2 * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 #include <sys/queue.h>
20 #include <sys/types.h>
22 #include <sys/socket.h>
43 #include "got_error.h"
44 #include "got_opentemp.h"
46 #include "got_repository.h"
47 #include "got_object.h"
48 #include "got_reference.h"
50 #include "got_lib_delta.h"
51 #include "got_lib_object.h"
52 #include "got_lib_object_cache.h"
53 #include "got_lib_sha1.h"
54 #include "got_lib_gitproto.h"
55 #include "got_lib_pack.h"
56 #include "got_lib_repository.h"
62 #include "repo_read.h"
63 #include "repo_write.h"
66 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
70 STAILQ_ENTRY(gotd_client) entry;
71 enum gotd_client_state state;
72 struct gotd_client_capability *capabilities;
78 struct gotd_imsgev iev;
82 struct gotd_child_proc *repo_read;
83 struct gotd_child_proc *repo_write;
84 struct gotd_child_proc *auth;
90 STAILQ_HEAD(gotd_clients, gotd_client);
92 static struct gotd_clients gotd_clients[GOTD_CLIENT_TABLE_SIZE];
93 static SIPHASH_KEY clients_hash_key;
94 volatile int client_cnt;
95 static struct timeval auth_timeout = { 5, 0 };
96 static struct gotd gotd;
98 void gotd_sighdlr(int sig, short event, void *arg);
99 static void gotd_shutdown(void);
100 static const struct got_error *start_repo_child(struct gotd_client *,
101 enum gotd_procid, struct gotd_repo *, char *, const char *, int, int);
102 static const struct got_error *start_auth_child(struct gotd_client *, int,
103 struct gotd_repo *, char *, const char *, int, int);
104 static void kill_proc(struct gotd_child_proc *, int);
109 fprintf(stderr, "usage: %s [-dv] [-f config-file]\n", getprogname());
114 unix_socket_listen(const char *unix_socket_path, uid_t uid, gid_t gid)
116 struct sockaddr_un sun;
118 mode_t old_umask, mode;
120 fd = socket(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK| SOCK_CLOEXEC, 0);
126 sun.sun_family = AF_UNIX;
127 if (strlcpy(sun.sun_path, unix_socket_path,
128 sizeof(sun.sun_path)) >= sizeof(sun.sun_path)) {
129 log_warnx("%s: name too long", unix_socket_path);
134 if (unlink(unix_socket_path) == -1) {
135 if (errno != ENOENT) {
136 log_warn("unlink %s", unix_socket_path);
142 old_umask = umask(S_IXUSR|S_IXGRP|S_IWOTH|S_IROTH|S_IXOTH);
143 mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH;
145 if (bind(fd, (struct sockaddr *)&sun, sizeof(sun)) == -1) {
146 log_warn("bind: %s", unix_socket_path);
154 if (chmod(unix_socket_path, mode) == -1) {
155 log_warn("chmod %o %s", mode, unix_socket_path);
157 unlink(unix_socket_path);
161 if (chown(unix_socket_path, uid, gid) == -1) {
162 log_warn("chown %s uid=%d gid=%d", unix_socket_path, uid, gid);
164 unlink(unix_socket_path);
168 if (listen(fd, GOTD_UNIX_SOCKET_BACKLOG) == -1) {
171 unlink(unix_socket_path);
179 client_hash(uint32_t client_id)
181 return SipHash24(&clients_hash_key, &client_id, sizeof(client_id));
185 add_client(struct gotd_client *client)
187 uint64_t slot = client_hash(client->id) % nitems(gotd_clients);
188 STAILQ_INSERT_HEAD(&gotd_clients[slot], client, entry);
192 static struct gotd_client *
193 find_client(uint32_t client_id)
196 struct gotd_client *c;
198 slot = client_hash(client_id) % nitems(gotd_clients);
199 STAILQ_FOREACH(c, &gotd_clients[slot], entry) {
200 if (c->id == client_id)
207 static struct gotd_child_proc *
208 get_client_proc(struct gotd_client *client)
210 if (client->repo_read && client->repo_write) {
211 fatalx("uid %d is reading and writing in the same session",
216 if (client->repo_read)
217 return client->repo_read;
218 else if (client->repo_write)
219 return client->repo_write;
224 static struct gotd_client *
225 find_client_by_proc_fd(int fd)
229 for (slot = 0; slot < nitems(gotd_clients); slot++) {
230 struct gotd_client *c;
232 STAILQ_FOREACH(c, &gotd_clients[slot], entry) {
233 struct gotd_child_proc *proc = get_client_proc(c);
234 if (proc && proc->iev.ibuf.fd == fd)
236 if (c->auth && c->auth->iev.ibuf.fd == fd)
245 client_is_reading(struct gotd_client *client)
247 return client->repo_read != NULL;
251 client_is_writing(struct gotd_client *client)
253 return client->repo_write != NULL;
256 static const struct got_error *
257 ensure_client_is_reading(struct gotd_client *client)
259 if (!client_is_reading(client)) {
260 return got_error_fmt(GOT_ERR_BAD_PACKET,
261 "uid %d made a read-request but is not reading from "
262 "a repository", client->euid);
268 static const struct got_error *
269 ensure_client_is_writing(struct gotd_client *client)
271 if (!client_is_writing(client)) {
272 return got_error_fmt(GOT_ERR_BAD_PACKET,
273 "uid %d made a write-request but is not writing to "
274 "a repository", client->euid);
280 static const struct got_error *
281 ensure_client_is_not_writing(struct gotd_client *client)
283 if (client_is_writing(client)) {
284 return got_error_fmt(GOT_ERR_BAD_PACKET,
285 "uid %d made a read-request but is writing to "
286 "a repository", client->euid);
292 static const struct got_error *
293 ensure_client_is_not_reading(struct gotd_client *client)
295 if (client_is_reading(client)) {
296 return got_error_fmt(GOT_ERR_BAD_PACKET,
297 "uid %d made a write-request but is reading from "
298 "a repository", client->euid);
305 wait_for_child(pid_t child_pid)
310 log_debug("waiting for child PID %ld to terminate",
314 pid = waitpid(child_pid, &status, WNOHANG);
316 if (errno != EINTR && errno != ECHILD)
318 } else if (WIFSIGNALED(status)) {
319 log_warnx("child PID %ld terminated; signal %d",
320 (long)pid, WTERMSIG(status));
322 } while (pid != -1 || (pid == -1 && errno == EINTR));
326 kill_auth_proc(struct gotd_client *client)
328 struct gotd_child_proc *proc;
330 if (client->auth == NULL)
336 event_del(&proc->iev.ev);
337 msgbuf_clear(&proc->iev.ibuf.w);
338 close(proc->iev.ibuf.fd);
340 wait_for_child(proc->pid);
345 disconnect(struct gotd_client *client)
347 struct gotd_imsg_disconnect idisconnect;
348 struct gotd_child_proc *proc = get_client_proc(client);
349 struct gotd_child_proc *listen_proc = &gotd.listen_proc;
352 log_debug("uid %d: disconnecting", client->euid);
354 kill_auth_proc(client);
356 idisconnect.client_id = client->id;
358 if (gotd_imsg_compose_event(&proc->iev,
359 GOTD_IMSG_DISCONNECT, PROC_GOTD, -1,
360 &idisconnect, sizeof(idisconnect)) == -1)
361 log_warn("imsg compose DISCONNECT");
363 msgbuf_clear(&proc->iev.ibuf.w);
364 close(proc->iev.ibuf.fd);
366 wait_for_child(proc->pid);
371 if (gotd_imsg_compose_event(&listen_proc->iev,
372 GOTD_IMSG_DISCONNECT, PROC_GOTD, -1,
373 &idisconnect, sizeof(idisconnect)) == -1)
374 log_warn("imsg compose DISCONNECT");
376 slot = client_hash(client->id) % nitems(gotd_clients);
377 STAILQ_REMOVE(&gotd_clients[slot], client, gotd_client, entry);
378 imsg_clear(&client->iev.ibuf);
379 event_del(&client->iev.ev);
380 evtimer_del(&client->tmo);
382 if (client->delta_cache_fd != -1)
383 close(client->delta_cache_fd);
384 if (client->packfile_path) {
385 if (unlink(client->packfile_path) == -1 && errno != ENOENT)
386 log_warn("unlink %s: ", client->packfile_path);
387 free(client->packfile_path);
389 if (client->packidx_path) {
390 if (unlink(client->packidx_path) == -1 && errno != ENOENT)
391 log_warn("unlink %s: ", client->packidx_path);
392 free(client->packidx_path);
394 free(client->capabilities);
