2 * Copyright (c) 2022, 2023 Stefan Sperling <stsp@openbsd.org>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 #include <sys/types.h>
18 #include <sys/queue.h>
20 #include <sys/socket.h>
37 #include "got_error.h"
38 #include "got_repository.h"
39 #include "got_object.h"
41 #include "got_reference.h"
42 #include "got_opentemp.h"
44 #include "got_lib_hash.h"
45 #include "got_lib_delta.h"
46 #include "got_lib_object.h"
47 #include "got_lib_object_cache.h"
48 #include "got_lib_pack.h"
49 #include "got_lib_repository.h"
50 #include "got_lib_gitproto.h"
57 static struct gotd_session {
60 struct got_repository *repo;
63 struct gotd_imsgev parent_iev;
64 struct timeval request_timeout;
65 enum gotd_procid proc_id;
68 static struct gotd_session_client {
69 enum gotd_session_state state;
71 struct gotd_client_capability *capabilities;
77 struct gotd_imsgev iev;
78 struct gotd_imsgev repo_child_iev;
86 } gotd_session_client;
88 void gotd_session_sighdlr(int sig, short event, void *arg);
89 static void gotd_session_shutdown(void);
92 disconnect(struct gotd_session_client *client)
94 log_debug("uid %d: disconnecting", client->euid);
96 if (gotd_imsg_compose_event(&gotd_session.parent_iev,
97 GOTD_IMSG_DISCONNECT, gotd_session.proc_id, -1, NULL, 0) == -1)
98 log_warn("imsg compose DISCONNECT");
100 imsg_clear(&client->repo_child_iev.ibuf);
101 event_del(&client->repo_child_iev.ev);
102 evtimer_del(&client->tmo);
104 if (client->delta_cache_fd != -1)
105 close(client->delta_cache_fd);
106 if (client->packfile_path) {
107 if (unlink(client->packfile_path) == -1 && errno != ENOENT)
108 log_warn("unlink %s: ", client->packfile_path);
109 free(client->packfile_path);
111 if (client->packidx_path) {
112 if (unlink(client->packidx_path) == -1 && errno != ENOENT)
113 log_warn("unlink %s: ", client->packidx_path);
114 free(client->packidx_path);
116 free(client->capabilities);
118 gotd_session_shutdown();
122 disconnect_on_error(struct gotd_session_client *client,
123 const struct got_error *err)
127 log_warnx("uid %d: %s", client->euid, err->msg);
128 if (err->code != GOT_ERR_EOF) {
129 imsg_init(&ibuf, client->fd);
130 gotd_imsg_send_error(&ibuf, 0, gotd_session.proc_id, err);
138 gotd_request_timeout(int fd, short events, void *arg)
140 struct gotd_session_client *client = arg;
142 log_debug("disconnecting uid %d due to timeout", client->euid);
147 gotd_session_sighdlr(int sig, short event, void *arg)
150 * Normal signal handler rules don't apply because libevent
156 log_info("%s: ignoring SIGHUP", __func__);
159 log_info("%s: ignoring SIGUSR1", __func__);
163 gotd_session_shutdown();
167 fatalx("unexpected signal");
171 static const struct got_error *
172 recv_packfile_done(uint32_t *client_id, struct imsg *imsg)
174 struct gotd_imsg_packfile_done idone;
177 log_debug("packfile-done received");
179 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
180 if (datalen != sizeof(idone))
181 return got_error(GOT_ERR_PRIVSEP_LEN);
182 memcpy(&idone, imsg->data, sizeof(idone));
184 *client_id = idone.client_id;
188 static const struct got_error *
189 recv_packfile_install(uint32_t *client_id, struct imsg *imsg)
191 struct gotd_imsg_packfile_install inst;
194 log_debug("packfile-install received");
196 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
197 if (datalen != sizeof(inst))
198 return got_error(GOT_ERR_PRIVSEP_LEN);
199 memcpy(&inst, imsg->data, sizeof(inst));
201 *client_id = inst.client_id;
205 static const struct got_error *
206 recv_ref_updates_start(uint32_t *client_id, struct imsg *imsg)
208 struct gotd_imsg_ref_updates_start istart;
211 log_debug("ref-updates-start received");
213 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
214 if (datalen != sizeof(istart))
215 return got_error(GOT_ERR_PRIVSEP_LEN);
216 memcpy(&istart, imsg->data, sizeof(istart));
218 *client_id = istart.client_id;
222 static const struct got_error *
223 recv_ref_update(uint32_t *client_id, struct imsg *imsg)
225 struct gotd_imsg_ref_update iref;
228 log_debug("ref-update received");
230 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
231 if (datalen < sizeof(iref))
232 return got_error(GOT_ERR_PRIVSEP_LEN);
233 memcpy(&iref, imsg->data, sizeof(iref));
235 *client_id = iref.client_id;
239 static const struct got_error *
240 send_ref_update_ok(struct gotd_session_client *client,
241 struct gotd_imsg_ref_update *iref, const char *refname)
243 struct gotd_imsg_ref_update_ok iok;
244 struct gotd_imsgev *iev = &client->iev;
248 memset(&iok, 0, sizeof(iok));
249 iok.client_id = client->id;
250 memcpy(iok.old_id, iref->old_id, SHA1_DIGEST_LENGTH);
251 memcpy(iok.new_id, iref->new_id, SHA1_DIGEST_LENGTH);
252 iok.name_len = strlen(refname);
254 len = sizeof(iok) + iok.name_len;
255 wbuf = imsg_create(&iev->ibuf, GOTD_IMSG_REF_UPDATE_OK,
