Blob


1 /*
2 * Copyright (c) 2022, 2023 Stefan Sperling <stsp@openbsd.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
17 #include <sys/types.h>
18 #include <sys/queue.h>
19 #include <sys/tree.h>
20 #include <sys/socket.h>
21 #include <sys/stat.h>
22 #include <sys/uio.h>
24 #include <errno.h>
25 #include <event.h>
26 #include <limits.h>
27 #include <sha1.h>
28 #include <sha2.h>
29 #include <signal.h>
30 #include <stdint.h>
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <string.h>
34 #include <imsg.h>
35 #include <unistd.h>
37 #include "got_error.h"
38 #include "got_repository.h"
39 #include "got_object.h"
40 #include "got_path.h"
41 #include "got_reference.h"
42 #include "got_opentemp.h"
44 #include "got_lib_hash.h"
45 #include "got_lib_delta.h"
46 #include "got_lib_object.h"
47 #include "got_lib_object_cache.h"
48 #include "got_lib_pack.h"
49 #include "got_lib_repository.h"
50 #include "got_lib_gitproto.h"
52 #include "gotd.h"
53 #include "log.h"
54 #include "session_write.h"
56 struct gotd_session_notif {
57 STAILQ_ENTRY(gotd_session_notif) entry;
58 int fd;
59 enum gotd_notification_action action;
60 char *refname;
61 struct got_object_id old_id;
62 struct got_object_id new_id;
63 };
64 STAILQ_HEAD(gotd_session_notifications, gotd_session_notif) notifications;
66 enum gotd_session_write_state {
67 GOTD_STATE_EXPECT_LIST_REFS,
68 GOTD_STATE_EXPECT_CAPABILITIES,
69 GOTD_STATE_EXPECT_REF_UPDATE,
70 GOTD_STATE_EXPECT_MORE_REF_UPDATES,
71 GOTD_STATE_EXPECT_PACKFILE,
72 GOTD_STATE_NOTIFY,
73 };
75 static struct gotd_session_write {
76 pid_t pid;
77 const char *title;
78 struct got_repository *repo;
79 struct gotd_repo *repo_cfg;
80 int *pack_fds;
81 int *temp_fds;
82 struct gotd_imsgev parent_iev;
83 struct gotd_imsgev notifier_iev;
84 struct timeval request_timeout;
85 enum gotd_session_write_state state;
86 struct gotd_imsgev repo_child_iev;
87 } gotd_session;
89 static struct gotd_session_client {
90 struct gotd_client_capability *capabilities;
91 size_t ncapa_alloc;
92 size_t ncapabilities;
93 uint32_t id;
94 int fd;
95 int delta_cache_fd;
96 struct gotd_imsgev iev;
97 struct event tmo;
98 uid_t euid;
99 gid_t egid;
100 char *username;
101 char *packfile_path;
102 char *packidx_path;
103 int nref_updates;
104 int accept_flush_pkt;
105 int flush_disconnect;
106 } gotd_session_client;
108 static void session_write_shutdown(void);
110 static void
111 disconnect(struct gotd_session_client *client)
113 log_debug("uid %d: disconnecting", client->euid);
115 if (gotd_imsg_compose_event(&gotd_session.parent_iev,
116 GOTD_IMSG_DISCONNECT, PROC_SESSION_WRITE, -1, NULL, 0) == -1)
117 log_warn("imsg compose DISCONNECT");
119 imsg_clear(&gotd_session.repo_child_iev.ibuf);
120 event_del(&gotd_session.repo_child_iev.ev);
121 evtimer_del(&client->tmo);
122 close(client->fd);
123 if (client->delta_cache_fd != -1)
124 close(client->delta_cache_fd);
125 if (client->packfile_path) {
126 if (unlink(client->packfile_path) == -1 && errno != ENOENT)
127 log_warn("unlink %s: ", client->packfile_path);
128 free(client->packfile_path);
130 if (client->packidx_path) {
131 if (unlink(client->packidx_path) == -1 && errno != ENOENT)
132 log_warn("unlink %s: ", client->packidx_path);
133 free(client->packidx_path);
135 free(client->capabilities);
137 session_write_shutdown();
140 static void
141 disconnect_on_error(struct gotd_session_client *client,
142 const struct got_error *err)
144 struct imsgbuf ibuf;
146 if (err->code != GOT_ERR_EOF) {
147 log_warnx("uid %d: %s", client->euid, err->msg);
148 imsg_init(&ibuf, client->fd);
149 gotd_imsg_send_error(&ibuf, 0, PROC_SESSION_WRITE, err);
150 imsg_clear(&ibuf);
153 disconnect(client);
156 static void
157 gotd_request_timeout(int fd, short events, void *arg)
159 struct gotd_session_client *client = arg;
161 log_warnx("disconnecting uid %d due to timeout", client->euid);
162 disconnect(client);
165 static void
166 session_write_sighdlr(int sig, short event, void *arg)
168 /*
169 * Normal signal handler rules don't apply because libevent
170 * decouples for us.
171 */
173 switch (sig) {
174 case SIGHUP:
175 log_info("%s: ignoring SIGHUP", __func__);
176 break;
177 case SIGUSR1:
178 log_info("%s: ignoring SIGUSR1", __func__);
179 break;
180 case SIGTERM:
181 case SIGINT:
182 session_write_shutdown();
183 /* NOTREACHED */
184 break;
185 default:
186 fatalx("unexpected signal");
190 static const struct got_error *
191 recv_packfile_install(struct imsg *imsg)
193 struct gotd_imsg_packfile_install inst;
194 size_t datalen;
196 log_debug("packfile-install received");
198 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
199 if (datalen != sizeof(inst))
200 return got_error(GOT_ERR_PRIVSEP_LEN);
201 memcpy(&inst, imsg->data, sizeof(inst));
203 return NULL;
206 static const struct got_error *
207 recv_ref_updates_start(struct imsg *imsg)
209 struct gotd_imsg_ref_updates_start istart;
210 size_t datalen;
212 log_debug("ref-updates-start received");
214 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
215 if (datalen != sizeof(istart))
216 return got_error(GOT_ERR_PRIVSEP_LEN);
217 memcpy(&istart, imsg->data, sizeof(istart));
219 return NULL;
222 static const struct got_error *
223 recv_ref_update(struct imsg *imsg)
225 struct gotd_imsg_ref_update iref;
226 size_t datalen;
228 log_debug("ref-update received");
230 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
231 if (datalen < sizeof(iref))
232 return got_error(GOT_ERR_PRIVSEP_LEN);
233 memcpy(&iref, imsg->data, sizeof(iref));
235 return NULL;
238 static const struct got_error *
239 send_ref_update_ok(struct gotd_session_client *client,
240 struct gotd_imsg_ref_update *iref, const char *refname)
242 struct gotd_imsg_ref_update_ok iok;
243 struct gotd_imsgev *iev = &client->iev;
244 struct ibuf *wbuf;
245 size_t len;
247 memset(&iok, 0, sizeof(iok));
248 memcpy(iok.old_id, iref->old_id, SHA1_DIGEST_LENGTH);
249 memcpy(iok.new_id, iref->new_id, SHA1_DIGEST_LENGTH);
250 iok.name_len = strlen(refname);
252 len = sizeof(iok) + iok.name_len;
