2 * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 #define GOTD_UNIX_SOCKET "/var/run/gotd.sock"
19 #define GOTD_UNIX_SOCKET_BACKLOG 10
20 #define GOTD_USER "_gotd"
21 #define GOTD_CONF_PATH "/etc/gotd.conf"
22 #define GOTD_SECRETS_PATH "/etc/gotd-secrets.conf"
23 #define GOTD_EMPTY_PATH "/var/empty"
25 #ifndef GOT_LIBEXECDIR
26 #define GOT_LIBEXECDIR /usr/libexec
29 #define GOTD_STRINGIFY(x) #x
30 #define GOTD_STRINGVAL(x) GOTD_STRINGIFY(x)
32 #define GOTD_PROG_NOTIFY_EMAIL got-notify-email
33 #define GOTD_PROG_NOTIFY_HTTP got-notify-http
35 #define GOTD_PATH_PROG_NOTIFY_EMAIL \
36 GOTD_STRINGVAL(GOT_LIBEXECDIR) "/" \
37 GOTD_STRINGVAL(GOTD_PROG_NOTIFY_EMAIL)
38 #define GOTD_PATH_PROG_NOTIFY_HTTP \
39 GOTD_STRINGVAL(GOT_LIBEXECDIR) "/" \
40 GOTD_STRINGVAL(GOTD_PROG_NOTIFY_HTTP)
42 #define GOTD_MAXCLIENTS 1024
43 #define GOTD_MAX_CONN_PER_UID 4
44 #define GOTD_FD_RESERVE 5
45 #define GOTD_FD_NEEDED 6
46 #define GOTD_FILENO_MSG_PIPE 3
48 #define GOTD_DEFAULT_REQUEST_TIMEOUT 3600
50 /* Client hash tables need some extra room. */
51 #define GOTD_CLIENT_TABLE_SIZE (GOTD_MAXCLIENTS * 4)
68 void (*handler)(int, short, void *);
75 GOTD_ACCESS_DENIED = -1,
76 GOTD_ACCESS_PERMITTED = 1
79 struct gotd_access_rule {
80 STAILQ_ENTRY(gotd_access_rule) entry;
82 enum gotd_access access;
85 #define GOTD_AUTH_READ 0x1
86 #define GOTD_AUTH_WRITE 0x2
90 STAILQ_HEAD(gotd_access_rule_list, gotd_access_rule);
92 enum gotd_notification_target_type {
93 GOTD_NOTIFICATION_VIA_EMAIL,
94 GOTD_NOTIFICATION_VIA_HTTP
97 struct gotd_notification_target {
98 STAILQ_ENTRY(gotd_notification_target) entry;
100 enum gotd_notification_target_type type;
119 STAILQ_HEAD(gotd_notification_targets, gotd_notification_target);
122 TAILQ_ENTRY(gotd_repo) entry;
127 struct gotd_access_rule_list rules;
128 struct got_pathlist_head protected_tag_namespaces;
129 struct got_pathlist_head protected_branch_namespaces;
130 struct got_pathlist_head protected_branches;
132 struct got_pathlist_head notification_refs;
133 struct got_pathlist_head notification_ref_namespaces;
134 struct gotd_notification_targets notification_targets;
136 TAILQ_HEAD(gotd_repolist, gotd_repo);
138 struct gotd_client_capability {
143 struct gotd_object_id_array {
144 struct got_object_id **ids;
149 struct gotd_uid_connection_limit {
154 struct gotd_child_proc;
159 char unix_socket_path[PATH_MAX];
161 struct gotd_repolist repos;
163 struct gotd_child_proc *listen_proc;
164 struct gotd_child_proc *notify_proc;
165 int notifications_enabled;
166 struct timeval request_timeout;
167 struct timeval auth_timeout;
168 struct gotd_uid_connection_limit *connection_limits;
169 size_t nconnection_limits;
170 struct gotd_secrets *secrets;
173 const char *confpath;
178 enum gotd_imsg_type {
179 /* An error occurred while processing a request. */
182 /* Commands used by gotctl(8). */
185 GOTD_IMSG_INFO_CLIENT,
188 /* Request a list of references. */
190 GOTD_IMSG_LIST_REFS_INTERNAL,
197 /* Git protocol capabilities. */
198 GOTD_IMSG_CAPABILITIES,
199 GOTD_IMSG_CAPABILITY,
201 /* Git protocol chatter. */
202 GOTD_IMSG_WANT, /* The client wants an object. */
203 GOTD_IMSG_HAVE, /* The client has an object. */
204 GOTD_IMSG_ACK, /* The server has an object or a reference. */
