2 * Copyright (c) 2022, 2023 Stefan Sperling <stsp@openbsd.org>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 #include "got_compat.h"
19 #include <sys/types.h>
20 #include <sys/queue.h>
21 #include <sys/socket.h>
36 #include "got_compat.h"
38 #include "got_error.h"
39 #include "got_repository.h"
40 #include "got_object.h"
42 #include "got_reference.h"
43 #include "got_opentemp.h"
45 #include "got_lib_hash.h"
46 #include "got_lib_delta.h"
47 #include "got_lib_object.h"
48 #include "got_lib_object_cache.h"
49 #include "got_lib_pack.h"
50 #include "got_lib_repository.h"
51 #include "got_lib_gitproto.h"
58 static struct gotd_session {
61 struct got_repository *repo;
64 struct gotd_imsgev parent_iev;
65 struct timeval request_timeout;
66 enum gotd_procid proc_id;
69 static struct gotd_session_client {
70 enum gotd_session_state state;
72 struct gotd_client_capability *capabilities;
78 struct gotd_imsgev iev;
79 struct gotd_imsgev repo_child_iev;
88 } gotd_session_client;
90 void gotd_session_sighdlr(int sig, short event, void *arg);
91 static void gotd_session_shutdown(void);
94 disconnect(struct gotd_session_client *client)
96 log_debug("uid %d: disconnecting", client->euid);
98 if (gotd_imsg_compose_event(&gotd_session.parent_iev,
99 GOTD_IMSG_DISCONNECT, gotd_session.proc_id, -1, NULL, 0) == -1)
100 log_warn("imsg compose DISCONNECT");
102 imsg_clear(&client->repo_child_iev.ibuf);
103 event_del(&client->repo_child_iev.ev);
104 evtimer_del(&client->tmo);
106 if (client->delta_cache_fd != -1)
107 close(client->delta_cache_fd);
108 if (client->packfile_path) {
109 if (unlink(client->packfile_path) == -1 && errno != ENOENT)
110 log_warn("unlink %s: ", client->packfile_path);
111 free(client->packfile_path);
113 if (client->packidx_path) {
114 if (unlink(client->packidx_path) == -1 && errno != ENOENT)
115 log_warn("unlink %s: ", client->packidx_path);
116 free(client->packidx_path);
118 free(client->capabilities);
120 gotd_session_shutdown();
124 disconnect_on_error(struct gotd_session_client *client,
125 const struct got_error *err)
129 if (err->code != GOT_ERR_EOF) {
130 log_warnx("uid %d: %s", client->euid, err->msg);
131 imsg_init(&ibuf, client->fd);
132 gotd_imsg_send_error(&ibuf, 0, gotd_session.proc_id, err);
140 gotd_request_timeout(int fd, short events, void *arg)
142 struct gotd_session_client *client = arg;
144 log_debug("disconnecting uid %d due to timeout", client->euid);
149 gotd_session_sighdlr(int sig, short event, void *arg)
152 * Normal signal handler rules don't apply because libevent
158 log_info("%s: ignoring SIGHUP", __func__);
161 log_info("%s: ignoring SIGUSR1", __func__);
165 gotd_session_shutdown();
169 fatalx("unexpected signal");
173 static const struct got_error *
174 recv_packfile_done(uint32_t *client_id, struct imsg *imsg)
176 struct gotd_imsg_packfile_done idone;
179 log_debug("packfile-done received");
181 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
182 if (datalen != sizeof(idone))
183 return got_error(GOT_ERR_PRIVSEP_LEN);
184 memcpy(&idone, imsg->data, sizeof(idone));
186 *client_id = idone.client_id;
190 static const struct got_error *
191 recv_packfile_install(uint32_t *client_id, struct imsg *imsg)
193 struct gotd_imsg_packfile_install inst;
196 log_debug("packfile-install received");
198 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
199 if (datalen != sizeof(inst))
200 return got_error(GOT_ERR_PRIVSEP_LEN);
201 memcpy(&inst, imsg->data, sizeof(inst));
203 *client_id = inst.client_id;
207 static const struct got_error *
208 recv_ref_updates_start(uint32_t *client_id, struct imsg *imsg)
210 struct gotd_imsg_ref_updates_start istart;
213 log_debug("ref-updates-start received");
215 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
216 if (datalen != sizeof(istart))
217 return got_error(GOT_ERR_PRIVSEP_LEN);
218 memcpy(&istart, imsg->data, sizeof(istart));
220 *client_id = istart.client_id;
224 static const struct got_error *
225 recv_ref_update(uint32_t *client_id, struct imsg *imsg)
227 struct gotd_imsg_ref_update iref;
230 log_debug("ref-update received");
232 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
233 if (datalen < sizeof(iref))
234 return got_error(GOT_ERR_PRIVSEP_LEN);
235 memcpy(&iref, imsg->data, sizeof(iref));
237 *client_id = iref.client_id;
241 static const struct got_error *
242 send_ref_update_ok(struct gotd_session_client *client,
243 struct gotd_imsg_ref_update *iref, const char *refname)
245 struct gotd_imsg_ref_update_ok iok;
246 struct gotd_imsgev *iev = &client->iev;
250 memset(&iok, 0, sizeof(iok));
251 iok.client_id = client->id;
252 memcpy(iok.old_id, iref->old_id, SHA1_DIGEST_LENGTH);
253 memcpy(iok.new_id, iref->new_id, SHA1_DIGEST_LENGTH);
254 iok.name_len = strlen(refname);
256 len = sizeof(iok) + iok.name_len;
