Mercurial > hg

view hgext/factotum.py @ 36528:72e487851a53

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
debugcommands: add debugwireproto command We currently don't have a low-level mechanism for sending arbitrary wire protocol commands. Having a generic and robust mechanism for sending wire protocol commands, examining wire data, etc would make it vastly easier to test the wire protocol and debug server operation. This is a problem I've wanted a solution for numerous times, especially recently as I've been hacking on a new version of the wire protocol. This commit establishes a `hg debugwireproto` command for sending data to a peer. The command invents a mini language for specifying actions to take. This will enable a lot of flexibility for issuing commands and testing variations for how commands are sent. Right now, we only support low-level raw sends and receives. These are probably the least valuable commands to intended users of this command. But they are the most useful commands to implement to bootstrap the feature (I've chosen to reimplement test-ssh-proto.t using this command to prove its usefulness). My eventual goal of `hg debugwireproto` is to allow calling wire protocol commands with a human-friendly interface. Essentially, people can type in a command name and arguments and `hg debugwireproto` will figure out how to send that on the wire. I'd love to eventually be able to save the server's raw response to a file. This would allow us to e.g. call "getbundle" wire protocol commands easily. test-ssh-proto.t has been updated to use the new command in lieu of piping directly to a server process. As part of the transition, test behavior improved. Before, we piped all request data to the server at once. Now, we have explicit control over the ordering of operations. e.g. we can send one command, receive its response, then send another command. This will allow us to more robustly test race conditions, buffering behavior, etc. There were some subtle changes in test behavior. For example, previous behavior would often send trailing newlines to the server. The new mechanism doesn't treat literal newlines specially and requires newlines be escaped in the payload. Because the new logging code is very low level, it is easy to introduce race conditions in tests. For example, the number of bytes returned by a read() may vary depending on load. This is why tests make heavy use of "readline" for consuming data: the result of that operation should be deterministic and not subject to race conditions. There are still some uses of "readavailable." However, those are only for reading from stderr. I was able to reproduce timing issues with my system under load when using "readavailable" globally. But if I "readline" to grab stdout, "readavailable" appears to work deterministically for stderr. I think this is because the server writes to stderr first. As long as the OS delivers writes to pipes in the same order they were made, this should work. If there are timing issues, we can introduce a mechanism to readline from stderr. Differential Revision: https://phab.mercurial-scm.org/D2392
author Gregory Szorc <gregory.szorc@gmail.com>
date Thu, 01 Mar 2018 08:24:54 -0800
parents a9524aea7cab
children c31ce080eb75
line wrap: on
line source

# factotum.py - Plan 9 factotum integration for Mercurial
#
# Copyright (C) 2012 Steven Stallion <sstallion@gmail.com>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

'''http authentication with factotum

This extension allows the factotum(4) facility on Plan 9 from Bell Labs
platforms to provide authentication information for HTTP access. Configuration
entries specified in the auth section as well as authentication information
provided in the repository URL are fully supported. If no prefix is specified,
a value of "*" will be assumed.

By default, keys are specified as::

  proto=pass service=hg prefix=<prefix> user=<username> !password=<password>

If the factotum extension is unable to read the required key, one will be
requested interactively.

A configuration section is available to customize runtime behavior. By
default, these entries are::

  [factotum]
  executable = /bin/auth/factotum
  mountpoint = /mnt/factotum
  service = hg

The executable entry defines the full path to the factotum binary. The
mountpoint entry defines the path to the factotum file service. Lastly, the
service entry controls the service name used when reading keys.

'''

from __future__ import absolute_import

import os
from mercurial.i18n import _
from mercurial import (
    error,
    httpconnection,
    registrar,
    url,
    util,
)

urlreq = util.urlreq
passwordmgr = url.passwordmgr

ERRMAX = 128

_executable = _mountpoint = _service = None

configtable = {}
configitem = registrar.configitem(configtable)

configitem('factotum', 'executable',
    default='/bin/auth/factotum',
)
configitem('factotum', 'mountpoint',
    default='/mnt/factotum',
)
configitem('factotum', 'service',
    default='hg',
)

def auth_getkey(self, params):
    if not self.ui.interactive():
        raise error.Abort(_('factotum not interactive'))
    if 'user=' not in params:
        params = '%s user?' % params
    params = '%s !password?' % params
    os.system("%s -g '%s'" % (_executable, params))

def auth_getuserpasswd(self, getkey, params):
    params = 'proto=pass %s' % params
    while True:
        fd = os.open('%s/rpc' % _mountpoint, os.O_RDWR)
        try:
            os.write(fd, 'start %s' % params)
            l = os.read(fd, ERRMAX).split()
            if l[0] == 'ok':
                os.write(fd, 'read')
                status, user, passwd = os.read(fd, ERRMAX).split(None, 2)
                if status == 'ok':
                    if passwd.startswith("'"):
                        if passwd.endswith("'"):
                            passwd = passwd[1:-1].replace("''", "'")
                        else:
                            raise error.Abort(_('malformed password string'))
                    return (user, passwd)
        except (OSError, IOError):
            raise error.Abort(_('factotum not responding'))
        finally:
            os.close(fd)
        getkey(self, params)

def monkeypatch_method(cls):
    def decorator(func):
        setattr(cls, func.__name__, func)
        return func
    return decorator

@monkeypatch_method(passwordmgr)
def find_user_password(self, realm, authuri):
    user, passwd = self.passwddb.find_user_password(realm, authuri)
    if user and passwd:
        self._writedebug(user, passwd)
        return (user, passwd)

    prefix = ''
    res = httpconnection.readauthforuri(self.ui, authuri, user)
    if res:
        _, auth = res
        prefix = auth.get('prefix')
        user, passwd = auth.get('username'), auth.get('password')
    if not user or not passwd:
        if not prefix:
            prefix = realm.split(' ')[0].lower()
        params = 'service=%s prefix=%s' % (_service, prefix)
        if user:
            params = '%s user=%s' % (params, user)
        user, passwd = auth_getuserpasswd(self, auth_getkey, params)

    self.add_password(realm, authuri, user, passwd)
    self._writedebug(user, passwd)
    return (user, passwd)

def uisetup(ui):
    global _executable
    _executable = ui.config('factotum', 'executable')
    global _mountpoint
    _mountpoint = ui.config('factotum', 'mountpoint')
    global _service
    _service = ui.config('factotum', 'service')