult(Result.REJECTED_OTHER_REASON,
JGitText.get().invalidOldIdSent);
continue;
}
}
if (cmd.getType() == ReceiveCommand.Type.UPDATE) {
if (ref == null) {
// The ref must have been advertised in order to be updated.
//
cmd.setResult(Result.REJECTED_OTHER_REASON,
JGitText.get().noSuchRef);
continue;
}
ObjectId id = ref.getObjectId();
if (id == null) {
// We cannot update unborn branch
cmd.setResult(Result.REJECTED_OTHER_REASON,
JGitText.get().cannotUpdateUnbornBranch);
continue;
}
if (!id.equals(cmd.getOldId())) {
// A properly functioning client will send the same
// object id we advertised.
//
cmd.setResult(Result.REJECTED_OTHER_REASON,
JGitText.get().invalidOldIdSent);
continue;
}
// Is this possibly a non-fast-forward style update?
//
RevObject oldObj, newObj;
try {
oldObj = walk.parseAny(cmd.getOldId());
} catch (IOException e) {
receiveCommandErrorHandler
.handleOldIdValidationException(cmd, e);
continue;
}
try {
newObj = walk.parseAny(cmd.getNewId());
} catch (IOException e) {
receiveCommandErrorHandler
.handleNewIdValidationException(cmd, e);
continue;
}
if (oldObj instanceof RevCommit
&& newObj instanceof RevCommit) {
try {
if (walk.isMergedInto((RevCommit) oldObj,
(RevCommit) newObj)) {
cmd.setTypeFastForwardUpdate();
} else {
cmd.setType(ReceiveCommand.Type.UPDATE_NONFASTFORWARD);
}
} catch (IOException e) {
receiveCommandErrorHandler
.handleFastForwardCheckException(cmd, e);
}
} else {
cmd.setType(ReceiveCommand.Type.UPDATE_NONFASTFORWARD);
}
if (cmd.getType() == ReceiveCommand.Type.UPDATE_NONFASTFORWARD
&& !isAllowNonFastForwards()) {
cmd.setResult(Result.REJECTED_NONFASTFORWARD);
continue;
}
}
if (!cmd.getRefName().startsWith(Constants.R_REFS)
|| !Repository.isValidRefName(cmd.getRefName())) {
cmd.setResult(Result.REJECTED_OTHER_REASON,
JGitText.get().funnyRefname);
}
}
}
/**
* Whether any commands have been rejected so far.
*
* @return if any commands have been rejected so far.
*/
private boolean anyRejects() {
for (ReceiveCommand cmd : commands) {
if (cmd.getResult() != Result.NOT_ATTEMPTED
&& cmd.getResult() != Result.OK)
return true;
}
return false;
}
/**
* Set the result to fail for any command that was not processed yet.
*
*/
private void failPendingCommands() {
ReceiveCommand.abort(commands);
}
/**
* Filter the list of commands according to result.
*
* @param want
* desired status to filter by.
* @return a copy of the command list containing only those commands with
* the desired status.
* @since 5.7
*/
protected List<ReceiveCommand> filterCommands(Result want) {
return ReceiveCommand.filter(commands, want);
}
/**
* Execute commands to update references.
* @since 5.7
*/
protected void executeCommands() {
List<ReceiveCommand> toApply = filterCommands(Result.NOT_ATTEMPTED);
if (toApply.isEmpty())
return;
ProgressMonitor updating = NullProgressMonitor.INSTANCE;
if (sideBand) {
SideBandProgressMonitor pm = new SideBandProgressMonitor(msgOut);
pm.setDelayStart(250, TimeUnit.MILLISECONDS);
updating = pm;
}
BatchRefUpdate batch = db.getRefDatabase().newBatchUpdate();
batch.setAllowNonFastForwards(isAllowNonFastForwards());
batch.setAtomic(isAtomic());
batch.setRefLogIdent(getRefLogIdent());
batch.setRefLogMessage("push", true); //$NON-NLS-1$
batch.addCommand(toApply);
try {
batch.setPushCertificate(getPushCertificate());
batch.execute(walk, updating);
} catch (IOException e) {
receiveCommandErrorHandler.handleBatchRefUpdateException(toApply,
e);
}
}
/**
* Send a status report.
*
* @param unpackError
* an error that occurred during unpacking, or {@code null}
* @throws java.io.IOException
* an error occurred writing the status report.