400 disconnect_on_error(struct gotd_client *client, const struct got_error *err)
404 log_warnx("uid %d: %s", client->euid, err->msg);
405 if (err->code != GOT_ERR_EOF) {
406 imsg_init(&ibuf, client->fd);
407 gotd_imsg_send_error(&ibuf, 0, PROC_GOTD, err);
413 static const struct got_error *
414 send_repo_info(struct gotd_imsgev *iev, struct gotd_repo *repo)
416 const struct got_error *err = NULL;
417 struct gotd_imsg_info_repo irepo;
419 memset(&irepo, 0, sizeof(irepo));
421 if (strlcpy(irepo.repo_name, repo->name, sizeof(irepo.repo_name))
422 >= sizeof(irepo.repo_name))
423 return got_error_msg(GOT_ERR_NO_SPACE, "repo name too long");
424 if (strlcpy(irepo.repo_path, repo->path, sizeof(irepo.repo_path))
425 >= sizeof(irepo.repo_path))
426 return got_error_msg(GOT_ERR_NO_SPACE, "repo path too long");
428 if (gotd_imsg_compose_event(iev, GOTD_IMSG_INFO_REPO, PROC_GOTD, -1,
429 &irepo, sizeof(irepo)) == -1) {
430 err = got_error_from_errno("imsg compose INFO_REPO");
438 static const struct got_error *
439 send_capability(struct gotd_client_capability *capa, struct gotd_imsgev* iev)
441 const struct got_error *err = NULL;
442 struct gotd_imsg_capability icapa;
446 memset(&icapa, 0, sizeof(icapa));
448 icapa.key_len = strlen(capa->key);
449 len = sizeof(icapa) + icapa.key_len;
451 icapa.value_len = strlen(capa->value);
452 len += icapa.value_len;
455 wbuf = imsg_create(&iev->ibuf, GOTD_IMSG_CAPABILITY, 0, 0, len);
457 err = got_error_from_errno("imsg_create CAPABILITY");
461 if (imsg_add(wbuf, &icapa, sizeof(icapa)) == -1)
462 return got_error_from_errno("imsg_add CAPABILITY");
463 if (imsg_add(wbuf, capa->key, icapa.key_len) == -1)
464 return got_error_from_errno("imsg_add CAPABILITY");
466 if (imsg_add(wbuf, capa->value, icapa.value_len) == -1)
467 return got_error_from_errno("imsg_add CAPABILITY");
471 imsg_close(&iev->ibuf, wbuf);
473 gotd_imsg_event_add(iev);
478 static const struct got_error *
479 send_client_info(struct gotd_imsgev *iev, struct gotd_client *client)
481 const struct got_error *err = NULL;
482 struct gotd_imsg_info_client iclient;
483 struct gotd_child_proc *proc;
486 memset(&iclient, 0, sizeof(iclient));
487 iclient.euid = client->euid;
488 iclient.egid = client->egid;
490 proc = get_client_proc(client);
492 if (strlcpy(iclient.repo_name, proc->repo_path,
493 sizeof(iclient.repo_name)) >= sizeof(iclient.repo_name)) {
494 return got_error_msg(GOT_ERR_NO_SPACE,
495 "repo name too long");
497 if (client_is_writing(client))
498 iclient.is_writing = 1;
501 iclient.state = client->state;
502 iclient.ncapabilities = client->ncapabilities;
504 if (gotd_imsg_compose_event(iev, GOTD_IMSG_INFO_CLIENT, PROC_GOTD, -1,
505 &iclient, sizeof(iclient)) == -1) {
506 err = got_error_from_errno("imsg compose INFO_CLIENT");
511 for (i = 0; i < client->ncapabilities; i++) {
512 struct gotd_client_capability *capa;
513 capa = &client->capabilities[i];
514 err = send_capability(capa, iev);
522 static const struct got_error *
523 send_info(struct gotd_client *client)
525 const struct got_error *err = NULL;
526 struct gotd_imsg_info info;
528 struct gotd_repo *repo;
530 if (client->euid != 0)
531 return got_error_set_errno(EPERM, "info");
534 info.verbosity = gotd.verbosity;
535 info.nrepos = gotd.nrepos;
536 info.nclients = client_cnt - 1;
538 if (gotd_imsg_compose_event(&client->iev, GOTD_IMSG_INFO, PROC_GOTD, -1,
539 &info, sizeof(info)) == -1) {
540 err = got_error_from_errno("imsg compose INFO");
545 TAILQ_FOREACH(repo, &gotd.repos, entry) {
546 err = send_repo_info(&client->iev, repo);
551 for (slot = 0; slot < nitems(gotd_clients); slot++) {
552 struct gotd_client *c;
553 STAILQ_FOREACH(c, &gotd_clients[slot], entry) {
554 if (c->id == client->id)
556 err = send_client_info(&client->iev, c);
565 static const struct got_error *
566 stop_gotd(struct gotd_client *client)
569 if (client->euid != 0)
570 return got_error_set_errno(EPERM, "stop");
577 static struct gotd_repo *
578 find_repo_by_name(const char *repo_name)
580 struct gotd_repo *repo;
583 TAILQ_FOREACH(repo, &gotd.repos, entry) {
584 namelen = strlen(repo->name);
585 if (strncmp(repo->name, repo_name, namelen) != 0)
587 if (repo_name[namelen] == '\0' ||
588 strcmp(&repo_name[namelen], ".git") == 0)
595 static const struct got_error *
596 start_client_session(struct gotd_client *client, struct imsg *imsg)
598 const struct got_error *err;
599 struct gotd_imsg_list_refs ireq;
600 struct gotd_repo *repo = NULL;
603 log_debug("list-refs request from uid %d", client->euid);
605 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
606 if (datalen != sizeof(ireq))
607 return got_error(GOT_ERR_PRIVSEP_LEN);
609 memcpy(&ireq, imsg->data, datalen);
611 if (ireq.client_is_reading) {
612 err = ensure_client_is_not_writing(client);
615 repo = find_repo_by_name(ireq.repo_name);
617 return got_error(GOT_ERR_NOT_GIT_REPO);
618 err = start_auth_child(client, GOTD_AUTH_READ, repo,
619 gotd.argv0, gotd.confpath, gotd.daemonize,
624 err = ensure_client_is_not_reading(client);
627 repo = find_repo_by_name(ireq.repo_name);
629 return got_error(GOT_ERR_NOT_GIT_REPO);
630 err = start_auth_child(client,
631 GOTD_AUTH_READ | GOTD_AUTH_WRITE,
632 repo, gotd.argv0, gotd.confpath, gotd.daemonize,
638 /* Flow continues upon authentication successs/failure or timeout. */
642 static const struct got_error *
643 forward_want(struct gotd_client *client, struct imsg *imsg)
645 struct gotd_imsg_want ireq;
646 struct gotd_imsg_want iwant;
649 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
650 if (datalen != sizeof(ireq))
651 return got_error(GOT_ERR_PRIVSEP_LEN);
653 memcpy(&ireq, imsg->data, datalen);
655 memset(&iwant, 0, sizeof(iwant));
656 memcpy(iwant.object_id, ireq.object_id, SHA1_DIGEST_LENGTH);
657 iwant.client_id = client->id;
659 if (gotd_imsg_compose_event(&client->repo_read->iev, GOTD_IMSG_WANT,
660 PROC_GOTD, -1, &iwant, sizeof(iwant)) == -1)
661 return got_error_from_errno("imsg compose WANT");
666 static const struct got_error *
667 forward_ref_update(struct gotd_client *client, struct imsg *imsg)
669 const struct got_error *err = NULL;
670 struct gotd_imsg_ref_update ireq;
671 struct gotd_imsg_ref_update *iref = NULL;
674 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
675 if (datalen < sizeof(ireq))
676 return got_error(GOT_ERR_PRIVSEP_LEN);
677 memcpy(&ireq, imsg->data, sizeof(ireq));
678 if (datalen != sizeof(ireq) + ireq.name_len)
679 return got_error(GOT_ERR_PRIVSEP_LEN);
681 iref = malloc(datalen);
683 return got_error_from_errno("malloc");
684 memcpy(iref, imsg->data, datalen);
686 iref->client_id = client->id;
687 if (gotd_imsg_compose_event(&client->repo_write->iev,
688 GOTD_IMSG_REF_UPDATE, PROC_GOTD, -1, iref, datalen) == -1)
689 err = got_error_from_errno("imsg compose REF_UPDATE");
694 static const struct got_error *
695 forward_have(struct gotd_client *client, struct imsg *imsg)
697 struct gotd_imsg_have ireq;
698 struct gotd_imsg_have ihave;
701 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
702 if (datalen != sizeof(ireq))
703 return got_error(GOT_ERR_PRIVSEP_LEN);
705 memcpy(&ireq, imsg->data, datalen);
707 memset(&ihave, 0, sizeof(ihave));
708 memcpy(ihave.object_id, ireq.object_id, SHA1_DIGEST_LENGTH);
