Gotweb

Blob

Date:: Sat Sep 8 14:40:28 2018 UTC
Message:: implement fork+exec (and by the way, fix the build...)
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2018 Stefan Sperling <stsp@openbsd.org>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <sys/types.h>
18 #include <sys/stat.h>
19 #include <sys/queue.h>
20 #include <sys/uio.h>
21 #include <sys/socket.h>
22 #include <sys/wait.h>
23 
24 #include <errno.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <stdint.h>
29 #include <sha1.h>
30 #include <zlib.h>
31 #include <ctype.h>
32 #include <limits.h>
33 #include <imsg.h>
34 #include <time.h>
35 #include <unistd.h>
36 
37 #include "got_error.h"
38 #include "got_object.h"
39 #include "got_repository.h"
40 #include "got_opentemp.h"
41 
42 #include "got_lib_sha1.h"
43 #include "got_lib_delta.h"
44 #include "got_lib_privsep.h"
45 #include "got_lib_pack.h"
46 #include "got_lib_inflate.h"
47 #include "got_lib_object.h"
48 #include "got_lib_repository.h"
49 
50 #ifndef nitems
51 #define nitems(_a) (sizeof(_a) / sizeof((_a)[0]))
52 #endif
53 
54 #define GOT_OBJ_TAG_COMMIT	"commit"
55 #define GOT_OBJ_TAG_TREE	"tree"
56 #define GOT_OBJ_TAG_BLOB	"blob"
57 
58 #define GOT_COMMIT_TAG_TREE		"tree "
59 #define GOT_COMMIT_TAG_PARENT		"parent "
60 #define GOT_COMMIT_TAG_AUTHOR		"author "
61 #define GOT_COMMIT_TAG_COMMITTER	"committer "
62 
63 void
64 got_object_close(struct got_object *obj)
65 {
66 	if (obj->refcnt > 0) {
67 		obj->refcnt--;
68 		if (obj->refcnt > 0)
69 			return;
70 	}
71 
72 	if (obj->flags & GOT_OBJ_FLAG_DELTIFIED) {
73 		struct got_delta *delta;
74 		while (!SIMPLEQ_EMPTY(&obj->deltas.entries)) {
75 			delta = SIMPLEQ_FIRST(&obj->deltas.entries);
76 			SIMPLEQ_REMOVE_HEAD(&obj->deltas.entries, entry);
77 			got_delta_close(delta);
78 		}
79 	}
80 	if (obj->flags & GOT_OBJ_FLAG_PACKED)
81 		free(obj->path_packfile);
82 	free(obj);
83 }
84 
85 void
86 got_object_qid_free(struct got_object_qid *qid)
87 {
88 	free(qid->id);
89 	free(qid);
90 }
91 
92 static const struct got_error *
93 request_object(struct got_object **obj, struct got_repository *repo, int fd)
94 {
95 	const struct got_error *err = NULL;
96 	struct imsgbuf ibuf;
97 
98 	imsg_init(&ibuf,
99 	    repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_OBJECT].imsg_fd);
100 
101 	err = got_privsep_send_obj_req(&ibuf, fd, NULL);
102 	if (err)
103 		goto done;
104 	err = got_privsep_recv_obj(obj, &ibuf);
105 done:
106 	imsg_clear(&ibuf);
107 	return err;
108 }
109 
110 static void
111 exec_privsep_child(int imsg_fds[2], const char *path)
112 {
113 	close(imsg_fds[0]);
114 
115 	if (dup2(imsg_fds[1], GOT_IMSG_FD_CHILD) == -1) {
116 		fprintf(stderr, "%s: %s\n", getprogname(),
117 		    strerror(errno));
118 		_exit(1);
119 	}
120 	if (closefrom(GOT_IMSG_FD_CHILD + 1) == -1) {
121 		fprintf(stderr, "%s: %s\n", getprogname(),
122 		    strerror(errno));
123 		_exit(1);
124 	}
125 
126 	if (execl(path, path, (char *)NULL) == -1) {
127 		fprintf(stderr, "%s: %s: %s\n", getprogname(), path,
128 		    strerror(errno));
129 		_exit(1);
130 	}
131 }
132 
133 const struct got_error *
134 got_object_read_header_privsep(struct got_object **obj,
135     struct got_repository *repo, int obj_fd)
136 {
137 	int imsg_fds[2];
138 	pid_t pid;
139 