256 gotd_session.proc_id, gotd_session.pid, len);
258 return got_error_from_errno("imsg_create REF_UPDATE_OK");
260 if (imsg_add(wbuf, &iok, sizeof(iok)) == -1)
261 return got_error_from_errno("imsg_add REF_UPDATE_OK");
262 if (imsg_add(wbuf, refname, iok.name_len) == -1)
263 return got_error_from_errno("imsg_add REF_UPDATE_OK");
266 imsg_close(&iev->ibuf, wbuf);
267 gotd_imsg_event_add(iev);
272 send_refs_updated(struct gotd_session_client *client)
274 if (gotd_imsg_compose_event(&client->iev, GOTD_IMSG_REFS_UPDATED,
275 gotd_session.proc_id, -1, NULL, 0) == -1)
276 log_warn("imsg compose REFS_UPDATED");
279 static const struct got_error *
280 send_ref_update_ng(struct gotd_session_client *client,
281 struct gotd_imsg_ref_update *iref, const char *refname,
284 const struct got_error *ng_err;
285 struct gotd_imsg_ref_update_ng ing;
286 struct gotd_imsgev *iev = &client->iev;
290 memset(&ing, 0, sizeof(ing));
291 ing.client_id = client->id;
292 memcpy(ing.old_id, iref->old_id, SHA1_DIGEST_LENGTH);
293 memcpy(ing.new_id, iref->new_id, SHA1_DIGEST_LENGTH);
294 ing.name_len = strlen(refname);
296 ng_err = got_error_fmt(GOT_ERR_REF_BUSY, "%s", reason);
297 ing.reason_len = strlen(ng_err->msg);
299 len = sizeof(ing) + ing.name_len + ing.reason_len;
300 wbuf = imsg_create(&iev->ibuf, GOTD_IMSG_REF_UPDATE_NG,
301 gotd_session.proc_id, gotd_session.pid, len);
303 return got_error_from_errno("imsg_create REF_UPDATE_NG");
305 if (imsg_add(wbuf, &ing, sizeof(ing)) == -1)
306 return got_error_from_errno("imsg_add REF_UPDATE_NG");
307 if (imsg_add(wbuf, refname, ing.name_len) == -1)
308 return got_error_from_errno("imsg_add REF_UPDATE_NG");
309 if (imsg_add(wbuf, ng_err->msg, ing.reason_len) == -1)
310 return got_error_from_errno("imsg_add REF_UPDATE_NG");
313 imsg_close(&iev->ibuf, wbuf);
314 gotd_imsg_event_add(iev);
318 static const struct got_error *
319 install_pack(struct gotd_session_client *client, const char *repo_path,
322 const struct got_error *err = NULL;
323 struct gotd_imsg_packfile_install inst;
324 char hex[SHA1_DIGEST_STRING_LENGTH];
326 char *packfile_path = NULL, *packidx_path = NULL;
328 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
329 if (datalen != sizeof(inst))
330 return got_error(GOT_ERR_PRIVSEP_LEN);
331 memcpy(&inst, imsg->data, sizeof(inst));
333 if (client->packfile_path == NULL)
334 return got_error_msg(GOT_ERR_BAD_REQUEST,
335 "client has no pack file");
336 if (client->packidx_path == NULL)
337 return got_error_msg(GOT_ERR_BAD_REQUEST,
338 "client has no pack file index");
340 if (got_sha1_digest_to_str(inst.pack_sha1, hex, sizeof(hex)) == NULL)
341 return got_error_msg(GOT_ERR_NO_SPACE,
342 "could not convert pack file SHA1 to hex");
344 if (asprintf(&packfile_path, "/%s/%s/pack-%s.pack",
345 repo_path, GOT_OBJECTS_PACK_DIR, hex) == -1) {
346 err = got_error_from_errno("asprintf");
350 if (asprintf(&packidx_path, "/%s/%s/pack-%s.idx",
351 repo_path, GOT_OBJECTS_PACK_DIR, hex) == -1) {
352 err = got_error_from_errno("asprintf");
356 if (rename(client->packfile_path, packfile_path) == -1) {
357 err = got_error_from_errno3("rename", client->packfile_path,
362 free(client->packfile_path);
363 client->packfile_path = NULL;
365 if (rename(client->packidx_path, packidx_path) == -1) {
366 err = got_error_from_errno3("rename", client->packidx_path,
371 free(client->packidx_path);
372 client->packidx_path = NULL;
379 static const struct got_error *
380 begin_ref_updates(struct gotd_session_client *client, struct imsg *imsg)
382 struct gotd_imsg_ref_updates_start istart;
385 if (client->nref_updates != -1)
386 return got_error(GOT_ERR_PRIVSEP_MSG);
388 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
389 if (datalen != sizeof(istart))
390 return got_error(GOT_ERR_PRIVSEP_LEN);
391 memcpy(&istart, imsg->data, sizeof(istart));
393 if (istart.nref_updates <= 0)
394 return got_error(GOT_ERR_PRIVSEP_MSG);
396 client->nref_updates = istart.nref_updates;
400 static const struct got_error *
401 update_ref(int *shut, struct gotd_session_client *client,
402 const char *repo_path, struct imsg *imsg)
404 const struct got_error *err = NULL;
405 struct got_repository *repo = NULL;
406 struct got_reference *ref = NULL;
407 struct gotd_imsg_ref_update iref;
408 struct got_object_id old_id, new_id;
409 struct got_object_id *id = NULL;
410 struct got_object *obj = NULL;
411 char *refname = NULL;
414 char hex1[SHA1_DIGEST_STRING_LENGTH];
415 char hex2[SHA1_DIGEST_STRING_LENGTH];
417 log_debug("update-ref from uid %d", client->euid);
419 if (client->nref_updates <= 0)
420 return got_error(GOT_ERR_PRIVSEP_MSG);
422 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
423 if (datalen < sizeof(iref))
424 return got_error(GOT_ERR_PRIVSEP_LEN);
425 memcpy(&iref, imsg->data, sizeof(iref));