257 wbuf = imsg_create(&iev->ibuf, GOTD_IMSG_REF_UPDATE_OK,
258 gotd_session.proc_id, gotd_session.pid, len);
260 return got_error_from_errno("imsg_create REF_UPDATE_OK");
262 if (imsg_add(wbuf, &iok, sizeof(iok)) == -1)
263 return got_error_from_errno("imsg_add REF_UPDATE_OK");
264 if (imsg_add(wbuf, refname, iok.name_len) == -1)
265 return got_error_from_errno("imsg_add REF_UPDATE_OK");
268 imsg_close(&iev->ibuf, wbuf);
269 gotd_imsg_event_add(iev);
274 send_refs_updated(struct gotd_session_client *client)
276 if (gotd_imsg_compose_event(&client->iev, GOTD_IMSG_REFS_UPDATED,
277 gotd_session.proc_id, -1, NULL, 0) == -1)
278 log_warn("imsg compose REFS_UPDATED");
281 static const struct got_error *
282 send_ref_update_ng(struct gotd_session_client *client,
283 struct gotd_imsg_ref_update *iref, const char *refname,
286 const struct got_error *ng_err;
287 struct gotd_imsg_ref_update_ng ing;
288 struct gotd_imsgev *iev = &client->iev;
292 memset(&ing, 0, sizeof(ing));
293 ing.client_id = client->id;
294 memcpy(ing.old_id, iref->old_id, SHA1_DIGEST_LENGTH);
295 memcpy(ing.new_id, iref->new_id, SHA1_DIGEST_LENGTH);
296 ing.name_len = strlen(refname);
298 ng_err = got_error_fmt(GOT_ERR_REF_BUSY, "%s", reason);
299 ing.reason_len = strlen(ng_err->msg);
301 len = sizeof(ing) + ing.name_len + ing.reason_len;
302 wbuf = imsg_create(&iev->ibuf, GOTD_IMSG_REF_UPDATE_NG,
303 gotd_session.proc_id, gotd_session.pid, len);
305 return got_error_from_errno("imsg_create REF_UPDATE_NG");
307 if (imsg_add(wbuf, &ing, sizeof(ing)) == -1)
308 return got_error_from_errno("imsg_add REF_UPDATE_NG");
309 if (imsg_add(wbuf, refname, ing.name_len) == -1)
310 return got_error_from_errno("imsg_add REF_UPDATE_NG");
311 if (imsg_add(wbuf, ng_err->msg, ing.reason_len) == -1)
312 return got_error_from_errno("imsg_add REF_UPDATE_NG");
315 imsg_close(&iev->ibuf, wbuf);
316 gotd_imsg_event_add(iev);
320 static const struct got_error *
321 install_pack(struct gotd_session_client *client, const char *repo_path,
324 const struct got_error *err = NULL;
325 struct gotd_imsg_packfile_install inst;
326 char hex[SHA1_DIGEST_STRING_LENGTH];
328 char *packfile_path = NULL, *packidx_path = NULL;
330 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
331 if (datalen != sizeof(inst))
332 return got_error(GOT_ERR_PRIVSEP_LEN);
333 memcpy(&inst, imsg->data, sizeof(inst));
335 if (client->packfile_path == NULL)
336 return got_error_msg(GOT_ERR_BAD_REQUEST,
337 "client has no pack file");
338 if (client->packidx_path == NULL)
339 return got_error_msg(GOT_ERR_BAD_REQUEST,
340 "client has no pack file index");
342 if (got_sha1_digest_to_str(inst.pack_sha1, hex, sizeof(hex)) == NULL)
343 return got_error_msg(GOT_ERR_NO_SPACE,
344 "could not convert pack file SHA1 to hex");
346 if (asprintf(&packfile_path, "/%s/%s/pack-%s.pack",
347 repo_path, GOT_OBJECTS_PACK_DIR, hex) == -1) {
348 err = got_error_from_errno("asprintf");
352 if (asprintf(&packidx_path, "/%s/%s/pack-%s.idx",
353 repo_path, GOT_OBJECTS_PACK_DIR, hex) == -1) {
354 err = got_error_from_errno("asprintf");
358 if (rename(client->packfile_path, packfile_path) == -1) {
359 err = got_error_from_errno3("rename", client->packfile_path,
364 free(client->packfile_path);
365 client->packfile_path = NULL;
367 if (rename(client->packidx_path, packidx_path) == -1) {
368 err = got_error_from_errno3("rename", client->packidx_path,
373 free(client->packidx_path);
374 client->packidx_path = NULL;
381 static const struct got_error *
382 begin_ref_updates(struct gotd_session_client *client, struct imsg *imsg)
384 struct gotd_imsg_ref_updates_start istart;
387 if (client->nref_updates != -1)
388 return got_error(GOT_ERR_PRIVSEP_MSG);
390 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
391 if (datalen != sizeof(istart))
392 return got_error(GOT_ERR_PRIVSEP_LEN);
393 memcpy(&istart, imsg->data, sizeof(istart));
395 if (istart.nref_updates <= 0)
396 return got_error(GOT_ERR_PRIVSEP_MSG);
398 client->nref_updates = istart.nref_updates;
402 static const struct got_error *
403 update_ref(int *shut, struct gotd_session_client *client,
404 const char *repo_path, struct imsg *imsg)
406 const struct got_error *err = NULL;
407 struct got_repository *repo = NULL;
408 struct got_reference *ref = NULL;
409 struct gotd_imsg_ref_update iref;
410 struct got_object_id old_id, new_id;
411 struct got_object_id *id = NULL;
412 char *refname = NULL;
415 char hex1[SHA1_DIGEST_STRING_LENGTH];
416 char hex2[SHA1_DIGEST_STRING_LENGTH];
418 log_debug("update-ref from uid %d", client->euid);
420 if (client->nref_updates <= 0)
421 return got_error(GOT_ERR_PRIVSEP_MSG);
423 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
424 if (datalen < sizeof(iref))
425 return got_error(GOT_ERR_PRIVSEP_LEN);
426 memcpy(&iref, imsg->data, sizeof(iref));