140 	if (repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_OBJECT].imsg_fd != -1)
141 		return request_object(obj, repo, obj_fd);
142 
143 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
144 		return got_error_from_errno();
145 
146 	pid = fork();
147 	if (pid == -1)
148 		return got_error_from_errno();
149 	else if (pid == 0) {
150 		exec_privsep_child(imsg_fds, GOT_PATH_PROG_READ_OBJECT);
151 		/* not reached */
152 	}
153 
154 	close(imsg_fds[1]);
155 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_OBJECT].imsg_fd =
156 	    imsg_fds[0];
157 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_OBJECT].pid = pid;
158 
159 	return request_object(obj, repo, obj_fd);
160 }
161 
162 struct got_commit_object *
163 got_object_commit_alloc_partial(void)
164 {
165 	struct got_commit_object *commit;
166 
167 	commit = calloc(1, sizeof(*commit));
168 	if (commit == NULL)
169 		return NULL;
170 	commit->tree_id = calloc(1, sizeof(*commit->tree_id));
171 	if (commit->tree_id == NULL) {
172 		free(commit);
173 		return NULL;
174 	}
175 
176 	SIMPLEQ_INIT(&commit->parent_ids);
177 
178 	return commit;
179 }
180 
181 const struct got_error *
182 got_object_commit_add_parent(struct got_commit_object *commit,
183     const char *id_str)
184 {
185 	const struct got_error *err = NULL;
186 	struct got_object_qid *qid;
187 
188 	qid = malloc(sizeof(*qid));
189 	if (qid == NULL)
190 		return got_error_from_errno();
191 
192 	qid->id = malloc(sizeof(*qid->id));
193 	if (qid->id == NULL) {
194 		err = got_error_from_errno();
195 		got_object_qid_free(qid);
196 		return err;
197 	}
198 
199 	if (!got_parse_sha1_digest(qid->id->sha1, id_str)) {
200 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
201 		free(qid->id);
202 		free(qid);
203 		return err;
204 	}
205 
206 	SIMPLEQ_INSERT_TAIL(&commit->parent_ids, qid, entry);
207 	commit->nparents++;
208 
209 	return NULL;
210 }
211 
212 static const struct got_error *
213 parse_gmtoff(time_t *gmtoff, const char *tzstr)
214 {
215 	int sign = 1;
216 	const char *p = tzstr;
217 	time_t h, m;
218 
219 	*gmtoff = 0;
220 
221 	if (*p == '-')
222 		sign = -1;
223 	else if (*p != '+')
224 		return got_error(GOT_ERR_BAD_OBJ_DATA);
225 	p++;
226 	if (!isdigit(*p) && !isdigit(*(p + 1)))
227 		return got_error(GOT_ERR_BAD_OBJ_DATA);
228 	h = (((*p - '0') * 10) + (*(p + 1) - '0'));
229 
230 	p += 2;
231 	if (!isdigit(*p) && !isdigit(*(p + 1)))
232 		return got_error(GOT_ERR_BAD_OBJ_DATA);
233 	m = ((*p - '0') * 10) + (*(p + 1) - '0');
234 
235 	*gmtoff = (h * 60 * 60 + m * 60) * sign;
236 	return NULL;
237 }
238 
239 static const struct got_error *
240 parse_commit_time(struct tm *tm, char *committer)
241 {
242 	const struct got_error *err = NULL;
243 	const char *errstr;
244 	char *space, *tzstr;
245 	time_t gmtoff;
246 	time_t time;
247 
248 	/* Parse and strip off trailing timezone indicator string. */
249 	space = strrchr(committer, ' ');
250 	if (space == NULL)
251 		return got_error(GOT_ERR_BAD_OBJ_DATA);
252 	tzstr = strdup(space + 1);
253 	if (tzstr == NULL)
254 		return got_error_from_errno();
255 	err = parse_gmtoff(&gmtoff, tzstr);
256 	free(tzstr);
257 	if (err)
258 		return err;
259 	*space = '\0';
260 
261 	/* Timestamp is separated from committer name + email by space. */