426 if (datalen != sizeof(iref) + iref.name_len)
427 return got_error(GOT_ERR_PRIVSEP_LEN);
428 refname = strndup(imsg->data + sizeof(iref), iref.name_len);
430 return got_error_from_errno("strndup");
432 log_debug("updating ref %s for uid %d", refname, client->euid);
434 err = got_repo_open(&repo, repo_path, NULL, NULL);
438 memcpy(old_id.sha1, iref.old_id, SHA1_DIGEST_LENGTH);
439 memcpy(new_id.sha1, iref.new_id, SHA1_DIGEST_LENGTH);
440 err = got_object_open(&obj, repo,
441 iref.delete_ref ? &old_id : &new_id);
445 if (iref.ref_is_new) {
446 err = got_ref_open(&ref, repo, refname, 0);
448 if (err->code != GOT_ERR_NOT_REF)
450 err = got_ref_alloc(&ref, refname, &new_id);
453 err = got_ref_write(ref, repo); /* will lock/unlock */
457 err = got_ref_resolve(&id, repo, ref);
460 got_object_id_hex(&new_id, hex1, sizeof(hex1));
461 got_object_id_hex(id, hex2, sizeof(hex2));
462 err = got_error_fmt(GOT_ERR_REF_BUSY,
463 "Addition %s: %s failed; %s: %s has been "
464 "created by someone else while transaction "
466 got_ref_get_name(ref), hex1,
467 got_ref_get_name(ref), hex2);
470 } else if (iref.delete_ref) {
471 err = got_ref_open(&ref, repo, refname, 1 /* lock */);
476 err = got_ref_resolve(&id, repo, ref);
480 if (got_object_id_cmp(id, &old_id) != 0) {
481 got_object_id_hex(&old_id, hex1, sizeof(hex1));
482 got_object_id_hex(id, hex2, sizeof(hex2));
483 err = got_error_fmt(GOT_ERR_REF_BUSY,
484 "Deletion %s: %s failed; %s: %s has been "
485 "created by someone else while transaction "
487 got_ref_get_name(ref), hex1,
488 got_ref_get_name(ref), hex2);
492 err = got_ref_delete(ref, repo);
499 err = got_ref_open(&ref, repo, refname, 1 /* lock */);
504 err = got_ref_resolve(&id, repo, ref);
508 if (got_object_id_cmp(id, &old_id) != 0) {
509 got_object_id_hex(&old_id, hex1, sizeof(hex1));
510 got_object_id_hex(id, hex2, sizeof(hex2));
511 err = got_error_fmt(GOT_ERR_REF_BUSY,
512 "Update %s: %s failed; %s: %s has been "
513 "created by someone else while transaction "
515 got_ref_get_name(ref), hex1,
516 got_ref_get_name(ref), hex2);
520 if (got_object_id_cmp(&new_id, &old_id) != 0) {
521 err = got_ref_change_ref(ref, &new_id);
525 err = got_ref_write(ref, repo);
535 if (err->code == GOT_ERR_LOCKFILE_TIMEOUT) {
536 err = got_error_fmt(GOT_ERR_LOCKFILE_TIMEOUT,
537 "could not acquire exclusive file lock for %s",
540 send_ref_update_ng(client, &iref, refname, err->msg);
542 send_ref_update_ok(client, &iref, refname);
544 if (client->nref_updates > 0) {
545 client->nref_updates--;
546 if (client->nref_updates == 0) {
547 send_refs_updated(client);
553 const struct got_error *unlock_err;
554 unlock_err = got_ref_unlock(ref);
555 if (unlock_err && err == NULL)
561 got_object_close(obj);
563 got_repo_close(repo);
570 session_dispatch_repo_child(int fd, short event, void *arg)
572 struct gotd_imsgev *iev = arg;
573 struct imsgbuf *ibuf = &iev->ibuf;
574 struct gotd_session_client *client = &gotd_session_client;
579 if (event & EV_READ) {
580 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
581 fatal("imsg_read error");
583 /* Connection closed. */
589 if (event & EV_WRITE) {
590 n = msgbuf_write(&ibuf->w);
591 if (n == -1 && errno != EAGAIN)
592 fatal("msgbuf_write");
594 /* Connection closed. */
601 const struct got_error *err = NULL;
602 uint32_t client_id = 0;
603 int do_disconnect = 0;
604 int do_ref_updates = 0, do_ref_update = 0;
605 int do_packfile_install = 0;
607 if ((n = imsg_get(ibuf, &imsg)) == -1)
608 fatal("%s: imsg_get error", __func__);
609 if (n == 0) /* No more messages. */
612 switch (imsg.hdr.type) {
613 case GOTD_IMSG_ERROR:
615 err = gotd_imsg_recv_error(&client_id, &imsg);
617 case GOTD_IMSG_PACKFILE_DONE:
619 err = recv_packfile_done(&client_id, &imsg);
621 case GOTD_IMSG_PACKFILE_INSTALL:
622 err = recv_packfile_install(&client_id, &imsg);
624 do_packfile_install = 1;
626 case GOTD_IMSG_REF_UPDATES_START:
627 err = recv_ref_updates_start(&client_id, &imsg);
631 case GOTD_IMSG_REF_UPDATE:
632 err = recv_ref_update(&client_id, &imsg);
637 log_debug("unexpected imsg %d", imsg.hdr.type);
643 disconnect_on_error(client, err);
647 if (do_packfile_install)
648 err = install_pack(client,
649 gotd_session.repo->path, &imsg);
650 else if (do_ref_updates)
651 err = begin_ref_updates(client, &imsg);
652 else if (do_ref_update)
653 err = update_ref(&shut, client,
654 gotd_session.repo->path, &imsg);
656 log_warnx("uid %d: %s", client->euid, err->msg);
662 gotd_imsg_event_add(iev);
664 /* This pipe is dead. Remove its event handler */
666 event_loopexit(NULL);
670 static const struct got_error *
671 recv_capabilities(struct gotd_session_client *client, struct imsg *imsg)
673 struct gotd_imsg_capabilities icapas;
676 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
677 if (datalen != sizeof(icapas))