709 ihave.client_id = client->id;
711 if (gotd_imsg_compose_event(&client->repo_read->iev, GOTD_IMSG_HAVE,
712 PROC_GOTD, -1, &ihave, sizeof(ihave)) == -1)
713 return got_error_from_errno("imsg compose HAVE");
719 client_has_capability(struct gotd_client *client, const char *capastr)
721 struct gotd_client_capability *capa;
724 if (client->ncapabilities == 0)
727 for (i = 0; i < client->ncapabilities; i++) {
728 capa = &client->capabilities[i];
729 if (strcmp(capa->key, capastr) == 0)
736 static const struct got_error *
737 recv_capabilities(struct gotd_client *client, struct imsg *imsg)
739 struct gotd_imsg_capabilities icapas;
742 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
743 if (datalen != sizeof(icapas))
744 return got_error(GOT_ERR_PRIVSEP_LEN);
745 memcpy(&icapas, imsg->data, sizeof(icapas));
747 client->ncapa_alloc = icapas.ncapabilities;
748 client->capabilities = calloc(client->ncapa_alloc,
749 sizeof(*client->capabilities));
750 if (client->capabilities == NULL) {
751 client->ncapa_alloc = 0;
752 return got_error_from_errno("calloc");
755 log_debug("expecting %zu capabilities from uid %d",
756 client->ncapa_alloc, client->euid);
760 static const struct got_error *
761 recv_capability(struct gotd_client *client, struct imsg *imsg)
763 struct gotd_imsg_capability icapa;
764 struct gotd_client_capability *capa;
766 char *key, *value = NULL;
768 if (client->capabilities == NULL ||
769 client->ncapabilities >= client->ncapa_alloc) {
770 return got_error_msg(GOT_ERR_BAD_REQUEST,
771 "unexpected capability received");
774 memset(&icapa, 0, sizeof(icapa));
776 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
777 if (datalen < sizeof(icapa))
778 return got_error(GOT_ERR_PRIVSEP_LEN);
779 memcpy(&icapa, imsg->data, sizeof(icapa));
781 if (datalen != sizeof(icapa) + icapa.key_len + icapa.value_len)
782 return got_error(GOT_ERR_PRIVSEP_LEN);
784 key = malloc(icapa.key_len + 1);
786 return got_error_from_errno("malloc");
787 if (icapa.value_len > 0) {
788 value = malloc(icapa.value_len + 1);
791 return got_error_from_errno("malloc");
795 memcpy(key, imsg->data + sizeof(icapa), icapa.key_len);
796 key[icapa.key_len] = '\0';
798 memcpy(value, imsg->data + sizeof(icapa) + icapa.key_len,
800 value[icapa.value_len] = '\0';
803 capa = &client->capabilities[client->ncapabilities++];
808 log_debug("uid %d: capability %s=%s", client->euid, key, value);
810 log_debug("uid %d: capability %s", client->euid, key);
815 static const struct got_error *
816 send_packfile(struct gotd_client *client)
818 const struct got_error *err = NULL;
819 struct gotd_imsg_send_packfile ipack;
820 struct gotd_imsg_packfile_pipe ipipe;
823 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pipe) == -1)
824 return got_error_from_errno("socketpair");
826 memset(&ipack, 0, sizeof(ipack));
827 memset(&ipipe, 0, sizeof(ipipe));
829 ipack.client_id = client->id;
830 if (client_has_capability(client, GOT_CAPA_SIDE_BAND_64K))
831 ipack.report_progress = 1;
833 client->delta_cache_fd = got_opentempfd();
834 if (client->delta_cache_fd == -1)
835 return got_error_from_errno("got_opentempfd");
837 if (gotd_imsg_compose_event(&client->repo_read->iev,
838 GOTD_IMSG_SEND_PACKFILE, PROC_GOTD, client->delta_cache_fd,
839 &ipack, sizeof(ipack)) == -1) {
840 err = got_error_from_errno("imsg compose SEND_PACKFILE");
846 ipipe.client_id = client->id;
848 /* Send pack pipe end 0 to repo_read. */
849 if (gotd_imsg_compose_event(&client->repo_read->iev,
850 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD, pipe[0],
851 &ipipe, sizeof(ipipe)) == -1) {
852 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
857 /* Send pack pipe end 1 to gotsh(1) (expects just an fd, no data). */
858 if (gotd_imsg_compose_event(&client->iev,
859 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD, pipe[1], NULL, 0) == -1)
860 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
865 static const struct got_error *
866 recv_packfile(struct gotd_client *client)
868 const struct got_error *err = NULL;
869 struct gotd_imsg_recv_packfile ipack;
870 struct gotd_imsg_packfile_pipe ipipe;
871 struct gotd_imsg_packidx_file ifile;
872 char *basepath = NULL, *pack_path = NULL, *idx_path = NULL;
873 int packfd = -1, idxfd = -1;
874 int pipe[2] = { -1, -1 };
876 if (client->packfile_path) {
877 return got_error_fmt(GOT_ERR_PRIVSEP_MSG,
878 "uid %d already has a pack file", client->euid);
881 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pipe) == -1)
882 return got_error_from_errno("socketpair");
884 memset(&ipipe, 0, sizeof(ipipe));
885 ipipe.client_id = client->id;
887 /* Send pack pipe end 0 to repo_write. */
888 if (gotd_imsg_compose_event(&client->repo_write->iev,
889 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD, pipe[0],
890 &ipipe, sizeof(ipipe)) == -1) {
891 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
897 /* Send pack pipe end 1 to gotsh(1) (expects just an fd, no data). */
898 if (gotd_imsg_compose_event(&client->iev,
899 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD, pipe[1], NULL, 0) == -1)
900 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
903 if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.pack",
904 client->repo_write->repo_path, GOT_OBJECTS_PACK_DIR,
905 client->euid) == -1) {
906 err = got_error_from_errno("asprintf");
910 err = got_opentemp_named_fd(&pack_path, &packfd, basepath, "");
915 if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.idx",
916 client->repo_write->repo_path, GOT_OBJECTS_PACK_DIR,
917 client->euid) == -1) {
918 err = got_error_from_errno("asprintf");
922 err = got_opentemp_named_fd(&idx_path, &idxfd, basepath, "");
926 memset(&ifile, 0, sizeof(ifile));
927 ifile.client_id = client->id;
928 if (gotd_imsg_compose_event(&client->repo_write->iev,
929 GOTD_IMSG_PACKIDX_FILE, PROC_GOTD, idxfd,
930 &ifile, sizeof(ifile)) == -1) {
931 err = got_error_from_errno("imsg compose PACKIDX_FILE");
937 memset(&ipack, 0, sizeof(ipack));
938 ipack.client_id = client->id;
939 if (client_has_capability(client, GOT_CAPA_REPORT_STATUS))
940 ipack.report_status = 1;
942 if (gotd_imsg_compose_event(&client->repo_write->iev,
943 GOTD_IMSG_RECV_PACKFILE, PROC_GOTD, packfd,
944 &ipack, sizeof(ipack)) == -1) {
945 err = got_error_from_errno("imsg compose RECV_PACKFILE");
953 if (pipe[0] != -1 && close(pipe[0]) == -1 && err == NULL)
954 err = got_error_from_errno("close");
955 if (pipe[1] != -1 && close(pipe[1]) == -1 && err == NULL)
956 err = got_error_from_errno("close");
957 if (packfd != -1 && close(packfd) == -1 && err == NULL)
958 err = got_error_from_errno("close");
959 if (idxfd != -1 && close(idxfd) == -1 && err == NULL)
960 err = got_error_from_errno("close");
965 client->packfile_path = pack_path;
966 client->packidx_path = idx_path;
972 gotd_request(int fd, short events, void *arg)
974 struct gotd_imsgev *iev = arg;
975 struct imsgbuf *ibuf = &iev->ibuf;
976 struct gotd_client *client = iev->handler_arg;
977 const struct got_error *err = NULL;
981 if (events & EV_WRITE) {
982 while (ibuf->w.queued) {
983 n = msgbuf_write(&ibuf->w);
984 if (n == -1 && errno == EPIPE) {
986 * The client has closed its socket.
987 * This can happen when Git clients are
988 * done sending pack file data.
