2 * Copyright (c) 2018, 2019, 2020 Stefan Sperling <stsp@openbsd.org>
3 * Copyright (c) 2020 Ori Bernstein <ori@openbsd.org>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 #include <sys/types.h>
19 #include <sys/queue.h>
37 #include "got_object.h"
38 #include "got_error.h"
40 #include "got_repository.h"
42 #include "got_lib_sha1.h"
43 #include "got_lib_delta.h"
44 #include "got_lib_inflate.h"
45 #include "got_lib_object.h"
46 #include "got_lib_object_parse.h"
47 #include "got_lib_privsep.h"
48 #include "got_lib_pack.h"
51 #define MIN(_a,_b) ((_a) < (_b) ? (_a) : (_b))
55 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
58 static const struct got_error *
59 poll_fd(int fd, int events, int timeout)
65 pfd[0].events = events;
67 n = poll(pfd, 1, timeout);
69 return got_error_from_errno("poll");
71 return got_error(GOT_ERR_TIMEOUT);
72 if (pfd[0].revents & (POLLERR | POLLNVAL))
73 return got_error_from_errno("poll error");
74 if (pfd[0].revents & (events | POLLHUP))
77 return got_error(GOT_ERR_INTERRUPT);
80 static const struct got_error *
81 read_imsg(struct imsgbuf *ibuf)
83 const struct got_error *err;
86 err = poll_fd(ibuf->fd, POLLIN, INFTIM);
92 if (errno == EAGAIN) /* Could be a file-descriptor leak. */
93 return got_error(GOT_ERR_PRIVSEP_NO_FD);
94 return got_error(GOT_ERR_PRIVSEP_READ);
97 return got_error(GOT_ERR_PRIVSEP_PIPE);
102 const struct got_error *
103 got_privsep_wait_for_child(pid_t pid)
107 if (waitpid(pid, &child_status, 0) == -1)
108 return got_error_from_errno("waitpid");
110 if (!WIFEXITED(child_status))
111 return got_error(GOT_ERR_PRIVSEP_DIED);
113 if (WEXITSTATUS(child_status) != 0)
114 return got_error(GOT_ERR_PRIVSEP_EXIT);
119 static const struct got_error *
120 recv_imsg_error(struct imsg *imsg, size_t datalen)
122 struct got_imsg_error *ierr;
124 if (datalen != sizeof(*ierr))
125 return got_error(GOT_ERR_PRIVSEP_LEN);
128 if (ierr->code == GOT_ERR_ERRNO) {
129 static struct got_error serr;
130 serr.code = GOT_ERR_ERRNO;
131 serr.msg = strerror(ierr->errno_code);
135 return got_error(ierr->code);
138 const struct got_error *
139 got_privsep_recv_imsg(struct imsg *imsg, struct imsgbuf *ibuf,
142 const struct got_error *err;
145 n = imsg_get(ibuf, imsg);
147 return got_error_from_errno("imsg_get");
150 err = read_imsg(ibuf);
153 n = imsg_get(ibuf, imsg);
155 return got_error_from_errno("imsg_get");
158 if (imsg->hdr.len < IMSG_HEADER_SIZE + min_datalen)
159 return got_error(GOT_ERR_PRIVSEP_LEN);
161 if (imsg->hdr.type == GOT_IMSG_ERROR) {
162 size_t datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
163 return recv_imsg_error(imsg, datalen);
169 /* Attempt to send an error in an imsg. Complain on stderr as a last resort. */
171 got_privsep_send_error(struct imsgbuf *ibuf, const struct got_error *err)
173 const struct got_error *poll_err;
174 struct got_imsg_error ierr;
177 ierr.code = err->code;
178 if (err->code == GOT_ERR_ERRNO)
179 ierr.errno_code = errno;
182 ret = imsg_compose(ibuf, GOT_IMSG_ERROR, 0, 0, -1, &ierr, sizeof(ierr));
184 fprintf(stderr, "%s: error %d \"%s\": imsg_compose: %s\n",
185 getprogname(), err->code, err->msg, strerror(errno));
189 poll_err = poll_fd(ibuf->fd, POLLOUT, INFTIM);
191 fprintf(stderr, "%s: error %d \"%s\": poll: %s\n",
192 getprogname(), err->code, err->msg, poll_err->msg);
196 ret = imsg_flush(ibuf);
198 fprintf(stderr, "%s: error %d \"%s\": imsg_flush: %s\n",
199 getprogname(), err->code, err->msg, strerror(errno));
204 static const struct got_error *
205 flush_imsg(struct imsgbuf *ibuf)
207 const struct got_error *err;
209 err = poll_fd(ibuf->fd, POLLOUT, INFTIM);
213 if (imsg_flush(ibuf) == -1)
214 return got_error_from_errno("imsg_flush");
219 const struct got_error *
220 got_privsep_flush_imsg(struct imsgbuf *ibuf)
222 return flush_imsg(ibuf);
225 const struct got_error *
226 got_privsep_send_stop(int fd)
228 const struct got_error *err = NULL;
231 imsg_init(&ibuf, fd);
233 if (imsg_compose(&ibuf, GOT_IMSG_STOP, 0, 0, -1, NULL, 0) == -1)
234 return got_error_from_errno("imsg_compose STOP");
236 err = flush_imsg(&ibuf);
241 const struct got_error *
242 got_privsep_send_obj_req(struct imsgbuf *ibuf, int fd)
244 if (imsg_compose(ibuf, GOT_IMSG_OBJECT_REQUEST, 0, 0, fd, NULL, 0)
246 return got_error_from_errno("imsg_compose OBJECT_REQUEST");
248 return flush_imsg(ibuf);
251 const struct got_error *
252 got_privsep_send_commit_req(struct imsgbuf *ibuf, int fd,
253 struct got_object_id *id, int pack_idx)
255 const struct got_error *err = NULL;
256 struct got_imsg_packed_object iobj, *iobjp;
259 if (id) { /* commit is packed */
261 memcpy(iobj.id, id->sha1, sizeof(iobj.id));
269 if (imsg_compose(ibuf, GOT_IMSG_COMMIT_REQUEST, 0, 0, fd, iobjp, len)
271 err = got_error_from_errno("imsg_compose COMMIT_REQUEST");
276 return flush_imsg(ibuf);
279 const struct got_error *
280 got_privsep_send_tree_req(struct imsgbuf *ibuf, int fd,
281 struct got_object_id *id, int pack_idx)
283 const struct got_error *err = NULL;
285 size_t len = id ? sizeof(struct got_imsg_packed_object) : 0;
287 wbuf = imsg_create(ibuf, GOT_IMSG_TREE_REQUEST, 0, 0, len);
289 return got_error_from_errno("imsg_create TREE_REQUEST");
291 if (id) { /* tree is packed */
292 if (imsg_add(wbuf, id->sha1, SHA1_DIGEST_LENGTH) == -1) {
293 err = got_error_from_errno("imsg_add TREE_ENTRY");
298 if (imsg_add(wbuf, &pack_idx, sizeof(pack_idx)) == -1) {
299 err = got_error_from_errno("imsg_add TREE_ENTRY");
306 imsg_close(ibuf, wbuf);
308 return flush_imsg(ibuf);
311 const struct got_error *
312 got_privsep_send_tag_req(struct imsgbuf *ibuf, int fd,
313 struct got_object_id *id, int pack_idx)
315 struct got_imsg_packed_object iobj, *iobjp;
318 if (id) { /* tag is packed */
320 memcpy(iobj.id, id->sha1, sizeof(iobj.id));
328 if (imsg_compose(ibuf, GOT_IMSG_TAG_REQUEST, 0, 0, fd, iobjp, len)
330 return got_error_from_errno("imsg_compose TAG_REQUEST");
332 return flush_imsg(ibuf);
335 const struct got_error *