262 	space = strrchr(committer, ' ');
263 	if (space == NULL)
264 		return got_error(GOT_ERR_BAD_OBJ_DATA);
265 
266 	/* Timestamp parsed here is expressed in comitter's local time. */
267 	time = strtonum(space + 1, 0, INT64_MAX, &errstr);
268 	if (errstr)
269 		return got_error(GOT_ERR_BAD_OBJ_DATA);
270 
271 	/* Express the time stamp in UTC. */
272 	memset(tm, 0, sizeof(*tm));
273 	time -= gmtoff;
274 	if (localtime_r(&time, tm) == NULL)
275 		return got_error_from_errno();
276 	tm->tm_gmtoff = gmtoff;
277 
278 	/* Strip off parsed time information, leaving just author and email. */
279 	*space = '\0';
280 
281 	return NULL;
282 }
283 
284 void
285 got_object_commit_close(struct got_commit_object *commit)
286 {
287 	struct got_object_qid *qid;
288 
289 	if (commit->refcnt > 0) {
290 		commit->refcnt--;
291 		if (commit->refcnt > 0)
292 			return;
293 	}
294 
295 	while (!SIMPLEQ_EMPTY(&commit->parent_ids)) {
296 		qid = SIMPLEQ_FIRST(&commit->parent_ids);
297 		SIMPLEQ_REMOVE_HEAD(&commit->parent_ids, entry);
298 		got_object_qid_free(qid);
299 	}
300 
301 	free(commit->tree_id);
302 	free(commit->author);
303 	free(commit->committer);
304 	free(commit->logmsg);
305 	free(commit);
306 }
307 
308 const struct got_error *
309 got_object_parse_commit(struct got_commit_object **commit, char *buf, size_t len)
310 {
311 	const struct got_error *err = NULL;
312 	char *s = buf;
313 	size_t tlen;
314 	ssize_t remain = (ssize_t)len;
315  
316 	*commit = got_object_commit_alloc_partial();
317 	if (*commit == NULL)
318 		return got_error_from_errno();
319 
320 	tlen = strlen(GOT_COMMIT_TAG_TREE);
321 	if (strncmp(s, GOT_COMMIT_TAG_TREE, tlen) == 0) {
322 		remain -= tlen;
323 		if (remain < SHA1_DIGEST_STRING_LENGTH) {
324 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
325 			goto done;
326 		}
327 		s += tlen;
328 		if (!got_parse_sha1_digest((*commit)->tree_id->sha1, s)) {
329 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
330 			goto done;
331 		}
332 		remain -= SHA1_DIGEST_STRING_LENGTH;
333 		s += SHA1_DIGEST_STRING_LENGTH;
334 	} else {
335 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
336 		goto done;
337 	}
338 
339 	tlen = strlen(GOT_COMMIT_TAG_PARENT);
340 	while (strncmp(s, GOT_COMMIT_TAG_PARENT, tlen) == 0) {
341 		remain -= tlen;
342 		if (remain < SHA1_DIGEST_STRING_LENGTH) {
343 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
344 			goto done;
345 		}
346 		s += tlen;
347 		err = got_object_commit_add_parent(*commit, s);
348 		if (err)
349 			goto done;
350 
351 		remain -= SHA1_DIGEST_STRING_LENGTH;
352 		s += SHA1_DIGEST_STRING_LENGTH;
353 	}
354 
355 	tlen = strlen(GOT_COMMIT_TAG_AUTHOR);
356 	if (strncmp(s, GOT_COMMIT_TAG_AUTHOR, tlen) == 0) {
357 		char *p;
358 		size_t slen;
359 
360 		remain -= tlen;
361 		if (remain <= 0) {
362 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
363 			goto done;
364 		}
365 		s += tlen;
366 		p = strchr(s, '\n');
367 		if (p == NULL) {
368 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
369 			goto done;
370 		}
371 		*p = '\0';
372 		slen = strlen(s);
373 		err = parse_commit_time(&(*commit)->tm_author, s);
374 		if (err)
375 			goto done;
376 		(*commit)->author = strdup(s);
377 		if ((*commit)->author == NULL) {
