Remove Go and C source

The Rust implementation now implements all features I need
author: Rutger Broekhoff 2024-01-24 18:58:58 +0100
committer: Rutger Broekhoff 2024-01-24 18:58:58 +0100
commit: 6095ead99248963ae70091c5bb3399eed49c0826 (patch)
tree: e6a1f57f4b9434d77364f2d15bdae1a44a14e00d /cmd/git-lfs-authenticate/main.c
parent: f41e9cc4fc2c91ef710c6976ca4554840dde22e5 (diff)
download: gitolfs3-6095ead99248963ae70091c5bb3399eed49c0826.tar.gz
gitolfs3-6095ead99248963ae70091c5bb3399eed49c0826.zip
1 files changed, 0 insertions, 253 deletions
diff --git a/cmd/git-lfs-authenticate/main.c b/cmd/git-lfs-authenticate/main.c
deleted file mode 100644
index a7ec031..0000000
--- a/cmd/git-lfs-authenticate/main.c
+++ /dev/null
@@ -1,253 +0,0 @@
-#include <assert.h>
-#include <ctype.h>
-#include <errno.h>
-#include <stdbool.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-void die(const char *format, ...) {
-        fputs("Fatal: ", stderr);
-        va_list ap;
-        va_start(ap, format);
-        vfprintf(stderr, format, ap);
-        va_end(ap);
-        fputc('\n', stderr);
-        exit(EXIT_FAILURE);
-}
-#define USAGE "Usage: git-lfs-authenticate <REPO> upload/download"
-bool hasprefix(const char *str, const char *prefix) {
-        if (strlen(prefix) > strlen(str))
-                return false;
-        return !strncmp(str, prefix, strlen(prefix));
-}
-bool hassuffix(const char *str, const char *suffix) {
-        if (strlen(suffix) > strlen(str))
-                return false;
-        str += strlen(str) - strlen(suffix);
-        return !strcmp(str, suffix);
-}
-const char *trimspace(const char *str, size_t *length) {
-        while (*length > 0 && isspace(str[0])) {
-                str++; (*length)--;
-        }
-        while (*length > 0 && isspace(str[*length - 1]))
-                (*length)--;
-        return str;
-}
-void printescjson(const char *str) {
-        for (size_t i = 0; i < strlen(str); i++) {
-                switch (str[i]) {
-                case '"':  fputs("\\\"", stdout); break;
-                case '\\': fputs("\\\\", stdout); break;
-                case '\b': fputs("\\b",  stdout); break;
-                case '\f': fputs("\\f",  stdout); break;
-                case '\n': fputs("\\n",  stdout); break;
-                case '\r': fputs("\\r",  stdout); break;
-                case '\t': fputs("\\t",  stdout); break;
-                default:   fputc(str[i], stdout);
-                }
-        }
-}
-void checkrepopath(const char *path) {
-        if (strstr(path, "//") || strstr(path, "/./") || strstr(path, "/../")
-         || hasprefix(path, "./") || hasprefix(path, "../") || hasprefix(path, "/../"))
-                die("Bad repository name: Is unresolved path");
-        if (strlen(path) > 100)
-                die("Bad repository name: Longer than 100 characters");
-        if (hasprefix(path, "/"))
-                die("Bad repository name: Unexpected absolute path");
-        if (!hassuffix(path, ".git"))
-                die("Bad repository name: Expected '.git' repo path suffix");
-        struct stat statbuf;
-        if (stat(path, &statbuf)) {
-                if (errno == ENOENT)
-                        die("Repo not found");
-                die("Could not stat repo: %s", strerror(errno));
-        }
-        if (!S_ISDIR(statbuf.st_mode)) {
-                die("Repo not found");
-        }
-}
-char *readkeyfile(const char *path, size_t *len) {
-        FILE *f = fopen(path, "r");