678 return got_error(GOT_ERR_PRIVSEP_LEN);
679 memcpy(&icapas, imsg->data, sizeof(icapas));
681 client->ncapa_alloc = icapas.ncapabilities;
682 client->capabilities = calloc(client->ncapa_alloc,
683 sizeof(*client->capabilities));
684 if (client->capabilities == NULL) {
685 client->ncapa_alloc = 0;
686 return got_error_from_errno("calloc");
689 log_debug("expecting %zu capabilities from uid %d",
690 client->ncapa_alloc, client->euid);
694 static const struct got_error *
695 recv_capability(struct gotd_session_client *client, struct imsg *imsg)
697 struct gotd_imsg_capability icapa;
698 struct gotd_client_capability *capa;
700 char *key, *value = NULL;
702 if (client->capabilities == NULL ||
703 client->ncapabilities >= client->ncapa_alloc) {
704 return got_error_msg(GOT_ERR_BAD_REQUEST,
705 "unexpected capability received");
708 memset(&icapa, 0, sizeof(icapa));
710 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
711 if (datalen < sizeof(icapa))
712 return got_error(GOT_ERR_PRIVSEP_LEN);
713 memcpy(&icapa, imsg->data, sizeof(icapa));
715 if (datalen != sizeof(icapa) + icapa.key_len + icapa.value_len)
716 return got_error(GOT_ERR_PRIVSEP_LEN);
718 key = strndup(imsg->data + sizeof(icapa), icapa.key_len);
720 return got_error_from_errno("strndup");
721 if (icapa.value_len > 0) {
722 value = strndup(imsg->data + sizeof(icapa) + icapa.key_len,
726 return got_error_from_errno("strndup");
730 capa = &client->capabilities[client->ncapabilities++];
735 log_debug("uid %d: capability %s=%s", client->euid, key, value);
737 log_debug("uid %d: capability %s", client->euid, key);
742 static const struct got_error *
743 ensure_client_is_reading(struct gotd_session_client *client)
745 if (client->is_writing) {
746 return got_error_fmt(GOT_ERR_BAD_PACKET,
747 "uid %d made a read-request but is not reading from "
748 "a repository", client->euid);
754 static const struct got_error *
755 ensure_client_is_writing(struct gotd_session_client *client)
757 if (!client->is_writing) {
758 return got_error_fmt(GOT_ERR_BAD_PACKET,
759 "uid %d made a write-request but is not writing to "
760 "a repository", client->euid);
766 static const struct got_error *
767 forward_want(struct gotd_session_client *client, struct imsg *imsg)
769 struct gotd_imsg_want ireq;
770 struct gotd_imsg_want iwant;
773 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
774 if (datalen != sizeof(ireq))
775 return got_error(GOT_ERR_PRIVSEP_LEN);
777 memcpy(&ireq, imsg->data, datalen);
779 memset(&iwant, 0, sizeof(iwant));
780 memcpy(iwant.object_id, ireq.object_id, SHA1_DIGEST_LENGTH);
781 iwant.client_id = client->id;
783 if (gotd_imsg_compose_event(&client->repo_child_iev, GOTD_IMSG_WANT,
784 gotd_session.proc_id, -1, &iwant, sizeof(iwant)) == -1)
785 return got_error_from_errno("imsg compose WANT");
790 static const struct got_error *
791 forward_ref_update(struct gotd_session_client *client, struct imsg *imsg)
793 const struct got_error *err = NULL;
794 struct gotd_imsg_ref_update ireq;
795 struct gotd_imsg_ref_update *iref = NULL;
798 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
799 if (datalen < sizeof(ireq))
800 return got_error(GOT_ERR_PRIVSEP_LEN);
801 memcpy(&ireq, imsg->data, sizeof(ireq));
802 if (datalen != sizeof(ireq) + ireq.name_len)
803 return got_error(GOT_ERR_PRIVSEP_LEN);
805 iref = malloc(datalen);
807 return got_error_from_errno("malloc");
808 memcpy(iref, imsg->data, datalen);
810 iref->client_id = client->id;
811 if (gotd_imsg_compose_event(&client->repo_child_iev,
812 GOTD_IMSG_REF_UPDATE, gotd_session.proc_id, -1,
813 iref, datalen) == -1)
814 err = got_error_from_errno("imsg compose REF_UPDATE");
819 static const struct got_error *
820 forward_have(struct gotd_session_client *client, struct imsg *imsg)
822 struct gotd_imsg_have ireq;
823 struct gotd_imsg_have ihave;
826 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
827 if (datalen != sizeof(ireq))
828 return got_error(GOT_ERR_PRIVSEP_LEN);
830 memcpy(&ireq, imsg->data, datalen);
832 memset(&ihave, 0, sizeof(ihave));
833 memcpy(ihave.object_id, ireq.object_id, SHA1_DIGEST_LENGTH);
834 ihave.client_id = client->id;
836 if (gotd_imsg_compose_event(&client->repo_child_iev, GOTD_IMSG_HAVE,
837 gotd_session.proc_id, -1, &ihave, sizeof(ihave)) == -1)
838 return got_error_from_errno("imsg compose HAVE");
844 client_has_capability(struct gotd_session_client *client, const char *capastr)
846 struct gotd_client_capability *capa;
849 if (client->ncapabilities == 0)
852 for (i = 0; i < client->ncapabilities; i++) {
853 capa = &client->capabilities[i];
854 if (strcmp(capa->key, capastr) == 0)
861 static const struct got_error *
862 recv_packfile(struct gotd_session_client *client)
864 const struct got_error *err = NULL;
865 struct gotd_imsg_recv_packfile ipack;
866 struct gotd_imsg_packfile_pipe ipipe;