427 if (datalen != sizeof(iref) + iref.name_len)
428 return got_error(GOT_ERR_PRIVSEP_LEN);
429 refname = strndup(imsg->data + sizeof(iref), iref.name_len);
431 return got_error_from_errno("strndup");
433 log_debug("updating ref %s for uid %d", refname, client->euid);
435 err = got_repo_open(&repo, repo_path, NULL, NULL);
439 memcpy(old_id.sha1, iref.old_id, SHA1_DIGEST_LENGTH);
440 memcpy(new_id.sha1, iref.new_id, SHA1_DIGEST_LENGTH);
441 err = got_repo_find_object_id(iref.delete_ref ? &old_id : &new_id,
446 if (iref.ref_is_new) {
447 err = got_ref_open(&ref, repo, refname, 0);
449 if (err->code != GOT_ERR_NOT_REF)
451 err = got_ref_alloc(&ref, refname, &new_id);
454 err = got_ref_write(ref, repo); /* will lock/unlock */
458 err = got_ref_resolve(&id, repo, ref);
461 got_object_id_hex(&new_id, hex1, sizeof(hex1));
462 got_object_id_hex(id, hex2, sizeof(hex2));
463 err = got_error_fmt(GOT_ERR_REF_BUSY,
464 "Addition %s: %s failed; %s: %s has been "
465 "created by someone else while transaction "
467 got_ref_get_name(ref), hex1,
468 got_ref_get_name(ref), hex2);
471 } else if (iref.delete_ref) {
472 err = got_ref_open(&ref, repo, refname, 1 /* lock */);
477 err = got_ref_resolve(&id, repo, ref);
481 if (got_object_id_cmp(id, &old_id) != 0) {
482 got_object_id_hex(&old_id, hex1, sizeof(hex1));
483 got_object_id_hex(id, hex2, sizeof(hex2));
484 err = got_error_fmt(GOT_ERR_REF_BUSY,
485 "Deletion %s: %s failed; %s: %s has been "
486 "created by someone else while transaction "
488 got_ref_get_name(ref), hex1,
489 got_ref_get_name(ref), hex2);
493 err = got_ref_delete(ref, repo);
500 err = got_ref_open(&ref, repo, refname, 1 /* lock */);
505 err = got_ref_resolve(&id, repo, ref);
509 if (got_object_id_cmp(id, &old_id) != 0) {
510 got_object_id_hex(&old_id, hex1, sizeof(hex1));
511 got_object_id_hex(id, hex2, sizeof(hex2));
512 err = got_error_fmt(GOT_ERR_REF_BUSY,
513 "Update %s: %s failed; %s: %s has been "
514 "created by someone else while transaction "
516 got_ref_get_name(ref), hex1,
517 got_ref_get_name(ref), hex2);
521 if (got_object_id_cmp(&new_id, &old_id) != 0) {
522 err = got_ref_change_ref(ref, &new_id);
526 err = got_ref_write(ref, repo);
536 if (err->code == GOT_ERR_LOCKFILE_TIMEOUT) {
537 err = got_error_fmt(GOT_ERR_LOCKFILE_TIMEOUT,
538 "could not acquire exclusive file lock for %s",
541 send_ref_update_ng(client, &iref, refname, err->msg);
543 send_ref_update_ok(client, &iref, refname);
545 if (client->nref_updates > 0) {
546 client->nref_updates--;
547 if (client->nref_updates == 0) {
548 send_refs_updated(client);
549 client->flush_disconnect = 1;
554 const struct got_error *unlock_err;
555 unlock_err = got_ref_unlock(ref);
556 if (unlock_err && err == NULL)
562 got_repo_close(repo);
569 session_dispatch_repo_child(int fd, short event, void *arg)
571 struct gotd_imsgev *iev = arg;
572 struct imsgbuf *ibuf = &iev->ibuf;
573 struct gotd_session_client *client = &gotd_session_client;
578 if (event & EV_READ) {
579 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
580 fatal("imsg_read error");
582 /* Connection closed. */
588 if (event & EV_WRITE) {
589 n = msgbuf_write(&ibuf->w);
590 if (n == -1 && errno != EAGAIN)
591 fatal("msgbuf_write");
593 /* Connection closed. */
600 const struct got_error *err = NULL;
601 uint32_t client_id = 0;
602 int do_disconnect = 0;
603 int do_ref_updates = 0, do_ref_update = 0;
604 int do_packfile_install = 0;
606 if ((n = imsg_get(ibuf, &imsg)) == -1)
607 fatal("%s: imsg_get error", __func__);
608 if (n == 0) /* No more messages. */
611 switch (imsg.hdr.type) {
612 case GOTD_IMSG_ERROR:
614 err = gotd_imsg_recv_error(&client_id, &imsg);
616 case GOTD_IMSG_PACKFILE_DONE:
618 err = recv_packfile_done(&client_id, &imsg);
620 case GOTD_IMSG_PACKFILE_INSTALL:
621 err = recv_packfile_install(&client_id, &imsg);
623 do_packfile_install = 1;
625 case GOTD_IMSG_REF_UPDATES_START:
626 err = recv_ref_updates_start(&client_id, &imsg);
630 case GOTD_IMSG_REF_UPDATE:
631 err = recv_ref_update(&client_id, &imsg);
636 log_debug("unexpected imsg %d", imsg.hdr.type);
642 disconnect_on_error(client, err);
646 if (do_packfile_install)
647 err = install_pack(client,
648 gotd_session.repo->path, &imsg);
649 else if (do_ref_updates)
650 err = begin_ref_updates(client, &imsg);
651 else if (do_ref_update)
652 err = update_ref(&shut, client,
653 gotd_session.repo->path, &imsg);
655 log_warnx("uid %d: %s", client->euid, err->msg);
661 gotd_imsg_event_add(iev);
663 /* This pipe is dead. Remove its event handler */
665 event_loopexit(NULL);
669 static const struct got_error *
670 recv_capabilities(struct gotd_session_client *client, struct imsg *imsg)
672 struct gotd_imsg_capabilities icapas;
675 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
676 if (datalen != sizeof(icapas))
