2 * Copyright (c) 2022, 2023 Stefan Sperling <stsp@openbsd.org>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 #include <sys/types.h>
18 #include <sys/queue.h>
19 #include <sys/socket.h>
34 #include "got_error.h"
35 #include "got_repository.h"
36 #include "got_object.h"
38 #include "got_reference.h"
39 #include "got_opentemp.h"
41 #include "got_lib_hash.h"
42 #include "got_lib_delta.h"
43 #include "got_lib_object.h"
44 #include "got_lib_object_cache.h"
45 #include "got_lib_pack.h"
46 #include "got_lib_repository.h"
47 #include "got_lib_gitproto.h"
54 static struct gotd_session {
57 struct got_repository *repo;
60 struct gotd_imsgev parent_iev;
61 struct timeval request_timeout;
62 enum gotd_procid proc_id;
65 static struct gotd_session_client {
66 enum gotd_session_state state;
68 struct gotd_client_capability *capabilities;
74 struct gotd_imsgev iev;
75 struct gotd_imsgev repo_child_iev;
84 } gotd_session_client;
86 void gotd_session_sighdlr(int sig, short event, void *arg);
87 static void gotd_session_shutdown(void);
90 disconnect(struct gotd_session_client *client)
92 log_debug("uid %d: disconnecting", client->euid);
94 if (gotd_imsg_compose_event(&gotd_session.parent_iev,
95 GOTD_IMSG_DISCONNECT, gotd_session.proc_id, -1, NULL, 0) == -1)
96 log_warn("imsg compose DISCONNECT");
98 imsg_clear(&client->repo_child_iev.ibuf);
99 event_del(&client->repo_child_iev.ev);
100 evtimer_del(&client->tmo);
102 if (client->delta_cache_fd != -1)
103 close(client->delta_cache_fd);
104 if (client->packfile_path) {
105 if (unlink(client->packfile_path) == -1 && errno != ENOENT)
106 log_warn("unlink %s: ", client->packfile_path);
107 free(client->packfile_path);
109 if (client->packidx_path) {
110 if (unlink(client->packidx_path) == -1 && errno != ENOENT)
111 log_warn("unlink %s: ", client->packidx_path);
112 free(client->packidx_path);
114 free(client->capabilities);
116 gotd_session_shutdown();
120 disconnect_on_error(struct gotd_session_client *client,
121 const struct got_error *err)
125 if (err->code != GOT_ERR_EOF) {
126 log_warnx("uid %d: %s", client->euid, err->msg);
127 imsg_init(&ibuf, client->fd);
128 gotd_imsg_send_error(&ibuf, 0, gotd_session.proc_id, err);
136 gotd_request_timeout(int fd, short events, void *arg)
138 struct gotd_session_client *client = arg;
140 log_debug("disconnecting uid %d due to timeout", client->euid);
145 gotd_session_sighdlr(int sig, short event, void *arg)
148 * Normal signal handler rules don't apply because libevent
154 log_info("%s: ignoring SIGHUP", __func__);
157 log_info("%s: ignoring SIGUSR1", __func__);
161 gotd_session_shutdown();
165 fatalx("unexpected signal");
169 static const struct got_error *
170 recv_packfile_done(uint32_t *client_id, struct imsg *imsg)
172 struct gotd_imsg_packfile_done idone;
175 log_debug("packfile-done received");
177 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
178 if (datalen != sizeof(idone))
179 return got_error(GOT_ERR_PRIVSEP_LEN);
180 memcpy(&idone, imsg->data, sizeof(idone));
182 *client_id = idone.client_id;
186 static const struct got_error *
187 recv_packfile_install(uint32_t *client_id, struct imsg *imsg)
189 struct gotd_imsg_packfile_install inst;
192 log_debug("packfile-install received");
194 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
195 if (datalen != sizeof(inst))
196 return got_error(GOT_ERR_PRIVSEP_LEN);
197 memcpy(&inst, imsg->data, sizeof(inst));