990 msgbuf_clear(&ibuf->w);
992 } else if (n == -1 && errno != EAGAIN) {
993 err = got_error_from_errno("imsg_flush");
994 disconnect_on_error(client, err);
998 /* Connection closed. */
999 err = got_error(GOT_ERR_EOF);
1000 disconnect_on_error(client, err);
1005 /* Disconnect gotctl(8) now that messages have been sent. */
1006 if (!client_is_reading(client) && !client_is_writing(client)) {
1012 if ((events & EV_READ) == 0)
1015 memset(&imsg, 0, sizeof(imsg));
1017 while (err == NULL) {
1018 err = gotd_imsg_recv(&imsg, ibuf, 0);
1020 if (err->code == GOT_ERR_PRIVSEP_READ)
1025 evtimer_del(&client->tmo);
1027 switch (imsg.hdr.type) {
1028 case GOTD_IMSG_INFO:
1029 err = send_info(client);
1031 case GOTD_IMSG_STOP:
1032 err = stop_gotd(client);
1034 case GOTD_IMSG_LIST_REFS:
1035 if (client->state != GOTD_STATE_EXPECT_LIST_REFS) {
1036 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1037 "unexpected list-refs request received");
1040 err = start_client_session(client, &imsg);
1044 case GOTD_IMSG_CAPABILITIES:
1045 if (client->state != GOTD_STATE_EXPECT_CAPABILITIES) {
1046 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1047 "unexpected capabilities received");
1050 log_debug("receiving capabilities from uid %d",
1052 err = recv_capabilities(client, &imsg);
1054 case GOTD_IMSG_CAPABILITY:
1055 if (client->state != GOTD_STATE_EXPECT_CAPABILITIES) {
1056 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1057 "unexpected capability received");
1060 err = recv_capability(client, &imsg);
1061 if (err || client->ncapabilities < client->ncapa_alloc)
1063 if (client_is_reading(client)) {
1064 client->state = GOTD_STATE_EXPECT_WANT;
1065 log_debug("uid %d: expecting want-lines",
1067 } else if (client_is_writing(client)) {
1068 client->state = GOTD_STATE_EXPECT_REF_UPDATE;
1069 log_debug("uid %d: expecting ref-update-lines",
1072 fatalx("client %d is both reading and writing",
1075 case GOTD_IMSG_WANT:
1076 if (client->state != GOTD_STATE_EXPECT_WANT) {
1077 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1078 "unexpected want-line received");
1081 log_debug("received want-line from uid %d",
1083 err = ensure_client_is_reading(client);
1086 err = forward_want(client, &imsg);
1088 case GOTD_IMSG_REF_UPDATE:
1089 if (client->state != GOTD_STATE_EXPECT_REF_UPDATE) {
1090 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1091 "unexpected ref-update-line received");
1094 log_debug("received ref-update-line from uid %d",
1096 err = ensure_client_is_writing(client);
1099 err = forward_ref_update(client, &imsg);
1102 client->state = GOTD_STATE_EXPECT_MORE_REF_UPDATES;
1104 case GOTD_IMSG_HAVE:
1105 if (client->state != GOTD_STATE_EXPECT_HAVE) {
1106 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1107 "unexpected have-line received");
1110 log_debug("received have-line from uid %d",
1112 err = ensure_client_is_reading(client);
1115 err = forward_have(client, &imsg);
1119 case GOTD_IMSG_FLUSH:
1120 if (client->state == GOTD_STATE_EXPECT_WANT ||
1121 client->state == GOTD_STATE_EXPECT_HAVE) {
1122 err = ensure_client_is_reading(client);
1125 } else if (client->state ==
1126 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1127 err = ensure_client_is_writing(client);
1131 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1132 "unexpected flush-pkt received");
1135 log_debug("received flush-pkt from uid %d",
1137 if (client->state == GOTD_STATE_EXPECT_WANT) {
1138 client->state = GOTD_STATE_EXPECT_HAVE;
1139 log_debug("uid %d: expecting have-lines",
1141 } else if (client->state == GOTD_STATE_EXPECT_HAVE) {
1142 client->state = GOTD_STATE_EXPECT_DONE;
1143 log_debug("uid %d: expecting 'done'",
1145 } else if (client->state ==
1146 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1147 client->state = GOTD_STATE_EXPECT_PACKFILE;
1148 log_debug("uid %d: expecting packfile",
1150 err = recv_packfile(client);
1152 /* should not happen, see above */
1153 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1154 "unexpected client state");
1158 case GOTD_IMSG_DONE:
1159 if (client->state != GOTD_STATE_EXPECT_HAVE &&
1160 client->state != GOTD_STATE_EXPECT_DONE) {
1161 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1162 "unexpected flush-pkt received");
1165 log_debug("received 'done' from uid %d", client->euid);
1166 err = ensure_client_is_reading(client);
1169 client->state = GOTD_STATE_DONE;
1170 err = send_packfile(client);
1173 err = got_error(GOT_ERR_PRIVSEP_MSG);
1181 if (err->code != GOT_ERR_EOF ||
1182 client->state != GOTD_STATE_EXPECT_PACKFILE)
1183 disconnect_on_error(client, err);
1185 gotd_imsg_event_add(&client->iev);
1186 if (client->state == GOTD_STATE_EXPECT_LIST_REFS)
1187 evtimer_add(&client->tmo, &auth_timeout);
1189 evtimer_add(&client->tmo, &gotd.request_timeout);
1194 gotd_request_timeout(int fd, short events, void *arg)
1196 struct gotd_client *client = arg;
1198 log_debug("disconnecting uid %d due to timeout", client->euid);
1202 static const struct got_error *
1203 recv_connect(uint32_t *client_id, struct imsg *imsg)
1205 const struct got_error *err = NULL;
1206 struct gotd_imsg_connect iconnect;
1209 struct gotd_client *client = NULL;
1213 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1214 if (datalen != sizeof(iconnect))
1215 return got_error(GOT_ERR_PRIVSEP_LEN);
1216 memcpy(&iconnect, imsg->data, sizeof(iconnect));
1220 err = got_error(GOT_ERR_PRIVSEP_NO_FD);
1224 if (find_client(iconnect.client_id)) {
1225 err = got_error_msg(GOT_ERR_CLIENT_ID, "duplicate client ID");
1229 client = calloc(1, sizeof(*client));
1230 if (client == NULL) {
1231 err = got_error_from_errno("calloc");
1235 *client_id = iconnect.client_id;
1237 client->state = GOTD_STATE_EXPECT_LIST_REFS;
1238 client->id = iconnect.client_id;
1241 client->delta_cache_fd = -1;
1242 /* The auth process will verify UID/GID for us. */
1243 client->euid = iconnect.euid;
1244 client->egid = iconnect.egid;
1245 client->nref_updates = -1;
1247 imsg_init(&client->iev.ibuf, client->fd);
1248 client->iev.handler = gotd_request;
1249 client->iev.events = EV_READ;
1250 client->iev.handler_arg = client;
1252 event_set(&client->iev.ev, client->fd, EV_READ, gotd_request,
1254 gotd_imsg_event_add(&client->iev);
1256 evtimer_set(&client->tmo, gotd_request_timeout, client);
1259 log_debug("%s: new client uid %d connected on fd %d", __func__,
1260 client->euid, client->fd);
1263 struct gotd_child_proc *listen_proc = &gotd.listen_proc;
1264 struct gotd_imsg_disconnect idisconnect;
1266 idisconnect.client_id = client->id;
1267 if (gotd_imsg_compose_event(&listen_proc->iev,
1268 GOTD_IMSG_DISCONNECT, PROC_GOTD, -1,
1269 &idisconnect, sizeof(idisconnect)) == -1)
1270 log_warn("imsg compose DISCONNECT");
1279 static const char *gotd_proc_names[PROC_MAX] = {
1288 kill_proc(struct gotd_child_proc *proc, int fatal)
1291 log_warnx("sending SIGKILL to PID %d", proc->pid);
1292 kill(proc->pid, SIGKILL);
1294 kill(proc->pid, SIGTERM);
1300 struct gotd_child_proc *proc;
1303 for (slot = 0; slot < nitems(gotd_clients); slot++) {
1304 struct gotd_client *c, *tmp;
1306 STAILQ_FOREACH_SAFE(c, &gotd_clients[slot], entry, tmp)
1310 proc = &gotd.listen_proc;
1311 msgbuf_clear(&proc->iev.ibuf.w);
1312 close(proc->iev.ibuf.fd);
1314 wait_for_child(proc->pid);