* @since 5.6
*/
private void sendStatusReport(Throwable unpackError) throws IOException {
Reporter out = new Reporter() {
@Override
void sendString(String s) throws IOException {
if (reportStatus) {
pckOut.writeString(s + "\n"); //$NON-NLS-1$
} else if (msgOut != null) {
msgOut.write(Constants.encode(s + "\n")); //$NON-NLS-1$
}
}
};
try {
if (unpackError != null) {
out.sendString("unpack error " + unpackError.getMessage()); //$NON-NLS-1$
if (reportStatus) {
for (ReceiveCommand cmd : commands) {
out.sendString("ng " + cmd.getRefName() //$NON-NLS-1$
+ " n/a (unpacker error)"); //$NON-NLS-1$
}
}
return;
}
if (reportStatus) {
out.sendString("unpack ok"); //$NON-NLS-1$
}
for (ReceiveCommand cmd : commands) {
if (cmd.getResult() == Result.OK) {
if (reportStatus) {
out.sendString("ok " + cmd.getRefName()); //$NON-NLS-1$
}
continue;
}
final StringBuilder r = new StringBuilder();
if (reportStatus) {
r.append("ng ").append(cmd.getRefName()).append(" "); //$NON-NLS-1$ //$NON-NLS-2$
} else {
r.append(" ! [rejected] ").append(cmd.getRefName()) //$NON-NLS-1$
.append(" ("); //$NON-NLS-1$
}
if (cmd.getResult() == Result.REJECTED_MISSING_OBJECT) {
if (cmd.getMessage() == null)
r.append("missing object(s)"); //$NON-NLS-1$
else if (cmd.getMessage()
.length() == Constants.OBJECT_ID_STRING_LENGTH) {
// TODO: Using get/setMessage to store an OID is a
// misuse. The caller should set a full error message.
r.append("object "); //$NON-NLS-1$
r.append(cmd.getMessage());
r.append(" missing"); //$NON-NLS-1$
} else {
r.append(cmd.getMessage());
}
} else if (cmd.getMessage() != null) {
r.append(cmd.getMessage());
} else {
switch (cmd.getResult()) {
case NOT_ATTEMPTED:
r.append("server bug; ref not processed"); //$NON-NLS-1$
break;
case REJECTED_NOCREATE:
r.append("creation prohibited"); //$NON-NLS-1$
break;
case REJECTED_NODELETE:
r.append("deletion prohibited"); //$NON-NLS-1$
break;
case REJECTED_NONFASTFORWARD:
r.append("non-fast forward"); //$NON-NLS-1$
break;
case REJECTED_CURRENT_BRANCH:
r.append("branch is currently checked out"); //$NON-NLS-1$
break;
case REJECTED_OTHER_REASON:
r.append("unspecified reason"); //$NON-NLS-1$
break;
case LOCK_FAILURE:
r.append("failed to lock"); //$NON-NLS-1$
break;
case REJECTED_MISSING_OBJECT:
case OK:
// We shouldn't have reached this case (see 'ok' case
// above and if-statement above).
throw new AssertionError();
}
}
if (!reportStatus) {
r.append(")"); //$NON-NLS-1$
}
out.sendString(r.toString());
}
} finally {
if (reportStatus) {
pckOut.end();
}
}
}
/**
* Close and flush (if necessary) the underlying streams.
*
* @throws java.io.IOException
*/
private void close() throws IOException {
if (sideBand) {
// If we are using side band, we need to send a final
// flush-pkt to tell the remote peer the side band is
// complete and it should stop decoding. We need to
// use the original output stream as rawOut is now the
// side band data channel.
//
((SideBandOutputStream) msgOut).flushBuffer();
((SideBandOutputStream) rawOut).flushBuffer();
PacketLineOut plo = new PacketLineOut(origOut);
plo.setFlushOnEnd(false);
plo.end();
}
if (biDirectionalPipe) {
// If this was a native git connection, flush the pipe for
// the caller. For smart HTTP we don't do this flush and
// instead let the higher level HTTP servlet code do it.
//
if (!sideBand && msgOut != null)
msgOut.flush();
rawOut.flush();
}
}
/**
* Release any resources used by this object.
*
* @throws java.io.IOException
* the pack could not be unlocked.