205 GOTD_IMSG_NAK, /* The server does not have an object/ref. */
206 GOTD_IMSG_REF_UPDATE, /* The client wants to update a reference. */
207 GOTD_IMSG_REF_DELETE, /* The client wants to delete a reference. */
208 GOTD_IMSG_FLUSH, /* The client sent a flush packet. */
209 GOTD_IMSG_DONE, /* The client is done chatting. */
211 /* Sending or receiving a pack file. */
212 GOTD_IMSG_SEND_PACKFILE, /* The server is sending a pack file. */
213 GOTD_IMSG_RECV_PACKFILE, /* The server is receiving a pack file. */
214 GOTD_IMSG_PACKIDX_FILE, /* Temporary file handle for new pack index. */
215 GOTD_IMSG_PACKFILE_PIPE, /* Pipe to send/receive a pack file stream. */
216 GOTD_IMSG_PACKFILE_PROGRESS, /* Progress reporting. */
217 GOTD_IMSG_PACKFILE_READY, /* Pack file is ready to be sent. */
218 GOTD_IMSG_PACKFILE_STATUS, /* Received pack success/failure status. */
219 GOTD_IMSG_PACKFILE_INSTALL, /* Received pack file can be installed. */
220 GOTD_IMSG_PACKFILE_DONE, /* Pack file has been sent/received. */
222 /* Reference updates. */
223 GOTD_IMSG_REF_UPDATES_START, /* Ref updates starting. */
224 GOTD_IMSG_REF_UPDATE_OK, /* Update went OK. */
225 GOTD_IMSG_REF_UPDATE_NG, /* Update was not good. */
226 GOTD_IMSG_REFS_UPDATED, /* The server processed all ref updates. */
228 /* Client connections. */
229 GOTD_IMSG_DISCONNECT,
232 /* Child process management. */
233 GOTD_IMSG_CLIENT_SESSION_READY,
234 GOTD_IMSG_REPO_CHILD_READY,
235 GOTD_IMSG_CONNECT_REPO_CHILD,
237 /* Auth child process. */
238 GOTD_IMSG_AUTHENTICATE,
239 GOTD_IMSG_ACCESS_GRANTED,
241 /* Notify child process. */
242 GOTD_IMSG_CONNECT_NOTIFIER,
243 GOTD_IMSG_CONNECT_SESSION,
245 GOTD_IMSG_NOTIFICATION_SENT,
248 GOTD_IMSG_SECRETS, /* number of secrets */
252 /* Structure for GOTD_IMSG_ERROR. */
253 struct gotd_imsg_error {
254 int code; /* an error code from got_error.h */
255 int errno_code; /* in case code equals GOT_ERR_ERRNO */
257 char msg[GOT_ERR_MAX_MSG_SIZE];
258 } __attribute__((__packed__));
260 /* Structure for GOTD_IMSG_INFO. */
261 struct gotd_imsg_info {
267 /* Followed by nrepos GOTD_IMSG_INFO_REPO messages. */
268 /* Followed by nclients GOTD_IMSG_INFO_CLIENT messages. */
271 /* Structure for GOTD_IMSG_INFO_REPO. */
272 struct gotd_imsg_info_repo {
273 char repo_name[NAME_MAX];
274 char repo_path[PATH_MAX];
277 /* Structure for GOTD_IMSG_INFO_CLIENT */
278 struct gotd_imsg_info_client {
281 char repo_name[NAME_MAX];
283 pid_t session_child_pid;
284 pid_t repo_child_pid;
287 /* Structure for GOTD_IMSG_LIST_REFS. */
288 struct gotd_imsg_list_refs {
289 char repo_name[NAME_MAX];
290 int client_is_reading; /* 1 if reading, 0 if writing */
293 /* Structure for GOTD_IMSG_REFLIST. */
294 struct gotd_imsg_reflist {
297 /* Followed by nrefs times of gotd_imsg_ref/gotd_imsg_symref data. */
298 } __attribute__((__packed__));
300 /* Structure for GOTD_IMSG_REF data. */
301 struct gotd_imsg_ref {
302 uint8_t id[SHA1_DIGEST_LENGTH];
304 /* Followed by name_len data bytes. */
305 } __attribute__((__packed__));
307 /* Structure for GOTD_IMSG_SYMREF data. */
308 struct gotd_imsg_symref {
311 uint8_t target_id[SHA1_DIGEST_LENGTH];
314 * Followed by name_len + target_len data bytes.