336 got_privsep_send_blob_req(struct imsgbuf *ibuf, int infd,
337 struct got_object_id *id, int pack_idx)
339 const struct got_error *err = NULL;
340 struct got_imsg_packed_object iobj, *iobjp;
343 if (id) { /* blob is packed */
345 memcpy(iobj.id, id->sha1, sizeof(iobj.id));
353 if (imsg_compose(ibuf, GOT_IMSG_BLOB_REQUEST, 0, 0, infd, iobjp, len)
355 err = got_error_from_errno("imsg_compose BLOB_REQUEST");
360 return flush_imsg(ibuf);
363 const struct got_error *
364 got_privsep_send_blob_outfd(struct imsgbuf *ibuf, int outfd)
366 const struct got_error *err = NULL;
368 if (imsg_compose(ibuf, GOT_IMSG_BLOB_OUTFD, 0, 0, outfd, NULL, 0)
370 err = got_error_from_errno("imsg_compose BLOB_OUTFD");
375 return flush_imsg(ibuf);
378 static const struct got_error *
379 send_fd(struct imsgbuf *ibuf, int imsg_code, int fd)
381 const struct got_error *err = NULL;
383 if (imsg_compose(ibuf, imsg_code, 0, 0, fd, NULL, 0) == -1) {
384 err = got_error_from_errno("imsg_compose TMPFD");
389 return flush_imsg(ibuf);
392 const struct got_error *
393 got_privsep_send_tmpfd(struct imsgbuf *ibuf, int fd)
395 return send_fd(ibuf, GOT_IMSG_TMPFD, fd);
398 const struct got_error *
399 got_privsep_send_obj(struct imsgbuf *ibuf, struct got_object *obj)
401 struct got_imsg_object iobj;
403 memcpy(iobj.id, obj->id.sha1, sizeof(iobj.id));
404 iobj.type = obj->type;
405 iobj.flags = obj->flags;
406 iobj.hdrlen = obj->hdrlen;
407 iobj.size = obj->size;
408 if (iobj.flags & GOT_OBJ_FLAG_PACKED) {
409 iobj.pack_offset = obj->pack_offset;
410 iobj.pack_idx = obj->pack_idx;
413 if (imsg_compose(ibuf, GOT_IMSG_OBJECT, 0, 0, -1, &iobj, sizeof(iobj))
415 return got_error_from_errno("imsg_compose OBJECT");
417 return flush_imsg(ibuf);
420 const struct got_error *
421 got_privsep_send_fetch_req(struct imsgbuf *ibuf, int fd,
422 struct got_pathlist_head *have_refs, int fetch_all_branches,
423 struct got_pathlist_head *wanted_branches,
424 struct got_pathlist_head *wanted_refs, int list_refs_only, int verbosity)
426 const struct got_error *err = NULL;
429 struct got_pathlist_entry *pe;
430 struct got_imsg_fetch_request fetchreq;
432 memset(&fetchreq, 0, sizeof(fetchreq));
433 fetchreq.fetch_all_branches = fetch_all_branches;
434 fetchreq.list_refs_only = list_refs_only;
435 fetchreq.verbosity = verbosity;
436 TAILQ_FOREACH(pe, have_refs, entry)
437 fetchreq.n_have_refs++;
438 TAILQ_FOREACH(pe, wanted_branches, entry)
439 fetchreq.n_wanted_branches++;
440 TAILQ_FOREACH(pe, wanted_refs, entry)
441 fetchreq.n_wanted_refs++;
442 len = sizeof(struct got_imsg_fetch_request);
443 if (len >= MAX_IMSGSIZE - IMSG_HEADER_SIZE) {
445 return got_error(GOT_ERR_NO_SPACE);
448 if (imsg_compose(ibuf, GOT_IMSG_FETCH_REQUEST, 0, 0, fd,
449 &fetchreq, sizeof(fetchreq)) == -1)
450 return got_error_from_errno(
451 "imsg_compose FETCH_SERVER_PROGRESS");
453 err = flush_imsg(ibuf);
460 TAILQ_FOREACH(pe, have_refs, entry) {
461 const char *name = pe->path;
462 size_t name_len = pe->path_len;
463 struct got_object_id *id = pe->data;
465 len = sizeof(struct got_imsg_fetch_have_ref) + name_len;
466 wbuf = imsg_create(ibuf, GOT_IMSG_FETCH_HAVE_REF, 0, 0, len);
468 return got_error_from_errno("imsg_create FETCH_HAVE_REF");
470 /* Keep in sync with struct got_imsg_fetch_have_ref! */
471 if (imsg_add(wbuf, id->sha1, sizeof(id->sha1)) == -1) {
472 err = got_error_from_errno("imsg_add FETCH_HAVE_REF");
476 if (imsg_add(wbuf, &name_len, sizeof(name_len)) == -1) {
477 err = got_error_from_errno("imsg_add FETCH_HAVE_REF");
481 if (imsg_add(wbuf, name, name_len) == -1) {
482 err = got_error_from_errno("imsg_add FETCH_HAVE_REF");
488 imsg_close(ibuf, wbuf);
489 err = flush_imsg(ibuf);
494 TAILQ_FOREACH(pe, wanted_branches, entry) {
495 const char *name = pe->path;
496 size_t name_len = pe->path_len;
498 len = sizeof(struct got_imsg_fetch_wanted_branch) + name_len;
499 wbuf = imsg_create(ibuf, GOT_IMSG_FETCH_WANTED_BRANCH, 0, 0,
502 return got_error_from_errno(
503 "imsg_create FETCH_WANTED_BRANCH");
505 /* Keep in sync with struct got_imsg_fetch_wanted_branch! */
506 if (imsg_add(wbuf, &name_len, sizeof(name_len)) == -1) {
507 err = got_error_from_errno(
508 "imsg_add FETCH_WANTED_BRANCH");
512 if (imsg_add(wbuf, name, name_len) == -1) {
513 err = got_error_from_errno(
514 "imsg_add FETCH_WANTED_BRANCH");
520 imsg_close(ibuf, wbuf);
521 err = flush_imsg(ibuf);
526 TAILQ_FOREACH(pe, wanted_refs, entry) {
527 const char *name = pe->path;
528 size_t name_len = pe->path_len;
530 len = sizeof(struct got_imsg_fetch_wanted_ref) + name_len;
531 wbuf = imsg_create(ibuf, GOT_IMSG_FETCH_WANTED_REF, 0, 0,
534 return got_error_from_errno(
535 "imsg_create FETCH_WANTED_REF");
537 /* Keep in sync with struct got_imsg_fetch_wanted_ref! */
538 if (imsg_add(wbuf, &name_len, sizeof(name_len)) == -1) {
539 err = got_error_from_errno(
540 "imsg_add FETCH_WANTED_REF");
544 if (imsg_add(wbuf, name, name_len) == -1) {
545 err = got_error_from_errno(
546 "imsg_add FETCH_WANTED_REF");
552 imsg_close(ibuf, wbuf);
553 err = flush_imsg(ibuf);
563 const struct got_error *
564 got_privsep_send_fetch_outfd(struct imsgbuf *ibuf, int fd)
566 return send_fd(ibuf, GOT_IMSG_FETCH_OUTFD, fd);
569 const struct got_error *
570 got_privsep_recv_fetch_progress(int *done, struct got_object_id **id,
571 char **refname, struct got_pathlist_head *symrefs, char **server_progress,
572 off_t *packfile_size, uint8_t *pack_sha1, struct imsgbuf *ibuf)
574 const struct got_error *err = NULL;
577 struct got_imsg_fetch_symrefs *isymrefs = NULL;
585 *server_progress = NULL;
587 memset(pack_sha1, 0, SHA1_DIGEST_LENGTH);
589 err = got_privsep_recv_imsg(&imsg, ibuf, 0);
593 datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
594 switch (imsg.hdr.type) {
596 if (datalen < sizeof(struct got_imsg_error)) {
597 err = got_error(GOT_ERR_PRIVSEP_LEN);
600 err = recv_imsg_error(&imsg, datalen);
602 case GOT_IMSG_FETCH_SYMREFS:
603 if (datalen < sizeof(*isymrefs)) {
