Commit graph

44 commits

Author SHA1 Message Date
Joey Hess
f3a4b9191c
refactor 2016-12-24 12:14:14 -04:00
Joey Hess
22252e8e4c
Revert "close"
This reverts commit 3aaabc906b.

Commit contained incomplete work.
2016-12-24 12:07:15 -04:00
Joey Hess
3aaabc906b
close 2016-12-22 13:59:21 -04:00
Joey Hess
405fbd25e1
include tor-annex in hidden service directory names
To make it easier to manage/delete them etc.

Backwards compatablity is preserved for existing tor configs.
2016-12-21 14:39:32 -04:00
Joey Hess
944a6503b9
relocate tor socket out of /etc
weasel explained that apparmor limits on what files tor can read do not
apply to sockets (because they're not files). And apparently the
problems I was seeing with hidden services not being accessible had to
do with onion address propigation and not the location of the socket
file.

remotedaemon looks up the HiddenServicePort in torrc, so if it was
previously configured with the socket in /etc, that will still work.

This commit was sponsored by Denis Dzyubenko on Patreon.
2016-12-20 16:24:46 -04:00
Joey Hess
effd50d918
fix build with old stm
Old stm lacks isFullTMQueue.

To avoid needing to update stm on the Android autobuilder, I switched to
a TBMQueue. It never needs to be closed, but the overhead is minimal.
2016-12-10 11:32:05 -04:00
Joey Hess
725b8a5e14
fix uuid comparison 2016-12-09 17:02:59 -04:00
Joey Hess
9dd510bf29
make tor hidden service work when directory watching is not available
Avoid crashing when built w/o inotify..
2016-12-09 16:40:47 -04:00
Joey Hess
c51d7dbf67
bump maxConnections to 100
10 seemed too low because more than 10 friends could be linked to a repo
over tor, and if all were running the remotedaemon, which makes a
persistent connection for change notification, then the 11th friend
would not be able to access that repo.

100 might be too low, but it's a much larger group of people. And at
that size group, it probably makes sense to structure the network so
that 100 peers are not all trying to access one central node.
2016-12-09 16:03:25 -04:00
Joey Hess
2c907fff51
remotedaemon: git change detection over tor hidden service 2016-12-09 16:02:43 -04:00
Joey Hess
f7687e0876
only start ref change watcher thread once per P2P connection
This is more efficient. Note that the peer will get CHANGED messages for
all refs changed since the connection opened, even if those changes
happened before it sent NOTIFYCHANGE.
2016-12-09 15:08:54 -04:00
Joey Hess
e152c322f8
refactor ref change watching
Added to change notification to P2P protocol.

Switched to a TBChan so that a single long-running thread can be
started, and serve perhaps intermittent requests for change
notifications, without buffering all changes in memory.

The P2P runner currently starts up a new thread each times it waits
for a change, but that should allow later reusing a thread. Although
each connection from a peer will still need a new watcher thread to run.

The dependency on stm-chans is more or less free; some stuff in yesod
uses it, so it was already indirectly pulled in when building with the
webapp.

This commit was sponsored by Francois Marier on Patreon.
2016-12-09 15:01:09 -04:00
Joey Hess
15be5c04a6
git-annex-shell, remotedaemon, git remote: Fix some memory DOS attacks.
The attacker could just send a very lot of data, with no \n and it would
all be buffered in memory until the kernel killed git-annex or perhaps OOM
killed some other more valuable process.

This is a low impact security hole, only affecting communication between
local git-annex and git-annex-shell on the remote system. (With either
able to be the attacker). Only those with the right ssh key can do it. And,
there are probably lots of ways to construct git repositories that make git
use a lot of memory in various ways, which would have similar impact as
this attack.

The fix in P2P/IO.hs would have been higher impact, if it had made it to a
released version, since it would have allowed DOSing the tor hidden
service without needing to authenticate.

(The LockContent and NotifyChanges instances may not be really
exploitable; since the line is read and ignored, it probably gets read
lazily and does not end up staying buffered in memory.)
2016-12-09 13:34:32 -04:00
Joey Hess
3d759a0322
debug on error serving peer 2016-12-09 13:00:19 -04:00
Joey Hess
41ed0770df
consistent caps 2016-12-08 17:17:01 -04:00
Joey Hess
23438fb80f
move to debug 2016-12-08 15:56:36 -04:00
Joey Hess
af41519126
convert P2P runners from Maybe to Either String
So we get some useful error messages when things fail.

This commit was sponsored by Peter Hogg on Patreon.
2016-12-08 15:47:49 -04:00
Joey Hess
f744bd5391
refactor 2016-12-06 15:43:03 -04:00
Joey Hess
b16a1cee4b
plumb peer uuid through to runLocal
This will allow updating transfer logs with the uuid.
2016-12-02 15:39:49 -04:00
Joey Hess
881274d021
make remote-daemon able to send and receive objects over tor
Each worker thread needs to run in the Annex monad, but the
remote-daemon's liftAnnex can only run 1 action at a time. Used
Annex.Concurrent to deal with that.

P2P.Annex is incomplete as of yet.
2016-12-02 13:52:43 -04:00
Joey Hess
3dce6a080e
cleanups 2016-12-01 00:42:01 -04:00
Joey Hess
e714e0f67a
actually check p2p authtokens for tor connections
This commit was sponsored by Ethan Aubin.
2016-11-30 16:46:02 -04:00
Joey Hess
2ad3420c19
fix 2016-11-29 15:43:34 -04:00
Joey Hess
3ed8895a09
fix build 2016-11-24 16:36:16 -04:00
Joey Hess
e053f31816
avoid serving more than 10 tor connections at a time
Another 10 clients can be accepted and waiting their turn. After that,
start dropping connections.

