summaryrefslogtreecommitdiff
path: root/Remote
Commit message (Collapse)AuthorAge
* git-annex-shell, remotedaemon, git remote: Fix some memory DOS attacks.Gravatar Joey Hess2016-12-09
| | | | | | | | | | | | | | | | | | | | | The attacker could just send a very lot of data, with no \n and it would all be buffered in memory until the kernel killed git-annex or perhaps OOM killed some other more valuable process. This is a low impact security hole, only affecting communication between local git-annex and git-annex-shell on the remote system. (With either able to be the attacker). Only those with the right ssh key can do it. And, there are probably lots of ways to construct git repositories that make git use a lot of memory in various ways, which would have similar impact as this attack. The fix in P2P/IO.hs would have been higher impact, if it had made it to a released version, since it would have allowed DOSing the tor hidden service without needing to authenticate. (The LockContent and NotifyChanges instances may not be really exploitable; since the line is read and ignored, it probably gets read lazily and does not end up staying buffered in memory.)
* fixGravatar Joey Hess2016-12-09
|
* make clear that log is only updated after successful removalGravatar Joey Hess2016-12-09
| | | | | This does not change behavior, because an exception is thrown on unsuccessful removal. But is clearer.
* improve warning on connection lossGravatar Joey Hess2016-12-09
|
* better format errorGravatar Joey Hess2016-12-08
|
* convert P2P runners from Maybe to Either StringGravatar Joey Hess2016-12-08
| | | | | | So we get some useful error messages when things fail. This commit was sponsored by Peter Hogg on Patreon.
* more p2p progress metersGravatar Joey Hess2016-12-07
| | | | | | | | | Display progress meter on send and receive from remote. Added a new hGetMetered that can read an exact number of bytes (or less), updating a meter as it goes. This commit was sponsored by Andreas on Patreon.
* update progress meter when sending to p2p remoteGravatar Joey Hess2016-12-07
| | | | This commit was sponsored by Thom May on Patreon.
* validate peer uuid each time we talk to itGravatar Joey Hess2016-12-07
| | | | | | | | | | In case the repo on the peer changes uuid (eg by a new repo being moved into place). Also, added some warning messages when unable to communicate with a peer. This commit was sponsored by Anthony DeRobertis on Patreon.
* need to auth with the peerGravatar Joey Hess2016-12-06
|
* refactorGravatar Joey Hess2016-12-06
|
* finish implementation of Remote.P2P (untested)Gravatar Joey Hess2016-12-06
| | | | | | | | Not tested at all, but it just might work. Only known problem is that progress is not updated when storing to a P2P remote. This commit was sponsored by Nick Daly on Patreon.
* stub Remote.P2PGravatar Joey Hess2016-12-06
| | | | | | | Similar to GCrypt remotes, P2P remotes have an url, so Remote.Git has to separate them out and handle them, passing off to Remote.P2P. This commit was sponsored by Ignacio on Patreon.
* use P2P auth for git-remote-tor-annexGravatar Joey Hess2016-11-30
| | | | | | | This changes the environment variable name to the more generic GIT_ANNEX_P2P_AUTHTOKEN. This commit was sponsored by andrea rota.
* reorgGravatar Joey Hess2016-11-22
|
* unified AuthToken type between webapp and torGravatar Joey Hess2016-11-22
|
* remove debugGravatar Joey Hess2016-11-21
|
* detect EOF on socket and cleanly shutdown the service processGravatar Joey Hess2016-11-21
|
* stop cleanly when there's a IO error accessing the HandleGravatar Joey Hess2016-11-21
| | | | | All other exceptions are let through, but IO errors accessing the handle are to be expected, so quietly ignore.
* try to gather scattered writesGravatar Joey Hess2016-11-21
| | | | | | | | | git upload-pack makes some uncessary writes in sequence, this tries to gather them together to avoid needing to send multiple DATA packets when just one will do. In a small pull, this reduces the average number of DATA packets from 4.5 to 2.5.
* fix parse of CONNECTDONEGravatar Joey Hess2016-11-21
|
* pull/push over tor working nowGravatar Joey Hess2016-11-21
| | | | | | | | | | | | | | Still a couple bugs: * Closing the connection to the server leaves git upload-pack / receive-pack running, which could be used to DOS. * Sometimes the data is transferred, but it fails at the end, sometimes with: git-remote-tor-annex: <socket: 10>: commitBuffer: resource vanished (Broken pipe) Must be a race condition around shutdown.
* Added git-remote-tor-annex, which allows git pull and push to the tor hidden ↵Gravatar Joey Hess2016-11-21
| | | | | | | | | | | service. Almost working, but there's a bug in the relaying. Also, made tor hidden service setup pick a random port, to make it harder to port scan. This commit was sponsored by Boyd Stephen Smith Jr. on Patreon.
* improve p2p protocol implementationGravatar Joey Hess2016-11-20
| | | | Tested it in ghci a little now.
* remotedaemon: serve tor hidden serviceGravatar Joey Hess2016-11-20
|
* implement p2p protocol for HandleGravatar Joey Hess2016-11-20
| | | | | | | | | | | This is most of the way to having the p2p protocol working over tor hidden services, at least enough to do git push/pull. The free monad was split into two, one for network operations and the other for local (Annex) operations. This will allow git-remote-tor-annex to run only an IO action, not needing the Annex monad. This commit was sponsored by Remy van Elst on Patreon.
* extend p2p protocol to support gitremote-helpers connectGravatar Joey Hess2016-11-19
| | | | | | | | A bit tricky since Proto doesn't support threads. Rather than adding threading support to it, ended up using a callback that waits for both data on a Handle, and incoming messages at the same time. This commit was sponsored by Denis Dzyubenko on Patreon.