-        if (!f)
-                die("Cannot read key file: %s", strerror(errno));
-        *len = 0;
-        size_t bufcap = 4096;
-        char *buf = malloc(bufcap);
-        while (!feof(f) && !ferror(f)) {
-                if (*len + 4096 > bufcap) {
-                        bufcap *= 2;
-                        buf = realloc(buf, bufcap);
-                }
-                *len += fread(buf + *len, sizeof(char), 4096, f);
-        }
-        if (ferror(f) && !feof(f)) {
-                OPENSSL_cleanse(buf, *len);
-                die("Failed to read key file (length: %lu)", *len);
-        }
-        fclose(f);
-        return buf;
-}
-#define KEYSIZE 64
-void readkey(const char *path, uint8_t dest[KEYSIZE]) {
-        size_t keybuf_len = 0;
-        char *keybuf = readkeyfile(path, &keybuf_len);
-        size_t keystr_len = keybuf_len;
-        const char *keystr = trimspace(keybuf, &keystr_len);
-        if (keystr_len != 2 * KEYSIZE) {
-                OPENSSL_cleanse(keybuf, keybuf_len);
-                die("Bad key length");
-        }
-        for (size_t i = 0; i < KEYSIZE; i++) {
-                const char c = keystr[i];
-                uint8_t nibble = 0;
-                if (c >= '0' && c <= '9')
-                        nibble = c - '0';
-                else if (c >= 'a' && c <= 'f')
-                        nibble = c - 'a' + 10;
-                else if (c >= 'A' && c <= 'F')
-                        nibble = c - 'A' + 10;
-                else {
-                        OPENSSL_cleanse(keybuf, keybuf_len);
-                        OPENSSL_cleanse(dest, KEYSIZE);
-                        die("Cannot decode key");
-                }
-                size_t ikey = i / 2;
-                if (i % 2) dest[ikey] |= nibble;
-                else dest[ikey] = nibble << 4;
-        }
-        OPENSSL_cleanse(keybuf, keybuf_len);
-        free(keybuf);
-}
-void u64tobe(uint64_t x, uint8_t b[8]) {
-        b[0] = (uint8_t)(x >> 56);
-        b[1] = (uint8_t)(x >> 48);
-        b[2] = (uint8_t)(x >> 40);
-        b[3] = (uint8_t)(x >> 32);
-        b[4] = (uint8_t)(x >> 24);
-        b[5] = (uint8_t)(x >> 16);
-        b[6] = (uint8_t)(x >>  8);
-        b[7] = (uint8_t)(x >>  0);
-}
-void *memcat(void *dest, const void *src, size_t n) {
-        return memcpy(dest, src, n) + n;
-}
-#define MAX_TAG_SIZE EVP_MAX_MD_SIZE
-typedef struct taginfo {
-        const char    *authtype;
-        const char    *repopath;
-        const char    *operation;
-        const int64_t  expiresat_s;
-} taginfo_t;
-void maketag(const taginfo_t info, uint8_t key[KEYSIZE], uint8_t dest[MAX_TAG_SIZE], uint32_t *len) {
-        uint8_t expiresat_b[8];
-        u64tobe(info.expiresat_s, expiresat_b);
-        const uint8_t zero[1] = { 0 };
-        const size_t fullsize = strlen(info.authtype) +
-                1 + strlen(info.repopath) +
-                1 + strlen(info.operation) +
-                1 + sizeof(expiresat_b);
-        uint8_t *claimbuf = alloca(fullsize);
-        uint8_t *head = claimbuf;
-        head = memcat(head, info.authtype, strlen(info.authtype));
-        head = memcat(head, zero, 1);
-        head = memcat(head, info.repopath, strlen(info.repopath));
-        head = memcat(head, zero, 1);
-        head = memcat(head, info.operation, strlen(info.operation));
-        head = memcat(head, zero, 1);
-        head = memcat(head, expiresat_b, sizeof(expiresat_b));
-        assert(head == claimbuf + fullsize);