378 			err = got_error_from_errno();
379 			goto done;
380 		}
381 		s += slen + 1;
382 		remain -= slen + 1;
383 	}
384 
385 	tlen = strlen(GOT_COMMIT_TAG_COMMITTER);
386 	if (strncmp(s, GOT_COMMIT_TAG_COMMITTER, tlen) == 0) {
387 		char *p;
388 		size_t slen;
389 
390 		remain -= tlen;
391 		if (remain <= 0) {
392 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
393 			goto done;
394 		}
395 		s += tlen;
396 		p = strchr(s, '\n');
397 		if (p == NULL) {
398 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
399 			goto done;
400 		}
401 		*p = '\0';
402 		slen = strlen(s);
403 		err = parse_commit_time(&(*commit)->tm_committer, s);
404 		if (err)
405 			goto done;
406 		(*commit)->committer = strdup(s);
407 		if ((*commit)->committer == NULL) {
408 			err = got_error_from_errno();
409 			goto done;
410 		}
411 		s += slen + 1;
412 		remain -= slen + 1;
413 	}
414 
415 	(*commit)->logmsg = strndup(s, remain);
416 	if ((*commit)->logmsg == NULL) {
417 		err = got_error_from_errno();
418 		goto done;
419 	}
420 done:
421 	if (err) {
422 		got_object_commit_close(*commit);
423 		*commit = NULL;
424 	}
425 	return err;
426 }
427 
428 void
429 got_object_tree_entry_close(struct got_tree_entry *te)
430 {
431 	free(te->id);
432 	free(te->name);
433 	free(te);
434 }
435 
436 void
437 got_object_tree_close(struct got_tree_object *tree)
438 {
439 	struct got_tree_entry *te;
440 
441 	if (tree->refcnt > 0) {
442 		tree->refcnt--;
443 		if (tree->refcnt > 0)
444 			return;
445 	}
446 
447 	while (!SIMPLEQ_EMPTY(&tree->entries.head)) {
448 		te = SIMPLEQ_FIRST(&tree->entries.head);
449 		SIMPLEQ_REMOVE_HEAD(&tree->entries.head, entry);
450 		got_object_tree_entry_close(te);
451 	}
452 
453 	free(tree);
454 }
455 
456 struct got_tree_entry *
457 got_alloc_tree_entry_partial(void)
458 {
459 	struct got_tree_entry *te;
460 
461 	te = calloc(1, sizeof(*te));
462 	if (te == NULL)
463 		return NULL;
464 
465 	te->id = calloc(1, sizeof(*te->id));
466 	if (te->id == NULL) {
467 		free(te);
468 		te = NULL;
469 	}
470 	return te;
471 }
472 
473 static const struct got_error *
474 parse_tree_entry(struct got_tree_entry **te, size_t *elen, char *buf,
475     size_t maxlen)
476 {
477 	char *p = buf, *space;
478 	const struct got_error *err = NULL;
479 
480 	*te = got_alloc_tree_entry_partial();
481 	if (*te == NULL)
482 		return got_error_from_errno();
483 
484 	*elen = strlen(buf) + 1;
485 	if (*elen > maxlen) {
486 		free(*te);
487 		*te = NULL;
488 		return got_error(GOT_ERR_BAD_OBJ_DATA);
489 	}
490 
491 	space = strchr(buf, ' ');
492 	if (space == NULL) {
493 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
494 		free(*te);
495 		*te = NULL;
496 		return err;
497 	}
498 	while (*p != ' ') {
499 		if (*p < '0' && *p > '7') {
500 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
501 			goto done;
502 		}
503 		(*te)->mode <<= 3;
504 		(*te)->mode |= *p - '0';
505 		p++;
506 	}
507 
508 	(*te)->name = strdup(space + 1);
509 	if (*elen > maxlen || maxlen - *elen < SHA1_DIGEST_LENGTH) {
510 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
511 		goto done;
512 	}
513 	buf += strlen(buf) + 1;
514 	memcpy((*te)->id->sha1, buf, SHA1_DIGEST_LENGTH);
515 	*elen += SHA1_DIGEST_LENGTH;
516 done:
517 	if (err) {