253 wbuf = imsg_create(&iev->ibuf, GOTD_IMSG_REF_UPDATE_OK,
254 PROC_SESSION_WRITE, gotd_session.pid, len);
255 if (wbuf == NULL)
256 return got_error_from_errno("imsg_create REF_UPDATE_OK");
258 if (imsg_add(wbuf, &iok, sizeof(iok)) == -1)
259 return got_error_from_errno("imsg_add REF_UPDATE_OK");
260 if (imsg_add(wbuf, refname, iok.name_len) == -1)
261 return got_error_from_errno("imsg_add REF_UPDATE_OK");
263 imsg_close(&iev->ibuf, wbuf);
264 gotd_imsg_event_add(iev);
265 return NULL;
268 static void
269 send_refs_updated(struct gotd_session_client *client)
271 if (gotd_imsg_compose_event(&client->iev, GOTD_IMSG_REFS_UPDATED,
272 PROC_SESSION_WRITE, -1, NULL, 0) == -1)
273 log_warn("imsg compose REFS_UPDATED");
276 static const struct got_error *
277 send_ref_update_ng(struct gotd_session_client *client,
278 struct gotd_imsg_ref_update *iref, const char *refname,
279 const char *reason)
281 const struct got_error *ng_err;
282 struct gotd_imsg_ref_update_ng ing;
283 struct gotd_imsgev *iev = &client->iev;
284 struct ibuf *wbuf;
285 size_t len;
287 memset(&ing, 0, sizeof(ing));
288 memcpy(ing.old_id, iref->old_id, SHA1_DIGEST_LENGTH);
289 memcpy(ing.new_id, iref->new_id, SHA1_DIGEST_LENGTH);
290 ing.name_len = strlen(refname);
292 ng_err = got_error_fmt(GOT_ERR_REF_BUSY, "%s", reason);
293 ing.reason_len = strlen(ng_err->msg);
295 len = sizeof(ing) + ing.name_len + ing.reason_len;
296 wbuf = imsg_create(&iev->ibuf, GOTD_IMSG_REF_UPDATE_NG,
297 PROC_SESSION_WRITE, gotd_session.pid, len);
298 if (wbuf == NULL)
299 return got_error_from_errno("imsg_create REF_UPDATE_NG");
301 if (imsg_add(wbuf, &ing, sizeof(ing)) == -1)
302 return got_error_from_errno("imsg_add REF_UPDATE_NG");
303 if (imsg_add(wbuf, refname, ing.name_len) == -1)
304 return got_error_from_errno("imsg_add REF_UPDATE_NG");
305 if (imsg_add(wbuf, ng_err->msg, ing.reason_len) == -1)
306 return got_error_from_errno("imsg_add REF_UPDATE_NG");
308 imsg_close(&iev->ibuf, wbuf);
309 gotd_imsg_event_add(iev);
310 return NULL;
313 static const struct got_error *
314 install_pack(struct gotd_session_client *client, const char *repo_path,
315 struct imsg *imsg)
317 const struct got_error *err = NULL;
318 struct gotd_imsg_packfile_install inst;
319 char hex[SHA1_DIGEST_STRING_LENGTH];
320 size_t datalen;
321 char *packfile_path = NULL, *packidx_path = NULL;
323 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
324 if (datalen != sizeof(inst))
325 return got_error(GOT_ERR_PRIVSEP_LEN);
326 memcpy(&inst, imsg->data, sizeof(inst));
328 if (client->packfile_path == NULL)
329 return got_error_msg(GOT_ERR_BAD_REQUEST,
330 "client has no pack file");
331 if (client->packidx_path == NULL)
332 return got_error_msg(GOT_ERR_BAD_REQUEST,
333 "client has no pack file index");
335 if (got_sha1_digest_to_str(inst.pack_sha1, hex, sizeof(hex)) == NULL)
336 return got_error_msg(GOT_ERR_NO_SPACE,
337 "could not convert pack file SHA1 to hex");
339 if (asprintf(&packfile_path, "/%s/%s/pack-%s.pack",
340 repo_path, GOT_OBJECTS_PACK_DIR, hex) == -1) {
341 err = got_error_from_errno("asprintf");
342 goto done;
345 if (asprintf(&packidx_path, "/%s/%s/pack-%s.idx",
346 repo_path, GOT_OBJECTS_PACK_DIR, hex) == -1) {
347 err = got_error_from_errno("asprintf");
348 goto done;
351 if (rename(client->packfile_path, packfile_path) == -1) {
352 err = got_error_from_errno3("rename", client->packfile_path,
353 packfile_path);
354 goto done;
357 free(client->packfile_path);
358 client->packfile_path = NULL;
360 if (rename(client->packidx_path, packidx_path) == -1) {
361 err = got_error_from_errno3("rename", client->packidx_path,
362 packidx_path);
363 goto done;
366 /* Ensure we re-read the pack index list upon next access. */
367 gotd_session.repo->pack_path_mtime.tv_sec = 0;
368 gotd_session.repo->pack_path_mtime.tv_nsec = 0;
370 free(client->packidx_path);
371 client->packidx_path = NULL;
372 done:
373 free(packfile_path);
374 free(packidx_path);
375 return err;
378 static const struct got_error *
379 begin_ref_updates(struct gotd_session_client *client, struct imsg *imsg)
381 struct gotd_imsg_ref_updates_start istart;
382 size_t datalen;
384 if (client->nref_updates != -1)
385 return got_error(GOT_ERR_PRIVSEP_MSG);
387 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
388 if (datalen != sizeof(istart))
389 return got_error(GOT_ERR_PRIVSEP_LEN);
390 memcpy(&istart, imsg->data, sizeof(istart));
392 if (istart.nref_updates <= 0)
393 return got_error(GOT_ERR_PRIVSEP_MSG);
395 client->nref_updates = istart.nref_updates;
396 return NULL;
399 static const struct got_error *
400 validate_namespace(const char *namespace)
402 size_t len = strlen(namespace);
404 if (len < 5 || strncmp("refs/", namespace, 5) != 0 ||
405 namespace[len - 1] != '/') {
406 return got_error_fmt(GOT_ERR_BAD_REF_NAME,
407 "reference namespace '%s'", namespace);
410 return NULL;
413 static const struct got_error *
414 queue_notification(struct got_object_id *old_id, struct got_object_id *new_id,
415 struct got_repository *repo, struct got_reference *ref)
417 const struct got_error *err = NULL;
418 struct gotd_repo *repo_cfg = gotd_session.repo_cfg;
419 struct gotd_imsgev *iev = &gotd_session.repo_child_iev;
420 struct got_pathlist_entry *pe;
421 struct gotd_session_notif *notif;
423 if (iev->ibuf.fd == -1 ||
424 STAILQ_EMPTY(&repo_cfg->notification_targets))
425 return NULL; /* notifications unused */
427 TAILQ_FOREACH(pe, &repo_cfg->notification_refs, entry) {
428 const char *refname = pe->path;
429 if (strcmp(got_ref_get_name(ref), refname) == 0)
430 break;
432 if (pe == NULL) {
433 TAILQ_FOREACH(pe, &repo_cfg->notification_ref_namespaces,
434 entry) {
435 const char *namespace = pe->path;
437 err = validate_namespace(namespace);
438 if (err)
439 return err;
440 if (strncmp(namespace, got_ref_get_name(ref),
441 strlen(namespace)) == 0)
442 break;
446 /*
447 * If a branch or a reference namespace was specified in the
448 * configuration file then only send notifications if a match
449 * was found.