199 *client_id = inst.client_id;
203 static const struct got_error *
204 recv_ref_updates_start(uint32_t *client_id, struct imsg *imsg)
206 struct gotd_imsg_ref_updates_start istart;
209 log_debug("ref-updates-start received");
211 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
212 if (datalen != sizeof(istart))
213 return got_error(GOT_ERR_PRIVSEP_LEN);
214 memcpy(&istart, imsg->data, sizeof(istart));
216 *client_id = istart.client_id;
220 static const struct got_error *
221 recv_ref_update(uint32_t *client_id, struct imsg *imsg)
223 struct gotd_imsg_ref_update iref;
226 log_debug("ref-update received");
228 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
229 if (datalen < sizeof(iref))
230 return got_error(GOT_ERR_PRIVSEP_LEN);
231 memcpy(&iref, imsg->data, sizeof(iref));
233 *client_id = iref.client_id;
237 static const struct got_error *
238 send_ref_update_ok(struct gotd_session_client *client,
239 struct gotd_imsg_ref_update *iref, const char *refname)
241 struct gotd_imsg_ref_update_ok iok;
242 struct gotd_imsgev *iev = &client->iev;
246 memset(&iok, 0, sizeof(iok));
247 iok.client_id = client->id;
248 memcpy(iok.old_id, iref->old_id, SHA1_DIGEST_LENGTH);
249 memcpy(iok.new_id, iref->new_id, SHA1_DIGEST_LENGTH);
250 iok.name_len = strlen(refname);
252 len = sizeof(iok) + iok.name_len;
253 wbuf = imsg_create(&iev->ibuf, GOTD_IMSG_REF_UPDATE_OK,
254 gotd_session.proc_id, gotd_session.pid, len);
256 return got_error_from_errno("imsg_create REF_UPDATE_OK");
258 if (imsg_add(wbuf, &iok, sizeof(iok)) == -1)
259 return got_error_from_errno("imsg_add REF_UPDATE_OK");
260 if (imsg_add(wbuf, refname, iok.name_len) == -1)
261 return got_error_from_errno("imsg_add REF_UPDATE_OK");
264 imsg_close(&iev->ibuf, wbuf);
265 gotd_imsg_event_add(iev);
270 send_refs_updated(struct gotd_session_client *client)
272 if (gotd_imsg_compose_event(&client->iev, GOTD_IMSG_REFS_UPDATED,
273 gotd_session.proc_id, -1, NULL, 0) == -1)
274 log_warn("imsg compose REFS_UPDATED");
277 static const struct got_error *
278 send_ref_update_ng(struct gotd_session_client *client,
279 struct gotd_imsg_ref_update *iref, const char *refname,
282 const struct got_error *ng_err;
283 struct gotd_imsg_ref_update_ng ing;
284 struct gotd_imsgev *iev = &client->iev;
288 memset(&ing, 0, sizeof(ing));
289 ing.client_id = client->id;
290 memcpy(ing.old_id, iref->old_id, SHA1_DIGEST_LENGTH);
291 memcpy(ing.new_id, iref->new_id, SHA1_DIGEST_LENGTH);
292 ing.name_len = strlen(refname);
294 ng_err = got_error_fmt(GOT_ERR_REF_BUSY, "%s", reason);
295 ing.reason_len = strlen(ng_err->msg);
297 len = sizeof(ing) + ing.name_len + ing.reason_len;
298 wbuf = imsg_create(&iev->ibuf, GOTD_IMSG_REF_UPDATE_NG,
299 gotd_session.proc_id, gotd_session.pid, len);
301 return got_error_from_errno("imsg_create REF_UPDATE_NG");
303 if (imsg_add(wbuf, &ing, sizeof(ing)) == -1)
304 return got_error_from_errno("imsg_add REF_UPDATE_NG");
305 if (imsg_add(wbuf, refname, ing.name_len) == -1)
306 return got_error_from_errno("imsg_add REF_UPDATE_NG");
307 if (imsg_add(wbuf, ng_err->msg, ing.reason_len) == -1)
308 return got_error_from_errno("imsg_add REF_UPDATE_NG");
311 imsg_close(&iev->ibuf, wbuf);
312 gotd_imsg_event_add(iev);
316 static const struct got_error *
317 install_pack(struct gotd_session_client *client, const char *repo_path,
320 const struct got_error *err = NULL;
321 struct gotd_imsg_packfile_install inst;
322 char hex[SHA1_DIGEST_STRING_LENGTH];