-        memset(dest, 0, MAX_TAG_SIZE);
-        *len = 0;
-        if (!HMAC(EVP_sha256(), key, KEYSIZE, claimbuf, fullsize, dest, len)) {
-                OPENSSL_cleanse(key, KEYSIZE);
-                die("Failed to generate tag");
-        }
-}
-#define MAX_HEXTAG_STRLEN MAX_TAG_SIZE * 2
-void makehextag(const taginfo_t info, uint8_t key[KEYSIZE], char dest[MAX_HEXTAG_STRLEN + 1]) {
-        uint8_t rawtag[MAX_TAG_SIZE];
-        uint32_t rawtag_len;
-        maketag(info, key, rawtag, &rawtag_len);
-        memset(dest, 0, MAX_HEXTAG_STRLEN + 1);
-        for (size_t i = 0; i < rawtag_len; i++) {
-                uint8_t b = rawtag[i];
-                dest[i * 2] = (b >> 4) + ((b >> 4) < 10 ? '0' : 'a');
-                dest[i*2 + 1] = (b & 0x0F) + ((b & 0x0F) < 10 ? '0' : 'a');
-        }
-}
-int main(int argc, char *argv[]) {
-        if (argc != 3) {
-                puts(USAGE);
-                exit(EXIT_FAILURE);
-        }
-        const char *repopath  = argv[1];
-        const char *operation = argv[2];
-        if (strcmp(operation, "download") && strcmp(operation, "upload")) {
-                puts(USAGE);
-                exit(EXIT_FAILURE);
-        }
-        checkrepopath(repopath);
-        const char *hrefbase = getenv("GITOLFS3_HREF_BASE");
-        const char *keypath  = getenv("GITOLFS3_KEY_PATH");
-        
-        if (!hrefbase || strlen(hrefbase) == 0)
-                die("Incomplete configuration: Base URL not provided");
-        if (hrefbase[strlen(hrefbase) - 1] != '/')
-                die("Bad configuration: Base URL should end with slash");
-        if (!keypath || strlen(keypath) == 0)
-                die("Incomplete configuration: Key path not provided");
-        uint8_t key[64];
-        readkey(keypath, key);
-        int64_t expiresin_s = 5 * 60;
-        int64_t expiresat_s = (int64_t)time(NULL) + expiresin_s;
-        taginfo_t taginfo = {
-                .authtype    = "git-lfs-authenticate",
-                .repopath    = repopath,
-                .operation   = operation,
-                .expiresat_s = expiresat_s,
-        };
-        char hextag[MAX_HEXTAG_STRLEN + 1];
-        makehextag(taginfo, key, hextag);
-        printf("{\"header\":{\"Authorization\":\"Gitolfs3-Hmac-Sha256 %s\"},"
-               "\"expires_in\":%ld,\"href\":\"", hextag, expiresin_s);
-        printescjson(hrefbase);
-        printescjson(repopath);
-        printf("/info/lfs?p=1&te=%ld\"}\n", expiresat_s);
-}
author	Rutger Broekhoff	2024-01-24 18:58:58 +0100
committer	Rutger Broekhoff	2024-01-24 18:58:58 +0100
commit	6095ead99248963ae70091c5bb3399eed49c0826 (patch)
tree	e6a1f57f4b9434d77364f2d15bdae1a44a14e00d /cmd/git-lfs-authenticate/main.c
parent	f41e9cc4fc2c91ef710c6976ca4554840dde22e5 (diff)
download	gitolfs3-6095ead99248963ae70091c5bb3399eed49c0826.tar.gz gitolfs3-6095ead99248963ae70091c5bb3399eed49c0826.zip

diff --git a/cmd/git-lfs-authenticate/main.c b/cmd/git-lfs-authenticate/main.c deleted file mode 100644 index a7ec031..0000000 --- a/cmd/git-lfs-authenticate/main.c +++ /dev/null
@@ -1,253 +0,0 @@
1	#include <assert.h>
2	#include <ctype.h>
3	#include <errno.h>
4	#include <stdbool.h>
5	#include <stdio.h>
6	#include <string.h>
7
8	#include <sys/stat.h>
9
10	#include <openssl/evp.h>
11	#include <openssl/hmac.h>
12
13	void die(const char *format, ...) {
14	fputs("Fatal: ", stderr);
15	va_list ap;
16	va_start(ap, format);
17	vfprintf(stderr, format, ap);
18	va_end(ap);
19	fputc('\n', stderr);