450 */
451 if (pe == NULL && (!TAILQ_EMPTY(&repo_cfg->notification_refs) ||
452 !TAILQ_EMPTY(&repo_cfg->notification_ref_namespaces)))
453 return NULL;
455 notif = calloc(1, sizeof(*notif));
456 if (notif == NULL)
457 return got_error_from_errno("calloc");
459 notif->fd = -1;
461 if (old_id == NULL)
462 notif->action = GOTD_NOTIF_ACTION_CREATED;
463 else if (new_id == NULL)
464 notif->action = GOTD_NOTIF_ACTION_REMOVED;
465 else
466 notif->action = GOTD_NOTIF_ACTION_CHANGED;
468 if (old_id != NULL)
469 memcpy(&notif->old_id, old_id, sizeof(notif->old_id));
470 if (new_id != NULL)
471 memcpy(&notif->new_id, new_id, sizeof(notif->new_id));
473 notif->refname = strdup(got_ref_get_name(ref));
474 if (notif->refname == NULL) {
475 err = got_error_from_errno("strdup");
476 goto done;
479 STAILQ_INSERT_TAIL(&notifications, notif, entry);
480 done:
481 if (err && notif) {
482 free(notif->refname);
483 free(notif);
485 return err;
488 /* Forward notification content to the NOTIFY process. */
489 static const struct got_error *
490 forward_notification(struct gotd_session_client *client, struct imsg *imsg)
492 const struct got_error *err = NULL;
493 struct gotd_imsgev *iev = &gotd_session.notifier_iev;
494 struct gotd_session_notif *notif;
495 struct gotd_imsg_notification_content icontent;
496 char *refname = NULL, *id_str = NULL;
497 size_t datalen;
498 struct gotd_imsg_notify inotify;
499 const char *action;
500 struct ibuf *wbuf;
502 memset(&inotify, 0, sizeof(inotify));
504 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
505 if (datalen < sizeof(icontent))
506 return got_error(GOT_ERR_PRIVSEP_LEN);
507 memcpy(&icontent, imsg->data, sizeof(icontent));
508 if (datalen != sizeof(icontent) + icontent.refname_len)
509 return got_error(GOT_ERR_PRIVSEP_LEN);
510 refname = strndup(imsg->data + sizeof(icontent), icontent.refname_len);
511 if (refname == NULL)
512 return got_error_from_errno("strndup");
514 notif = STAILQ_FIRST(&notifications);
515 if (notif == NULL)
516 return got_error(GOT_ERR_PRIVSEP_MSG);
518 STAILQ_REMOVE(&notifications, notif, gotd_session_notif, entry);
520 if (notif->action != icontent.action || notif->fd == -1 ||
521 strcmp(notif->refname, refname) != 0) {
522 err = got_error(GOT_ERR_PRIVSEP_MSG);
523 goto done;
525 if (notif->action == GOTD_NOTIF_ACTION_CREATED) {
526 if (memcmp(&notif->new_id, &icontent.new_id,
527 sizeof(notif->new_id)) != 0) {
528 err = got_error_msg(GOT_ERR_PRIVSEP_MSG,
529 "received notification content for unknown event");
530 goto done;
532 } else if (notif->action == GOTD_NOTIF_ACTION_REMOVED) {
533 if (memcmp(&notif->old_id, &icontent.old_id,
534 sizeof(notif->old_id)) != 0) {
535 err = got_error_msg(GOT_ERR_PRIVSEP_MSG,
536 "received notification content for unknown event");
537 goto done;
539 } else if (memcmp(&notif->old_id, &icontent.old_id,
540 sizeof(notif->old_id)) != 0 ||
541 memcmp(&notif->new_id, &icontent.new_id,
542 sizeof(notif->old_id)) != 0) {
543 err = got_error_msg(GOT_ERR_PRIVSEP_MSG,
544 "received notification content for unknown event");
545 goto done;
548 switch (notif->action) {
549 case GOTD_NOTIF_ACTION_CREATED:
550 action = "created";
551 err = got_object_id_str(&id_str, &notif->new_id);
552 if (err)
553 goto done;
554 break;
555 case GOTD_NOTIF_ACTION_REMOVED:
556 action = "removed";
557 err = got_object_id_str(&id_str, &notif->old_id);
558 if (err)
559 goto done;
560 break;
561 case GOTD_NOTIF_ACTION_CHANGED:
562 action = "changed";
563 err = got_object_id_str(&id_str, &notif->new_id);
564 if (err)
565 goto done;
566 break;
567 default:
568 err = got_error(GOT_ERR_PRIVSEP_MSG);
569 goto done;
572 strlcpy(inotify.repo_name, gotd_session.repo_cfg->name,
573 sizeof(inotify.repo_name));
575 snprintf(inotify.subject_line, sizeof(inotify.subject_line),
576 "%s: %s %s %s: %.12s", gotd_session.repo_cfg->name,
577 client->username, action, notif->refname, id_str);
579 inotify.username_len = strlen(client->username);
580 wbuf = imsg_create(&iev->ibuf, GOTD_IMSG_NOTIFY,
581 PROC_SESSION_WRITE, gotd_session.pid,
582 sizeof(inotify) + inotify.username_len);
583 if (wbuf == NULL) {
584 err = got_error_from_errno("imsg_create NOTIFY");
585 goto done;
587 if (imsg_add(wbuf, &inotify, sizeof(inotify)) == -1) {
588 err = got_error_from_errno("imsg_add NOTIFY");
589 goto done;
591 if (imsg_add(wbuf, client->username, inotify.username_len) == -1) {
592 err = got_error_from_errno("imsg_add NOTIFY");
593 goto done;
596 ibuf_fd_set(wbuf, notif->fd);
597 notif->fd = -1;
599 imsg_close(&iev->ibuf, wbuf);
600 gotd_imsg_event_add(iev);
601 done:
602 if (notif->fd != -1)
603 close(notif->fd);
604 free(notif);
605 free(refname);
606 free(id_str);
607 return err;
610 /* Request notification content from REPO_WRITE process. */
611 static const struct got_error *
612 request_notification(struct gotd_session_notif *notif)
614 const struct got_error *err = NULL;
615 struct gotd_imsgev *iev = &gotd_session.repo_child_iev;
616 struct gotd_imsg_notification_content icontent;
617 struct ibuf *wbuf;
618 size_t len;
619 int fd;
621 fd = got_opentempfd();
622 if (fd == -1)
623 return got_error_from_errno("got_opentemp");
625 memset(&icontent, 0, sizeof(icontent));
627 icontent.action = notif->action;
628 memcpy(&icontent.old_id, &notif->old_id, sizeof(notif->old_id));
629 memcpy(&icontent.new_id, &notif->new_id, sizeof(notif->new_id));
630 icontent.refname_len = strlen(notif->refname);
632 len = sizeof(icontent) + icontent.refname_len;
633 wbuf = imsg_create(&iev->ibuf, GOTD_IMSG_NOTIFY,
634 PROC_SESSION_WRITE, gotd_session.pid, len);
635 if (wbuf == NULL) {
636 err = got_error_from_errno("imsg_create NOTIFY");
637 goto done;
639 if (imsg_add(wbuf, &icontent, sizeof(icontent)) == -1) {
640 err = got_error_from_errno("imsg_add NOTIFY");
641 goto done;
643 if (imsg_add(wbuf, notif->refname, icontent.refname_len) == -1) {
644 err = got_error_from_errno("imsg_add NOTIFY");
645 goto done;
648 notif->fd = dup(fd);
649 if (notif->fd == -1) {
650 err = got_error_from_errno("dup");
651 goto done;
654 ibuf_fd_set(wbuf, fd);
655 fd = -1;
657 imsg_close(&iev->ibuf, wbuf);
658 gotd_imsg_event_add(iev);