324 char *packfile_path = NULL, *packidx_path = NULL;
326 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
327 if (datalen != sizeof(inst))
328 return got_error(GOT_ERR_PRIVSEP_LEN);
329 memcpy(&inst, imsg->data, sizeof(inst));
331 if (client->packfile_path == NULL)
332 return got_error_msg(GOT_ERR_BAD_REQUEST,
333 "client has no pack file");
334 if (client->packidx_path == NULL)
335 return got_error_msg(GOT_ERR_BAD_REQUEST,
336 "client has no pack file index");
338 if (got_sha1_digest_to_str(inst.pack_sha1, hex, sizeof(hex)) == NULL)
339 return got_error_msg(GOT_ERR_NO_SPACE,
340 "could not convert pack file SHA1 to hex");
342 if (asprintf(&packfile_path, "/%s/%s/pack-%s.pack",
343 repo_path, GOT_OBJECTS_PACK_DIR, hex) == -1) {
344 err = got_error_from_errno("asprintf");
348 if (asprintf(&packidx_path, "/%s/%s/pack-%s.idx",
349 repo_path, GOT_OBJECTS_PACK_DIR, hex) == -1) {
350 err = got_error_from_errno("asprintf");
354 if (rename(client->packfile_path, packfile_path) == -1) {
355 err = got_error_from_errno3("rename", client->packfile_path,
360 free(client->packfile_path);
361 client->packfile_path = NULL;
363 if (rename(client->packidx_path, packidx_path) == -1) {
364 err = got_error_from_errno3("rename", client->packidx_path,
369 free(client->packidx_path);
370 client->packidx_path = NULL;
377 static const struct got_error *
378 begin_ref_updates(struct gotd_session_client *client, struct imsg *imsg)
380 struct gotd_imsg_ref_updates_start istart;
383 if (client->nref_updates != -1)
384 return got_error(GOT_ERR_PRIVSEP_MSG);
386 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
387 if (datalen != sizeof(istart))
388 return got_error(GOT_ERR_PRIVSEP_LEN);
389 memcpy(&istart, imsg->data, sizeof(istart));
391 if (istart.nref_updates <= 0)
392 return got_error(GOT_ERR_PRIVSEP_MSG);
394 client->nref_updates = istart.nref_updates;
398 static const struct got_error *
399 update_ref(int *shut, struct gotd_session_client *client,
400 const char *repo_path, struct imsg *imsg)
402 const struct got_error *err = NULL;
403 struct got_repository *repo = NULL;
404 struct got_reference *ref = NULL;
405 struct gotd_imsg_ref_update iref;
406 struct got_object_id old_id, new_id;
407 struct got_object_id *id = NULL;
408 struct got_object *obj = NULL;
409 char *refname = NULL;
412 char hex1[SHA1_DIGEST_STRING_LENGTH];
413 char hex2[SHA1_DIGEST_STRING_LENGTH];
415 log_debug("update-ref from uid %d", client->euid);
417 if (client->nref_updates <= 0)
418 return got_error(GOT_ERR_PRIVSEP_MSG);
420 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
421 if (datalen < sizeof(iref))
422 return got_error(GOT_ERR_PRIVSEP_LEN);
423 memcpy(&iref, imsg->data, sizeof(iref));
424 if (datalen != sizeof(iref) + iref.name_len)
425 return got_error(GOT_ERR_PRIVSEP_LEN);
426 refname = strndup(imsg->data + sizeof(iref), iref.name_len);
428 return got_error_from_errno("strndup");
430 log_debug("updating ref %s for uid %d", refname, client->euid);
432 err = got_repo_open(&repo, repo_path, NULL, NULL);
436 memcpy(old_id.sha1, iref.old_id, SHA1_DIGEST_LENGTH);
437 memcpy(new_id.sha1, iref.new_id, SHA1_DIGEST_LENGTH);
438 err = got_object_open(&obj, repo,
439 iref.delete_ref ? &old_id : &new_id);
443 if (iref.ref_is_new) {
444 err = got_ref_open(&ref, repo, refname, 0);
446 if (err->code != GOT_ERR_NOT_REF)
448 err = got_ref_alloc(&ref, refname, &new_id);