20	exit(EXIT_FAILURE);
21	}
22
23	#define USAGE "Usage: git-lfs-authenticate <REPO> upload/download"
24
25	bool hasprefix(const char str, const char prefix) {
26	if (strlen(prefix) > strlen(str))
27	return false;
28	return !strncmp(str, prefix, strlen(prefix));
29	}
30
31	bool hassuffix(const char str, const char suffix) {
32	if (strlen(suffix) > strlen(str))
33	return false;
34	str += strlen(str) - strlen(suffix);
35	return !strcmp(str, suffix);
36	}
37
38	const char trimspace(const char str, size_t *length) {
39	while (*length > 0 && isspace(str[0])) {
40	str++; (*length)--;
41	}
42	while (length > 0 && isspace(str[length - 1]))
43	(*length)--;
44	return str;
45	}
46
47	void printescjson(const char *str) {
48	for (size_t i = 0; i < strlen(str); i++) {
49	switch (str[i]) {
50	case '"': fputs("\\\"", stdout); break;
51	case '\\': fputs("\\\\", stdout); break;
52	case '\b': fputs("\\b", stdout); break;
53	case '\f': fputs("\\f", stdout); break;
54	case '\n': fputs("\\n", stdout); break;
55	case '\r': fputs("\\r", stdout); break;
56	case '\t': fputs("\\t", stdout); break;
57	default: fputc(str[i], stdout);
58	}
59	}
60	}
61
62	void checkrepopath(const char *path) {
63	if (strstr(path, "//") \|\| strstr(path, "/./") \|\| strstr(path, "/../")
64	\|\| hasprefix(path, "./") \|\| hasprefix(path, "../") \|\| hasprefix(path, "/../"))
65	die("Bad repository name: Is unresolved path");
66	if (strlen(path) > 100)
67	die("Bad repository name: Longer than 100 characters");
68	if (hasprefix(path, "/"))
69	die("Bad repository name: Unexpected absolute path");
70	if (!hassuffix(path, ".git"))
71	die("Bad repository name: Expected '.git' repo path suffix");
72
73	struct stat statbuf;
74	if (stat(path, &statbuf)) {
75	if (errno == ENOENT)
76	die("Repo not found");
77	die("Could not stat repo: %s", strerror(errno));
78	}
79	if (!S_ISDIR(statbuf.st_mode)) {
80	die("Repo not found");
81	}
82	}
83
84	char readkeyfile(const char path, size_t *len) {
85	FILE *f = fopen(path, "r");
86	if (!f)
87	die("Cannot read key file: %s", strerror(errno));
88	*len = 0;
89	size_t bufcap = 4096;
90	char *buf = malloc(bufcap);
91	while (!feof(f) && !ferror(f)) {
92	if (*len + 4096 > bufcap) {
93	bufcap *= 2;
94	buf = realloc(buf, bufcap);
95	}
96	len += fread(buf + len, sizeof(char), 4096, f);
97	}
98	if (ferror(f) && !feof(f)) {
99	OPENSSL_cleanse(buf, *len);
100	die("Failed to read key file (length: %lu)", *len);
101	}
102	fclose(f);
103	return buf;
104	}
105
106	#define KEYSIZE 64
107
108	void readkey(const char *path, uint8_t dest[KEYSIZE]) {
109	size_t keybuf_len = 0;
110	char *keybuf = readkeyfile(path, &keybuf_len);
111
112	size_t keystr_len = keybuf_len;
113	const char *keystr = trimspace(keybuf, &keystr_len);
114	if (keystr_len != 2 * KEYSIZE) {
115	OPENSSL_cleanse(keybuf, keybuf_len);
116	die("Bad key length");
117	}
118
119	for (size_t i = 0; i < KEYSIZE; i++) {
120	const char c = keystr[i];
121	uint8_t nibble = 0;
122	if (c >= '0' && c <= '9')
123	nibble = c - '0';
124	else if (c >= 'a' && c <= 'f')
125	nibble = c - 'a' + 10;
126	else if (c >= 'A' && c <= 'F')
127	nibble = c - 'A' + 10;
128	else {
129	OPENSSL_cleanse(keybuf, keybuf_len);
130	OPENSSL_cleanse(dest, KEYSIZE);
131	die("Cannot decode key");
132	}
133	size_t ikey = i / 2;
134	if (i % 2) dest[ikey] \|= nibble;
135	else dest[ikey] = nibble << 4;
136	}
137
138	OPENSSL_cleanse(keybuf, keybuf_len);
139	free(keybuf);
140	}
141
142	void u64tobe(uint64_t x, uint8_t b[8]) {
143	b[0] = (uint8_t)(x >> 56);