659 done:
660 if (err && fd != -1)
661 close(fd);
662 return err;
665 static const struct got_error *
666 update_ref(int *shut, struct gotd_session_client *client,
667 const char *repo_path, struct imsg *imsg)
669 const struct got_error *err = NULL;
670 struct got_repository *repo = gotd_session.repo;
671 struct got_reference *ref = NULL;
672 struct gotd_imsg_ref_update iref;
673 struct got_object_id old_id, new_id;
674 struct gotd_session_notif *notif;
675 struct got_object_id *id = NULL;
676 char *refname = NULL;
677 size_t datalen;
678 int locked = 0;
679 char hex1[SHA1_DIGEST_STRING_LENGTH];
680 char hex2[SHA1_DIGEST_STRING_LENGTH];
682 log_debug("update-ref from uid %d", client->euid);
684 if (client->nref_updates <= 0)
685 return got_error(GOT_ERR_PRIVSEP_MSG);
687 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
688 if (datalen < sizeof(iref))
689 return got_error(GOT_ERR_PRIVSEP_LEN);
690 memcpy(&iref, imsg->data, sizeof(iref));
691 if (datalen != sizeof(iref) + iref.name_len)
692 return got_error(GOT_ERR_PRIVSEP_LEN);
693 refname = strndup(imsg->data + sizeof(iref), iref.name_len);
694 if (refname == NULL)
695 return got_error_from_errno("strndup");
697 log_debug("updating ref %s for uid %d", refname, client->euid);
699 memset(&old_id, 0, sizeof(old_id));
700 memcpy(old_id.hash, iref.old_id, SHA1_DIGEST_LENGTH);
701 memset(&new_id, 0, sizeof(new_id));
702 memcpy(new_id.hash, iref.new_id, SHA1_DIGEST_LENGTH);
703 err = got_repo_find_object_id(iref.delete_ref ? &old_id : &new_id,
704 repo);
705 if (err)
706 goto done;
708 if (iref.ref_is_new) {
709 err = got_ref_open(&ref, repo, refname, 0);
710 if (err) {
711 if (err->code != GOT_ERR_NOT_REF)
712 goto done;
713 err = got_ref_alloc(&ref, refname, &new_id);
714 if (err)
715 goto done;
716 err = got_ref_write(ref, repo); /* will lock/unlock */
717 if (err)
718 goto done;
719 err = queue_notification(NULL, &new_id, repo, ref);
720 if (err)
721 goto done;
722 } else {
723 err = got_ref_resolve(&id, repo, ref);
724 if (err)
725 goto done;
726 got_object_id_hex(&new_id, hex1, sizeof(hex1));
727 got_object_id_hex(id, hex2, sizeof(hex2));
728 err = got_error_fmt(GOT_ERR_REF_BUSY,
729 "Addition %s: %s failed; %s: %s has been "
730 "created by someone else while transaction "
731 "was in progress",
732 got_ref_get_name(ref), hex1,
733 got_ref_get_name(ref), hex2);
734 goto done;
736 } else if (iref.delete_ref) {
737 err = got_ref_open(&ref, repo, refname, 1 /* lock */);
738 if (err)
739 goto done;
740 locked = 1;
742 err = got_ref_resolve(&id, repo, ref);
743 if (err)
744 goto done;
746 if (got_object_id_cmp(id, &old_id) != 0) {
747 got_object_id_hex(&old_id, hex1, sizeof(hex1));
748 got_object_id_hex(id, hex2, sizeof(hex2));
749 err = got_error_fmt(GOT_ERR_REF_BUSY,
750 "Deletion %s: %s failed; %s: %s has been "
751 "created by someone else while transaction "
752 "was in progress",
753 got_ref_get_name(ref), hex1,
754 got_ref_get_name(ref), hex2);
755 goto done;
758 err = got_ref_delete(ref, repo);
759 if (err)
760 goto done;
761 err = queue_notification(&old_id, NULL, repo, ref);
762 if (err)
763 goto done;
764 free(id);
765 id = NULL;
766 } else {
767 err = got_ref_open(&ref, repo, refname, 1 /* lock */);
768 if (err)
769 goto done;
770 locked = 1;
772 err = got_ref_resolve(&id, repo, ref);
773 if (err)
774 goto done;
776 if (got_object_id_cmp(id, &old_id) != 0) {
777 got_object_id_hex(&old_id, hex1, sizeof(hex1));
778 got_object_id_hex(id, hex2, sizeof(hex2));
779 err = got_error_fmt(GOT_ERR_REF_BUSY,
780 "Update %s: %s failed; %s: %s has been "
781 "created by someone else while transaction "
782 "was in progress",
783 got_ref_get_name(ref), hex1,
784 got_ref_get_name(ref), hex2);
785 goto done;
788 if (got_object_id_cmp(&new_id, &old_id) != 0) {
789 err = got_ref_change_ref(ref, &new_id);
790 if (err)
791 goto done;
792 err = got_ref_write(ref, repo);
793 if (err)
794 goto done;
795 err = queue_notification(&old_id, &new_id, repo, ref);
796 if (err)
797 goto done;
800 free(id);
801 id = NULL;
803 done:
804 if (err) {
805 if (err->code == GOT_ERR_LOCKFILE_TIMEOUT) {
806 err = got_error_fmt(GOT_ERR_LOCKFILE_TIMEOUT,
807 "could not acquire exclusive file lock for %s",
808 refname);
810 send_ref_update_ng(client, &iref, refname, err->msg);
811 } else
812 send_ref_update_ok(client, &iref, refname);
814 if (client->nref_updates > 0) {
815 client->nref_updates--;
816 if (client->nref_updates == 0) {
817 send_refs_updated(client);
818 notif = STAILQ_FIRST(&notifications);
819 if (notif) {
820 gotd_session.state = GOTD_STATE_NOTIFY;
821 err = request_notification(notif);
822 if (err) {
823 log_warn("could not send notification: "
824 "%s", err->msg);
825 client->flush_disconnect = 1;
827 } else
828 client->flush_disconnect = 1;
832 if (locked) {
833 const struct got_error *unlock_err;
834 unlock_err = got_ref_unlock(ref);
835 if (unlock_err && err == NULL)
836 err = unlock_err;
838 if (ref)
839 got_ref_close(ref);
840 free(refname);
841 free(id);
842 return err;
845 static const struct got_error *
846 recv_notification_content(struct imsg *imsg)
848 struct gotd_imsg_notification_content inotif;
849 size_t datalen;
851 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
852 if (datalen < sizeof(inotif))
853 return got_error(GOT_ERR_PRIVSEP_LEN);
854 memcpy(&inotif, imsg->data, sizeof(inotif));
856 return NULL;
859 static void
860 session_dispatch_repo_child(int fd, short event, void *arg)
862 struct gotd_imsgev *iev = arg;
863 struct imsgbuf *ibuf = &iev->ibuf;
864 struct gotd_session_client *client = &gotd_session_client;
865 ssize_t n;
866 int shut = 0;
867 struct imsg imsg;
869 if (event & EV_READ) {
870 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
871 fatal("imsg_read error");
872 if (n == 0) {
873 /* Connection closed. */
874 shut = 1;
875 goto done;
879 if (event & EV_WRITE) {
880 n = msgbuf_write(&ibuf->w);
881 if (n == -1 && errno != EAGAIN)
882 fatal("msgbuf_write");
883 if (n == 0) {
884 /* Connection closed. */
885 shut = 1;
886 goto done;
890 for (;;) {
891 const struct got_error *err = NULL;
892 uint32_t client_id = 0;
893 int do_disconnect = 0;