867 struct gotd_imsg_packidx_file ifile;
868 char *basepath = NULL, *pack_path = NULL, *idx_path = NULL;
869 int packfd = -1, idxfd = -1;
870 int pipe[2] = { -1, -1 };
872 if (client->packfile_path) {
873 return got_error_fmt(GOT_ERR_PRIVSEP_MSG,
874 "uid %d already has a pack file", client->euid);
877 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pipe) == -1)
878 return got_error_from_errno("socketpair");
880 memset(&ipipe, 0, sizeof(ipipe));
881 ipipe.client_id = client->id;
883 /* Send pack pipe end 0 to repo child process. */
884 if (gotd_imsg_compose_event(&client->repo_child_iev,
885 GOTD_IMSG_PACKFILE_PIPE, gotd_session.proc_id, pipe[0],
886 &ipipe, sizeof(ipipe)) == -1) {
887 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
893 /* Send pack pipe end 1 to gotsh(1) (expects just an fd, no data). */
894 if (gotd_imsg_compose_event(&client->iev,
895 GOTD_IMSG_PACKFILE_PIPE, gotd_session.proc_id, pipe[1],
897 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
900 if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.pack",
901 got_repo_get_path(gotd_session.repo), GOT_OBJECTS_PACK_DIR,
902 client->euid) == -1) {
903 err = got_error_from_errno("asprintf");
907 err = got_opentemp_named_fd(&pack_path, &packfd, basepath, "");
910 if (fchmod(packfd, GOT_DEFAULT_PACK_MODE) == -1) {
911 err = got_error_from_errno2("fchmod", pack_path);
916 if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.idx",
917 got_repo_get_path(gotd_session.repo), GOT_OBJECTS_PACK_DIR,
918 client->euid) == -1) {
919 err = got_error_from_errno("asprintf");
923 err = got_opentemp_named_fd(&idx_path, &idxfd, basepath, "");
926 if (fchmod(idxfd, GOT_DEFAULT_PACK_MODE) == -1) {
927 err = got_error_from_errno2("fchmod", idx_path);
931 memset(&ifile, 0, sizeof(ifile));
932 ifile.client_id = client->id;
933 if (gotd_imsg_compose_event(&client->repo_child_iev,
934 GOTD_IMSG_PACKIDX_FILE, gotd_session.proc_id,
935 idxfd, &ifile, sizeof(ifile)) == -1) {
936 err = got_error_from_errno("imsg compose PACKIDX_FILE");
942 memset(&ipack, 0, sizeof(ipack));
943 ipack.client_id = client->id;
944 if (client_has_capability(client, GOT_CAPA_REPORT_STATUS))
945 ipack.report_status = 1;
947 if (gotd_imsg_compose_event(&client->repo_child_iev,
948 GOTD_IMSG_RECV_PACKFILE, gotd_session.proc_id, packfd,
949 &ipack, sizeof(ipack)) == -1) {
950 err = got_error_from_errno("imsg compose RECV_PACKFILE");
958 if (pipe[0] != -1 && close(pipe[0]) == -1 && err == NULL)
959 err = got_error_from_errno("close");
960 if (pipe[1] != -1 && close(pipe[1]) == -1 && err == NULL)
961 err = got_error_from_errno("close");
962 if (packfd != -1 && close(packfd) == -1 && err == NULL)
963 err = got_error_from_errno("close");
964 if (idxfd != -1 && close(idxfd) == -1 && err == NULL)
965 err = got_error_from_errno("close");
970 client->packfile_path = pack_path;
971 client->packidx_path = idx_path;
976 static const struct got_error *
977 send_packfile(struct gotd_session_client *client)
979 const struct got_error *err = NULL;
980 struct gotd_imsg_send_packfile ipack;
981 struct gotd_imsg_packfile_pipe ipipe;
984 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pipe) == -1)
985 return got_error_from_errno("socketpair");
987 memset(&ipack, 0, sizeof(ipack));
988 memset(&ipipe, 0, sizeof(ipipe));
990 ipack.client_id = client->id;
991 if (client_has_capability(client, GOT_CAPA_SIDE_BAND_64K))
992 ipack.report_progress = 1;
994 client->delta_cache_fd = got_opentempfd();
995 if (client->delta_cache_fd == -1)
996 return got_error_from_errno("got_opentempfd");
998 if (gotd_imsg_compose_event(&client->repo_child_iev,
999 GOTD_IMSG_SEND_PACKFILE, PROC_GOTD, client->delta_cache_fd,
1000 &ipack, sizeof(ipack)) == -1) {
1001 err = got_error_from_errno("imsg compose SEND_PACKFILE");
1007 ipipe.client_id = client->id;
1009 /* Send pack pipe end 0 to repo child process. */
1010 if (gotd_imsg_compose_event(&client->repo_child_iev,
1011 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD,
1012 pipe[0], &ipipe, sizeof(ipipe)) == -1) {
1013 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
1018 /* Send pack pipe end 1 to gotsh(1) (expects just an fd, no data). */
1019 if (gotd_imsg_compose_event(&client->iev,
1020 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD, pipe[1], NULL, 0) == -1)
1021 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
1027 session_dispatch_client(int fd, short events, void *arg)
1029 struct gotd_imsgev *iev = arg;
1030 struct imsgbuf *ibuf = &iev->ibuf;
1031 struct gotd_session_client *client = &gotd_session_client;
1032 const struct got_error *err = NULL;
1036 if (events & EV_WRITE) {
1037 while (ibuf->w.queued) {
1038 n = msgbuf_write(&ibuf->w);
1039 if (n == -1 && errno == EPIPE) {
1041 * The client has closed its socket.