451 err = got_ref_write(ref, repo); /* will lock/unlock */
455 err = got_ref_resolve(&id, repo, ref);
458 got_object_id_hex(&new_id, hex1, sizeof(hex1));
459 got_object_id_hex(id, hex2, sizeof(hex2));
460 err = got_error_fmt(GOT_ERR_REF_BUSY,
461 "Addition %s: %s failed; %s: %s has been "
462 "created by someone else while transaction "
464 got_ref_get_name(ref), hex1,
465 got_ref_get_name(ref), hex2);
468 } else if (iref.delete_ref) {
469 err = got_ref_open(&ref, repo, refname, 1 /* lock */);
474 err = got_ref_resolve(&id, repo, ref);
478 if (got_object_id_cmp(id, &old_id) != 0) {
479 got_object_id_hex(&old_id, hex1, sizeof(hex1));
480 got_object_id_hex(id, hex2, sizeof(hex2));
481 err = got_error_fmt(GOT_ERR_REF_BUSY,
482 "Deletion %s: %s failed; %s: %s has been "
483 "created by someone else while transaction "
485 got_ref_get_name(ref), hex1,
486 got_ref_get_name(ref), hex2);
490 err = got_ref_delete(ref, repo);
497 err = got_ref_open(&ref, repo, refname, 1 /* lock */);
502 err = got_ref_resolve(&id, repo, ref);
506 if (got_object_id_cmp(id, &old_id) != 0) {
507 got_object_id_hex(&old_id, hex1, sizeof(hex1));
508 got_object_id_hex(id, hex2, sizeof(hex2));
509 err = got_error_fmt(GOT_ERR_REF_BUSY,
510 "Update %s: %s failed; %s: %s has been "
511 "created by someone else while transaction "
513 got_ref_get_name(ref), hex1,
514 got_ref_get_name(ref), hex2);
518 if (got_object_id_cmp(&new_id, &old_id) != 0) {
519 err = got_ref_change_ref(ref, &new_id);
523 err = got_ref_write(ref, repo);
533 if (err->code == GOT_ERR_LOCKFILE_TIMEOUT) {
534 err = got_error_fmt(GOT_ERR_LOCKFILE_TIMEOUT,
535 "could not acquire exclusive file lock for %s",
538 send_ref_update_ng(client, &iref, refname, err->msg);
540 send_ref_update_ok(client, &iref, refname);
542 if (client->nref_updates > 0) {
543 client->nref_updates--;
544 if (client->nref_updates == 0) {
545 send_refs_updated(client);
546 client->flush_disconnect = 1;
551 const struct got_error *unlock_err;
552 unlock_err = got_ref_unlock(ref);
553 if (unlock_err && err == NULL)
559 got_object_close(obj);
561 got_repo_close(repo);
568 session_dispatch_repo_child(int fd, short event, void *arg)
570 struct gotd_imsgev *iev = arg;
571 struct imsgbuf *ibuf = &iev->ibuf;
572 struct gotd_session_client *client = &gotd_session_client;
577 if (event & EV_READ) {
578 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
579 fatal("imsg_read error");
581 /* Connection closed. */
587 if (event & EV_WRITE) {
588 n = msgbuf_write(&ibuf->w);
589 if (n == -1 && errno != EAGAIN)
590 fatal("msgbuf_write");
592 /* Connection closed. */
599 const struct got_error *err = NULL;
600 uint32_t client_id = 0;
601 int do_disconnect = 0;
602 int do_ref_updates = 0, do_ref_update = 0;
603 int do_packfile_install = 0;
605 if ((n = imsg_get(ibuf, &imsg)) == -1)
606 fatal("%s: imsg_get error", __func__);
607 if (n == 0) /* No more messages. */
610 switch (imsg.hdr.type) {
611 case GOTD_IMSG_ERROR:
613 err = gotd_imsg_recv_error(&client_id, &imsg);
615 case GOTD_IMSG_PACKFILE_DONE:
617 err = recv_packfile_done(&client_id, &imsg);
619 case GOTD_IMSG_PACKFILE_INSTALL:
620 err = recv_packfile_install(&client_id, &imsg);
622 do_packfile_install = 1;
624 case GOTD_IMSG_REF_UPDATES_START:
625 err = recv_ref_updates_start(&client_id, &imsg);
629 case GOTD_IMSG_REF_UPDATE:
630 err = recv_ref_update(&client_id, &imsg);
635 log_debug("unexpected imsg %d", imsg.hdr.type);
641 disconnect_on_error(client, err);