894 int do_ref_updates = 0, do_ref_update = 0;
895 int do_packfile_install = 0, do_notify = 0;
897 if ((n = imsg_get(ibuf, &imsg)) == -1)
898 fatal("%s: imsg_get error", __func__);
899 if (n == 0) /* No more messages. */
900 break;
902 switch (imsg.hdr.type) {
903 case GOTD_IMSG_ERROR:
904 do_disconnect = 1;
905 err = gotd_imsg_recv_error(&client_id, &imsg);
906 break;
907 case GOTD_IMSG_PACKFILE_INSTALL:
908 err = recv_packfile_install(&imsg);
909 if (err == NULL)
910 do_packfile_install = 1;
911 break;
912 case GOTD_IMSG_REF_UPDATES_START:
913 err = recv_ref_updates_start(&imsg);
914 if (err == NULL)
915 do_ref_updates = 1;
916 break;
917 case GOTD_IMSG_REF_UPDATE:
918 err = recv_ref_update(&imsg);
919 if (err == NULL)
920 do_ref_update = 1;
921 break;
922 case GOTD_IMSG_NOTIFY:
923 err = recv_notification_content(&imsg);
924 if (err == NULL)
925 do_notify = 1;
926 break;
927 default:
928 log_debug("unexpected imsg %d", imsg.hdr.type);
929 break;
932 if (do_disconnect || err) {
933 if (err)
934 disconnect_on_error(client, err);
935 else
936 disconnect(client);
937 } else {
938 struct gotd_session_notif *notif;
940 if (do_packfile_install)
941 err = install_pack(client,
942 gotd_session.repo->path, &imsg);
943 else if (do_ref_updates)
944 err = begin_ref_updates(client, &imsg);
945 else if (do_ref_update)
946 err = update_ref(&shut, client,
947 gotd_session.repo->path, &imsg);
948 else if (do_notify)
949 err = forward_notification(client, &imsg);
950 if (err)
951 log_warnx("uid %d: %s", client->euid, err->msg);
953 notif = STAILQ_FIRST(&notifications);
954 if (notif && do_notify) {
955 /* Request content for next notification. */
956 err = request_notification(notif);
957 if (err) {
958 log_warn("could not send notification: "
959 "%s", err->msg);
960 shut = 1;
964 imsg_free(&imsg);
966 done:
967 if (!shut) {
968 gotd_imsg_event_add(iev);
969 } else {
970 /* This pipe is dead. Remove its event handler */
971 event_del(&iev->ev);
972 event_loopexit(NULL);
976 static const struct got_error *
977 recv_capabilities(struct gotd_session_client *client, struct imsg *imsg)
979 struct gotd_imsg_capabilities icapas;
980 size_t datalen;
982 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
983 if (datalen != sizeof(icapas))
984 return got_error(GOT_ERR_PRIVSEP_LEN);
985 memcpy(&icapas, imsg->data, sizeof(icapas));
987 client->ncapa_alloc = icapas.ncapabilities;
988 client->capabilities = calloc(client->ncapa_alloc,
989 sizeof(*client->capabilities));
990 if (client->capabilities == NULL) {
991 client->ncapa_alloc = 0;
992 return got_error_from_errno("calloc");
995 log_debug("expecting %zu capabilities from uid %d",
996 client->ncapa_alloc, client->euid);
997 return NULL;
1000 static const struct got_error *
1001 recv_capability(struct gotd_session_client *client, struct imsg *imsg)
1003 struct gotd_imsg_capability icapa;
1004 struct gotd_client_capability *capa;
1005 size_t datalen;
1006 char *key, *value = NULL;
1008 if (client->capabilities == NULL ||
1009 client->ncapabilities >= client->ncapa_alloc) {
1010 return got_error_msg(GOT_ERR_BAD_REQUEST,
1011 "unexpected capability received");
1014 memset(&icapa, 0, sizeof(icapa));
1016 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1017 if (datalen < sizeof(icapa))
1018 return got_error(GOT_ERR_PRIVSEP_LEN);
1019 memcpy(&icapa, imsg->data, sizeof(icapa));
1021 if (datalen != sizeof(icapa) + icapa.key_len + icapa.value_len)
1022 return got_error(GOT_ERR_PRIVSEP_LEN);
1024 key = strndup(imsg->data + sizeof(icapa), icapa.key_len);
1025 if (key == NULL)
1026 return got_error_from_errno("strndup");
1027 if (icapa.value_len > 0) {
1028 value = strndup(imsg->data + sizeof(icapa) + icapa.key_len,
1029 icapa.value_len);
1030 if (value == NULL) {
1031 free(key);
1032 return got_error_from_errno("strndup");
1036 capa = &client->capabilities[client->ncapabilities++];
1037 capa->key = key;
1038 capa->value = value;
1040 if (value)
1041 log_debug("uid %d: capability %s=%s", client->euid, key, value);
1042 else
1043 log_debug("uid %d: capability %s", client->euid, key);
1045 return NULL;
1048 static const struct got_error *
1049 forward_ref_update(struct gotd_session_client *client, struct imsg *imsg)
1051 const struct got_error *err = NULL;
1052 struct gotd_imsg_ref_update ireq;
1053 struct gotd_imsg_ref_update *iref = NULL;
1054 size_t datalen;
1056 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1057 if (datalen < sizeof(ireq))
1058 return got_error(GOT_ERR_PRIVSEP_LEN);
1059 memcpy(&ireq, imsg->data, sizeof(ireq));
1060 if (datalen != sizeof(ireq) + ireq.name_len)
1061 return got_error(GOT_ERR_PRIVSEP_LEN);
1063 iref = malloc(datalen);
1064 if (iref == NULL)
1065 return got_error_from_errno("malloc");
1066 memcpy(iref, imsg->data, datalen);
1068 if (gotd_imsg_compose_event(&gotd_session.repo_child_iev,
1069 GOTD_IMSG_REF_UPDATE, PROC_SESSION_WRITE, -1,
1070 iref, datalen) == -1)
1071 err = got_error_from_errno("imsg compose REF_UPDATE");
1072 free(iref);
1073 return err;
1076 static int
1077 client_has_capability(struct gotd_session_client *client, const char *capastr)
1079 struct gotd_client_capability *capa;
1080 size_t i;
1082 if (client->ncapabilities == 0)
1083 return 0;
1085 for (i = 0; i < client->ncapabilities; i++) {
1086 capa = &client->capabilities[i];
1087 if (strcmp(capa->key, capastr) == 0)
1088 return 1;
1091 return 0;
1094 static const struct got_error *
1095 recv_packfile(struct gotd_session_client *client)
1097 const struct got_error *err = NULL;
1098 struct gotd_imsg_recv_packfile ipack;
1099 char *basepath = NULL, *pack_path = NULL, *idx_path = NULL;
1100 int packfd = -1, idxfd = -1;
1101 int pipe[2] = { -1, -1 };
1103 if (client->packfile_path) {
1104 return got_error_fmt(GOT_ERR_PRIVSEP_MSG,
1105 "uid %d already has a pack file", client->euid);
1108 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pipe) == -1)
1109 return got_error_from_errno("socketpair");
1111 /* Send pack pipe end 0 to repo child process. */
1112 if (gotd_imsg_compose_event(&gotd_session.repo_child_iev,
1113 GOTD_IMSG_PACKFILE_PIPE, PROC_SESSION_WRITE, pipe[0],