518 		got_object_tree_entry_close(*te);
519 		*te = NULL;
520 	}
521 	return err;
522 }
523 
524 const struct got_error *
525 got_object_parse_tree(struct got_tree_object **tree, uint8_t *buf, size_t len)
526 {
527 	const struct got_error *err;
528 	size_t remain = len;
529 
530 	*tree = calloc(1, sizeof(**tree));
531 	if (*tree == NULL)
532 		return got_error_from_errno();
533 
534 	SIMPLEQ_INIT(&(*tree)->entries.head);
535 
536 	while (remain > 0) {
537 		struct got_tree_entry *te;
538 		size_t elen;
539 
540 		err = parse_tree_entry(&te, &elen, buf, remain);
541 		if (err)
542 			return err;
543 		(*tree)->entries.nentries++;
544 		SIMPLEQ_INSERT_TAIL(&(*tree)->entries.head, te, entry);
545 		buf += elen;
546 		remain -= elen;
547 	}
548 
549 	if (remain != 0) {
550 		got_object_tree_close(*tree);
551 		return got_error(GOT_ERR_BAD_OBJ_DATA);
552 	}
553 
554 	return NULL;
555 }
556 
557 const struct got_error *
558 got_read_file_to_mem(uint8_t **outbuf, size_t *outlen, FILE *f)
559 {
560 	const struct got_error *err = NULL;
561 	static const size_t blocksize = 512;
562 	size_t n, total, remain;
563 	uint8_t *buf;
564 
565 	*outbuf = NULL;
566 	*outlen = 0;
567 
568 	buf = malloc(blocksize);
569 	if (buf == NULL)
570 		return got_error_from_errno();
571 
572 	remain = blocksize;
573 	total = 0;
574 	while (1) {
575 		if (remain == 0) {
576 			uint8_t *newbuf;
577 			newbuf = reallocarray(buf, 1, total + blocksize);
578 			if (newbuf == NULL) {
579 				err = got_error_from_errno();
580 				goto done;
581 			}
582 			buf = newbuf;
583 			remain += blocksize;
584 		}
585 		n = fread(buf + total, 1, remain, f);
586 		if (n == 0) {
587 			if (ferror(f)) {
588 				err = got_ferror(f, GOT_ERR_IO);
589 				goto done;
590 			}
591 			break; /* EOF */
592 		}
593 		remain -= n;
594 		total += n;
595 	};
596 
597 done:
598 	if (err == NULL) {
599 		*outbuf = buf;
600 		*outlen = total;
601 	} else
602 		free(buf);
603 	return err;
604 }
605 
606 static const struct got_error *
607 request_commit(struct got_commit_object **commit, struct got_repository *repo,
608     struct got_object *obj, int fd)
609 {
610 	const struct got_error *err = NULL;
611 	struct imsgbuf ibuf;
612 
613 	imsg_init(&ibuf, 
614 	    repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_COMMIT].imsg_fd);
615 
616 	err = got_privsep_send_obj_req(&ibuf, fd,obj);
617 	if (err)
618 		goto done;
619 
620 	err = got_privsep_recv_commit(commit, &ibuf);
621 done:
622 	imsg_clear(&ibuf);
623 	return err;
624 }
625 
626 const struct got_error *
627 got_object_read_commit_privsep(struct got_commit_object **commit,
628     struct got_object *obj, int obj_fd, struct got_repository *repo)
629 {
630 	int imsg_fds[2];
631 	pid_t pid;
632 
633 	if (repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_COMMIT].imsg_fd != -1)
634 		return request_commit(commit, repo, obj, obj_fd);
635 
636 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
637 		return got_error_from_errno();
638 
639 	pid = fork();
640 	if (pid == -1)
641 		return got_error_from_errno();
642 	else if (pid == 0) {
643 		exec_privsep_child(imsg_fds, GOT_PATH_PROG_READ_COMMIT);
644 		/* not reached */
645 	}
646 
647 	close(imsg_fds[1]);
648 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_COMMIT].imsg_fd =