604 err = got_error(GOT_ERR_PRIVSEP_LEN);
607 if (isymrefs != NULL) {
608 err = got_error(GOT_ERR_PRIVSEP_MSG);
611 isymrefs = (struct got_imsg_fetch_symrefs *)imsg.data;
612 off = sizeof(*isymrefs);
613 remain = datalen - off;
614 for (n = 0; n < isymrefs->nsymrefs; n++) {
615 struct got_imsg_fetch_symref *s;
617 if (remain < sizeof(struct got_imsg_fetch_symref)) {
618 err = got_error(GOT_ERR_PRIVSEP_LEN);
621 s = (struct got_imsg_fetch_symref *)(imsg.data + off);
623 remain -= sizeof(*s);
624 if (remain < s->name_len) {
625 err = got_error(GOT_ERR_PRIVSEP_LEN);
628 name = strndup(imsg.data + off, s->name_len);
630 err = got_error_from_errno("strndup");
634 remain -= s->name_len;
635 if (remain < s->target_len) {
636 err = got_error(GOT_ERR_PRIVSEP_LEN);
640 target = strndup(imsg.data + off, s->target_len);
641 if (target == NULL) {
642 err = got_error_from_errno("strndup");
646 off += s->target_len;
647 remain -= s->target_len;
648 err = got_pathlist_append(symrefs, name, target);
656 case GOT_IMSG_FETCH_REF:
657 if (datalen <= SHA1_DIGEST_LENGTH) {
658 err = got_error(GOT_ERR_PRIVSEP_MSG);
661 *id = malloc(sizeof(**id));
663 err = got_error_from_errno("malloc");
666 memcpy((*id)->sha1, imsg.data, SHA1_DIGEST_LENGTH);
667 *refname = strndup(imsg.data + SHA1_DIGEST_LENGTH,
668 datalen - SHA1_DIGEST_LENGTH);
669 if (*refname == NULL) {
670 err = got_error_from_errno("strndup");
674 case GOT_IMSG_FETCH_SERVER_PROGRESS:
676 err = got_error(GOT_ERR_PRIVSEP_LEN);
679 *server_progress = strndup(imsg.data, datalen);
680 if (*server_progress == NULL) {
681 err = got_error_from_errno("strndup");
684 for (i = 0; i < datalen; i++) {
685 if (!isprint((unsigned char)(*server_progress)[i]) &&
686 !isspace((unsigned char)(*server_progress)[i])) {
687 err = got_error(GOT_ERR_PRIVSEP_MSG);
688 free(*server_progress);
689 *server_progress = NULL;
694 case GOT_IMSG_FETCH_DOWNLOAD_PROGRESS:
695 if (datalen < sizeof(*packfile_size)) {
696 err = got_error(GOT_ERR_PRIVSEP_MSG);
699 memcpy(packfile_size, imsg.data, sizeof(*packfile_size));
701 case GOT_IMSG_FETCH_DONE:
702 if (datalen != SHA1_DIGEST_LENGTH) {
703 err = got_error(GOT_ERR_PRIVSEP_MSG);
706 memcpy(pack_sha1, imsg.data, SHA1_DIGEST_LENGTH);
710 err = got_error(GOT_ERR_PRIVSEP_MSG);
724 const struct got_error *
725 got_privsep_send_index_pack_req(struct imsgbuf *ibuf, uint8_t *pack_sha1,
728 const struct got_error *err = NULL;
730 /* Keep in sync with struct got_imsg_index_pack_request */
731 if (imsg_compose(ibuf, GOT_IMSG_IDXPACK_REQUEST, 0, 0, fd,
732 pack_sha1, SHA1_DIGEST_LENGTH) == -1) {
733 err = got_error_from_errno("imsg_compose INDEX_REQUEST");
737 return flush_imsg(ibuf);
740 const struct got_error *
741 got_privsep_send_index_pack_outfd(struct imsgbuf *ibuf, int fd)
743 return send_fd(ibuf, GOT_IMSG_IDXPACK_OUTFD, fd);
746 const struct got_error *
747 got_privsep_recv_index_progress(int *done, int *nobj_total,
748 int *nobj_indexed, int *nobj_loose, int *nobj_resolved,
749 struct imsgbuf *ibuf)
751 const struct got_error *err = NULL;
753 struct got_imsg_index_pack_progress *iprogress;
761 err = got_privsep_recv_imsg(&imsg, ibuf, 0);
765 datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
766 switch (imsg.hdr.type) {
768 if (datalen < sizeof(struct got_imsg_error)) {
769 err = got_error(GOT_ERR_PRIVSEP_LEN);
772 err = recv_imsg_error(&imsg, datalen);
774 case GOT_IMSG_IDXPACK_PROGRESS:
775 if (datalen < sizeof(*iprogress)) {
776 err = got_error(GOT_ERR_PRIVSEP_LEN);
779 iprogress = (struct got_imsg_index_pack_progress *)imsg.data;
780 *nobj_total = iprogress->nobj_total;
781 *nobj_indexed = iprogress->nobj_indexed;
782 *nobj_loose = iprogress->nobj_loose;
783 *nobj_resolved = iprogress->nobj_resolved;
785 case GOT_IMSG_IDXPACK_DONE:
787 err = got_error(GOT_ERR_PRIVSEP_LEN);
793 err = got_error(GOT_ERR_PRIVSEP_MSG);
801 const struct got_error *
802 got_privsep_get_imsg_obj(struct got_object **obj, struct imsg *imsg,
803 struct imsgbuf *ibuf)
805 const struct got_error *err = NULL;
806 struct got_imsg_object *iobj;
807 size_t datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
809 if (datalen != sizeof(*iobj))
810 return got_error(GOT_ERR_PRIVSEP_LEN);
813 *obj = calloc(1, sizeof(**obj));
815 return got_error_from_errno("calloc");
817 memcpy((*obj)->id.sha1, iobj->id, SHA1_DIGEST_LENGTH);
818 (*obj)->type = iobj->type;
819 (*obj)->flags = iobj->flags;
820 (*obj)->hdrlen = iobj->hdrlen;
821 (*obj)->size = iobj->size;
822 /* path_packfile is handled by caller */
823 if (iobj->flags & GOT_OBJ_FLAG_PACKED) {
824 (*obj)->pack_offset = iobj->pack_offset;
825 (*obj)->pack_idx = iobj->pack_idx;
831 const struct got_error *
832 got_privsep_recv_obj(struct got_object **obj, struct imsgbuf *ibuf)
834 const struct got_error *err = NULL;
836 const size_t min_datalen =
837 MIN(sizeof(struct got_imsg_error), sizeof(struct got_imsg_object));
841 err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen);
845 switch (imsg.hdr.type) {
846 case GOT_IMSG_OBJECT:
847 err = got_privsep_get_imsg_obj(obj, &imsg, ibuf);
850 err = got_error(GOT_ERR_PRIVSEP_MSG);
859 static const struct got_error *
860 send_commit_logmsg(struct imsgbuf *ibuf, struct got_commit_object *commit,
863 const struct got_error *err = NULL;
864 size_t offset, remain;
869 size_t n = MIN(MAX_IMSGSIZE - IMSG_HEADER_SIZE, remain);
871 if (imsg_compose(ibuf, GOT_IMSG_COMMIT_LOGMSG, 0, 0, -1,
872 commit->logmsg + offset, n) == -1) {
873 err = got_error_from_errno("imsg_compose "
878 err = flush_imsg(ibuf);
889 const struct got_error *
890 got_privsep_send_commit(struct imsgbuf *ibuf, struct got_commit_object *commit)
892 const struct got_error *err = NULL;
893 struct got_imsg_commit_object *icommit;
896 struct got_object_qid *qid;
897 size_t author_len = strlen(commit->author);
898 size_t committer_len = strlen(commit->committer);
899 size_t logmsg_len = strlen(commit->logmsg);
901 total = sizeof(*icommit) + author_len + committer_len +