1114 NULL, 0) == -1) {
1115 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
1116 pipe[0] = -1;
1117 goto done;
1119 pipe[0] = -1;
1121 /* Send pack pipe end 1 to gotsh(1) (expects just an fd, no data). */
1122 if (gotd_imsg_compose_event(&client->iev,
1123 GOTD_IMSG_PACKFILE_PIPE, PROC_SESSION_WRITE, pipe[1],
1124 NULL, 0) == -1)
1125 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
1126 pipe[1] = -1;
1128 if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.pack",
1129 got_repo_get_path(gotd_session.repo), GOT_OBJECTS_PACK_DIR,
1130 client->euid) == -1) {
1131 err = got_error_from_errno("asprintf");
1132 goto done;
1135 err = got_opentemp_named_fd(&pack_path, &packfd, basepath, "");
1136 if (err)
1137 goto done;
1138 if (fchmod(packfd, GOT_DEFAULT_PACK_MODE) == -1) {
1139 err = got_error_from_errno2("fchmod", pack_path);
1140 goto done;
1143 free(basepath);
1144 if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.idx",
1145 got_repo_get_path(gotd_session.repo), GOT_OBJECTS_PACK_DIR,
1146 client->euid) == -1) {
1147 err = got_error_from_errno("asprintf");
1148 basepath = NULL;
1149 goto done;
1151 err = got_opentemp_named_fd(&idx_path, &idxfd, basepath, "");
1152 if (err)
1153 goto done;
1154 if (fchmod(idxfd, GOT_DEFAULT_PACK_MODE) == -1) {
1155 err = got_error_from_errno2("fchmod", idx_path);
1156 goto done;
1159 if (gotd_imsg_compose_event(&gotd_session.repo_child_iev,
1160 GOTD_IMSG_PACKIDX_FILE, PROC_SESSION_WRITE,
1161 idxfd, NULL, 0) == -1) {
1162 err = got_error_from_errno("imsg compose PACKIDX_FILE");
1163 idxfd = -1;
1164 goto done;
1166 idxfd = -1;
1168 memset(&ipack, 0, sizeof(ipack));
1169 if (client_has_capability(client, GOT_CAPA_REPORT_STATUS))
1170 ipack.report_status = 1;
1172 if (gotd_imsg_compose_event(&gotd_session.repo_child_iev,
1173 GOTD_IMSG_RECV_PACKFILE, PROC_SESSION_WRITE, packfd,
1174 &ipack, sizeof(ipack)) == -1) {
1175 err = got_error_from_errno("imsg compose RECV_PACKFILE");
1176 packfd = -1;
1177 goto done;
1179 packfd = -1;
1181 done:
1182 free(basepath);
1183 if (pipe[0] != -1 && close(pipe[0]) == -1 && err == NULL)
1184 err = got_error_from_errno("close");
1185 if (pipe[1] != -1 && close(pipe[1]) == -1 && err == NULL)
1186 err = got_error_from_errno("close");
1187 if (packfd != -1 && close(packfd) == -1 && err == NULL)
1188 err = got_error_from_errno("close");
1189 if (idxfd != -1 && close(idxfd) == -1 && err == NULL)
1190 err = got_error_from_errno("close");
1191 if (err) {
1192 free(pack_path);
1193 free(idx_path);
1194 } else {
1195 client->packfile_path = pack_path;
1196 client->packidx_path = idx_path;
1198 return err;
1201 static void
1202 session_dispatch_client(int fd, short events, void *arg)
1204 struct gotd_imsgev *iev = arg;
1205 struct imsgbuf *ibuf = &iev->ibuf;
1206 struct gotd_session_client *client = &gotd_session_client;
1207 const struct got_error *err = NULL;
1208 struct imsg imsg;
1209 ssize_t n;
1211 if (events & EV_WRITE) {
1212 while (ibuf->w.queued) {
1213 n = msgbuf_write(&ibuf->w);
1214 if (n == -1 && errno == EPIPE) {
1216 * The client has closed its socket.
1217 * This can happen when Git clients are
1218 * done sending pack file data.
1220 msgbuf_clear(&ibuf->w);
1221 continue;
1222 } else if (n == -1 && errno != EAGAIN) {
1223 err = got_error_from_errno("imsg_flush");
1224 disconnect_on_error(client, err);
1225 return;
1227 if (n == 0) {
1228 /* Connection closed. */
1229 err = got_error(GOT_ERR_EOF);
1230 disconnect_on_error(client, err);
1231 return;
1235 if (client->flush_disconnect) {
1236 disconnect(client);
1237 return;
1241 if ((events & EV_READ) == 0)
1242 return;
1244 memset(&imsg, 0, sizeof(imsg));
1246 while (err == NULL) {
1247 err = gotd_imsg_recv(&imsg, ibuf, 0);
1248 if (err) {
1249 if (err->code == GOT_ERR_PRIVSEP_READ)
1250 err = NULL;
1251 else if (err->code == GOT_ERR_EOF &&
1252 gotd_session.state ==
1253 GOTD_STATE_EXPECT_CAPABILITIES) {
1255 * The client has closed its socket before
1256 * sending its capability announcement.
1257 * This can happen when Git clients have
1258 * no ref-updates to send.
1260 disconnect_on_error(client, err);
1261 return;
1263 break;
1266 evtimer_del(&client->tmo);
1268 switch (imsg.hdr.type) {
1269 case GOTD_IMSG_CAPABILITIES:
1270 if (gotd_session.state !=
1271 GOTD_STATE_EXPECT_CAPABILITIES) {
1272 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1273 "unexpected capabilities received");
1274 break;
1276 log_debug("receiving capabilities from uid %d",
1277 client->euid);
1278 err = recv_capabilities(client, &imsg);
1279 break;
1280 case GOTD_IMSG_CAPABILITY:
1281 if (gotd_session.state != GOTD_STATE_EXPECT_CAPABILITIES) {
1282 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1283 "unexpected capability received");
1284 break;
1286 err = recv_capability(client, &imsg);
1287 if (err || client->ncapabilities < client->ncapa_alloc)
1288 break;
1289 gotd_session.state = GOTD_STATE_EXPECT_REF_UPDATE;
1290 client->accept_flush_pkt = 1;
1291 log_debug("uid %d: expecting ref-update-lines",
1292 client->euid);
1293 break;
1294 case GOTD_IMSG_REF_UPDATE:
1295 if (gotd_session.state != GOTD_STATE_EXPECT_REF_UPDATE &&
1296 gotd_session.state !=
1297 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1298 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1299 "unexpected ref-update-line received");
1300 break;
1302 log_debug("received ref-update-line from uid %d",
1303 client->euid);
1304 err = forward_ref_update(client, &imsg);
1305 if (err)
1306 break;
1307 gotd_session.state = GOTD_STATE_EXPECT_MORE_REF_UPDATES;
1308 client->accept_flush_pkt = 1;
1309 break;
1310 case GOTD_IMSG_FLUSH:
1311 if (gotd_session.state !=
1312 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1313 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1314 "unexpected flush-pkt received");
1315 break;
1317 if (!client->accept_flush_pkt) {
1318 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1319 "unexpected flush-pkt received");
1320 break;
1324 * Accept just one flush packet at a time.
1325 * Future client state transitions will set this flag
1326 * again if another flush packet is expected.