677 return got_error(GOT_ERR_PRIVSEP_LEN);
678 memcpy(&icapas, imsg->data, sizeof(icapas));
680 client->ncapa_alloc = icapas.ncapabilities;
681 client->capabilities = calloc(client->ncapa_alloc,
682 sizeof(*client->capabilities));
683 if (client->capabilities == NULL) {
684 client->ncapa_alloc = 0;
685 return got_error_from_errno("calloc");
688 log_debug("expecting %zu capabilities from uid %d",
689 client->ncapa_alloc, client->euid);
693 static const struct got_error *
694 recv_capability(struct gotd_session_client *client, struct imsg *imsg)
696 struct gotd_imsg_capability icapa;
697 struct gotd_client_capability *capa;
699 char *key, *value = NULL;
701 if (client->capabilities == NULL ||
702 client->ncapabilities >= client->ncapa_alloc) {
703 return got_error_msg(GOT_ERR_BAD_REQUEST,
704 "unexpected capability received");
707 memset(&icapa, 0, sizeof(icapa));
709 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
710 if (datalen < sizeof(icapa))
711 return got_error(GOT_ERR_PRIVSEP_LEN);
712 memcpy(&icapa, imsg->data, sizeof(icapa));
714 if (datalen != sizeof(icapa) + icapa.key_len + icapa.value_len)
715 return got_error(GOT_ERR_PRIVSEP_LEN);
717 key = strndup(imsg->data + sizeof(icapa), icapa.key_len);
719 return got_error_from_errno("strndup");
720 if (icapa.value_len > 0) {
721 value = strndup(imsg->data + sizeof(icapa) + icapa.key_len,
725 return got_error_from_errno("strndup");
729 capa = &client->capabilities[client->ncapabilities++];
734 log_debug("uid %d: capability %s=%s", client->euid, key, value);
736 log_debug("uid %d: capability %s", client->euid, key);
741 static const struct got_error *
742 ensure_client_is_reading(struct gotd_session_client *client)
744 if (client->is_writing) {
745 return got_error_fmt(GOT_ERR_BAD_PACKET,
746 "uid %d made a read-request but is not reading from "
747 "a repository", client->euid);
753 static const struct got_error *
754 ensure_client_is_writing(struct gotd_session_client *client)
756 if (!client->is_writing) {
757 return got_error_fmt(GOT_ERR_BAD_PACKET,
758 "uid %d made a write-request but is not writing to "
759 "a repository", client->euid);
765 static const struct got_error *
766 forward_want(struct gotd_session_client *client, struct imsg *imsg)
768 struct gotd_imsg_want ireq;
769 struct gotd_imsg_want iwant;
772 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
773 if (datalen != sizeof(ireq))
774 return got_error(GOT_ERR_PRIVSEP_LEN);
776 memcpy(&ireq, imsg->data, datalen);
778 memset(&iwant, 0, sizeof(iwant));
779 memcpy(iwant.object_id, ireq.object_id, SHA1_DIGEST_LENGTH);
780 iwant.client_id = client->id;
782 if (gotd_imsg_compose_event(&client->repo_child_iev, GOTD_IMSG_WANT,
783 gotd_session.proc_id, -1, &iwant, sizeof(iwant)) == -1)
784 return got_error_from_errno("imsg compose WANT");
789 static const struct got_error *
790 forward_ref_update(struct gotd_session_client *client, struct imsg *imsg)
792 const struct got_error *err = NULL;
793 struct gotd_imsg_ref_update ireq;
794 struct gotd_imsg_ref_update *iref = NULL;
797 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
798 if (datalen < sizeof(ireq))
799 return got_error(GOT_ERR_PRIVSEP_LEN);
800 memcpy(&ireq, imsg->data, sizeof(ireq));
801 if (datalen != sizeof(ireq) + ireq.name_len)
802 return got_error(GOT_ERR_PRIVSEP_LEN);
804 iref = malloc(datalen);
806 return got_error_from_errno("malloc");
807 memcpy(iref, imsg->data, datalen);
809 iref->client_id = client->id;
810 if (gotd_imsg_compose_event(&client->repo_child_iev,
811 GOTD_IMSG_REF_UPDATE, gotd_session.proc_id, -1,
812 iref, datalen) == -1)
813 err = got_error_from_errno("imsg compose REF_UPDATE");
818 static const struct got_error *
819 forward_have(struct gotd_session_client *client, struct imsg *imsg)
821 struct gotd_imsg_have ireq;
822 struct gotd_imsg_have ihave;
825 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
826 if (datalen != sizeof(ireq))
827 return got_error(GOT_ERR_PRIVSEP_LEN);
829 memcpy(&ireq, imsg->data, datalen);
831 memset(&ihave, 0, sizeof(ihave));
832 memcpy(ihave.object_id, ireq.object_id, SHA1_DIGEST_LENGTH);
833 ihave.client_id = client->id;
835 if (gotd_imsg_compose_event(&client->repo_child_iev, GOTD_IMSG_HAVE,
836 gotd_session.proc_id, -1, &ihave, sizeof(ihave)) == -1)
837 return got_error_from_errno("imsg compose HAVE");
843 client_has_capability(struct gotd_session_client *client, const char *capastr)
845 struct gotd_client_capability *capa;
848 if (client->ncapabilities == 0)
851 for (i = 0; i < client->ncapabilities; i++) {
852 capa = &client->capabilities[i];
853 if (strcmp(capa->key, capastr) == 0)
860 static const struct got_error *
861 recv_packfile(struct gotd_session_client *client)
863 const struct got_error *err = NULL;
864 struct gotd_imsg_recv_packfile ipack;