902 commit->nparents * SHA1_DIGEST_LENGTH;
906 return got_error_from_errno("malloc");
908 icommit = (struct got_imsg_commit_object *)buf;
909 memcpy(icommit->tree_id, commit->tree_id->sha1,
910 sizeof(icommit->tree_id));
911 icommit->author_len = author_len;
912 icommit->author_time = commit->author_time;
913 icommit->author_gmtoff = commit->author_gmtoff;
914 icommit->committer_len = committer_len;
915 icommit->committer_time = commit->committer_time;
916 icommit->committer_gmtoff = commit->committer_gmtoff;
917 icommit->logmsg_len = logmsg_len;
918 icommit->nparents = commit->nparents;
920 len = sizeof(*icommit);
921 memcpy(buf + len, commit->author, author_len);
923 memcpy(buf + len, commit->committer, committer_len);
924 len += committer_len;
925 SIMPLEQ_FOREACH(qid, &commit->parent_ids, entry) {
926 memcpy(buf + len, qid->id, SHA1_DIGEST_LENGTH);
927 len += SHA1_DIGEST_LENGTH;
930 if (imsg_compose(ibuf, GOT_IMSG_COMMIT, 0, 0, -1, buf, len) == -1) {
931 err = got_error_from_errno("imsg_compose COMMIT");
935 if (logmsg_len == 0 ||
936 logmsg_len + len > MAX_IMSGSIZE - IMSG_HEADER_SIZE) {
937 err = flush_imsg(ibuf);
941 err = send_commit_logmsg(ibuf, commit, logmsg_len);
947 static const struct got_error *
948 get_commit_from_imsg(struct got_commit_object **commit,
949 struct imsg *imsg, size_t datalen, struct imsgbuf *ibuf)
951 const struct got_error *err = NULL;
952 struct got_imsg_commit_object *icommit;
956 if (datalen < sizeof(*icommit))
957 return got_error(GOT_ERR_PRIVSEP_LEN);
959 icommit = imsg->data;
960 if (datalen != sizeof(*icommit) + icommit->author_len +
961 icommit->committer_len +
962 icommit->nparents * SHA1_DIGEST_LENGTH)
963 return got_error(GOT_ERR_PRIVSEP_LEN);
965 if (icommit->nparents < 0)
966 return got_error(GOT_ERR_PRIVSEP_LEN);
968 len += sizeof(*icommit);
970 *commit = got_object_commit_alloc_partial();
972 return got_error_from_errno(
973 "got_object_commit_alloc_partial");
975 memcpy((*commit)->tree_id->sha1, icommit->tree_id,
977 (*commit)->author_time = icommit->author_time;
978 (*commit)->author_gmtoff = icommit->author_gmtoff;
979 (*commit)->committer_time = icommit->committer_time;
980 (*commit)->committer_gmtoff = icommit->committer_gmtoff;
982 if (icommit->author_len == 0) {
983 (*commit)->author = strdup("");
984 if ((*commit)->author == NULL) {
985 err = got_error_from_errno("strdup");
989 (*commit)->author = malloc(icommit->author_len + 1);
990 if ((*commit)->author == NULL) {
991 err = got_error_from_errno("malloc");
994 memcpy((*commit)->author, imsg->data + len,
995 icommit->author_len);
996 (*commit)->author[icommit->author_len] = '\0';
998 len += icommit->author_len;
1000 if (icommit->committer_len == 0) {
1001 (*commit)->committer = strdup("");
1002 if ((*commit)->committer == NULL) {
1003 err = got_error_from_errno("strdup");
1007 (*commit)->committer =
1008 malloc(icommit->committer_len + 1);
1009 if ((*commit)->committer == NULL) {
1010 err = got_error_from_errno("malloc");
1013 memcpy((*commit)->committer, imsg->data + len,
1014 icommit->committer_len);
1015 (*commit)->committer[icommit->committer_len] = '\0';
1017 len += icommit->committer_len;
1019 if (icommit->logmsg_len == 0) {
1020 (*commit)->logmsg = strdup("");
1021 if ((*commit)->logmsg == NULL) {
1022 err = got_error_from_errno("strdup");
1026 size_t offset = 0, remain = icommit->logmsg_len;
1028 (*commit)->logmsg = malloc(icommit->logmsg_len + 1);
1029 if ((*commit)->logmsg == NULL) {
1030 err = got_error_from_errno("malloc");
1033 while (remain > 0) {
1034 struct imsg imsg_log;
1035 size_t n = MIN(MAX_IMSGSIZE - IMSG_HEADER_SIZE,
1038 err = got_privsep_recv_imsg(&imsg_log, ibuf, n);
1042 if (imsg_log.hdr.type != GOT_IMSG_COMMIT_LOGMSG) {
1043 err = got_error(GOT_ERR_PRIVSEP_MSG);
1047 memcpy((*commit)->logmsg + offset,
1049 imsg_free(&imsg_log);
1053 (*commit)->logmsg[icommit->logmsg_len] = '\0';
1056 for (i = 0; i < icommit->nparents; i++) {
1057 struct got_object_qid *qid;
1059 err = got_object_qid_alloc_partial(&qid);
1062 memcpy(qid->id, imsg->data + len +
1063 i * SHA1_DIGEST_LENGTH, sizeof(*qid->id));
1064 SIMPLEQ_INSERT_TAIL(&(*commit)->parent_ids, qid, entry);
1065 (*commit)->nparents++;
1069 got_object_commit_close(*commit);
1075 const struct got_error *
1076 got_privsep_recv_commit(struct got_commit_object **commit, struct imsgbuf *ibuf)
1078 const struct got_error *err = NULL;
1081 const size_t min_datalen =
1082 MIN(sizeof(struct got_imsg_error),
1083 sizeof(struct got_imsg_commit_object));
1087 err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen);
1091 datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
1093 switch (imsg.hdr.type) {
1094 case GOT_IMSG_COMMIT:
1095 err = get_commit_from_imsg(commit, &imsg, datalen, ibuf);
1098 err = got_error(GOT_ERR_PRIVSEP_MSG);
1107 const struct got_error *
1108 got_privsep_send_tree(struct imsgbuf *ibuf, struct got_pathlist_head *entries,
1111 const struct got_error *err = NULL;
1112 struct got_imsg_tree_object itree;
1113 struct got_pathlist_entry *pe;
1115 int nimsg; /* number of imsg queued in ibuf */
1117 itree.nentries = nentries;
1118 if (imsg_compose(ibuf, GOT_IMSG_TREE, 0, 0, -1, &itree, sizeof(itree))
1120 return got_error_from_errno("imsg_compose TREE");
1122 totlen = sizeof(itree);
1124 TAILQ_FOREACH(pe, entries, entry) {
1125 const char *name = pe->path;
1126 struct got_parsed_tree_entry *pte = pe->data;
1128 size_t namelen = strlen(name);
1129 size_t len = sizeof(struct got_imsg_tree_entry) + namelen;
1131 if (len > MAX_IMSGSIZE)
1132 return got_error(GOT_ERR_NO_SPACE);
1135 if (totlen + len >= MAX_IMSGSIZE - (IMSG_HEADER_SIZE * nimsg)) {
1136 err = flush_imsg(ibuf);
1142 wbuf = imsg_create(ibuf, GOT_IMSG_TREE_ENTRY, 0, 0, len);
1144 return got_error_from_errno("imsg_create TREE_ENTRY");
1146 /* Keep in sync with struct got_imsg_tree_object definition! */
1147 if (imsg_add(wbuf, pte->id, SHA1_DIGEST_LENGTH) == -1) {