1328 client->accept_flush_pkt = 0;
1330 log_debug("received flush-pkt from uid %d",
1331 client->euid);
1332 if (gotd_session.state ==
1333 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1334 gotd_session.state = GOTD_STATE_EXPECT_PACKFILE;
1335 log_debug("uid %d: expecting packfile",
1336 client->euid);
1337 err = recv_packfile(client);
1338 } else {
1339 /* should not happen, see above */
1340 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1341 "unexpected client state");
1342 break;
1344 break;
1345 default:
1346 log_debug("unexpected imsg %d", imsg.hdr.type);
1347 err = got_error(GOT_ERR_PRIVSEP_MSG);
1348 break;
1351 imsg_free(&imsg);
1354 if (err) {
1355 if (err->code != GOT_ERR_EOF ||
1356 (gotd_session.state != GOTD_STATE_EXPECT_PACKFILE &&
1357 gotd_session.state != GOTD_STATE_NOTIFY))
1358 disconnect_on_error(client, err);
1359 } else {
1360 gotd_imsg_event_add(iev);
1361 evtimer_add(&client->tmo, &gotd_session.request_timeout);
1365 static const struct got_error *
1366 list_refs_request(void)
1368 static const struct got_error *err;
1369 struct gotd_session_client *client = &gotd_session_client;
1370 struct gotd_imsgev *iev = &gotd_session.repo_child_iev;
1371 int fd;
1373 if (gotd_session.state != GOTD_STATE_EXPECT_LIST_REFS)
1374 return got_error(GOT_ERR_PRIVSEP_MSG);
1376 fd = dup(client->fd);
1377 if (fd == -1)
1378 return got_error_from_errno("dup");
1380 if (gotd_imsg_compose_event(iev, GOTD_IMSG_LIST_REFS_INTERNAL,
1381 PROC_SESSION_WRITE, fd, NULL, 0) == -1) {
1382 err = got_error_from_errno("imsg compose LIST_REFS_INTERNAL");
1383 close(fd);
1384 return err;
1387 gotd_session.state = GOTD_STATE_EXPECT_CAPABILITIES;
1388 log_debug("uid %d: expecting capabilities", client->euid);
1389 return NULL;
1392 static const struct got_error *
1393 recv_connect(struct imsg *imsg)
1395 struct gotd_session_client *client = &gotd_session_client;
1396 struct gotd_imsg_connect iconnect;
1397 size_t datalen;
1399 if (gotd_session.state != GOTD_STATE_EXPECT_LIST_REFS)
1400 return got_error(GOT_ERR_PRIVSEP_MSG);
1402 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1403 if (datalen < sizeof(iconnect))
1404 return got_error(GOT_ERR_PRIVSEP_LEN);
1405 memcpy(&iconnect, imsg->data, sizeof(iconnect));
1406 if (iconnect.username_len == 0 ||
1407 datalen != sizeof(iconnect) + iconnect.username_len)
1408 return got_error(GOT_ERR_PRIVSEP_LEN);
1410 client->euid = iconnect.euid;
1411 client->egid = iconnect.egid;
1412 client->fd = imsg_get_fd(imsg);
1413 if (client->fd == -1)
1414 return got_error(GOT_ERR_PRIVSEP_NO_FD);
1416 client->username = strndup(imsg->data + sizeof(iconnect),
1417 iconnect.username_len);
1418 if (client->username == NULL)
1419 return got_error_from_errno("strndup");
1421 imsg_init(&client->iev.ibuf, client->fd);
1422 client->iev.handler = session_dispatch_client;
1423 client->iev.events = EV_READ;
1424 client->iev.handler_arg = NULL;
1425 event_set(&client->iev.ev, client->iev.ibuf.fd, EV_READ,
1426 session_dispatch_client, &client->iev);
1427 gotd_imsg_event_add(&client->iev);
1428 evtimer_set(&client->tmo, gotd_request_timeout, client);
1429 evtimer_add(&client->tmo, &gotd_session.request_timeout);
1431 return NULL;
1434 static void
1435 session_dispatch_notifier(int fd, short event, void *arg)
1437 const struct got_error *err;
1438 struct gotd_session_client *client = &gotd_session_client;
1439 struct gotd_imsgev *iev = arg;
1440 struct imsgbuf *ibuf = &iev->ibuf;
1441 ssize_t n;
1442 int shut = 0;
1443 struct imsg imsg;
1444 struct gotd_session_notif *notif;
1446 if (event & EV_READ) {
1447 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
1448 fatal("imsg_read error");
1449 if (n == 0) {
1450 /* Connection closed. */
1451 shut = 1;
1452 goto done;
1456 if (event & EV_WRITE) {
1457 n = msgbuf_write(&ibuf->w);
1458 if (n == -1 && errno != EAGAIN)
1459 fatal("msgbuf_write");
1460 if (n == 0) {
1461 /* Connection closed. */
1462 shut = 1;
1463 goto done;
1467 for (;;) {
1468 if ((n = imsg_get(ibuf, &imsg)) == -1)
1469 fatal("%s: imsg_get error", __func__);
1470 if (n == 0) /* No more messages. */
1471 break;
1473 switch (imsg.hdr.type) {
1474 case GOTD_IMSG_NOTIFICATION_SENT:
1475 if (gotd_session.state != GOTD_STATE_NOTIFY) {
1476 log_warn("unexpected imsg %d", imsg.hdr.type);
1477 break;
1479 notif = STAILQ_FIRST(&notifications);
1480 if (notif == NULL) {
1481 disconnect(client);
1482 break; /* NOTREACHED */
1484 /* Request content for the next notification. */
1485 err = request_notification(notif);
1486 if (err) {
1487 log_warn("could not send notification: %s",
1488 err->msg);
1489 disconnect(client);
1491 break;
1492 default:
1493 log_debug("unexpected imsg %d", imsg.hdr.type);
1494 break;
1497 imsg_free(&imsg);
1499 done:
1500 if (!shut) {
1501 gotd_imsg_event_add(iev);
1502 } else {
1503 /* This pipe is dead. Remove its event handler */
1504 event_del(&iev->ev);
1505 imsg_clear(&iev->ibuf);
1506 imsg_init(&iev->ibuf, -1);
1510 static const struct got_error *
1511 recv_notifier(struct imsg *imsg)
1513 struct gotd_imsgev *iev = &gotd_session.notifier_iev;
1514 struct gotd_session_client *client = &gotd_session_client;
1515 size_t datalen;
1516 int fd;
1518 if (gotd_session.state != GOTD_STATE_EXPECT_LIST_REFS)
1519 return got_error(GOT_ERR_PRIVSEP_MSG);
1521 /* We should already have received a pipe to the listener. */
1522 if (client->fd == -1)
1523 return got_error(GOT_ERR_PRIVSEP_MSG);
1525 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1526 if (datalen != 0)
1527 return got_error(GOT_ERR_PRIVSEP_LEN);
1529 fd = imsg_get_fd(imsg);
1530 if (fd == -1)
1531 return NULL; /* notifications unused */
1533 imsg_init(&iev->ibuf, fd);
1534 iev->handler = session_dispatch_notifier;
1535 iev->events = EV_READ;
1536 iev->handler_arg = NULL;
1537 event_set(&iev->ev, iev->ibuf.fd, EV_READ,
1538 session_dispatch_notifier, iev);
1539 gotd_imsg_event_add(iev);
1541 return NULL;
1544 static const struct got_error *
1545 recv_repo_child(struct imsg *imsg)
1547 struct gotd_imsg_connect_repo_child ichild;
1548 struct gotd_session_client *client = &gotd_session_client;
1549 size_t datalen;
1550 int fd;
1552 if (gotd_session.state != GOTD_STATE_EXPECT_LIST_REFS)
1553 return got_error(GOT_ERR_PRIVSEP_MSG);