649 	    imsg_fds[0];
650 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_COMMIT].pid = pid;
651 
652 	return request_commit(commit, repo, obj, obj_fd);
653 }
654 
655 static const struct got_error *
656 request_tree(struct got_tree_object **tree, struct got_repository *repo,
657     struct got_object *obj, int fd)
658 {
659 	const struct got_error *err = NULL;
660 	struct imsgbuf ibuf;
661 
662 	imsg_init(&ibuf, 
663 	    repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_TREE].imsg_fd);
664 
665 	err = got_privsep_send_obj_req(&ibuf, fd,obj);
666 	if (err)
667 		goto done;
668 
669 	err = got_privsep_recv_tree(tree, &ibuf);
670 done:
671 	imsg_clear(&ibuf);
672 	return err;
673 }
674 
675 const struct got_error *
676 got_object_read_tree_privsep(struct got_tree_object **tree,
677     struct got_object *obj, int obj_fd, struct got_repository *repo)
678 {
679 	int imsg_fds[2];
680 	pid_t pid;
681 
682 	if (repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_TREE].imsg_fd != -1)
683 		return request_tree(tree, repo, obj, obj_fd);
684 
685 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
686 		return got_error_from_errno();
687 
688 	pid = fork();
689 	if (pid == -1)
690 		return got_error_from_errno();
691 	else if (pid == 0) {
692 		exec_privsep_child(imsg_fds, GOT_PATH_PROG_READ_TREE);
693 		/* not reached */
694 	}
695 
696 	close(imsg_fds[1]);
697 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_TREE].imsg_fd =
698 	    imsg_fds[0];
699 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_TREE].pid = pid;
700 
701 	return request_tree(tree, repo, obj, obj_fd);
702 }
703 
704 static const struct got_error *
705 request_blob(size_t *size, int outfd, int infd, struct got_repository *repo)
706 {
707 	const struct got_error *err = NULL;
708 	struct imsgbuf ibuf;
709 	int outfd_child;
710 
711 	outfd_child = dup(outfd);
712 	if (outfd_child == -1)
713 		return got_error_from_errno();
714 
715 	imsg_init(&ibuf, 
716 	    repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_BLOB].imsg_fd);
717 
718 	err = got_privsep_send_blob_req(&ibuf, outfd_child, infd);
719 	if (err)
720 		goto done;
721 
722 	err = got_privsep_recv_blob(size, &ibuf);
723 	if (err)
724 		goto done;
725 
726 	if (lseek(outfd, SEEK_SET, 0) == -1)
727 		err = got_error_from_errno();
728 done:
729 	imsg_clear(&ibuf);
730 	return err;
731 }
732 
733 const struct got_error *
734 got_object_read_blob_privsep(size_t *size, int outfd, int infd,
735     struct got_repository *repo)
736 {
737 	int imsg_fds[2];
738 	pid_t pid;
739 
740 	if (repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_BLOB].imsg_fd != -1)
741 		return request_blob(size, outfd, infd, repo);
742 
743 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
744 		return got_error_from_errno();
745 
746 	pid = fork();
747 	if (pid == -1)
748 		return got_error_from_errno();
749 	else if (pid == 0) {
750 		exec_privsep_child(imsg_fds, GOT_PATH_PROG_READ_BLOB);
751 		/* not reached */
752 	}
753 
754 	close(imsg_fds[1]);
755 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_BLOB].imsg_fd =
756 	    imsg_fds[0];
757 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_BLOB].pid = pid;
758 
759 	return request_blob(size, outfd, infd, repo);
760 }