316 } __attribute__((__packed__));
318 /* Structure for GOTD_IMSG_CAPABILITIES data. */
319 struct gotd_imsg_capabilities {
320 size_t ncapabilities;
323 * Followed by ncapabilities * GOTD_IMSG_CAPABILITY.
325 } __attribute__((__packed__));
327 /* Structure for GOTD_IMSG_CAPABILITY data. */
328 struct gotd_imsg_capability {
333 * Followed by key_len + value_len data bytes.
335 } __attribute__((__packed__));
337 /* Structure for GOTD_IMSG_WANT data. */
338 struct gotd_imsg_want {
339 uint8_t object_id[SHA1_DIGEST_LENGTH];
340 } __attribute__((__packed__));
342 /* Structure for GOTD_IMSG_HAVE data. */
343 struct gotd_imsg_have {
344 uint8_t object_id[SHA1_DIGEST_LENGTH];
345 } __attribute__((__packed__));
347 /* Structure for GOTD_IMSG_ACK data. */
348 struct gotd_imsg_ack {
349 uint8_t object_id[SHA1_DIGEST_LENGTH];
350 } __attribute__((__packed__));
352 /* Structure for GOTD_IMSG_NAK data. */
353 struct gotd_imsg_nak {
354 uint8_t object_id[SHA1_DIGEST_LENGTH];
355 } __attribute__((__packed__));
357 /* Structure for GOTD_IMSG_PACKFILE_STATUS data. */
358 struct gotd_imsg_packfile_status {
361 /* Followed by reason_len data bytes. */
362 } __attribute__((__packed__));
365 /* Structure for GOTD_IMSG_REF_UPDATE data. */
366 struct gotd_imsg_ref_update {
367 uint8_t old_id[SHA1_DIGEST_LENGTH];
368 uint8_t new_id[SHA1_DIGEST_LENGTH];
373 /* Followed by name_len data bytes. */
374 } __attribute__((__packed__));
376 /* Structure for GOTD_IMSG_REF_UPDATES_START data. */
377 struct gotd_imsg_ref_updates_start {
380 /* Followed by nref_updates GOT_IMSG_REF_UPDATE_OK/NG messages. */
383 /* Structure for GOTD_IMSG_REF_UPDATE_OK data. */
384 struct gotd_imsg_ref_update_ok {
385 uint8_t old_id[SHA1_DIGEST_LENGTH];
386 uint8_t new_id[SHA1_DIGEST_LENGTH];
390 /* Followed by name_len data bytes. */
391 } __attribute__((__packed__));
393 /* Structure for GOTD_IMSG_REF_UPDATE_NG data. */
394 struct gotd_imsg_ref_update_ng {
395 uint8_t old_id[SHA1_DIGEST_LENGTH];
396 uint8_t new_id[SHA1_DIGEST_LENGTH];
400 /* Followed by name_len + reason_len data bytes. */
401 } __attribute__((__packed__));
403 /* Structure for GOTD_IMSG_SEND_PACKFILE data. */
404 struct gotd_imsg_send_packfile {
407 /* delta cache file is sent as a file descriptor */
409 /* followed by two GOTD_IMSG_PACKFILE_PIPE messages */
412 /* Structure for GOTD_IMSG_RECV_PACKFILE data. */
413 struct gotd_imsg_recv_packfile {
416 /* pack destination temp file is sent as a file descriptor */
420 * Structure for GOTD_IMSG_PACKFILE_PROGRESS and
421 * GOTD_IMSG_PACKFILE_READY data.