865 struct gotd_imsg_packfile_pipe ipipe;
866 struct gotd_imsg_packidx_file ifile;
867 char *basepath = NULL, *pack_path = NULL, *idx_path = NULL;
868 int packfd = -1, idxfd = -1;
869 int pipe[2] = { -1, -1 };
871 if (client->packfile_path) {
872 return got_error_fmt(GOT_ERR_PRIVSEP_MSG,
873 "uid %d already has a pack file", client->euid);
876 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pipe) == -1)
877 return got_error_from_errno("socketpair");
879 memset(&ipipe, 0, sizeof(ipipe));
880 ipipe.client_id = client->id;
882 /* Send pack pipe end 0 to repo child process. */
883 if (gotd_imsg_compose_event(&client->repo_child_iev,
884 GOTD_IMSG_PACKFILE_PIPE, gotd_session.proc_id, pipe[0],
885 &ipipe, sizeof(ipipe)) == -1) {
886 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
892 /* Send pack pipe end 1 to gotsh(1) (expects just an fd, no data). */
893 if (gotd_imsg_compose_event(&client->iev,
894 GOTD_IMSG_PACKFILE_PIPE, gotd_session.proc_id, pipe[1],
896 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
899 if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.pack",
900 got_repo_get_path(gotd_session.repo), GOT_OBJECTS_PACK_DIR,
901 client->euid) == -1) {
902 err = got_error_from_errno("asprintf");
906 err = got_opentemp_named_fd(&pack_path, &packfd, basepath, "");
909 if (fchmod(packfd, GOT_DEFAULT_PACK_MODE) == -1) {
910 err = got_error_from_errno2("fchmod", pack_path);
915 if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.idx",
916 got_repo_get_path(gotd_session.repo), GOT_OBJECTS_PACK_DIR,
917 client->euid) == -1) {
918 err = got_error_from_errno("asprintf");
922 err = got_opentemp_named_fd(&idx_path, &idxfd, basepath, "");
925 if (fchmod(idxfd, GOT_DEFAULT_PACK_MODE) == -1) {
926 err = got_error_from_errno2("fchmod", idx_path);
930 memset(&ifile, 0, sizeof(ifile));
931 ifile.client_id = client->id;
932 if (gotd_imsg_compose_event(&client->repo_child_iev,
933 GOTD_IMSG_PACKIDX_FILE, gotd_session.proc_id,
934 idxfd, &ifile, sizeof(ifile)) == -1) {
935 err = got_error_from_errno("imsg compose PACKIDX_FILE");
941 memset(&ipack, 0, sizeof(ipack));
942 ipack.client_id = client->id;
943 if (client_has_capability(client, GOT_CAPA_REPORT_STATUS))
944 ipack.report_status = 1;
946 if (gotd_imsg_compose_event(&client->repo_child_iev,
947 GOTD_IMSG_RECV_PACKFILE, gotd_session.proc_id, packfd,
948 &ipack, sizeof(ipack)) == -1) {
949 err = got_error_from_errno("imsg compose RECV_PACKFILE");
957 if (pipe[0] != -1 && close(pipe[0]) == -1 && err == NULL)
958 err = got_error_from_errno("close");
959 if (pipe[1] != -1 && close(pipe[1]) == -1 && err == NULL)
960 err = got_error_from_errno("close");
961 if (packfd != -1 && close(packfd) == -1 && err == NULL)
962 err = got_error_from_errno("close");
963 if (idxfd != -1 && close(idxfd) == -1 && err == NULL)
964 err = got_error_from_errno("close");
969 client->packfile_path = pack_path;
970 client->packidx_path = idx_path;
975 static const struct got_error *
976 send_packfile(struct gotd_session_client *client)
978 const struct got_error *err = NULL;
979 struct gotd_imsg_send_packfile ipack;
980 struct gotd_imsg_packfile_pipe ipipe;
983 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pipe) == -1)
984 return got_error_from_errno("socketpair");
986 memset(&ipack, 0, sizeof(ipack));
987 memset(&ipipe, 0, sizeof(ipipe));
989 ipack.client_id = client->id;
990 if (client_has_capability(client, GOT_CAPA_SIDE_BAND_64K))
991 ipack.report_progress = 1;
993 client->delta_cache_fd = got_opentempfd();
994 if (client->delta_cache_fd == -1)
995 return got_error_from_errno("got_opentempfd");
997 if (gotd_imsg_compose_event(&client->repo_child_iev,
998 GOTD_IMSG_SEND_PACKFILE, PROC_GOTD, client->delta_cache_fd,
999 &ipack, sizeof(ipack)) == -1) {
1000 err = got_error_from_errno("imsg compose SEND_PACKFILE");
1006 ipipe.client_id = client->id;
1008 /* Send pack pipe end 0 to repo child process. */
1009 if (gotd_imsg_compose_event(&client->repo_child_iev,
1010 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD,
1011 pipe[0], &ipipe, sizeof(ipipe)) == -1) {
1012 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
1017 /* Send pack pipe end 1 to gotsh(1) (expects just an fd, no data). */
1018 if (gotd_imsg_compose_event(&client->iev,
1019 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD, pipe[1], NULL, 0) == -1)
1020 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
1026 session_dispatch_client(int fd, short events, void *arg)
1028 struct gotd_imsgev *iev = arg;
1029 struct imsgbuf *ibuf = &iev->ibuf;
1030 struct gotd_session_client *client = &gotd_session_client;
1031 const struct got_error *err = NULL;
1035 if (events & EV_WRITE) {
1036 while (ibuf->w.queued) {
1037 n = msgbuf_write(&ibuf->w);
1038 if (n == -1 && errno == EPIPE) {
1040 * The client has closed its socket.