1148 err = got_error_from_errno("imsg_add TREE_ENTRY");
1152 if (imsg_add(wbuf, &pte->mode, sizeof(pte->mode)) == -1) {
1153 err = got_error_from_errno("imsg_add TREE_ENTRY");
1158 if (imsg_add(wbuf, name, namelen) == -1) {
1159 err = got_error_from_errno("imsg_add TREE_ENTRY");
1165 imsg_close(ibuf, wbuf);
1170 return flush_imsg(ibuf);
1173 const struct got_error *
1174 got_privsep_recv_tree(struct got_tree_object **tree, struct imsgbuf *ibuf)
1176 const struct got_error *err = NULL;
1177 const size_t min_datalen =
1178 MIN(sizeof(struct got_imsg_error),
1179 sizeof(struct got_imsg_tree_object));
1180 struct got_imsg_tree_object *itree;
1185 err = read_imsg(ibuf);
1193 struct got_imsg_tree_entry *ite;
1194 struct got_tree_entry *te = NULL;
1196 n = imsg_get(ibuf, &imsg);
1198 if (*tree && (*tree)->nentries != nentries)
1203 if (imsg.hdr.len < IMSG_HEADER_SIZE + min_datalen) {
1205 err = got_error(GOT_ERR_PRIVSEP_LEN);
1209 datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
1211 switch (imsg.hdr.type) {
1212 case GOT_IMSG_ERROR:
1213 err = recv_imsg_error(&imsg, datalen);
1216 /* This message should only appear once. */
1217 if (*tree != NULL) {
1218 err = got_error(GOT_ERR_PRIVSEP_MSG);
1221 if (datalen != sizeof(*itree)) {
1222 err = got_error(GOT_ERR_PRIVSEP_LEN);
1226 *tree = malloc(sizeof(**tree));
1227 if (*tree == NULL) {
1228 err = got_error_from_errno("malloc");
1231 (*tree)->entries = calloc(itree->nentries,
1232 sizeof(struct got_tree_entry));
1233 if ((*tree)->entries == NULL) {
1234 err = got_error_from_errno("malloc");
1237 (*tree)->nentries = itree->nentries;
1238 (*tree)->refcnt = 0;
1240 case GOT_IMSG_TREE_ENTRY:
1241 /* This message should be preceeded by GOT_IMSG_TREE. */
1242 if (*tree == NULL) {
1243 err = got_error(GOT_ERR_PRIVSEP_MSG);
1246 if (datalen < sizeof(*ite) || datalen > MAX_IMSGSIZE) {
1247 err = got_error(GOT_ERR_PRIVSEP_LEN);
1251 /* Remaining data contains the entry's name. */
1252 datalen -= sizeof(*ite);
1253 if (datalen == 0 || datalen > MAX_IMSGSIZE) {
1254 err = got_error(GOT_ERR_PRIVSEP_LEN);
1259 if (datalen + 1 > sizeof(te->name)) {
1260 err = got_error(GOT_ERR_NO_SPACE);
1263 te = &(*tree)->entries[nentries];
1264 memcpy(te->name, imsg.data + sizeof(*ite), datalen);
1265 te->name[datalen] = '\0';
1267 memcpy(te->id.sha1, ite->id, SHA1_DIGEST_LENGTH);
1268 te->mode = ite->mode;
1273 err = got_error(GOT_ERR_PRIVSEP_MSG);
1282 if (*tree && (*tree)->nentries != nentries) {
1284 err = got_error(GOT_ERR_PRIVSEP_LEN);
1285 got_object_tree_close(*tree);
1292 const struct got_error *
1293 got_privsep_send_blob(struct imsgbuf *ibuf, size_t size, size_t hdrlen,
1294 const uint8_t *data)
1296 struct got_imsg_blob iblob;
1299 iblob.hdrlen = hdrlen;
1304 if (size > GOT_PRIVSEP_INLINE_BLOB_DATA_MAX)
1305 return got_error(GOT_ERR_NO_SPACE);
1307 buf = malloc(sizeof(iblob) + size);
1309 return got_error_from_errno("malloc");
1311 memcpy(buf, &iblob, sizeof(iblob));
1312 memcpy(buf + sizeof(iblob), data, size);
1313 if (imsg_compose(ibuf, GOT_IMSG_BLOB, 0, 0, -1, buf,
1314 sizeof(iblob) + size) == -1) {
1316 return got_error_from_errno("imsg_compose BLOB");
1320 /* Data has already been written to file descriptor. */
1321 if (imsg_compose(ibuf, GOT_IMSG_BLOB, 0, 0, -1, &iblob,
1322 sizeof(iblob)) == -1)
1323 return got_error_from_errno("imsg_compose BLOB");
1327 return flush_imsg(ibuf);
1330 const struct got_error *
1331 got_privsep_recv_blob(uint8_t **outbuf, size_t *size, size_t *hdrlen,
1332 struct imsgbuf *ibuf)
1334 const struct got_error *err = NULL;
1336 struct got_imsg_blob *iblob;
1341 err = got_privsep_recv_imsg(&imsg, ibuf, 0);
1345 datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
1347 switch (imsg.hdr.type) {
1349 if (datalen < sizeof(*iblob)) {
1350 err = got_error(GOT_ERR_PRIVSEP_LEN);
1354 *size = iblob->size;
1355 *hdrlen = iblob->hdrlen;
1357 if (datalen == sizeof(*iblob)) {
1358 /* Data has been written to file descriptor. */
1362 if (*size > GOT_PRIVSEP_INLINE_BLOB_DATA_MAX) {
1363 err = got_error(GOT_ERR_PRIVSEP_LEN);
1367 *outbuf = malloc(*size);
1368 if (*outbuf == NULL) {
1369 err = got_error_from_errno("malloc");
1372 memcpy(*outbuf, imsg.data + sizeof(*iblob), *size);
1375 err = got_error(GOT_ERR_PRIVSEP_MSG);
1384 static const struct got_error *
1385 send_tagmsg(struct imsgbuf *ibuf, struct got_tag_object *tag, size_t tagmsg_len)
1387 const struct got_error *err = NULL;
1388 size_t offset, remain;
1391 remain = tagmsg_len;
1392 while (remain > 0) {
1393 size_t n = MIN(MAX_IMSGSIZE - IMSG_HEADER_SIZE, remain);
1395 if (imsg_compose(ibuf, GOT_IMSG_TAG_TAGMSG, 0, 0, -1,
1396 tag->tagmsg + offset, n) == -1) {
1397 err = got_error_from_errno("imsg_compose TAG_TAGMSG");
1401 err = flush_imsg(ibuf);
1412 const struct got_error *
1413 got_privsep_send_tag(struct imsgbuf *ibuf, struct got_tag_object *tag)
1415 const struct got_error *err = NULL;
1416 struct got_imsg_tag_object *itag;
1419 size_t tag_len = strlen(tag->tag);
1420 size_t tagger_len = strlen(tag->tagger);
1421 size_t tagmsg_len = strlen(tag->tagmsg);
1423 total = sizeof(*itag) + tag_len + tagger_len + tagmsg_len;
1425 buf = malloc(total);
1427 return got_error_from_errno("malloc");
1429 itag = (struct got_imsg_tag_object *)buf;
1430 memcpy(itag->id, tag->id.sha1, sizeof(itag->id));
1431 itag->obj_type = tag->obj_type;
1432 itag->tag_len = tag_len;
1433 itag->tagger_len = tagger_len;
1434 itag->tagger_time = tag->tagger_time;
1435 itag->tagger_gmtoff = tag->tagger_gmtoff;
1436 itag->tagmsg_len = tagmsg_len;
1438 len = sizeof(*itag);
1439 memcpy(buf + len, tag->tag, tag_len);
1441 memcpy(buf + len, tag->tagger, tagger_len);
1444 if (imsg_compose(ibuf, GOT_IMSG_TAG, 0, 0, -1, buf, len) == -1) {
1445 err = got_error_from_errno("imsg_compose TAG");
1449 if (tagmsg_len == 0 ||
1450 tagmsg_len + len > MAX_IMSGSIZE - IMSG_HEADER_SIZE) {
1451 err = flush_imsg(ibuf);
1455 err = send_tagmsg(ibuf, tag, tagmsg_len);