1316 log_info("terminating");
1321 gotd_sighdlr(int sig, short event, void *arg)
1324 * Normal signal handler rules don't apply because libevent
1330 log_info("%s: ignoring SIGHUP", __func__);
1333 log_info("%s: ignoring SIGUSR1", __func__);
1340 fatalx("unexpected signal");
1344 static const struct got_error *
1345 ensure_proc_is_reading(struct gotd_client *client,
1346 struct gotd_child_proc *proc)
1348 if (!client_is_reading(client)) {
1350 return got_error_fmt(GOT_ERR_BAD_PACKET,
1351 "PID %d handled a read-request for uid %d but this "
1352 "user is not reading from a repository", proc->pid,
1359 static const struct got_error *
1360 ensure_proc_is_writing(struct gotd_client *client,
1361 struct gotd_child_proc *proc)
1363 if (!client_is_writing(client)) {
1365 return got_error_fmt(GOT_ERR_BAD_PACKET,
1366 "PID %d handled a write-request for uid %d but this "
1367 "user is not writing to a repository", proc->pid,
1375 verify_imsg_src(struct gotd_client *client, struct gotd_child_proc *proc,
1378 const struct got_error *err;
1379 struct gotd_child_proc *client_proc;
1382 if (proc->type == PROC_REPO_READ || proc->type == PROC_REPO_WRITE) {
1383 client_proc = get_client_proc(client);
1384 if (client_proc == NULL)
1385 fatalx("no process found for uid %d", client->euid);
1386 if (proc->pid != client_proc->pid) {
1388 log_warnx("received message from PID %d for uid %d, "
1389 "while PID %d is the process serving this user",
1390 proc->pid, client->euid, client_proc->pid);
1395 switch (imsg->hdr.type) {
1396 case GOTD_IMSG_ERROR:
1399 case GOTD_IMSG_CONNECT:
1400 if (proc->type != PROC_LISTEN) {
1401 err = got_error_fmt(GOT_ERR_BAD_PACKET,
1402 "new connection for uid %d from PID %d "
1403 "which is not the listen process",
1404 proc->pid, client->euid);
1408 case GOTD_IMSG_ACCESS_GRANTED:
1409 if (proc->type != PROC_AUTH) {
1410 err = got_error_fmt(GOT_ERR_BAD_PACKET,
1411 "authentication of uid %d from PID %d "
1412 "which is not the auth process",
1413 proc->pid, client->euid);
1417 case GOTD_IMSG_REPO_CHILD_READY:
1418 if (proc->type != PROC_REPO_READ &&
1419 proc->type != PROC_REPO_WRITE) {
1420 err = got_error_fmt(GOT_ERR_BAD_PACKET,
1421 "unexpected \"ready\" signal from PID %d",
1426 case GOTD_IMSG_PACKFILE_DONE:
1427 err = ensure_proc_is_reading(client, proc);
1429 log_warnx("uid %d: %s", client->euid, err->msg);
1433 case GOTD_IMSG_PACKFILE_INSTALL:
1434 case GOTD_IMSG_REF_UPDATES_START:
1435 case GOTD_IMSG_REF_UPDATE:
1436 err = ensure_proc_is_writing(client, proc);
1438 log_warnx("uid %d: %s", client->euid, err->msg);
1443 log_debug("%s: unexpected imsg %d", __func__, imsg->hdr.type);
1450 static const struct got_error *
1451 list_refs_request(struct gotd_client *client, struct gotd_imsgev *iev)
1453 static const struct got_error *err;
1454 struct gotd_imsg_list_refs_internal ilref;
1457 memset(&ilref, 0, sizeof(ilref));
1458 ilref.client_id = client->id;
1460 fd = dup(client->fd);
1462 return got_error_from_errno("dup");
1464 if (gotd_imsg_compose_event(iev, GOTD_IMSG_LIST_REFS_INTERNAL,
1465 PROC_GOTD, fd, &ilref, sizeof(ilref)) == -1) {
1466 err = got_error_from_errno("imsg compose WANT");
1471 client->state = GOTD_STATE_EXPECT_CAPABILITIES;
1472 log_debug("uid %d: expecting capabilities", client->euid);
1476 static const struct got_error *
1477 recv_packfile_done(uint32_t *client_id, struct imsg *imsg)
1479 struct gotd_imsg_packfile_done idone;
1482 log_debug("packfile-done received");
1484 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1485 if (datalen != sizeof(idone))
1486 return got_error(GOT_ERR_PRIVSEP_LEN);
1487 memcpy(&idone, imsg->data, sizeof(idone));
1489 *client_id = idone.client_id;
1493 static const struct got_error *
1494 recv_packfile_install(uint32_t *client_id, struct imsg *imsg)
1496 struct gotd_imsg_packfile_install inst;
1499 log_debug("packfile-install received");
1501 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1502 if (datalen != sizeof(inst))
1503 return got_error(GOT_ERR_PRIVSEP_LEN);
1504 memcpy(&inst, imsg->data, sizeof(inst));
1506 *client_id = inst.client_id;
1510 static const struct got_error *
1511 recv_ref_updates_start(uint32_t *client_id, struct imsg *imsg)
1513 struct gotd_imsg_ref_updates_start istart;
1516 log_debug("ref-updates-start received");
1518 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1519 if (datalen != sizeof(istart))
1520 return got_error(GOT_ERR_PRIVSEP_LEN);
1521 memcpy(&istart, imsg->data, sizeof(istart));
1523 *client_id = istart.client_id;
1527 static const struct got_error *
1528 recv_ref_update(uint32_t *client_id, struct imsg *imsg)
1530 struct gotd_imsg_ref_update iref;
1533 log_debug("ref-update received");
1535 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1536 if (datalen < sizeof(iref))
1537 return got_error(GOT_ERR_PRIVSEP_LEN);
1538 memcpy(&iref, imsg->data, sizeof(iref));
1540 *client_id = iref.client_id;
1544 static const struct got_error *
1545 send_ref_update_ok(struct gotd_client *client,
1546 struct gotd_imsg_ref_update *iref, const char *refname)
1548 struct gotd_imsg_ref_update_ok iok;
1552 memset(&iok, 0, sizeof(iok));
1553 iok.client_id = client->id;
1554 memcpy(iok.old_id, iref->old_id, SHA1_DIGEST_LENGTH);
1555 memcpy(iok.new_id, iref->new_id, SHA1_DIGEST_LENGTH);
1556 iok.name_len = strlen(refname);
1558 len = sizeof(iok) + iok.name_len;
1559 wbuf = imsg_create(&client->iev.ibuf, GOTD_IMSG_REF_UPDATE_OK,
1560 PROC_GOTD, gotd.pid, len);
1562 return got_error_from_errno("imsg_create REF_UPDATE_OK");
1564 if (imsg_add(wbuf, &iok, sizeof(iok)) == -1)
1565 return got_error_from_errno("imsg_add REF_UPDATE_OK");
1566 if (imsg_add(wbuf, refname, iok.name_len) == -1)
1567 return got_error_from_errno("imsg_add REF_UPDATE_OK");
1570 imsg_close(&client->iev.ibuf, wbuf);
1571 gotd_imsg_event_add(&client->iev);
1576 send_refs_updated(struct gotd_client *client)
1578 if (gotd_imsg_compose_event(&client->iev,
1579 GOTD_IMSG_REFS_UPDATED, PROC_GOTD, -1, NULL, 0) == -1)
1580 log_warn("imsg compose REFS_UPDATED");
1583 static const struct got_error *
1584 send_ref_update_ng(struct gotd_client *client,
1585 struct gotd_imsg_ref_update *iref, const char *refname,
1588 const struct got_error *ng_err;
1589 struct gotd_imsg_ref_update_ng ing;
1593 memset(&ing, 0, sizeof(ing));
1594 ing.client_id = client->id;
1595 memcpy(ing.old_id, iref->old_id, SHA1_DIGEST_LENGTH);
1596 memcpy(ing.new_id, iref->new_id, SHA1_DIGEST_LENGTH);
1597 ing.name_len = strlen(refname);
1599 ng_err = got_error_fmt(GOT_ERR_REF_BUSY, "%s", reason);
1600 ing.reason_len = strlen(ng_err->msg);
1602 len = sizeof(ing) + ing.name_len + ing.reason_len;
1603 wbuf = imsg_create(&client->iev.ibuf, GOTD_IMSG_REF_UPDATE_NG,
1604 PROC_GOTD, gotd.pid, len);
1606 return got_error_from_errno("imsg_create REF_UPDATE_NG");
1608 if (imsg_add(wbuf, &ing, sizeof(ing)) == -1)
1609 return got_error_from_errno("imsg_add REF_UPDATE_NG");
1610 if (imsg_add(wbuf, refname, ing.name_len) == -1)
1611 return got_error_from_errno("imsg_add REF_UPDATE_NG");
1612 if (imsg_add(wbuf, ng_err->msg, ing.reason_len) == -1)
1613 return got_error_from_errno("imsg_add REF_UPDATE_NG");
1616 imsg_close(&client->iev.ibuf, wbuf);
1617 gotd_imsg_event_add(&client->iev);
1621 static const struct got_error *