1042 * This can happen when Git clients are
1043 * done sending pack file data.
1045 msgbuf_clear(&ibuf->w);
1047 } else if (n == -1 && errno != EAGAIN) {
1048 err = got_error_from_errno("imsg_flush");
1049 disconnect_on_error(client, err);
1053 /* Connection closed. */
1054 err = got_error(GOT_ERR_EOF);
1055 disconnect_on_error(client, err);
1061 if ((events & EV_READ) == 0)
1064 memset(&imsg, 0, sizeof(imsg));
1066 while (err == NULL) {
1067 err = gotd_imsg_recv(&imsg, ibuf, 0);
1069 if (err->code == GOT_ERR_PRIVSEP_READ)
1071 else if (err->code == GOT_ERR_EOF &&
1072 client->state == GOTD_STATE_EXPECT_CAPABILITIES) {
1074 * The client has closed its socket before
1075 * sending its capability announcement.
1076 * This can happen when Git clients have
1077 * no ref-updates to send.
1079 disconnect_on_error(client, err);
1085 evtimer_del(&client->tmo);
1087 switch (imsg.hdr.type) {
1088 case GOTD_IMSG_CAPABILITIES:
1089 if (client->state != GOTD_STATE_EXPECT_CAPABILITIES) {
1090 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1091 "unexpected capabilities received");
1094 log_debug("receiving capabilities from uid %d",
1096 err = recv_capabilities(client, &imsg);
1098 case GOTD_IMSG_CAPABILITY:
1099 if (client->state != GOTD_STATE_EXPECT_CAPABILITIES) {
1100 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1101 "unexpected capability received");
1104 err = recv_capability(client, &imsg);
1105 if (err || client->ncapabilities < client->ncapa_alloc)
1107 if (!client->is_writing) {
1108 client->state = GOTD_STATE_EXPECT_WANT;
1109 client->accept_flush_pkt = 1;
1110 log_debug("uid %d: expecting want-lines",
1112 } else if (client->is_writing) {
1113 client->state = GOTD_STATE_EXPECT_REF_UPDATE;
1114 client->accept_flush_pkt = 1;
1115 log_debug("uid %d: expecting ref-update-lines",
1118 fatalx("client %d is both reading and writing",
1121 case GOTD_IMSG_WANT:
1122 if (client->state != GOTD_STATE_EXPECT_WANT) {
1123 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1124 "unexpected want-line received");
1127 log_debug("received want-line from uid %d",
1129 err = ensure_client_is_reading(client);
1132 client->accept_flush_pkt = 1;
1133 err = forward_want(client, &imsg);
1135 case GOTD_IMSG_REF_UPDATE:
1136 if (client->state != GOTD_STATE_EXPECT_REF_UPDATE &&
1138 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1139 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1140 "unexpected ref-update-line received");
1143 log_debug("received ref-update-line from uid %d",
1145 err = ensure_client_is_writing(client);
1148 err = forward_ref_update(client, &imsg);
1151 client->state = GOTD_STATE_EXPECT_MORE_REF_UPDATES;
1152 client->accept_flush_pkt = 1;
1154 case GOTD_IMSG_HAVE:
1155 if (client->state != GOTD_STATE_EXPECT_HAVE) {
1156 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1157 "unexpected have-line received");
1160 log_debug("received have-line from uid %d",
1162 err = ensure_client_is_reading(client);
1165 err = forward_have(client, &imsg);
1168 client->accept_flush_pkt = 1;
1170 case GOTD_IMSG_FLUSH:
1171 if (client->state == GOTD_STATE_EXPECT_WANT ||
1172 client->state == GOTD_STATE_EXPECT_HAVE) {
1173 err = ensure_client_is_reading(client);
1176 } else if (client->state ==
1177 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1178 err = ensure_client_is_writing(client);
1181 } else if (client->state != GOTD_STATE_EXPECT_DONE) {
1182 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1183 "unexpected flush-pkt received");
1186 if (!client->accept_flush_pkt) {
1187 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1188 "unexpected flush-pkt received");
1193 * Accept just one flush packet at a time.
1194 * Future client state transitions will set this flag
1195 * again if another flush packet is expected.