*/
private void release() throws IOException {
walk.close();
unlockPack();
timeoutIn = null;
rawIn = null;
rawOut = null;
msgOut = null;
pckIn = null;
pckOut = null;
refs = null;
// Keep the capabilities. If responses are sent after this release
// we need to remember at least whether sideband communication has to be
// used
commands = null;
if (timer != null) {
try {
timer.terminate();
} finally {
timer = null;
}
}
}
/** Interface for reporting status messages. */
abstract static class Reporter {
abstract void sendString(String s) throws IOException;
}
/**
* Get the push certificate used to verify the pusher's identity.
* <p>
* Only valid after commands are read from the wire.
*
* @return the parsed certificate, or null if push certificates are disabled
* or no cert was presented by the client.
* @since 4.1
*/
public PushCertificate getPushCertificate() {
return pushCert;
}
/**
* Set the push certificate used to verify the pusher's identity.
* <p>
* Should only be called if reconstructing an instance without going through
* the normal {@link #recvCommands()} flow.
*
* @param cert
* the push certificate to set.
* @since 4.1
*/
public void setPushCertificate(PushCertificate cert) {
pushCert = cert;
}
/**
* Gets an unmodifiable view of the option strings associated with the push.
*
* @return an unmodifiable view of pushOptions, or null (if pushOptions is).
* @since 4.5
*/
@Nullable
public List<String> getPushOptions() {
if (isAllowPushOptions() && usePushOptions) {
return Collections.unmodifiableList(pushOptions);
}
// The client doesn't support push options. Return null to
// distinguish this from the case where the client declared support
// for push options and sent an empty list of them.
return null;
}
/**
* Set the push options supplied by the client.
* <p>
* Should only be called if reconstructing an instance without going through
* the normal {@link #recvCommands()} flow.
*
* @param options
* the list of options supplied by the client. The
* {@code ReceivePack} instance takes ownership of this list.
* Callers are encouraged to first create a copy if the list may
* be modified later.
* @since 4.5
*/
public void setPushOptions(@Nullable List<String> options) {
usePushOptions = options != null;
pushOptions = options;
}
/**
* Get the hook invoked before updates occur.
*
* @return the hook invoked before updates occur.
*/
public PreReceiveHook getPreReceiveHook() {
return preReceive;
}
/**
* Set the hook which is invoked prior to commands being executed.
* <p>
* Only valid commands (those which have no obvious errors according to the
* received input and this instance's configuration) are passed into the
* hook. The hook may mark a command with a result of any value other than
* {@link org.eclipse.jgit.transport.ReceiveCommand.Result#NOT_ATTEMPTED} to
* block its execution.
* <p>
* The hook may be called with an empty command collection if the current
* set is completely invalid.
*
* @param h
* the hook instance; may be null to disable the hook.
*/
public void setPreReceiveHook(PreReceiveHook h) {
preReceive = h != null ? h : PreReceiveHook.NULL;
}
/**
* Get the hook invoked after updates occur.
*
* @return the hook invoked after updates occur.
*/
public PostReceiveHook getPostReceiveHook() {
return postReceive;
}
/**
* Set the hook which is invoked after commands are executed.
* <p>
* Only successful commands (type is
* {@link org.eclipse.jgit.transport.ReceiveCommand.Result#OK}) are passed
* into the hook. The hook may be called with an empty command collection if
* the current set all resulted in an error.
*
* @param h
* the hook instance; may be null to disable the hook.
*/
public void setPostReceiveHook(PostReceiveHook h) {
postReceive = h != null ? h : PostReceiveHook.NULL;
}
/**
* Get the current unpack error handler.
*
* @return the current unpack error handler.
* @since 5.8
*/
public UnpackErrorHandler getUnpackErrorHandler() {
return unpackErrorHandler;
}
/**
* @param unpackErrorHandler
* the unpackErrorHandler to set
* @since 5.7
*/
public void setUnpackErrorHandler(UnpackErrorHandler unpackErrorHandler) {
this.unpackErrorHandler = unpackErrorHandler;
}
/**
* Set whether this class will report command failures as warning messages
* before sending the command results.
*
* @param echo
* if true this class will report command failures as warning
* messages before sending the command results. This is usually
* not necessary, but may help buggy Git clients that discard the
* errors when all branches fail.
* @deprecated no widely used Git versions need this any more
*/
@Deprecated
public void setEchoCommandFailures(boolean echo) {
// No-op.
}
/**
* Execute the receive task on the socket.