1622 install_pack(struct gotd_client *client, const char *repo_path,
1625 const struct got_error *err = NULL;
1626 struct gotd_imsg_packfile_install inst;
1627 char hex[SHA1_DIGEST_STRING_LENGTH];
1629 char *packfile_path = NULL, *packidx_path = NULL;
1631 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1632 if (datalen != sizeof(inst))
1633 return got_error(GOT_ERR_PRIVSEP_LEN);
1634 memcpy(&inst, imsg->data, sizeof(inst));
1636 if (client->packfile_path == NULL)
1637 return got_error_msg(GOT_ERR_BAD_REQUEST,
1638 "client has no pack file");
1639 if (client->packidx_path == NULL)
1640 return got_error_msg(GOT_ERR_BAD_REQUEST,
1641 "client has no pack file index");
1643 if (got_sha1_digest_to_str(inst.pack_sha1, hex, sizeof(hex)) == NULL)
1644 return got_error_msg(GOT_ERR_NO_SPACE,
1645 "could not convert pack file SHA1 to hex");
1647 if (asprintf(&packfile_path, "/%s/%s/pack-%s.pack",
1648 repo_path, GOT_OBJECTS_PACK_DIR, hex) == -1) {
1649 err = got_error_from_errno("asprintf");
1653 if (asprintf(&packidx_path, "/%s/%s/pack-%s.idx",
1654 repo_path, GOT_OBJECTS_PACK_DIR, hex) == -1) {
1655 err = got_error_from_errno("asprintf");
1659 if (rename(client->packfile_path, packfile_path) == -1) {
1660 err = got_error_from_errno3("rename", client->packfile_path,
1665 free(client->packfile_path);
1666 client->packfile_path = NULL;
1668 if (rename(client->packidx_path, packidx_path) == -1) {
1669 err = got_error_from_errno3("rename", client->packidx_path,
1674 free(client->packidx_path);
1675 client->packidx_path = NULL;
1677 free(packfile_path);
1682 static const struct got_error *
1683 begin_ref_updates(struct gotd_client *client, struct imsg *imsg)
1685 struct gotd_imsg_ref_updates_start istart;
1688 if (client->nref_updates != -1)
1689 return got_error(GOT_ERR_PRIVSEP_MSG);
1691 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1692 if (datalen != sizeof(istart))
1693 return got_error(GOT_ERR_PRIVSEP_LEN);
1694 memcpy(&istart, imsg->data, sizeof(istart));
1696 if (istart.nref_updates <= 0)
1697 return got_error(GOT_ERR_PRIVSEP_MSG);
1699 client->nref_updates = istart.nref_updates;
1703 static const struct got_error *
1704 update_ref(struct gotd_client *client, const char *repo_path,
1707 const struct got_error *err = NULL;
1708 struct got_repository *repo = NULL;
1709 struct got_reference *ref = NULL;
1710 struct gotd_imsg_ref_update iref;
1711 struct got_object_id old_id, new_id;
1712 struct got_object_id *id = NULL;
1713 struct got_object *obj = NULL;
1714 char *refname = NULL;
1718 log_debug("update-ref from uid %d", client->euid);
1720 if (client->nref_updates <= 0)
1721 return got_error(GOT_ERR_PRIVSEP_MSG);
1723 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1724 if (datalen < sizeof(iref))
1725 return got_error(GOT_ERR_PRIVSEP_LEN);
1726 memcpy(&iref, imsg->data, sizeof(iref));
1727 if (datalen != sizeof(iref) + iref.name_len)
1728 return got_error(GOT_ERR_PRIVSEP_LEN);
1729 refname = malloc(iref.name_len + 1);
1730 if (refname == NULL)
1731 return got_error_from_errno("malloc");
1732 memcpy(refname, imsg->data + sizeof(iref), iref.name_len);
1733 refname[iref.name_len] = '\0';
1735 log_debug("updating ref %s for uid %d", refname, client->euid);
1737 err = got_repo_open(&repo, repo_path, NULL, NULL);
1741 memcpy(old_id.sha1, iref.old_id, SHA1_DIGEST_LENGTH);
1742 memcpy(new_id.sha1, iref.new_id, SHA1_DIGEST_LENGTH);
1743 err = got_object_open(&obj, repo, &new_id);
1747 if (iref.ref_is_new) {
1748 err = got_ref_open(&ref, repo, refname, 0);
1750 if (err->code != GOT_ERR_NOT_REF)
1752 err = got_ref_alloc(&ref, refname, &new_id);
1755 err = got_ref_write(ref, repo); /* will lock/unlock */
1759 err = got_error_fmt(GOT_ERR_REF_BUSY,
1760 "%s has been created by someone else "
1761 "while transaction was in progress",
1762 got_ref_get_name(ref));
1766 err = got_ref_open(&ref, repo, refname, 1 /* lock */);
1771 err = got_ref_resolve(&id, repo, ref);
1775 if (got_object_id_cmp(id, &old_id) != 0) {
1776 err = got_error_fmt(GOT_ERR_REF_BUSY,
1777 "%s has been modified by someone else "
1778 "while transaction was in progress",
1779 got_ref_get_name(ref));
1783 err = got_ref_change_ref(ref, &new_id);
1787 err = got_ref_write(ref, repo);
1796 if (err->code == GOT_ERR_LOCKFILE_TIMEOUT) {
1797 err = got_error_fmt(GOT_ERR_LOCKFILE_TIMEOUT,
1798 "could not acquire exclusive file lock for %s",
1801 send_ref_update_ng(client, &iref, refname, err->msg);
1803 send_ref_update_ok(client, &iref, refname);
1805 if (client->nref_updates > 0) {
1806 client->nref_updates--;
1807 if (client->nref_updates == 0)
1808 send_refs_updated(client);
1812 const struct got_error *unlock_err;
1813 unlock_err = got_ref_unlock(ref);
1814 if (unlock_err && err == NULL)
1820 got_object_close(obj);
1822 got_repo_close(repo);
1829 gotd_dispatch_listener(int fd, short event, void *arg)
1831 struct gotd_imsgev *iev = arg;
1832 struct imsgbuf *ibuf = &iev->ibuf;
1833 struct gotd_child_proc *proc = &gotd.listen_proc;
1838 if (proc->iev.ibuf.fd != fd)
1839 fatalx("%s: unexpected fd %d", __func__, fd);
1841 if (event & EV_READ) {
1842 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
1843 fatal("imsg_read error");
1845 /* Connection closed. */
1851 if (event & EV_WRITE) {
1852 n = msgbuf_write(&ibuf->w);
1853 if (n == -1 && errno != EAGAIN)
1854 fatal("msgbuf_write");
1856 /* Connection closed. */
1863 const struct got_error *err = NULL;
1864 struct gotd_client *client = NULL;
1865 uint32_t client_id = 0;
1866 int do_disconnect = 0;
1868 if ((n = imsg_get(ibuf, &imsg)) == -1)
1869 fatal("%s: imsg_get error", __func__);
1870 if (n == 0) /* No more messages. */
1873 switch (imsg.hdr.type) {
1874 case GOTD_IMSG_ERROR:
1876 err = gotd_imsg_recv_error(&client_id, &imsg);
1878 case GOTD_IMSG_CONNECT:
1879 err = recv_connect(&client_id, &imsg);
1882 log_debug("unexpected imsg %d", imsg.hdr.type);
1886 client = find_client(client_id);
1887 if (client == NULL) {
1888 log_warnx("%s: client not found", __func__);
1894 log_warnx("uid %d: %s", client->euid, err->msg);
1896 if (do_disconnect) {
1898 disconnect_on_error(client, err);
1907 gotd_imsg_event_add(iev);
1909 /* This pipe is dead. Remove its event handler */
1910 event_del(&iev->ev);
1911 event_loopexit(NULL);
1916 gotd_dispatch_auth_child(int fd, short event, void *arg)
1918 const struct got_error *err = NULL;
1919 struct gotd_imsgev *iev = arg;
1920 struct imsgbuf *ibuf = &iev->ibuf;
1921 struct gotd_client *client;
1922 struct gotd_repo *repo = NULL;
1926 uint32_t client_id = 0;
1927 int do_disconnect = 0;
1928 enum gotd_procid proc_type;
1930 client = find_client_by_proc_fd(fd);
1932 fatalx("cannot find client for fd %d", fd);
1934 if (client->auth == NULL)
1935 fatalx("cannot find auth child process for fd %d", fd);
1937 if (event & EV_READ) {
1938 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
1939 fatal("imsg_read error");
1941 /* Connection closed. */
1947 if (event & EV_WRITE) {
1948 n = msgbuf_write(&ibuf->w);
1949 if (n == -1 && errno != EAGAIN)
1950 fatal("msgbuf_write");
1952 /* Connection closed. */
1958 if (client->auth->iev.ibuf.fd != fd)
1959 fatalx("%s: unexpected fd %d", __func__, fd);
1961 if ((n = imsg_get(ibuf, &imsg)) == -1)
1962 fatal("%s: imsg_get error", __func__);