1461 const struct got_error *
1462 got_privsep_recv_tag(struct got_tag_object **tag, struct imsgbuf *ibuf)
1464 const struct got_error *err = NULL;
1466 struct got_imsg_tag_object *itag;
1467 size_t len, datalen;
1468 const size_t min_datalen =
1469 MIN(sizeof(struct got_imsg_error),
1470 sizeof(struct got_imsg_tag_object));
1474 err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen);
1478 datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
1481 switch (imsg.hdr.type) {
1483 if (datalen < sizeof(*itag)) {
1484 err = got_error(GOT_ERR_PRIVSEP_LEN);
1488 if (datalen != sizeof(*itag) + itag->tag_len +
1490 err = got_error(GOT_ERR_PRIVSEP_LEN);
1493 len += sizeof(*itag);
1495 *tag = calloc(1, sizeof(**tag));
1497 err = got_error_from_errno("calloc");
1501 memcpy((*tag)->id.sha1, itag->id, SHA1_DIGEST_LENGTH);
1503 if (itag->tag_len == 0) {
1504 (*tag)->tag = strdup("");
1505 if ((*tag)->tag == NULL) {
1506 err = got_error_from_errno("strdup");
1510 (*tag)->tag = malloc(itag->tag_len + 1);
1511 if ((*tag)->tag == NULL) {
1512 err = got_error_from_errno("malloc");
1515 memcpy((*tag)->tag, imsg.data + len,
1517 (*tag)->tag[itag->tag_len] = '\0';
1519 len += itag->tag_len;
1521 (*tag)->obj_type = itag->obj_type;
1522 (*tag)->tagger_time = itag->tagger_time;
1523 (*tag)->tagger_gmtoff = itag->tagger_gmtoff;
1525 if (itag->tagger_len == 0) {
1526 (*tag)->tagger = strdup("");
1527 if ((*tag)->tagger == NULL) {
1528 err = got_error_from_errno("strdup");
1532 (*tag)->tagger = malloc(itag->tagger_len + 1);
1533 if ((*tag)->tagger == NULL) {
1534 err = got_error_from_errno("malloc");
1537 memcpy((*tag)->tagger, imsg.data + len,
1539 (*tag)->tagger[itag->tagger_len] = '\0';
1541 len += itag->tagger_len;
1543 if (itag->tagmsg_len == 0) {
1544 (*tag)->tagmsg = strdup("");
1545 if ((*tag)->tagmsg == NULL) {
1546 err = got_error_from_errno("strdup");
1550 size_t offset = 0, remain = itag->tagmsg_len;
1552 (*tag)->tagmsg = malloc(itag->tagmsg_len + 1);
1553 if ((*tag)->tagmsg == NULL) {
1554 err = got_error_from_errno("malloc");
1557 while (remain > 0) {
1558 struct imsg imsg_log;
1559 size_t n = MIN(MAX_IMSGSIZE - IMSG_HEADER_SIZE,
1562 err = got_privsep_recv_imsg(&imsg_log, ibuf, n);
1566 if (imsg_log.hdr.type != GOT_IMSG_TAG_TAGMSG)
1567 return got_error(GOT_ERR_PRIVSEP_MSG);
1569 memcpy((*tag)->tagmsg + offset, imsg_log.data,
1571 imsg_free(&imsg_log);
1575 (*tag)->tagmsg[itag->tagmsg_len] = '\0';
1580 err = got_error(GOT_ERR_PRIVSEP_MSG);
1589 const struct got_error *
1590 got_privsep_init_pack_child(struct imsgbuf *ibuf, struct got_pack *pack,
1591 struct got_packidx *packidx)
1593 const struct got_error *err = NULL;
1594 struct got_imsg_packidx ipackidx;
1595 struct got_imsg_pack ipack;
1598 ipackidx.len = packidx->len;
1599 fd = dup(packidx->fd);
1601 return got_error_from_errno("dup");
1603 if (imsg_compose(ibuf, GOT_IMSG_PACKIDX, 0, 0, fd, &ipackidx,
1604 sizeof(ipackidx)) == -1) {
1605 err = got_error_from_errno("imsg_compose PACKIDX");
1610 if (strlcpy(ipack.path_packfile, pack->path_packfile,
1611 sizeof(ipack.path_packfile)) >= sizeof(ipack.path_packfile))
1612 return got_error(GOT_ERR_NO_SPACE);
1613 ipack.filesize = pack->filesize;
1617 return got_error_from_errno("dup");
1619 if (imsg_compose(ibuf, GOT_IMSG_PACK, 0, 0, fd, &ipack, sizeof(ipack))
1621 err = got_error_from_errno("imsg_compose PACK");
1626 return flush_imsg(ibuf);
1629 const struct got_error *
1630 got_privsep_send_packed_obj_req(struct imsgbuf *ibuf, int idx,
1631 struct got_object_id *id)
1633 struct got_imsg_packed_object iobj;
1636 memcpy(iobj.id, id->sha1, sizeof(iobj.id));
1638 if (imsg_compose(ibuf, GOT_IMSG_PACKED_OBJECT_REQUEST, 0, 0, -1,
1639 &iobj, sizeof(iobj)) == -1)
1640 return got_error_from_errno("imsg_compose "
1641 "PACKED_OBJECT_REQUEST");
1643 return flush_imsg(ibuf);
1646 const struct got_error *
1647 got_privsep_send_gitconfig_parse_req(struct imsgbuf *ibuf, int fd)
1649 const struct got_error *err = NULL;
1651 if (imsg_compose(ibuf, GOT_IMSG_GITCONFIG_PARSE_REQUEST, 0, 0, fd,
1653 err = got_error_from_errno("imsg_compose "
1654 "GITCONFIG_PARSE_REQUEST");
1659 return flush_imsg(ibuf);
1662 const struct got_error *
1663 got_privsep_send_gitconfig_repository_format_version_req(struct imsgbuf *ibuf)
1665 if (imsg_compose(ibuf,
1666 GOT_IMSG_GITCONFIG_REPOSITORY_FORMAT_VERSION_REQUEST, 0, 0, -1,
1668 return got_error_from_errno("imsg_compose "
1669 "GITCONFIG_REPOSITORY_FORMAT_VERSION_REQUEST");
1671 return flush_imsg(ibuf);
1674 const struct got_error *
1675 got_privsep_send_gitconfig_repository_extensions_req(struct imsgbuf *ibuf)
1677 if (imsg_compose(ibuf,
1678 GOT_IMSG_GITCONFIG_REPOSITORY_EXTENSIONS_REQUEST, 0, 0, -1,
1680 return got_error_from_errno("imsg_compose "
1681 "GITCONFIG_REPOSITORY_EXTENSIONS_REQUEST");
1683 return flush_imsg(ibuf);
1687 const struct got_error *
1688 got_privsep_send_gitconfig_author_name_req(struct imsgbuf *ibuf)
1690 if (imsg_compose(ibuf,
1691 GOT_IMSG_GITCONFIG_AUTHOR_NAME_REQUEST, 0, 0, -1, NULL, 0) == -1)
1692 return got_error_from_errno("imsg_compose "
1693 "GITCONFIG_AUTHOR_NAME_REQUEST");
1695 return flush_imsg(ibuf);
1698 const struct got_error *
1699 got_privsep_send_gitconfig_author_email_req(struct imsgbuf *ibuf)
1701 if (imsg_compose(ibuf,
1702 GOT_IMSG_GITCONFIG_AUTHOR_EMAIL_REQUEST, 0, 0, -1, NULL, 0) == -1)
1703 return got_error_from_errno("imsg_compose "
1704 "GITCONFIG_AUTHOR_EMAIL_REQUEST");
1706 return flush_imsg(ibuf);
1709 const struct got_error *
1710 got_privsep_send_gitconfig_remotes_req(struct imsgbuf *ibuf)
1712 if (imsg_compose(ibuf,
1713 GOT_IMSG_GITCONFIG_REMOTES_REQUEST, 0, 0, -1, NULL, 0) == -1)
1714 return got_error_from_errno("imsg_compose "
1715 "GITCONFIG_REMOTE_REQUEST");
1717 return flush_imsg(ibuf);
1720 const struct got_error *
1721 got_privsep_send_gitconfig_owner_req(struct imsgbuf *ibuf)
1723 if (imsg_compose(ibuf,
1724 GOT_IMSG_GITCONFIG_OWNER_REQUEST, 0, 0, -1, NULL, 0) == -1)