1041 * This can happen when Git clients are
1042 * done sending pack file data.
1044 msgbuf_clear(&ibuf->w);
1046 } else if (n == -1 && errno != EAGAIN) {
1047 err = got_error_from_errno("imsg_flush");
1048 disconnect_on_error(client, err);
1052 /* Connection closed. */
1053 err = got_error(GOT_ERR_EOF);
1054 disconnect_on_error(client, err);
1059 if (client->flush_disconnect) {
1065 if ((events & EV_READ) == 0)
1068 memset(&imsg, 0, sizeof(imsg));
1070 while (err == NULL) {
1071 err = gotd_imsg_recv(&imsg, ibuf, 0);
1073 if (err->code == GOT_ERR_PRIVSEP_READ)
1075 else if (err->code == GOT_ERR_EOF &&
1076 client->state == GOTD_STATE_EXPECT_CAPABILITIES) {
1078 * The client has closed its socket before
1079 * sending its capability announcement.
1080 * This can happen when Git clients have
1081 * no ref-updates to send.
1083 disconnect_on_error(client, err);
1089 evtimer_del(&client->tmo);
1091 switch (imsg.hdr.type) {
1092 case GOTD_IMSG_CAPABILITIES:
1093 if (client->state != GOTD_STATE_EXPECT_CAPABILITIES) {
1094 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1095 "unexpected capabilities received");
1098 log_debug("receiving capabilities from uid %d",
1100 err = recv_capabilities(client, &imsg);
1102 case GOTD_IMSG_CAPABILITY:
1103 if (client->state != GOTD_STATE_EXPECT_CAPABILITIES) {
1104 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1105 "unexpected capability received");
1108 err = recv_capability(client, &imsg);
1109 if (err || client->ncapabilities < client->ncapa_alloc)
1111 if (!client->is_writing) {
1112 client->state = GOTD_STATE_EXPECT_WANT;
1113 client->accept_flush_pkt = 1;
1114 log_debug("uid %d: expecting want-lines",
1116 } else if (client->is_writing) {
1117 client->state = GOTD_STATE_EXPECT_REF_UPDATE;
1118 client->accept_flush_pkt = 1;
1119 log_debug("uid %d: expecting ref-update-lines",
1122 fatalx("client %d is both reading and writing",
1125 case GOTD_IMSG_WANT:
1126 if (client->state != GOTD_STATE_EXPECT_WANT) {
1127 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1128 "unexpected want-line received");
1131 log_debug("received want-line from uid %d",
1133 err = ensure_client_is_reading(client);
1136 client->accept_flush_pkt = 1;
1137 err = forward_want(client, &imsg);
1139 case GOTD_IMSG_REF_UPDATE:
1140 if (client->state != GOTD_STATE_EXPECT_REF_UPDATE &&
1142 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1143 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1144 "unexpected ref-update-line received");
1147 log_debug("received ref-update-line from uid %d",
1149 err = ensure_client_is_writing(client);
1152 err = forward_ref_update(client, &imsg);
1155 client->state = GOTD_STATE_EXPECT_MORE_REF_UPDATES;
1156 client->accept_flush_pkt = 1;
1158 case GOTD_IMSG_HAVE:
1159 if (client->state != GOTD_STATE_EXPECT_HAVE) {
1160 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1161 "unexpected have-line received");
1164 log_debug("received have-line from uid %d",
1166 err = ensure_client_is_reading(client);
1169 err = forward_have(client, &imsg);
1172 client->accept_flush_pkt = 1;
1174 case GOTD_IMSG_FLUSH:
1175 if (client->state == GOTD_STATE_EXPECT_WANT ||
1176 client->state == GOTD_STATE_EXPECT_HAVE) {
1177 err = ensure_client_is_reading(client);
1180 } else if (client->state ==
1181 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1182 err = ensure_client_is_writing(client);
1185 } else if (client->state != GOTD_STATE_EXPECT_DONE) {
1186 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1187 "unexpected flush-pkt received");
1190 if (!client->accept_flush_pkt) {
1191 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1192 "unexpected flush-pkt received");
1197 * Accept just one flush packet at a time.