645 if (do_packfile_install)
646 err = install_pack(client,
647 gotd_session.repo->path, &imsg);
648 else if (do_ref_updates)
649 err = begin_ref_updates(client, &imsg);
650 else if (do_ref_update)
651 err = update_ref(&shut, client,
652 gotd_session.repo->path, &imsg);
654 log_warnx("uid %d: %s", client->euid, err->msg);
660 gotd_imsg_event_add(iev);
662 /* This pipe is dead. Remove its event handler */
664 event_loopexit(NULL);
668 static const struct got_error *
669 recv_capabilities(struct gotd_session_client *client, struct imsg *imsg)
671 struct gotd_imsg_capabilities icapas;
674 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
675 if (datalen != sizeof(icapas))
676 return got_error(GOT_ERR_PRIVSEP_LEN);
677 memcpy(&icapas, imsg->data, sizeof(icapas));
679 client->ncapa_alloc = icapas.ncapabilities;
680 client->capabilities = calloc(client->ncapa_alloc,
681 sizeof(*client->capabilities));
682 if (client->capabilities == NULL) {
683 client->ncapa_alloc = 0;
684 return got_error_from_errno("calloc");
687 log_debug("expecting %zu capabilities from uid %d",
688 client->ncapa_alloc, client->euid);
692 static const struct got_error *
693 recv_capability(struct gotd_session_client *client, struct imsg *imsg)
695 struct gotd_imsg_capability icapa;
696 struct gotd_client_capability *capa;
698 char *key, *value = NULL;
700 if (client->capabilities == NULL ||
701 client->ncapabilities >= client->ncapa_alloc) {
702 return got_error_msg(GOT_ERR_BAD_REQUEST,
703 "unexpected capability received");
706 memset(&icapa, 0, sizeof(icapa));
708 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
709 if (datalen < sizeof(icapa))
710 return got_error(GOT_ERR_PRIVSEP_LEN);
711 memcpy(&icapa, imsg->data, sizeof(icapa));
713 if (datalen != sizeof(icapa) + icapa.key_len + icapa.value_len)
714 return got_error(GOT_ERR_PRIVSEP_LEN);
716 key = strndup(imsg->data + sizeof(icapa), icapa.key_len);
718 return got_error_from_errno("strndup");
719 if (icapa.value_len > 0) {
720 value = strndup(imsg->data + sizeof(icapa) + icapa.key_len,
724 return got_error_from_errno("strndup");
728 capa = &client->capabilities[client->ncapabilities++];
733 log_debug("uid %d: capability %s=%s", client->euid, key, value);
735 log_debug("uid %d: capability %s", client->euid, key);
740 static const struct got_error *
741 ensure_client_is_reading(struct gotd_session_client *client)
743 if (client->is_writing) {
744 return got_error_fmt(GOT_ERR_BAD_PACKET,
745 "uid %d made a read-request but is not reading from "
746 "a repository", client->euid);
752 static const struct got_error *
753 ensure_client_is_writing(struct gotd_session_client *client)
755 if (!client->is_writing) {
756 return got_error_fmt(GOT_ERR_BAD_PACKET,
757 "uid %d made a write-request but is not writing to "
758 "a repository", client->euid);
764 static const struct got_error *
765 forward_want(struct gotd_session_client *client, struct imsg *imsg)
767 struct gotd_imsg_want ireq;
768 struct gotd_imsg_want iwant;
771 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
772 if (datalen != sizeof(ireq))
773 return got_error(GOT_ERR_PRIVSEP_LEN);
775 memcpy(&ireq, imsg->data, datalen);
777 memset(&iwant, 0, sizeof(iwant));
778 memcpy(iwant.object_id, ireq.object_id, SHA1_DIGEST_LENGTH);
779 iwant.client_id = client->id;
781 if (gotd_imsg_compose_event(&client->repo_child_iev, GOTD_IMSG_WANT,
782 gotd_session.proc_id, -1, &iwant, sizeof(iwant)) == -1)