1725 return got_error_from_errno("imsg_compose "
1726 "GITCONFIG_OWNER_REQUEST");
1728 return flush_imsg(ibuf);
1731 const struct got_error *
1732 got_privsep_recv_gitconfig_str(char **str, struct imsgbuf *ibuf)
1734 const struct got_error *err = NULL;
1737 const size_t min_datalen = 0;
1741 err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen);
1744 datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
1746 switch (imsg.hdr.type) {
1747 case GOT_IMSG_GITCONFIG_STR_VAL:
1750 /* datalen does not include terminating \0 */
1751 *str = malloc(datalen + 1);
1753 err = got_error_from_errno("malloc");
1756 memcpy(*str, imsg.data, datalen);
1757 (*str)[datalen] = '\0';
1760 err = got_error(GOT_ERR_PRIVSEP_MSG);
1768 const struct got_error *
1769 got_privsep_recv_gitconfig_int(int *val, struct imsgbuf *ibuf)
1771 const struct got_error *err = NULL;
1774 const size_t min_datalen =
1775 MIN(sizeof(struct got_imsg_error), sizeof(int));
1779 err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen);
1782 datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
1784 switch (imsg.hdr.type) {
1785 case GOT_IMSG_GITCONFIG_INT_VAL:
1786 if (datalen != sizeof(*val)) {
1787 err = got_error(GOT_ERR_PRIVSEP_LEN);
1790 memcpy(val, imsg.data, sizeof(*val));
1793 err = got_error(GOT_ERR_PRIVSEP_MSG);
1802 free_remote_data(struct got_remote_repo *remote)
1808 for (i = 0; i < remote->nbranches; i++)
1809 free(remote->branches[i]);
1810 free(remote->branches);
1813 const struct got_error *
1814 got_privsep_recv_gitconfig_remotes(struct got_remote_repo **remotes,
1815 int *nremotes, struct imsgbuf *ibuf)
1817 const struct got_error *err = NULL;
1820 struct got_imsg_remotes iremotes;
1821 struct got_imsg_remote iremote;
1825 iremotes.nremotes = 0;
1827 err = got_privsep_recv_imsg(&imsg, ibuf, sizeof(iremotes));
1830 datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
1832 switch (imsg.hdr.type) {
1833 case GOT_IMSG_GITCONFIG_REMOTES:
1834 if (datalen != sizeof(iremotes)) {
1835 err = got_error(GOT_ERR_PRIVSEP_LEN);
1838 memcpy(&iremotes, imsg.data, sizeof(iremotes));
1839 if (iremotes.nremotes == 0) {
1846 return got_error(GOT_ERR_PRIVSEP_MSG);
1851 *remotes = recallocarray(NULL, 0, iremotes.nremotes, sizeof(**remotes));
1852 if (*remotes == NULL)
1853 return got_error_from_errno("recallocarray");
1855 while (*nremotes < iremotes.nremotes) {
1856 struct got_remote_repo *remote;
1858 err = got_privsep_recv_imsg(&imsg, ibuf, sizeof(iremote));
1861 datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
1863 switch (imsg.hdr.type) {
1864 case GOT_IMSG_GITCONFIG_REMOTE:
1865 remote = &(*remotes)[*nremotes];
1866 memset(remote, 0, sizeof(*remote));
1867 if (datalen < sizeof(iremote)) {
1868 err = got_error(GOT_ERR_PRIVSEP_LEN);
1871 memcpy(&iremote, imsg.data, sizeof(iremote));
1872 if (iremote.name_len == 0 || iremote.url_len == 0 ||
1873 (sizeof(iremote) + iremote.name_len +
1874 iremote.url_len) > datalen) {
1875 err = got_error(GOT_ERR_PRIVSEP_LEN);
1878 remote->name = strndup(imsg.data + sizeof(iremote),
1880 if (remote->name == NULL) {
1881 err = got_error_from_errno("strndup");
1884 remote->url = strndup(imsg.data + sizeof(iremote) +
1885 iremote.name_len, iremote.url_len);
1886 if (remote->url == NULL) {
1887 err = got_error_from_errno("strndup");
1888 free_remote_data(remote);
1891 remote->mirror_references = iremote.mirror_references;
1892 remote->nbranches = 0;
1893 remote->branches = NULL;
1897 err = got_error(GOT_ERR_PRIVSEP_MSG);
1908 for (i = 0; i < *nremotes; i++)
1909 free_remote_data(&(*remotes)[i]);
1917 const struct got_error *
1918 got_privsep_send_gotconfig_parse_req(struct imsgbuf *ibuf, int fd)
1920 const struct got_error *err = NULL;
1922 if (imsg_compose(ibuf, GOT_IMSG_GOTCONFIG_PARSE_REQUEST, 0, 0, fd,
1924 err = got_error_from_errno("imsg_compose "
1925 "GOTCONFIG_PARSE_REQUEST");
1930 return flush_imsg(ibuf);
1933 const struct got_error *
1934 got_privsep_send_gotconfig_author_req(struct imsgbuf *ibuf)
1936 if (imsg_compose(ibuf,
1937 GOT_IMSG_GOTCONFIG_AUTHOR_REQUEST, 0, 0, -1, NULL, 0) == -1)
1938 return got_error_from_errno("imsg_compose "
1939 "GOTCONFIG_AUTHOR_REQUEST");
1941 return flush_imsg(ibuf);
1944 const struct got_error *
1945 got_privsep_send_gotconfig_remotes_req(struct imsgbuf *ibuf)
1947 if (imsg_compose(ibuf,
1948 GOT_IMSG_GOTCONFIG_REMOTES_REQUEST, 0, 0, -1, NULL, 0) == -1)
1949 return got_error_from_errno("imsg_compose "
1950 "GOTCONFIG_REMOTE_REQUEST");
1952 return flush_imsg(ibuf);
1955 const struct got_error *
1956 got_privsep_recv_gotconfig_str(char **str, struct imsgbuf *ibuf)
1958 const struct got_error *err = NULL;
1961 const size_t min_datalen = 0;
1965 err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen);
1968 datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
1970 switch (imsg.hdr.type) {
1971 case GOT_IMSG_ERROR:
1972 if (datalen < sizeof(struct got_imsg_error)) {
1973 err = got_error(GOT_ERR_PRIVSEP_LEN);
1976 err = recv_imsg_error(&imsg, datalen);
1978 case GOT_IMSG_GOTCONFIG_STR_VAL:
1981 /* datalen does not include terminating \0 */
1982 *str = malloc(datalen + 1);
1984 err = got_error_from_errno("malloc");
1987 memcpy(*str, imsg.data, datalen);
1988 (*str)[datalen] = '\0';
1991 err = got_error(GOT_ERR_PRIVSEP_MSG);
2000 const struct got_error *
2001 got_privsep_recv_gotconfig_remotes(struct got_remote_repo **remotes,
2002 int *nremotes, struct imsgbuf *ibuf)
2004 const struct got_error *err = NULL;
2007 struct got_imsg_remotes iremotes;
2008 struct got_imsg_remote iremote;
2009 const size_t min_datalen =
2010 MIN(sizeof(struct got_imsg_error), sizeof(iremotes));
2014 iremotes.nremotes = 0;
2016 err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen);
2019 datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
2021 switch (imsg.hdr.type) {
2022 case GOT_IMSG_ERROR:
2023 if (datalen < sizeof(struct got_imsg_error)) {
2024 err = got_error(GOT_ERR_PRIVSEP_LEN);