423 struct gotd_imsg_packfile_progress {
434 /* Structure for GOTD_IMSG_PACKFILE_INSTALL. */
435 struct gotd_imsg_packfile_install {
436 uint8_t pack_sha1[SHA1_DIGEST_LENGTH];
439 /* Structure for GOTD_IMSG_DISCONNECT data. */
440 struct gotd_imsg_disconnect {
444 /* Structure for GOTD_IMSG_CONNECT. */
445 struct gotd_imsg_connect {
451 /* Followed by username_len data bytes. */
454 /* Structure for GOTD_IMSG_CONNECT_REPO_CHILD. */
455 struct gotd_imsg_connect_repo_child {
456 enum gotd_procid proc_id;
458 /* repo child imsg pipe is passed via imsg fd */
461 /* Structure for GOTD_IMSG_AUTHENTICATE. */
462 struct gotd_imsg_auth {
469 /* Structures for GOTD_IMSG_NOTIFY. */
470 enum gotd_notification_action {
471 GOTD_NOTIF_ACTION_CREATED,
472 GOTD_NOTIF_ACTION_REMOVED,
473 GOTD_NOTIF_ACTION_CHANGED
475 /* IMSG_NOTIFY session <-> repo_write */
476 struct gotd_imsg_notification_content {
477 enum gotd_notification_action action;
478 struct got_object_id old_id;
479 struct got_object_id new_id;
481 /* Followed by refname_len data bytes. */
483 /* IMSG_NOTIFY session -> notify*/
484 struct gotd_imsg_notify {
485 char repo_name[NAME_MAX];
486 char subject_line[64];
488 /* Followed by username_len data bytes. */
491 int parse_config(const char *, enum gotd_procid, struct gotd_secrets *,
493 struct gotd_repo *gotd_find_repo_by_name(const char *, struct gotd_repolist *);
494 struct gotd_repo *gotd_find_repo_by_path(const char *, struct gotd *);
495 struct gotd_uid_connection_limit *gotd_find_uid_connection_limit(
496 struct gotd_uid_connection_limit *limits, size_t nlimits, uid_t uid);
497 int gotd_parseuid(const char *s, uid_t *uid);
498 const struct got_error *gotd_parse_url(char **, char **, char **,
499 char **, const char *);
502 const struct got_error *gotd_imsg_flush(struct imsgbuf *);
503 const struct got_error *gotd_imsg_recv(struct imsg *, struct imsgbuf *, size_t);
504 const struct got_error *gotd_imsg_poll_recv(struct imsg *, struct imsgbuf *,
506 const struct got_error *gotd_imsg_recv_error(uint32_t *client_id,
508 int gotd_imsg_send_error(struct imsgbuf *ibuf, uint32_t, uint32_t,
509 const struct got_error *);
510 int gotd_imsg_send_error_event(struct gotd_imsgev *, uint32_t, uint32_t,
511 const struct got_error *);
512 void gotd_imsg_event_add(struct gotd_imsgev *);
513 int gotd_imsg_compose_event(struct gotd_imsgev *, uint16_t, uint32_t, int,
515 int gotd_imsg_forward(struct gotd_imsgev *, struct imsg *, int);
517 void gotd_imsg_send_ack(struct got_object_id *, struct imsgbuf *,
519 void gotd_imsg_send_nak(struct got_object_id *, struct imsgbuf *,