*
* @param input
* raw input to read client commands and pack data from. Caller
* must ensure the input is buffered, otherwise read performance
* may suffer.
* @param output
* response back to the Git network client. Caller must ensure
* the output is buffered, otherwise write performance may
* suffer.
* @param messages
* secondary "notice" channel to send additional messages out
* through. When run over SSH this should be tied back to the
* standard error channel of the command execution. For most
* other network connections this should be null.
* @throws java.io.IOException
*/
public void receive(final InputStream input, final OutputStream output,
final OutputStream messages) throws IOException {
init(input, output, messages);
try {
service();
} catch (PackProtocolException e) {
fatalError(e.getMessage());
throw e;
} catch (InputOverLimitIOException e) {
String msg = JGitText.get().tooManyCommands;
fatalError(msg);
throw new PackProtocolException(msg, e);
} finally {
try {
close();
} finally {
release();
}
}
}
/**
* Execute the receive task on the socket.
*
* <p>
* Same as {@link #receive}, but the exceptions are not reported to the
* client yet.
*
* @param input
* raw input to read client commands and pack data from. Caller
* must ensure the input is buffered, otherwise read performance
* may suffer.
* @param output
* response back to the Git network client. Caller must ensure
* the output is buffered, otherwise write performance may
* suffer.
* @param messages
* secondary "notice" channel to send additional messages out
* through. When run over SSH this should be tied back to the
* standard error channel of the command execution. For most
* other network connections this should be null.
* @throws java.io.IOException
* @since 5.7
*/
public void receiveWithExceptionPropagation(InputStream input,
OutputStream output, OutputStream messages) throws IOException {
init(input, output, messages);
try {
service();
} finally {
try {
close();
} finally {
release();
}
}
}
private void service() throws IOException {
if (isBiDirectionalPipe()) {
sendAdvertisedRefs(new PacketLineOutRefAdvertiser(pckOut));
pckOut.flush();
} else
getAdvertisedOrDefaultRefs();
if (hasError())
return;
recvCommands();
if (hasCommands()) {
try (PostReceiveExecutor e = new PostReceiveExecutor()) {
if (needPack()) {
try {
receivePackAndCheckConnectivity();
} catch (IOException | RuntimeException
| SubmoduleValidationException | Error err) {
unlockPack();
unpackErrorHandler.handleUnpackException(err);
throw new UnpackException(err);
}
}
try {
setAtomic(isCapabilityEnabled(CAPABILITY_ATOMIC));
validateCommands();
if (atomic && anyRejects()) {
failPendingCommands();
}
preReceive.onPreReceive(
this, filterCommands(Result.NOT_ATTEMPTED));
if (atomic && anyRejects()) {
failPendingCommands();
}
executeCommands();
} finally {
unlockPack();
}
sendStatusReport(null);
}
autoGc();
}
}
private void autoGc() {
Repository repo = getRepository();
if (!repo.getConfig().getBoolean(ConfigConstants.CONFIG_RECEIVE_SECTION,
ConfigConstants.CONFIG_KEY_AUTOGC, true)) {
return;
}
repo.autoGC(NullProgressMonitor.INSTANCE);
}
static ReceiveCommand parseCommand(String line)
throws PackProtocolException {
if (line == null || line.length() < 83) {
throw new PackProtocolException(
JGitText.get().errorInvalidProtocolWantedOldNewRef);
}
String oldStr = line.substring(0, 40);
String newStr = line.substring(41, 81);
ObjectId oldId, newId;
try {
oldId = ObjectId.fromString(oldStr);
newId = ObjectId.fromString(newStr);
} catch (InvalidObjectIdException e) {
throw new PackProtocolException(
JGitText.get().errorInvalidProtocolWantedOldNewRef, e);
}
String name = line.substring(82);
if (!Repository.isValidRefName(name)) {
throw new PackProtocolException(
JGitText.get().errorInvalidProtocolWantedOldNewRef);
}
return new ReceiveCommand(oldId, newId, name);
}
private class PostReceiveExecutor implements AutoCloseable {
@Override
public void close() {
postReceive.onPostReceive(ReceivePack.this,
filterCommands(Result.OK));
}
}
private class DefaultUnpackErrorHandler implements UnpackErrorHandler {
@Override
public void handleUnpackException(Throwable t) throws IOException {
sendStatusReport(t);
}
}
}