2027 err = recv_imsg_error(&imsg, datalen);
2029 case GOT_IMSG_GOTCONFIG_REMOTES:
2030 if (datalen != sizeof(iremotes)) {
2031 err = got_error(GOT_ERR_PRIVSEP_LEN);
2034 memcpy(&iremotes, imsg.data, sizeof(iremotes));
2035 if (iremotes.nremotes == 0) {
2042 return got_error(GOT_ERR_PRIVSEP_MSG);
2047 *remotes = recallocarray(NULL, 0, iremotes.nremotes, sizeof(**remotes));
2048 if (*remotes == NULL)
2049 return got_error_from_errno("recallocarray");
2051 while (*nremotes < iremotes.nremotes) {
2052 struct got_remote_repo *remote;
2053 const size_t min_datalen =
2054 MIN(sizeof(struct got_imsg_error), sizeof(iremote));
2057 err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen);
2060 datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
2062 switch (imsg.hdr.type) {
2063 case GOT_IMSG_ERROR:
2064 if (datalen < sizeof(struct got_imsg_error)) {
2065 err = got_error(GOT_ERR_PRIVSEP_LEN);
2068 err = recv_imsg_error(&imsg, datalen);
2070 case GOT_IMSG_GOTCONFIG_REMOTE:
2071 remote = &(*remotes)[*nremotes];
2072 memset(remote, 0, sizeof(*remote));
2073 if (datalen < sizeof(iremote)) {
2074 err = got_error(GOT_ERR_PRIVSEP_LEN);
2077 memcpy(&iremote, imsg.data, sizeof(iremote));
2078 if (iremote.name_len == 0 || iremote.url_len == 0 ||
2079 (sizeof(iremote) + iremote.name_len +
2080 iremote.url_len) > datalen) {
2081 err = got_error(GOT_ERR_PRIVSEP_LEN);
2084 remote->name = strndup(imsg.data + sizeof(iremote),
2086 if (remote->name == NULL) {
2087 err = got_error_from_errno("strndup");
2090 remote->url = strndup(imsg.data + sizeof(iremote) +
2091 iremote.name_len, iremote.url_len);
2092 if (remote->url == NULL) {
2093 err = got_error_from_errno("strndup");
2094 free_remote_data(remote);
2097 remote->mirror_references = iremote.mirror_references;
2098 if (iremote.nbranches > 0) {
2099 remote->branches = recallocarray(NULL, 0,
2100 iremote.nbranches, sizeof(char *));
2101 if (remote->branches == NULL) {
2102 err = got_error_from_errno("calloc");
2103 free_remote_data(remote);
2107 remote->nbranches = 0;
2108 for (i = 0; i < iremote.nbranches; i++) {
2110 err = got_privsep_recv_gotconfig_str(&branch,
2113 free_remote_data(remote);
2116 remote->branches[i] = branch;
2117 remote->nbranches++;
2122 err = got_error(GOT_ERR_PRIVSEP_MSG);
2133 for (i = 0; i < *nremotes; i++)
2134 free_remote_data(&(*remotes)[i]);
2142 const struct got_error *
2143 got_privsep_send_commit_traversal_request(struct imsgbuf *ibuf,
2144 struct got_object_id *id, int idx, const char *path)
2146 const struct got_error *err = NULL;
2148 size_t path_len = strlen(path) + 1;
2150 wbuf = imsg_create(ibuf, GOT_IMSG_COMMIT_TRAVERSAL_REQUEST, 0, 0,
2151 sizeof(struct got_imsg_commit_traversal_request) + path_len);
2153 return got_error_from_errno(
2154 "imsg_create COMMIT_TRAVERSAL_REQUEST");
2155 if (imsg_add(wbuf, id->sha1, SHA1_DIGEST_LENGTH) == -1) {
2156 err = got_error_from_errno("imsg_add COMMIT_TRAVERSAL_REQUEST");
2160 if (imsg_add(wbuf, &idx, sizeof(idx)) == -1) {
2161 err = got_error_from_errno("imsg_add COMMIT_TRAVERSAL_REQUEST");
2165 if (imsg_add(wbuf, path, path_len) == -1) {
2166 err = got_error_from_errno("imsg_add COMMIT_TRAVERSAL_REQUEST");
2172 imsg_close(ibuf, wbuf);
2174 return flush_imsg(ibuf);
2177 const struct got_error *
2178 got_privsep_recv_traversed_commits(struct got_commit_object **changed_commit,
2179 struct got_object_id **changed_commit_id,
2180 struct got_object_id_queue *commit_ids, struct imsgbuf *ibuf)
2182 const struct got_error *err = NULL;
2184 struct got_imsg_traversed_commits *icommits;
2188 *changed_commit = NULL;
2189 *changed_commit_id = NULL;
2192 err = got_privsep_recv_imsg(&imsg, ibuf, 0);
2196 datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
2197 switch (imsg.hdr.type) {
2198 case GOT_IMSG_TRAVERSED_COMMITS:
2199 icommits = imsg.data;
2200 if (datalen != sizeof(*icommits) +
2201 icommits->ncommits * SHA1_DIGEST_LENGTH) {
2202 err = got_error(GOT_ERR_PRIVSEP_LEN);
2205 for (i = 0; i < icommits->ncommits; i++) {
2206 struct got_object_qid *qid;
2207 uint8_t *sha1 = (uint8_t *)imsg.data +
2208 sizeof(*icommits) + i * SHA1_DIGEST_LENGTH;
2209 err = got_object_qid_alloc_partial(&qid);
2212 memcpy(qid->id->sha1, sha1, SHA1_DIGEST_LENGTH);
2213 SIMPLEQ_INSERT_TAIL(commit_ids, qid, entry);
2215 /* The last commit may contain a change. */
2216 if (i == icommits->ncommits - 1) {
2217 *changed_commit_id =
2218 got_object_id_dup(qid->id);
2219 if (*changed_commit_id == NULL) {
2220 err = got_error_from_errno(
2221 "got_object_id_dup");
2227 case GOT_IMSG_COMMIT:
2228 if (*changed_commit_id == NULL) {
2229 err = got_error(GOT_ERR_PRIVSEP_MSG);
2232 err = get_commit_from_imsg(changed_commit, &imsg,
2235 case GOT_IMSG_COMMIT_TRAVERSAL_DONE:
2239 err = got_error(GOT_ERR_PRIVSEP_MSG);
2249 got_object_id_queue_free(commit_ids);
2253 const struct got_error *
2254 got_privsep_unveil_exec_helpers(void)
2256 const char *helpers[] = {
2257 GOT_PATH_PROG_READ_PACK,
2258 GOT_PATH_PROG_READ_OBJECT,
2259 GOT_PATH_PROG_READ_COMMIT,
2260 GOT_PATH_PROG_READ_TREE,
2261 GOT_PATH_PROG_READ_BLOB,
2262 GOT_PATH_PROG_READ_TAG,
2263 GOT_PATH_PROG_READ_GITCONFIG,
2264 GOT_PATH_PROG_READ_GOTCONFIG,
2265 GOT_PATH_PROG_FETCH_PACK,
2266 GOT_PATH_PROG_INDEX_PACK,
2270 for (i = 0; i < nitems(helpers); i++) {
2271 if (unveil(helpers[i], "x") == 0)
2273 return got_error_from_errno2("unveil", helpers[i]);
2280 got_privsep_exec_child(int imsg_fds[2], const char *path, const char *repo_path)
2282 if (close(imsg_fds[0]) != 0) {
2283 fprintf(stderr, "%s: %s\n", getprogname(), strerror(errno));
2287 if (dup2(imsg_fds[1], GOT_IMSG_FD_CHILD) == -1) {
2288 fprintf(stderr, "%s: %s\n", getprogname(), strerror(errno));
2291 if (closefrom(GOT_IMSG_FD_CHILD + 1) == -1) {
2292 fprintf(stderr, "%s: %s\n", getprogname(), strerror(errno));
2296 if (execl(path, path, repo_path, (char *)NULL) == -1) {
2297 fprintf(stderr, "%s: %s: %s\n", getprogname(), path,