1963 if (n == 0) /* No more messages. */
1966 evtimer_del(&client->tmo);
1968 switch (imsg.hdr.type) {
1969 case GOTD_IMSG_ERROR:
1971 err = gotd_imsg_recv_error(&client_id, &imsg);
1973 case GOTD_IMSG_ACCESS_GRANTED:
1977 log_debug("unexpected imsg %d", imsg.hdr.type);
1981 if (!verify_imsg_src(client, client->auth, &imsg)) {
1983 log_debug("dropping imsg type %d from PID %d",
1984 imsg.hdr.type, client->auth->pid);
1988 if (do_disconnect) {
1990 disconnect_on_error(client, err);
1996 repo = find_repo_by_name(client->auth->repo_name);
1998 err = got_error(GOT_ERR_NOT_GIT_REPO);
2001 kill_auth_proc(client);
2003 log_info("authenticated uid %d for repository %s\n",
2004 client->euid, repo->name);
2006 if (client->required_auth & GOTD_AUTH_WRITE)
2007 proc_type = PROC_REPO_WRITE;
2009 proc_type = PROC_REPO_READ;
2011 err = start_repo_child(client, proc_type, repo, gotd.argv0,
2012 gotd.confpath, gotd.daemonize, gotd.verbosity);
2015 log_warnx("uid %d: %s", client->euid, err->msg);
2017 /* We might have killed the auth process by now. */
2018 if (client->auth != NULL) {
2020 gotd_imsg_event_add(iev);
2022 /* This pipe is dead. Remove its event handler */
2023 event_del(&iev->ev);
2029 gotd_dispatch_repo_child(int fd, short event, void *arg)
2031 struct gotd_imsgev *iev = arg;
2032 struct imsgbuf *ibuf = &iev->ibuf;
2033 struct gotd_child_proc *proc = NULL;
2034 struct gotd_client *client = NULL;
2039 if (event & EV_READ) {
2040 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
2041 fatal("imsg_read error");
2043 /* Connection closed. */
2049 if (event & EV_WRITE) {
2050 n = msgbuf_write(&ibuf->w);
2051 if (n == -1 && errno != EAGAIN)
2052 fatal("msgbuf_write");
2054 /* Connection closed. */
2060 client = find_client_by_proc_fd(fd);
2062 fatalx("cannot find client for fd %d", fd);
2064 proc = get_client_proc(client);
2066 fatalx("cannot find child process for fd %d", fd);
2069 const struct got_error *err = NULL;
2070 uint32_t client_id = 0;
2071 int do_disconnect = 0;
2072 int do_list_refs = 0, do_ref_updates = 0, do_ref_update = 0;
2073 int do_packfile_install = 0;
2075 if ((n = imsg_get(ibuf, &imsg)) == -1)
2076 fatal("%s: imsg_get error", __func__);
2077 if (n == 0) /* No more messages. */
2080 switch (imsg.hdr.type) {
2081 case GOTD_IMSG_ERROR:
2083 err = gotd_imsg_recv_error(&client_id, &imsg);
2085 case GOTD_IMSG_REPO_CHILD_READY:
2088 case GOTD_IMSG_PACKFILE_DONE:
2090 err = recv_packfile_done(&client_id, &imsg);
2092 case GOTD_IMSG_PACKFILE_INSTALL:
2093 err = recv_packfile_install(&client_id, &imsg);
2095 do_packfile_install = 1;
2097 case GOTD_IMSG_REF_UPDATES_START:
2098 err = recv_ref_updates_start(&client_id, &imsg);
2102 case GOTD_IMSG_REF_UPDATE:
2103 err = recv_ref_update(&client_id, &imsg);
2108 log_debug("unexpected imsg %d", imsg.hdr.type);
2112 if (!verify_imsg_src(client, proc, &imsg)) {
2113 log_debug("dropping imsg type %d from PID %d",
2114 imsg.hdr.type, proc->pid);
2119 log_warnx("uid %d: %s", client->euid, err->msg);
2121 if (do_disconnect) {
2123 disconnect_on_error(client, err);
2128 err = list_refs_request(client, iev);
2129 else if (do_packfile_install)
2130 err = install_pack(client, proc->repo_path,
2132 else if (do_ref_updates)
2133 err = begin_ref_updates(client, &imsg);
2134 else if (do_ref_update)
2135 err = update_ref(client, proc->repo_path,
2138 log_warnx("uid %d: %s", client->euid, err->msg);
2144 gotd_imsg_event_add(iev);
2146 /* This pipe is dead. Remove its event handler */
2147 event_del(&iev->ev);
2148 event_loopexit(NULL);
2153 start_child(enum gotd_procid proc_id, const char *repo_path,
2154 char *argv0, const char *confpath, int fd, int daemonize, int verbosity)
2160 switch (pid = fork()) {
2162 fatal("cannot fork");
2170 if (fd != GOTD_FILENO_MSG_PIPE) {
2171 if (dup2(fd, GOTD_FILENO_MSG_PIPE) == -1)
2172 fatal("cannot setup imsg fd");
2173 } else if (fcntl(fd, F_SETFD, 0) == -1)
2174 fatal("cannot setup imsg fd");
2176 argv[argc++] = argv0;
2179 argv[argc++] = (char *)"-L";
2182 argv[argc++] = (char *)"-A";
2184 case PROC_REPO_READ:
2185 argv[argc++] = (char *)"-R";
2187 case PROC_REPO_WRITE:
2188 argv[argc++] = (char *)"-W";
2191 fatalx("invalid process id %d", proc_id);
2194 argv[argc++] = (char *)"-f";
2195 argv[argc++] = (char *)confpath;
2198 argv[argc++] = (char *)"-P";
2199 argv[argc++] = (char *)repo_path;
2203 argv[argc++] = (char *)"-d";
2205 argv[argc++] = (char *)"-v";
2207 argv[argc++] = (char *)"-v";
2208 argv[argc++] = NULL;
2210 execvp(argv0, argv);
2215 start_listener(char *argv0, const char *confpath, int daemonize, int verbosity)
2217 struct gotd_child_proc *proc = &gotd.listen_proc;
2219 proc->type = PROC_LISTEN;
2221 if (socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK,
2222 PF_UNSPEC, proc->pipe) == -1)
2223 fatal("socketpair");
2225 proc->pid = start_child(proc->type, NULL, argv0, confpath,
2226 proc->pipe[1], daemonize, verbosity);
2227 imsg_init(&proc->iev.ibuf, proc->pipe[0]);
2228 proc->iev.handler = gotd_dispatch_listener;
2229 proc->iev.events = EV_READ;
2230 proc->iev.handler_arg = NULL;
2233 static const struct got_error *
2234 start_repo_child(struct gotd_client *client, enum gotd_procid proc_type,
2235 struct gotd_repo *repo, char *argv0, const char *confpath,
2236 int daemonize, int verbosity)
2238 struct gotd_child_proc *proc;
2240 if (proc_type != PROC_REPO_READ && proc_type != PROC_REPO_WRITE)
2241 return got_error_msg(GOT_ERR_NOT_IMPL, "bad process type");
2243 proc = calloc(1, sizeof(*proc));
2245 return got_error_from_errno("calloc");
2247 proc->type = proc_type;
2248 if (strlcpy(proc->repo_name, repo->name,
2249 sizeof(proc->repo_name)) >= sizeof(proc->repo_name))
2250 fatalx("repository name too long: %s", repo->name);
2251 log_debug("starting %s for repository %s",
2252 proc->type == PROC_REPO_READ ? "reader" : "writer", repo->name);
2253 if (realpath(repo->path, proc->repo_path) == NULL)
2254 fatal("%s", repo->path);
2255 if (socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK,
2256 PF_UNSPEC, proc->pipe) == -1)
2257 fatal("socketpair");
2258 proc->pid = start_child(proc->type, proc->repo_path, argv0,
2259 confpath, proc->pipe[1], daemonize, verbosity);
2260 imsg_init(&proc->iev.ibuf, proc->pipe[0]);
2261 log_debug("proc %s %s is on fd %d",
2262 gotd_proc_names[proc->type], proc->repo_path,
2264 proc->iev.handler = gotd_dispatch_repo_child;
2265 proc->iev.events = EV_READ;
2266 proc->iev.handler_arg = NULL;
2267 event_set(&proc->iev.ev, proc->iev.ibuf.fd, EV_READ,
2268 gotd_dispatch_repo_child, &proc->iev);
2269 gotd_imsg_event_add(&proc->iev);
2271 if (proc->type == PROC_REPO_READ)
2272 client->repo_read = proc;
2274 client->repo_write = proc;
2279 static const struct got_error *
2280 start_auth_child(struct gotd_client *client, int required_auth,
2281 struct gotd_repo *repo, char *argv0, const char *confpath,
2282 int daemonize, int verbosity)
2284 const struct got_error *err = NULL;
2285 struct gotd_child_proc *proc;
2286 struct gotd_imsg_auth iauth;
2289 memset(&iauth, 0, sizeof(iauth));
2291 fd = dup(client->fd);
2293 return got_error_from_errno("dup");
2295 proc = calloc(1, sizeof(*proc));
2297 err = got_error_from_errno("calloc");
2302 proc->type = PROC_AUTH;
2303 if (strlcpy(proc->repo_name, repo->name,