1198 * Future client state transitions will set this flag
1199 * again if another flush packet is expected.
1201 client->accept_flush_pkt = 0;
1203 log_debug("received flush-pkt from uid %d",
1205 if (client->state == GOTD_STATE_EXPECT_WANT) {
1206 client->state = GOTD_STATE_EXPECT_HAVE;
1207 log_debug("uid %d: expecting have-lines",
1209 } else if (client->state == GOTD_STATE_EXPECT_HAVE) {
1210 client->state = GOTD_STATE_EXPECT_DONE;
1211 client->accept_flush_pkt = 1;
1212 log_debug("uid %d: expecting 'done'",
1214 } else if (client->state ==
1215 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1216 client->state = GOTD_STATE_EXPECT_PACKFILE;
1217 log_debug("uid %d: expecting packfile",
1219 err = recv_packfile(client);
1220 } else if (client->state != GOTD_STATE_EXPECT_DONE) {
1221 /* should not happen, see above */
1222 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1223 "unexpected client state");
1227 case GOTD_IMSG_DONE:
1228 if (client->state != GOTD_STATE_EXPECT_HAVE &&
1229 client->state != GOTD_STATE_EXPECT_DONE) {
1230 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1231 "unexpected flush-pkt received");
1234 log_debug("received 'done' from uid %d", client->euid);
1235 err = ensure_client_is_reading(client);
1238 client->state = GOTD_STATE_DONE;
1239 client->accept_flush_pkt = 1;
1240 err = send_packfile(client);
1243 log_debug("unexpected imsg %d", imsg.hdr.type);
1244 err = got_error(GOT_ERR_PRIVSEP_MSG);
1252 if (err->code != GOT_ERR_EOF ||
1253 client->state != GOTD_STATE_EXPECT_PACKFILE)
1254 disconnect_on_error(client, err);
1256 gotd_imsg_event_add(iev);
1257 evtimer_add(&client->tmo, &gotd_session.request_timeout);
1261 static const struct got_error *
1262 list_refs_request(void)
1264 static const struct got_error *err;
1265 struct gotd_session_client *client = &gotd_session_client;
1266 struct gotd_imsgev *iev = &client->repo_child_iev;
1267 struct gotd_imsg_list_refs_internal ilref;
1270 if (client->state != GOTD_STATE_EXPECT_LIST_REFS)
1271 return got_error(GOT_ERR_PRIVSEP_MSG);
1273 memset(&ilref, 0, sizeof(ilref));
1274 ilref.client_id = client->id;
1276 fd = dup(client->fd);
1278 return got_error_from_errno("dup");
1280 if (gotd_imsg_compose_event(iev, GOTD_IMSG_LIST_REFS_INTERNAL,
1281 gotd_session.proc_id, fd, &ilref, sizeof(ilref)) == -1) {
1282 err = got_error_from_errno("imsg compose LIST_REFS_INTERNAL");
1287 client->state = GOTD_STATE_EXPECT_CAPABILITIES;
1288 log_debug("uid %d: expecting capabilities", client->euid);
1292 static const struct got_error *
1293 recv_connect(struct imsg *imsg)
1295 struct gotd_session_client *client = &gotd_session_client;
1296 struct gotd_imsg_connect iconnect;
1299 if (client->state != GOTD_STATE_EXPECT_LIST_REFS)
1300 return got_error(GOT_ERR_PRIVSEP_MSG);
1302 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1303 if (datalen != sizeof(iconnect))
1304 return got_error(GOT_ERR_PRIVSEP_LEN);
1305 memcpy(&iconnect, imsg->data, sizeof(iconnect));
1308 return got_error(GOT_ERR_PRIVSEP_NO_FD);
1310 client->fd = imsg->fd;
1311 client->euid = iconnect.euid;
1312 client->egid = iconnect.egid;
1314 imsg_init(&client->iev.ibuf, client->fd);
1315 client->iev.handler = session_dispatch_client;
1316 client->iev.events = EV_READ;
1317 client->iev.handler_arg = NULL;
1318 event_set(&client->iev.ev, client->iev.ibuf.fd, EV_READ,
1319 session_dispatch_client, &client->iev);
1320 gotd_imsg_event_add(&client->iev);
1321 evtimer_set(&client->tmo, gotd_request_timeout, client);
1326 static const struct got_error *
1327 recv_repo_child(struct imsg *imsg)
1329 struct gotd_imsg_connect_repo_child ichild;
1330 struct gotd_session_client *client = &gotd_session_client;
1333 if (client->state != GOTD_STATE_EXPECT_LIST_REFS)
1334 return got_error(GOT_ERR_PRIVSEP_MSG);
1336 /* We should already have received a pipe to the listener. */
1337 if (client->fd == -1)
1338 return got_error(GOT_ERR_PRIVSEP_MSG);
1340 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1341 if (datalen != sizeof(ichild))
1342 return got_error(GOT_ERR_PRIVSEP_LEN);
1344 memcpy(&ichild, imsg->data, sizeof(ichild));
1346 client->id = ichild.client_id;
1347 if (ichild.proc_id == PROC_REPO_WRITE)
1348 client->is_writing = 1;
1349 else if (ichild.proc_id == PROC_REPO_READ)
1350 client->is_writing = 0;
1352 return got_error_msg(GOT_ERR_PRIVSEP_MSG,