1555 /* We should already have received a pipe to the listener. */
1556 if (client->fd == -1)
1557 return got_error(GOT_ERR_PRIVSEP_MSG);
1559 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1560 if (datalen != sizeof(ichild))
1561 return got_error(GOT_ERR_PRIVSEP_LEN);
1563 memcpy(&ichild, imsg->data, sizeof(ichild));
1565 if (ichild.proc_id != PROC_REPO_WRITE)
1566 return got_error_msg(GOT_ERR_PRIVSEP_MSG,
1567 "bad child process type");
1569 fd = imsg_get_fd(imsg);
1570 if (fd == -1)
1571 return got_error(GOT_ERR_PRIVSEP_NO_FD);
1573 imsg_init(&gotd_session.repo_child_iev.ibuf, fd);
1574 gotd_session.repo_child_iev.handler = session_dispatch_repo_child;
1575 gotd_session.repo_child_iev.events = EV_READ;
1576 gotd_session.repo_child_iev.handler_arg = NULL;
1577 event_set(&gotd_session.repo_child_iev.ev,
1578 gotd_session.repo_child_iev.ibuf.fd, EV_READ,
1579 session_dispatch_repo_child, &gotd_session.repo_child_iev);
1580 gotd_imsg_event_add(&gotd_session.repo_child_iev);
1582 /* The "recvfd" pledge promise is no longer needed. */
1583 if (pledge("stdio rpath wpath cpath sendfd fattr flock", NULL) == -1)
1584 fatal("pledge");
1586 return NULL;
1589 static void
1590 session_dispatch(int fd, short event, void *arg)
1592 struct gotd_imsgev *iev = arg;
1593 struct imsgbuf *ibuf = &iev->ibuf;
1594 struct gotd_session_client *client = &gotd_session_client;
1595 ssize_t n;
1596 int shut = 0;
1597 struct imsg imsg;
1599 if (event & EV_READ) {
1600 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
1601 fatal("imsg_read error");
1602 if (n == 0) {
1603 /* Connection closed. */
1604 shut = 1;
1605 goto done;
1609 if (event & EV_WRITE) {
1610 n = msgbuf_write(&ibuf->w);
1611 if (n == -1 && errno != EAGAIN)
1612 fatal("msgbuf_write");
1613 if (n == 0) {
1614 /* Connection closed. */
1615 shut = 1;
1616 goto done;
1620 for (;;) {
1621 const struct got_error *err = NULL;
1622 uint32_t client_id = 0;
1623 int do_disconnect = 0, do_list_refs = 0;
1625 if ((n = imsg_get(ibuf, &imsg)) == -1)
1626 fatal("%s: imsg_get error", __func__);
1627 if (n == 0) /* No more messages. */
1628 break;
1630 switch (imsg.hdr.type) {
1631 case GOTD_IMSG_ERROR:
1632 do_disconnect = 1;
1633 err = gotd_imsg_recv_error(&client_id, &imsg);
1634 break;
1635 case GOTD_IMSG_CONNECT:
1636 err = recv_connect(&imsg);
1637 break;
1638 case GOTD_IMSG_DISCONNECT:
1639 do_disconnect = 1;
1640 break;
1641 case GOTD_IMSG_CONNECT_NOTIFIER:
1642 err = recv_notifier(&imsg);
1643 break;
1644 case GOTD_IMSG_CONNECT_REPO_CHILD:
1645 err = recv_repo_child(&imsg);
1646 if (err)
1647 break;
1648 do_list_refs = 1;
1649 break;
1650 default:
1651 log_debug("unexpected imsg %d", imsg.hdr.type);
1652 break;
1654 imsg_free(&imsg);
1656 if (do_disconnect) {
1657 if (err)
1658 disconnect_on_error(client, err);
1659 else
1660 disconnect(client);
1661 } else if (do_list_refs)
1662 err = list_refs_request();
1664 if (err)
1665 log_warnx("uid %d: %s", client->euid, err->msg);
1667 done:
1668 if (!shut) {
1669 gotd_imsg_event_add(iev);
1670 } else {
1671 /* This pipe is dead. Remove its event handler */
1672 event_del(&iev->ev);
1673 event_loopexit(NULL);
1677 void
1678 session_write_main(const char *title, const char *repo_path,
1679 int *pack_fds, int *temp_fds, struct timeval *request_timeout,
1680 struct gotd_repo *repo_cfg)
1682 const struct got_error *err = NULL;
1683 struct event evsigint, evsigterm, evsighup, evsigusr1;
1685 STAILQ_INIT(&notifications);
1687 gotd_session.title = title;
1688 gotd_session.pid = getpid();
1689 gotd_session.pack_fds = pack_fds;
1690 gotd_session.temp_fds = temp_fds;
1691 memcpy(&gotd_session.request_timeout, request_timeout,
1692 sizeof(gotd_session.request_timeout));
1693 gotd_session.repo_cfg = repo_cfg;
1695 imsg_init(&gotd_session.notifier_iev.ibuf, -1);
1697 err = got_repo_open(&gotd_session.repo, repo_path, NULL, pack_fds);
1698 if (err)
1699 goto done;
1700 if (!got_repo_is_bare(gotd_session.repo)) {
1701 err = got_error_msg(GOT_ERR_NOT_GIT_REPO,
1702 "bare git repository required");
1703 goto done;
1705 if (got_repo_get_object_format(gotd_session.repo) != GOT_HASH_SHA1) {
1706 err = got_error_msg(GOT_ERR_NOT_IMPL,
1707 "sha256 object IDs unsupported in network protocol");
1708 goto done;
1711 got_repo_temp_fds_set(gotd_session.repo, temp_fds);
1713 signal_set(&evsigint, SIGINT, session_write_sighdlr, NULL);
1714 signal_set(&evsigterm, SIGTERM, session_write_sighdlr, NULL);
1715 signal_set(&evsighup, SIGHUP, session_write_sighdlr, NULL);
1716 signal_set(&evsigusr1, SIGUSR1, session_write_sighdlr, NULL);
1717 signal(SIGPIPE, SIG_IGN);
1719 signal_add(&evsigint, NULL);
1720 signal_add(&evsigterm, NULL);
1721 signal_add(&evsighup, NULL);
1722 signal_add(&evsigusr1, NULL);
1724 gotd_session.state = GOTD_STATE_EXPECT_LIST_REFS;
1726 gotd_session_client.fd = -1;
1727 gotd_session_client.nref_updates = -1;
1728 gotd_session_client.delta_cache_fd = -1;
1729 gotd_session_client.accept_flush_pkt = 1;
1731 imsg_init(&gotd_session.parent_iev.ibuf, GOTD_FILENO_MSG_PIPE);
1732 gotd_session.parent_iev.handler = session_dispatch;
1733 gotd_session.parent_iev.events = EV_READ;
1734 gotd_session.parent_iev.handler_arg = NULL;
1735 event_set(&gotd_session.parent_iev.ev, gotd_session.parent_iev.ibuf.fd,
1736 EV_READ, session_dispatch, &gotd_session.parent_iev);
1737 if (gotd_imsg_compose_event(&gotd_session.parent_iev,
1738 GOTD_IMSG_CLIENT_SESSION_READY, PROC_SESSION_WRITE,
1739 -1, NULL, 0) == -1) {
1740 err = got_error_from_errno("imsg compose CLIENT_SESSION_READY");
1741 goto done;
1744 event_dispatch();
1745 done:
1746 if (err)
1747 log_warnx("%s: %s", title, err->msg);
1748 session_write_shutdown();
1751 static void
1752 session_write_shutdown(void)
1754 struct gotd_session_notif *notif;
1756 log_debug("%s: shutting down", gotd_session.title);
1758 while (!STAILQ_EMPTY(&notifications)) {
1759 notif = STAILQ_FIRST(&notifications);
1760 STAILQ_REMOVE_HEAD(&notifications, entry);
1761 if (notif->fd != -1)
1762 close(notif->fd);
1763 free(notif->refname);
1764 free(notif);
1767 if (gotd_session.repo)
1768 got_repo_close(gotd_session.repo);
1769 got_repo_pack_fds_close(gotd_session.pack_fds);
1770 got_repo_temp_fds_close(gotd_session.temp_fds);
1771 free(gotd_session_client.username);
1772 exit(0);