* Add content locking to P2P protocolGravatar Joey Hess2016-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | Is content locking needed in the P2P protocol? Based on re-reading bugs/concurrent_drop--from_presence_checking_failures.mdwn, I think so: Peers can form cycles, and multiple peers can all be trying to drop the same content. So, added content locking to the protocol, with some difficulty. The implementation is fine as far as it goes, but note the warning comment for lockContentWhile -- if the connection to the peer is dropped unexpectedly, the peer will then unlock the content, and yet the local side will still think it's locked. To be honest I'm not sure if Remote.Git's lockKey for ssh remotes doesn't have the same problem. It checks that the "ssh remote git-annex-shell lockcontent" process has not exited, but if the connection closes afer that check, the lockcontent command will unlock it, and yet the local side will still think it's locked. Probably this needs to be fixed by eg, making lockcontent catch any execptions due to the connection closing, and in that case, wait a significantly long time before dropping the lock. This commit was sponsored by Anthony DeRobertis on Patreon.
* renameGravatar Joey Hess2016-11-17
|
* refactorGravatar Joey Hess2016-11-17
|
* add CHECKPRESENTGravatar Joey Hess2016-11-17
| | | | Using SUCCESS to mean the content is present and FAILURE to mean it's not.
* added REMOVE to protocolGravatar Joey Hess2016-11-17
|
* add ALREADY-HAVE response to PUTGravatar Joey Hess2016-11-17
|
* pass Len to writeKeyFile so it can detect short readsGravatar Joey Hess2016-11-17
|
* refactorGravatar Joey Hess2016-11-17
|
* avoid setPresent when sending to a peerGravatar Joey Hess2016-11-17
| | | | | This mirrors how git-annex-shell works; recvKey updates location tracking, but sendKey does not.
* implementation of peer-to-peer protocolGravatar Joey Hess2016-11-17
| | | | | | | | | | | | | | | | For use with tor hidden services, and perhaps other transports later. Based on Utility.SimpleProtocol, it's a line-based protocol, interspersed with transfers of bytestrings of a specified size. Implementation of the local and remote sides of the protocol is done using a free monad. This lets monadic code be included here, without tying it to any particular way to get bytes peer-to-peer. This adds a dependency on the haskell package "free", although that was probably pulled in transitively from other dependencies already. This commit was sponsored by Jeff Goeke-Smith on Patreon.
* fix giveup shadowingGravatar Joey Hess2016-11-16
|
* Avoid backtraces on expected failures when built with ghc 8; only use ↵Gravatar Joey Hess2016-11-15
| | | | | | | | | | | | | backtraces for unexpected errors. ghc 8 added backtraces on uncaught errors. This is great, but git-annex was using error in many places for a error message targeted at the user, in some known problem case. A backtrace only confuses such a message, so omit it. Notably, commands like git annex drop that failed due to eg, numcopies, used to use error, so had a backtrace. This commit was sponsored by Ethan Aubin.
* S3: Support the special case endpoint needed for the cn-north-1 region.Gravatar Joey Hess2016-11-07
| | | | | | | | * S3: Support the special case endpoint needed for the cn-north-1 region. * Webapp: Don't list the Frankfurt region, as this (and some other new regions) need V4 authorization which the aws library does not yet use. This commit was sponsored by Nick Daly on Patreon.
* enable forwardRetry for command-line transfersGravatar Joey Hess2016-10-26
| | | | | | | | | | | | | | | | | If a transfer fails for some reason, but some data managed to be sent, the transfer will be retried. (The assistant already did this.) Possible impacts: * More ssh prompts if ssh needs to prompt for a password to connect to a host, or is prompting about some other problem like a ssh key mismatch. * More data transfer due to retrying, epecially when a remote does not support resuming a transfer. In the worst case, a lot of data will be transferred but it fails before the end, and then all that data gets transferred again plus one byte more; repeat until it manages to get the whole file.
* convert TMVars that are never left empty into TVarsGravatar Joey Hess2016-09-30
| | | | | This is probably more efficient, and it avoids mistakenly leaving them empty.
* include external special remote process number in debugGravatar Joey Hess2016-09-30
| | | | Not actual pid, because System.Process does not expose that.
* allow multiple concurrent external special remote processesGravatar Joey Hess2016-09-30
| | | | | | | | | Multiple external special remote processes for the same remote will be started as needed when using -J. This should not beak any existing external special remotes, because running multiple git-annex commands at the same time could already start multiple processes for the same external special remotes.
* move externalConfig into ExternalStateGravatar Joey Hess2016-09-30
| | | | | Groundwork to having multiple processes running at once for an external special remote; each needs its own externalConfig.
* remove unnecessary mvarGravatar Joey Hess2016-09-30
|
* make --json-progress update meter when getting from git remote with rsyncGravatar Joey Hess2016-09-09
|
* Windows: Handle shebang in external special remote program.Gravatar Joey Hess2016-09-05
|
* remove TransferObserverGravatar Joey Hess2016-08-03
| | | | unused after last commit
* get, move, copy, mirror: Added --failed switch which retries failed copies/movesGravatar Joey Hess2016-08-03
| | | | | | | | | Note that get --from foo --failed will get things that a previous get --from bar tried and failed to get, etc. I considered making --failed only retry transfers from the same remote, but it was easier, and seems more useful, to not have the same remote requirement. Noisy due to some refactoring into Types/
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-28 01:40:31 +0000