1197 client->accept_flush_pkt = 0;
1199 log_debug("received flush-pkt from uid %d",
1201 if (client->state == GOTD_STATE_EXPECT_WANT) {
1202 client->state = GOTD_STATE_EXPECT_HAVE;
1203 log_debug("uid %d: expecting have-lines",
1205 } else if (client->state == GOTD_STATE_EXPECT_HAVE) {
1206 client->state = GOTD_STATE_EXPECT_DONE;
1207 client->accept_flush_pkt = 1;
1208 log_debug("uid %d: expecting 'done'",
1210 } else if (client->state ==
1211 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1212 client->state = GOTD_STATE_EXPECT_PACKFILE;
1213 log_debug("uid %d: expecting packfile",
1215 err = recv_packfile(client);
1216 } else if (client->state != GOTD_STATE_EXPECT_DONE) {
1217 /* should not happen, see above */
1218 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1219 "unexpected client state");
1223 case GOTD_IMSG_DONE:
1224 if (client->state != GOTD_STATE_EXPECT_HAVE &&
1225 client->state != GOTD_STATE_EXPECT_DONE) {
1226 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1227 "unexpected flush-pkt received");
1230 log_debug("received 'done' from uid %d", client->euid);
1231 err = ensure_client_is_reading(client);
1234 client->state = GOTD_STATE_DONE;
1235 client->accept_flush_pkt = 1;
1236 err = send_packfile(client);
1239 log_debug("unexpected imsg %d", imsg.hdr.type);
1240 err = got_error(GOT_ERR_PRIVSEP_MSG);
1248 if (err->code != GOT_ERR_EOF ||
1249 client->state != GOTD_STATE_EXPECT_PACKFILE)
1250 disconnect_on_error(client, err);
1252 gotd_imsg_event_add(iev);
1253 evtimer_add(&client->tmo, &gotd_session.request_timeout);
1257 static const struct got_error *
1258 list_refs_request(void)
1260 static const struct got_error *err;
1261 struct gotd_session_client *client = &gotd_session_client;
1262 struct gotd_imsgev *iev = &client->repo_child_iev;
1263 struct gotd_imsg_list_refs_internal ilref;
1266 if (client->state != GOTD_STATE_EXPECT_LIST_REFS)
1267 return got_error(GOT_ERR_PRIVSEP_MSG);
1269 memset(&ilref, 0, sizeof(ilref));
1270 ilref.client_id = client->id;
1272 fd = dup(client->fd);
1274 return got_error_from_errno("dup");
1276 if (gotd_imsg_compose_event(iev, GOTD_IMSG_LIST_REFS_INTERNAL,
1277 gotd_session.proc_id, fd, &ilref, sizeof(ilref)) == -1) {
1278 err = got_error_from_errno("imsg compose LIST_REFS_INTERNAL");
1283 client->state = GOTD_STATE_EXPECT_CAPABILITIES;
1284 log_debug("uid %d: expecting capabilities", client->euid);
1288 static const struct got_error *
1289 recv_connect(struct imsg *imsg)
1291 struct gotd_session_client *client = &gotd_session_client;
1292 struct gotd_imsg_connect iconnect;
1295 if (client->state != GOTD_STATE_EXPECT_LIST_REFS)
1296 return got_error(GOT_ERR_PRIVSEP_MSG);
1298 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1299 if (datalen != sizeof(iconnect))
1300 return got_error(GOT_ERR_PRIVSEP_LEN);
1301 memcpy(&iconnect, imsg->data, sizeof(iconnect));
1304 return got_error(GOT_ERR_PRIVSEP_NO_FD);
1306 client->fd = imsg->fd;
1307 client->euid = iconnect.euid;
1308 client->egid = iconnect.egid;
1310 imsg_init(&client->iev.ibuf, client->fd);
1311 client->iev.handler = session_dispatch_client;
1312 client->iev.events = EV_READ;
1313 client->iev.handler_arg = NULL;
1314 event_set(&client->iev.ev, client->iev.ibuf.fd, EV_READ,
1315 session_dispatch_client, &client->iev);
1316 gotd_imsg_event_add(&client->iev);
1317 evtimer_set(&client->tmo, gotd_request_timeout, client);
1322 static const struct got_error *
1323 recv_repo_child(struct imsg *imsg)
1325 struct gotd_imsg_connect_repo_child ichild;
1326 struct gotd_session_client *client = &gotd_session_client;
1329 if (client->state != GOTD_STATE_EXPECT_LIST_REFS)
1330 return got_error(GOT_ERR_PRIVSEP_MSG);
1332 /* We should already have received a pipe to the listener. */
1333 if (client->fd == -1)
1334 return got_error(GOT_ERR_PRIVSEP_MSG);
1336 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1337 if (datalen != sizeof(ichild))
1338 return got_error(GOT_ERR_PRIVSEP_LEN);
1340 memcpy(&ichild, imsg->data, sizeof(ichild));
1342 client->id = ichild.client_id;
1343 if (ichild.proc_id == PROC_REPO_WRITE)
1344 client->is_writing = 1;
1345 else if (ichild.proc_id == PROC_REPO_READ)
1346 client->is_writing = 0;
1348 return got_error_msg(GOT_ERR_PRIVSEP_MSG,
1349 "bad child process type");
1352 return got_error(GOT_ERR_PRIVSEP_NO_FD);