144	b[1] = (uint8_t)(x >> 48);
145	b[2] = (uint8_t)(x >> 40);
146	b[3] = (uint8_t)(x >> 32);
147	b[4] = (uint8_t)(x >> 24);
148	b[5] = (uint8_t)(x >> 16);
149	b[6] = (uint8_t)(x >> 8);
150	b[7] = (uint8_t)(x >> 0);
151	}
152
153	void memcat(void dest, const void *src, size_t n) {
154	return memcpy(dest, src, n) + n;
155	}
156
157	#define MAX_TAG_SIZE EVP_MAX_MD_SIZE
158
159	typedef struct taginfo {
160	const char *authtype;
161	const char *repopath;
162	const char *operation;
163	const int64_t expiresat_s;
164	} taginfo_t;
165
166	void maketag(const taginfo_t info, uint8_t key[KEYSIZE], uint8_t dest[MAX_TAG_SIZE], uint32_t *len) {
167	uint8_t expiresat_b[8];
168	u64tobe(info.expiresat_s, expiresat_b);
169
170	const uint8_t zero[1] = { 0 };
171	const size_t fullsize = strlen(info.authtype) +
172	1 + strlen(info.repopath) +
173	1 + strlen(info.operation) +
174	1 + sizeof(expiresat_b);
175	uint8_t *claimbuf = alloca(fullsize);
176	uint8_t *head = claimbuf;
177	head = memcat(head, info.authtype, strlen(info.authtype));
178	head = memcat(head, zero, 1);
179	head = memcat(head, info.repopath, strlen(info.repopath));
180	head = memcat(head, zero, 1);
181	head = memcat(head, info.operation, strlen(info.operation));
182	head = memcat(head, zero, 1);
183	head = memcat(head, expiresat_b, sizeof(expiresat_b));
184	assert(head == claimbuf + fullsize);
185
186	memset(dest, 0, MAX_TAG_SIZE);
187	*len = 0;
188	if (!HMAC(EVP_sha256(), key, KEYSIZE, claimbuf, fullsize, dest, len)) {
189	OPENSSL_cleanse(key, KEYSIZE);
190	die("Failed to generate tag");
191	}
192	}
193
194	#define MAX_HEXTAG_STRLEN MAX_TAG_SIZE * 2
195
196	void makehextag(const taginfo_t info, uint8_t key[KEYSIZE], char dest[MAX_HEXTAG_STRLEN + 1]) {
197	uint8_t rawtag[MAX_TAG_SIZE];
198	uint32_t rawtag_len;
199	maketag(info, key, rawtag, &rawtag_len);
200
201	memset(dest, 0, MAX_HEXTAG_STRLEN + 1);
202	for (size_t i = 0; i < rawtag_len; i++) {
203	uint8_t b = rawtag[i];
204	dest[i * 2] = (b >> 4) + ((b >> 4) < 10 ? '0' : 'a');
205	dest[i*2 + 1] = (b & 0x0F) + ((b & 0x0F) < 10 ? '0' : 'a');
206	}
207	}
208
209	int main(int argc, char *argv[]) {
210	if (argc != 3) {
211	puts(USAGE);
212	exit(EXIT_FAILURE);
213	}
214
215	const char *repopath = argv[1];
216	const char *operation = argv[2];
217	if (strcmp(operation, "download") && strcmp(operation, "upload")) {
218	puts(USAGE);
219	exit(EXIT_FAILURE);
220	}
221	checkrepopath(repopath);
222
223	const char *hrefbase = getenv("GITOLFS3_HREF_BASE");
224	const char *keypath = getenv("GITOLFS3_KEY_PATH");
225
226	if (!hrefbase \|\| strlen(hrefbase) == 0)
227	die("Incomplete configuration: Base URL not provided");
228	if (hrefbase[strlen(hrefbase) - 1] != '/')
229	die("Bad configuration: Base URL should end with slash");
230	if (!keypath \|\| strlen(keypath) == 0)
231	die("Incomplete configuration: Key path not provided");
232
233	uint8_t key[64];
234	readkey(keypath, key);
235
236	int64_t expiresin_s = 5 * 60;
237	int64_t expiresat_s = (int64_t)time(NULL) + expiresin_s;
238
239	taginfo_t taginfo = {
240	.authtype = "git-lfs-authenticate",
241	.repopath = repopath,
242	.operation = operation,
243	.expiresat_s = expiresat_s,
244	};
245	char hextag[MAX_HEXTAG_STRLEN + 1];
246	makehextag(taginfo, key, hextag);
247
248	printf("{\"header\":{\"Authorization\":\"Gitolfs3-Hmac-Sha256 %s\"},"
249	"\"expires_in\":%ld,\"href\":\"", hextag, expiresin_s);
250	printescjson(hrefbase);
251	printescjson(repopath);
252	printf("/info/lfs?p=1&te=%ld\"}\n", expiresat_s);
253	}