This is to avoid DOS attacks..
2016-11-21 22:03:29 -04:00
Joey Hess
2da338bb8d
detect EOF on socket and cleanly shutdown the service process 2016-11-21 21:45:56 -04:00
Joey Hess
483dbcdbef
stop cleanly when there's a IO error accessing the Handle
All other exceptions are let through, but IO errors accessing the handle
are to be expected, so quietly ignore.
2016-11-21 21:32:51 -04:00
Joey Hess
070fb9e624
Added git-remote-tor-annex, which allows git pull and push to the tor hidden service.
Almost working, but there's a bug in the relaying.

Also, made tor hidden service setup pick a random port, to make it harder
to port scan.

This commit was sponsored by Boyd Stephen Smith Jr. on Patreon.
2016-11-21 17:27:38 -04:00
Joey Hess
9cf9ee73f5
improve p2p protocol implementation
Tested it in ghci a little now.
2016-11-20 16:42:18 -04:00
Joey Hess
74691ddf0e
remotedaemon: serve tor hidden service 2016-11-20 15:48:12 -04:00
Joey Hess
67f50e9cdd
make LocalRepo a newtype 2016-06-02 16:34:52 -04:00
Joey Hess
737e45156e
remove 163 lines of code without changing anything except imports 2016-01-20 16:36:33 -04:00
Joey Hess
707293ba7e remotedaemon: Fixed support for notifications of changes to gcrypt remotes, which was never tested and didn't quite work before. 2015-03-16 15:28:29 -04:00
Joey Hess
15107d2c5a propigate ssh-options everywhere ssh caching is used
* sync: Use the ssh-options git config when doing git pull and push.
* remotedaemon: Use the ssh-options git config.

Note that the rename env var means that if a new git-annex calls an old one
for git-annex ssh, or a new calls an old, nothing much will go wrong;
just ssh caching won't happen.
2015-02-12 16:14:53 -04:00
Joey Hess
afc5153157 update my email address and homepage url 2015-01-21 12:50:09 -04:00
Joey Hess
1ce8367417 remotedaemon: Fix problem that could prevent ssh connections being made after two LOSTNET messages were received in a row
Perhaps due to two different network interfaces being brought down.

Since there is no reliable way to drain a Chan, I switched to STM TChan.
2015-01-15 15:37:53 -04:00
Joey Hess
7b50b3c057 fix some mixed space+tab indentation
This fixes all instances of " \t" in the code base. Most common case
seems to be after a "where" line; probably vim copied the two space layout
of that line.

Done as a background task while listening to episode 2 of the Type Theory
podcast.
2014-10-09 15:09:11 -04:00
Joey Hess
c784ef4586 unify exception handling into Utility.Exception
Removed old extensible-exceptions, only needed for very old ghc.

Made webdav use Utility.Exception, to work after some changes in DAV's
exception handling.

Removed Annex.Exception. Mostly this was trivial, but note that
tryAnnex is replaced with tryNonAsync and catchAnnex replaced with
catchNonAsync. In theory that could be a behavior change, since the former
caught all exceptions, and the latter don't catch async exceptions.

However, in practice, nothing in the Annex monad uses async exceptions.
Grepping for throwTo and killThread only find stuff in the assistant,
which does not seem related.

Command.Add.undo is changed to accept a SomeException, and things
that use it for rollback now catch non-async exceptions, rather than
only IOExceptions.
2014-08-07 22:03:29 -04:00
Joey Hess
a44fd2c019 export CreateProcess fields from Utility.Process
update code to avoid cwd and env redefinition warnings
2014-06-10 19:20:14 -04:00
Joey Hess
a33b30d0c4 remotedaemon: When network connection is lost, close all cached ssh connections.
This commit was sponsored by Cedric Staub.
2014-04-12 16:32:59 -04:00
Joey Hess
15917ec1a8 sync, assistant, remotedaemon: Use ssh connection caching for git pushes and pulls.
For sync, saves 1 ssh connection per remote. For remotedaemon, the same
ssh connection that is already open to run git-annex-shell notifychanges
is reused to pull from the remote.

Only potential problem is that this also enables connection caching
when the assistant syncs with a ssh remote. Including the sync it does
when a network connection has just come up. In that case, cached ssh
connections are likely to be stale, and so using them would hang.
Until I'm sure such problems have been dealt with, this commit needs to
stay on the remotecontrol branch, and not be merged to master.

This commit was sponsored by Alexandre Dupas.
2014-04-12 15:59:34 -04:00
Joey Hess
fb73792f72 make git-remote-daemon ssh transport robust
* Remote system might be available, and connection get lost. Should
  reconnect, but needs to avoid bad behavior (ie, constant reconnect
  attempts.) Use exponential backoff.

* Detect if old system had a too old git-annex-shell, and show the user
  a nice message in the webapp. Required parsing error messages, so perhaps
  this code shoudl be removed once enough time has passed..

* Switch the protocol to using remote URI's, rather than remote names.
  Names change. Also avoids issues with serialization of names containing
  whitespace.

This is nearly ready for merge into master now. I'd still like to make the ssh
transport smarter about reusing ssh connection caching during git pull.

This commit was sponsored by Jim Paris.
2014-04-09 14:14:55 -04:00
Joey Hess
fa0cf81b26 cleaned up AnnexState handling in transports 2014-04-08 13:42:57 -04:00
Joey Hess
43909723b3 added git-annex remotedaemon
So far, handling connecting to git-annex-shell notifychanges, and
pulling immediately when a change is pushed to a remote.

A little bit buggy (crashes after the first pull), but it already works!

This commit was sponsored by Mark Sheppard.
2014-04-06 19:10:23 -04:00