1354 imsg_init(&client->repo_child_iev.ibuf, imsg->fd);
1355 client->repo_child_iev.handler = session_dispatch_repo_child;
1356 client->repo_child_iev.events = EV_READ;
1357 client->repo_child_iev.handler_arg = NULL;
1358 event_set(&client->repo_child_iev.ev, client->repo_child_iev.ibuf.fd,
1359 EV_READ, session_dispatch_repo_child, &client->repo_child_iev);
1360 gotd_imsg_event_add(&client->repo_child_iev);
1362 /* The "recvfd" pledge promise is no longer needed. */
1363 if (pledge("stdio rpath wpath cpath sendfd fattr flock", NULL) == -1)
1370 session_dispatch(int fd, short event, void *arg)
1372 struct gotd_imsgev *iev = arg;
1373 struct imsgbuf *ibuf = &iev->ibuf;
1374 struct gotd_session_client *client = &gotd_session_client;
1379 if (event & EV_READ) {
1380 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
1381 fatal("imsg_read error");
1383 /* Connection closed. */
1389 if (event & EV_WRITE) {
1390 n = msgbuf_write(&ibuf->w);
1391 if (n == -1 && errno != EAGAIN)
1392 fatal("msgbuf_write");
1394 /* Connection closed. */
1401 const struct got_error *err = NULL;
1402 uint32_t client_id = 0;
1403 int do_disconnect = 0, do_list_refs = 0;
1405 if ((n = imsg_get(ibuf, &imsg)) == -1)
1406 fatal("%s: imsg_get error", __func__);
1407 if (n == 0) /* No more messages. */
1410 switch (imsg.hdr.type) {
1411 case GOTD_IMSG_ERROR:
1413 err = gotd_imsg_recv_error(&client_id, &imsg);
1415 case GOTD_IMSG_CONNECT:
1416 err = recv_connect(&imsg);
1418 case GOTD_IMSG_DISCONNECT:
1421 case GOTD_IMSG_CONNECT_REPO_CHILD:
1422 err = recv_repo_child(&imsg);
1428 log_debug("unexpected imsg %d", imsg.hdr.type);
1433 if (do_disconnect) {
1435 disconnect_on_error(client, err);
1438 } else if (do_list_refs)
1439 err = list_refs_request();
1442 log_warnx("uid %d: %s", client->euid, err->msg);
1446 gotd_imsg_event_add(iev);
1448 /* This pipe is dead. Remove its event handler */
1449 event_del(&iev->ev);
1450 event_loopexit(NULL);
1455 session_main(const char *title, const char *repo_path,
1456 int *pack_fds, int *temp_fds, struct timeval *request_timeout,
1457 enum gotd_procid proc_id)
1459 const struct got_error *err = NULL;
1460 struct event evsigint, evsigterm, evsighup, evsigusr1;
1462 gotd_session.title = title;
1463 gotd_session.pid = getpid();
1464 gotd_session.pack_fds = pack_fds;
1465 gotd_session.temp_fds = temp_fds;
1466 memcpy(&gotd_session.request_timeout, request_timeout,
1467 sizeof(gotd_session.request_timeout));
1468 gotd_session.proc_id = proc_id;
1470 err = got_repo_open(&gotd_session.repo, repo_path, NULL, pack_fds);
1473 if (!got_repo_is_bare(gotd_session.repo)) {
1474 err = got_error_msg(GOT_ERR_NOT_GIT_REPO,
1475 "bare git repository required");
1479 got_repo_temp_fds_set(gotd_session.repo, temp_fds);
1481 signal_set(&evsigint, SIGINT, gotd_session_sighdlr, NULL);
1482 signal_set(&evsigterm, SIGTERM, gotd_session_sighdlr, NULL);
1483 signal_set(&evsighup, SIGHUP, gotd_session_sighdlr, NULL);
1484 signal_set(&evsigusr1, SIGUSR1, gotd_session_sighdlr, NULL);
1485 signal(SIGPIPE, SIG_IGN);
1487 signal_add(&evsigint, NULL);
1488 signal_add(&evsigterm, NULL);
1489 signal_add(&evsighup, NULL);
1490 signal_add(&evsigusr1, NULL);
1492 gotd_session_client.state = GOTD_STATE_EXPECT_LIST_REFS;
1493 gotd_session_client.fd = -1;
1494 gotd_session_client.nref_updates = -1;
1495 gotd_session_client.delta_cache_fd = -1;
1496 gotd_session_client.accept_flush_pkt = 1;
1498 imsg_init(&gotd_session.parent_iev.ibuf, GOTD_FILENO_MSG_PIPE);
1499 gotd_session.parent_iev.handler = session_dispatch;
1500 gotd_session.parent_iev.events = EV_READ;
1501 gotd_session.parent_iev.handler_arg = NULL;
1502 event_set(&gotd_session.parent_iev.ev, gotd_session.parent_iev.ibuf.fd,
1503 EV_READ, session_dispatch, &gotd_session.parent_iev);
1504 if (gotd_imsg_compose_event(&gotd_session.parent_iev,
1505 GOTD_IMSG_CLIENT_SESSION_READY, gotd_session.proc_id,
1506 -1, NULL, 0) == -1) {
1507 err = got_error_from_errno("imsg compose CLIENT_SESSION_READY");
1514 log_warnx("%s: %s", title, err->msg);
1515 gotd_session_shutdown();
1519 gotd_session_shutdown(void)
1521 log_debug("shutting down");
1522 if (gotd_session.repo)
1523 got_repo_close(gotd_session.repo);
1524 got_repo_pack_fds_close(gotd_session.pack_fds);
1525 got_repo_temp_fds_close(gotd_session.temp_fds);