1353 "bad child process type");
1356 return got_error(GOT_ERR_PRIVSEP_NO_FD);
1358 imsg_init(&client->repo_child_iev.ibuf, imsg->fd);
1359 client->repo_child_iev.handler = session_dispatch_repo_child;
1360 client->repo_child_iev.events = EV_READ;
1361 client->repo_child_iev.handler_arg = NULL;
1362 event_set(&client->repo_child_iev.ev, client->repo_child_iev.ibuf.fd,
1363 EV_READ, session_dispatch_repo_child, &client->repo_child_iev);
1364 gotd_imsg_event_add(&client->repo_child_iev);
1366 /* The "recvfd" pledge promise is no longer needed. */
1367 if (pledge("stdio rpath wpath cpath sendfd fattr flock", NULL) == -1)
1374 session_dispatch(int fd, short event, void *arg)
1376 struct gotd_imsgev *iev = arg;
1377 struct imsgbuf *ibuf = &iev->ibuf;
1378 struct gotd_session_client *client = &gotd_session_client;
1383 if (event & EV_READ) {
1384 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
1385 fatal("imsg_read error");
1387 /* Connection closed. */
1393 if (event & EV_WRITE) {
1394 n = msgbuf_write(&ibuf->w);
1395 if (n == -1 && errno != EAGAIN)
1396 fatal("msgbuf_write");
1398 /* Connection closed. */
1405 const struct got_error *err = NULL;
1406 uint32_t client_id = 0;
1407 int do_disconnect = 0, do_list_refs = 0;
1409 if ((n = imsg_get(ibuf, &imsg)) == -1)
1410 fatal("%s: imsg_get error", __func__);
1411 if (n == 0) /* No more messages. */
1414 switch (imsg.hdr.type) {
1415 case GOTD_IMSG_ERROR:
1417 err = gotd_imsg_recv_error(&client_id, &imsg);
1419 case GOTD_IMSG_CONNECT:
1420 err = recv_connect(&imsg);
1422 case GOTD_IMSG_DISCONNECT:
1425 case GOTD_IMSG_CONNECT_REPO_CHILD:
1426 err = recv_repo_child(&imsg);
1432 log_debug("unexpected imsg %d", imsg.hdr.type);
1437 if (do_disconnect) {
1439 disconnect_on_error(client, err);
1442 } else if (do_list_refs)
1443 err = list_refs_request();
1446 log_warnx("uid %d: %s", client->euid, err->msg);
1450 gotd_imsg_event_add(iev);
1452 /* This pipe is dead. Remove its event handler */
1453 event_del(&iev->ev);
1454 event_loopexit(NULL);
1459 session_main(const char *title, const char *repo_path,
1460 int *pack_fds, int *temp_fds, struct timeval *request_timeout,
1461 enum gotd_procid proc_id)
1463 const struct got_error *err = NULL;
1464 struct event evsigint, evsigterm, evsighup, evsigusr1;
1466 gotd_session.title = title;
1467 gotd_session.pid = getpid();
1468 gotd_session.pack_fds = pack_fds;
1469 gotd_session.temp_fds = temp_fds;
1470 memcpy(&gotd_session.request_timeout, request_timeout,
1471 sizeof(gotd_session.request_timeout));
1472 gotd_session.proc_id = proc_id;
1474 err = got_repo_open(&gotd_session.repo, repo_path, NULL, pack_fds);
1477 if (!got_repo_is_bare(gotd_session.repo)) {
1478 err = got_error_msg(GOT_ERR_NOT_GIT_REPO,
1479 "bare git repository required");
1483 got_repo_temp_fds_set(gotd_session.repo, temp_fds);
1485 signal_set(&evsigint, SIGINT, gotd_session_sighdlr, NULL);
1486 signal_set(&evsigterm, SIGTERM, gotd_session_sighdlr, NULL);
1487 signal_set(&evsighup, SIGHUP, gotd_session_sighdlr, NULL);
1488 signal_set(&evsigusr1, SIGUSR1, gotd_session_sighdlr, NULL);
1489 signal(SIGPIPE, SIG_IGN);
1491 signal_add(&evsigint, NULL);
1492 signal_add(&evsigterm, NULL);
1493 signal_add(&evsighup, NULL);
1494 signal_add(&evsigusr1, NULL);
1496 gotd_session_client.state = GOTD_STATE_EXPECT_LIST_REFS;
1497 gotd_session_client.fd = -1;
1498 gotd_session_client.nref_updates = -1;
1499 gotd_session_client.delta_cache_fd = -1;
1500 gotd_session_client.accept_flush_pkt = 1;
1502 imsg_init(&gotd_session.parent_iev.ibuf, GOTD_FILENO_MSG_PIPE);
1503 gotd_session.parent_iev.handler = session_dispatch;
1504 gotd_session.parent_iev.events = EV_READ;
1505 gotd_session.parent_iev.handler_arg = NULL;
1506 event_set(&gotd_session.parent_iev.ev, gotd_session.parent_iev.ibuf.fd,
1507 EV_READ, session_dispatch, &gotd_session.parent_iev);
1508 if (gotd_imsg_compose_event(&gotd_session.parent_iev,
1509 GOTD_IMSG_CLIENT_SESSION_READY, gotd_session.proc_id,
1510 -1, NULL, 0) == -1) {
1511 err = got_error_from_errno("imsg compose CLIENT_SESSION_READY");
1518 log_warnx("%s: %s", title, err->msg);
1519 gotd_session_shutdown();
1523 gotd_session_shutdown(void)
1525 log_debug("shutting down");
1526 if (gotd_session.repo)
1527 got_repo_close(gotd_session.repo);
1528 got_repo_pack_fds_close(gotd_session.pack_fds);
1529 got_repo_temp_fds_close(gotd_session.temp_fds);