2304 sizeof(proc->repo_name)) >= sizeof(proc->repo_name))
2305 fatalx("repository name too long: %s", repo->name);
2306 log_debug("starting auth for uid %d repository %s",
2307 client->euid, repo->name);
2308 if (realpath(repo->path, proc->repo_path) == NULL)
2309 fatal("%s", repo->path);
2310 if (socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK,
2311 PF_UNSPEC, proc->pipe) == -1)
2312 fatal("socketpair");
2313 proc->pid = start_child(proc->type, proc->repo_path, argv0,
2314 confpath, proc->pipe[1], daemonize, verbosity);
2315 imsg_init(&proc->iev.ibuf, proc->pipe[0]);
2316 log_debug("proc %s %s is on fd %d",
2317 gotd_proc_names[proc->type], proc->repo_path,
2319 proc->iev.handler = gotd_dispatch_auth_child;
2320 proc->iev.events = EV_READ;
2321 proc->iev.handler_arg = NULL;
2322 event_set(&proc->iev.ev, proc->iev.ibuf.fd, EV_READ,
2323 gotd_dispatch_auth_child, &proc->iev);
2324 gotd_imsg_event_add(&proc->iev);
2326 iauth.euid = client->euid;
2327 iauth.egid = client->egid;
2328 iauth.required_auth = required_auth;
2329 iauth.client_id = client->id;
2330 if (gotd_imsg_compose_event(&proc->iev, GOTD_IMSG_AUTHENTICATE,
2331 PROC_GOTD, fd, &iauth, sizeof(iauth)) == -1) {
2332 log_warn("imsg compose AUTHENTICATE");
2334 /* Let the auth_timeout handler tidy up. */
2337 client->auth = proc;
2338 client->required_auth = required_auth;
2343 apply_unveil_repo_readonly(const char *repo_path)
2345 if (unveil(repo_path, "r") == -1)
2346 fatal("unveil %s", repo_path);
2348 if (unveil(NULL, NULL) == -1)
2353 apply_unveil_none(void)
2355 if (unveil("/", "") == -1)
2358 if (unveil(NULL, NULL) == -1)
2365 struct gotd_repo *repo;
2367 if (unveil(gotd.argv0, "x") == -1)
2368 fatal("unveil %s", gotd.argv0);
2370 TAILQ_FOREACH(repo, &gotd.repos, entry) {
2371 if (unveil(repo->path, "rwc") == -1)
2372 fatal("unveil %s", repo->path);
2375 if (unveil(GOT_TMPDIR_STR, "rwc") == -1)
2376 fatal("unveil %s", GOT_TMPDIR_STR);
2378 if (unveil(NULL, NULL) == -1)
2383 main(int argc, char **argv)
2385 const struct got_error *error = NULL;
2386 int ch, fd = -1, daemonize = 1, verbosity = 0, noaction = 0;
2387 const char *confpath = GOTD_CONF_PATH;
2388 char *argv0 = argv[0];
2390 struct passwd *pw = NULL;
2391 char *repo_path = NULL;
2392 enum gotd_procid proc_id = PROC_GOTD;
2393 struct event evsigint, evsigterm, evsighup, evsigusr1;
2394 int *pack_fds = NULL, *temp_fds = NULL;
2396 log_init(1, LOG_DAEMON); /* Log to stderr until daemonized. */
2398 while ((ch = getopt(argc, argv, "Adf:LnP:RvW")) != -1) {
2401 proc_id = PROC_AUTH;
2410 proc_id = PROC_LISTEN;
2416 repo_path = realpath(optarg, NULL);
2417 if (repo_path == NULL)
2418 fatal("realpath '%s'", optarg);
2421 proc_id = PROC_REPO_READ;
2428 proc_id = PROC_REPO_WRITE;
2441 /* Require an absolute path in argv[0] for reliable re-exec. */
2442 if (!got_path_is_absolute(argv0))
2443 fatalx("bad path \"%s\": must be an absolute path", argv0);
2445 if (geteuid() && (proc_id == PROC_GOTD || proc_id == PROC_LISTEN))
2446 fatalx("need root privileges");
2448 log_init(daemonize ? 0 : 1, LOG_DAEMON);
2449 log_setverbose(verbosity);
2451 if (parse_config(confpath, proc_id, &gotd) != 0)
2455 gotd.daemonize = daemonize;
2456 gotd.verbosity = verbosity;
2457 gotd.confpath = confpath;
2459 if (proc_id == PROC_GOTD &&
2460 (gotd.nrepos == 0 || TAILQ_EMPTY(&gotd.repos)))
2461 fatalx("no repository defined in configuration file");
2463 pw = getpwnam(gotd.user_name);
2465 fatalx("user %s not found", gotd.user_name);
2467 if (pw->pw_uid == 0) {
2468 fatalx("cannot run %s as %s: the user running %s "
2469 "must not be the superuser",
2470 getprogname(), pw->pw_name, getprogname());
2473 if (proc_id == PROC_LISTEN &&
2474 !got_path_is_absolute(gotd.unix_socket_path))
2475 fatalx("bad unix socket path \"%s\": must be an absolute path",
2476 gotd.unix_socket_path);
2481 if (proc_id == PROC_GOTD) {
2482 gotd.pid = getpid();
2483 snprintf(title, sizeof(title), "%s", gotd_proc_names[proc_id]);
2484 start_listener(argv0, confpath, daemonize, verbosity);
2485 arc4random_buf(&clients_hash_key, sizeof(clients_hash_key));
2486 if (daemonize && daemon(1, 0) == -1)
2488 } else if (proc_id == PROC_LISTEN) {
2489 snprintf(title, sizeof(title), "%s", gotd_proc_names[proc_id]);
2491 log_info("socket: %s", gotd.unix_socket_path);
2492 log_info("user: %s", pw->pw_name);
2495 fd = unix_socket_listen(gotd.unix_socket_path, pw->pw_uid,
2498 fatal("cannot listen on unix socket %s",
2499 gotd.unix_socket_path);
2501 if (daemonize && daemon(0, 0) == -1)
2503 } else if (proc_id == PROC_AUTH) {
2504 snprintf(title, sizeof(title), "%s %s",
2505 gotd_proc_names[proc_id], repo_path);
2506 if (daemonize && daemon(0, 0) == -1)
2508 } else if (proc_id == PROC_REPO_READ || proc_id == PROC_REPO_WRITE) {
2509 error = got_repo_pack_fds_open(&pack_fds);
2511 fatalx("cannot open pack tempfiles: %s", error->msg);
2512 error = got_repo_temp_fds_open(&temp_fds);
2514 fatalx("cannot open pack tempfiles: %s", error->msg);
2515 if (repo_path == NULL)
2516 fatalx("repository path not specified");
2517 snprintf(title, sizeof(title), "%s %s",
2518 gotd_proc_names[proc_id], repo_path);
2519 if (daemonize && daemon(0, 0) == -1)
2522 fatal("invalid process id %d", proc_id);
2524 setproctitle("%s", title);
2525 log_procinit(title);
2527 /* Drop root privileges. */
2528 if (setgid(pw->pw_gid) == -1)
2529 fatal("setgid %d failed", pw->pw_gid);
2530 if (setuid(pw->pw_uid) == -1)
2531 fatal("setuid %d failed", pw->pw_uid);
2538 if (pledge("stdio rpath wpath cpath proc exec "
2539 "sendfd recvfd fattr flock unveil", NULL) == -1)
2545 if (pledge("stdio sendfd unix unveil", NULL) == -1)
2549 * Ensure that AF_UNIX bind(2) cannot be used with any other
2550 * sockets by revoking all filesystem access via unveil(2).
2552 apply_unveil_none();
2554 listen_main(title, fd, gotd.connection_limits,
2555 gotd.nconnection_limits);
2560 if (pledge("stdio getpw recvfd unix unveil", NULL) == -1)
2564 * We need the "unix" pledge promise for getpeername(2) only.
2565 * Ensure that AF_UNIX bind(2) cannot be used by revoking all
2566 * filesystem access via unveil(2). Access to password database
2567 * files will still work since "getpw" bypasses unveil(2).
2569 apply_unveil_none();
2571 auth_main(title, &gotd.repos, repo_path);
2574 case PROC_REPO_READ:
2576 if (pledge("stdio rpath recvfd unveil", NULL) == -1)
2579 apply_unveil_repo_readonly(repo_path);
2580 repo_read_main(title, repo_path, pack_fds, temp_fds);
2583 case PROC_REPO_WRITE:
2585 if (pledge("stdio rpath recvfd unveil", NULL) == -1)
2588 apply_unveil_repo_readonly(repo_path);
2589 repo_write_main(title, repo_path, pack_fds, temp_fds);
2593 fatal("invalid process id %d", proc_id);
2596 if (proc_id != PROC_GOTD)
2597 fatal("invalid process id %d", proc_id);
2601 signal_set(&evsigint, SIGINT, gotd_sighdlr, NULL);
2602 signal_set(&evsigterm, SIGTERM, gotd_sighdlr, NULL);
2603 signal_set(&evsighup, SIGHUP, gotd_sighdlr, NULL);
2604 signal_set(&evsigusr1, SIGUSR1, gotd_sighdlr, NULL);
2605 signal(SIGPIPE, SIG_IGN);
2607 signal_add(&evsigint, NULL);
2608 signal_add(&evsigterm, NULL);
2609 signal_add(&evsighup, NULL);
2610 signal_add(&evsigusr1, NULL);
2612 gotd_imsg_event_add(&gotd.listen_proc.iev);
2617 got_repo_pack_fds_close(pack_fds);