783 return got_error_from_errno("imsg compose WANT");
788 static const struct got_error *
789 forward_ref_update(struct gotd_session_client *client, struct imsg *imsg)
791 const struct got_error *err = NULL;
792 struct gotd_imsg_ref_update ireq;
793 struct gotd_imsg_ref_update *iref = NULL;
796 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
797 if (datalen < sizeof(ireq))
798 return got_error(GOT_ERR_PRIVSEP_LEN);
799 memcpy(&ireq, imsg->data, sizeof(ireq));
800 if (datalen != sizeof(ireq) + ireq.name_len)
801 return got_error(GOT_ERR_PRIVSEP_LEN);
803 iref = malloc(datalen);
805 return got_error_from_errno("malloc");
806 memcpy(iref, imsg->data, datalen);
808 iref->client_id = client->id;
809 if (gotd_imsg_compose_event(&client->repo_child_iev,
810 GOTD_IMSG_REF_UPDATE, gotd_session.proc_id, -1,
811 iref, datalen) == -1)
812 err = got_error_from_errno("imsg compose REF_UPDATE");
817 static const struct got_error *
818 forward_have(struct gotd_session_client *client, struct imsg *imsg)
820 struct gotd_imsg_have ireq;
821 struct gotd_imsg_have ihave;
824 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
825 if (datalen != sizeof(ireq))
826 return got_error(GOT_ERR_PRIVSEP_LEN);
828 memcpy(&ireq, imsg->data, datalen);
830 memset(&ihave, 0, sizeof(ihave));
831 memcpy(ihave.object_id, ireq.object_id, SHA1_DIGEST_LENGTH);
832 ihave.client_id = client->id;
834 if (gotd_imsg_compose_event(&client->repo_child_iev, GOTD_IMSG_HAVE,
835 gotd_session.proc_id, -1, &ihave, sizeof(ihave)) == -1)
836 return got_error_from_errno("imsg compose HAVE");
842 client_has_capability(struct gotd_session_client *client, const char *capastr)
844 struct gotd_client_capability *capa;
847 if (client->ncapabilities == 0)
850 for (i = 0; i < client->ncapabilities; i++) {
851 capa = &client->capabilities[i];
852 if (strcmp(capa->key, capastr) == 0)
859 static const struct got_error *
860 recv_packfile(struct gotd_session_client *client)
862 const struct got_error *err = NULL;
863 struct gotd_imsg_recv_packfile ipack;
864 struct gotd_imsg_packfile_pipe ipipe;
865 struct gotd_imsg_packidx_file ifile;
866 char *basepath = NULL, *pack_path = NULL, *idx_path = NULL;
867 int packfd = -1, idxfd = -1;
868 int pipe[2] = { -1, -1 };
870 if (client->packfile_path) {
871 return got_error_fmt(GOT_ERR_PRIVSEP_MSG,
872 "uid %d already has a pack file", client->euid);
875 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pipe) == -1)
876 return got_error_from_errno("socketpair");
878 memset(&ipipe, 0, sizeof(ipipe));
879 ipipe.client_id = client->id;
881 /* Send pack pipe end 0 to repo child process. */
882 if (gotd_imsg_compose_event(&client->repo_child_iev,
883 GOTD_IMSG_PACKFILE_PIPE, gotd_session.proc_id, pipe[0],
884 &ipipe, sizeof(ipipe)) == -1) {
885 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
891 /* Send pack pipe end 1 to gotsh(1) (expects just an fd, no data). */
892 if (gotd_imsg_compose_event(&client->iev,
893 GOTD_IMSG_PACKFILE_PIPE, gotd_session.proc_id, pipe[1],
895 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
898 if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.pack",
899 got_repo_get_path(gotd_session.repo), GOT_OBJECTS_PACK_DIR,
900 client->euid) == -1) {
901 err = got_error_from_errno("asprintf");
905 err = got_opentemp_named_fd(&pack_path, &packfd, basepath, "");
908 if (fchmod(packfd, GOT_DEFAULT_PACK_MODE) == -1) {
909 err = got_error_from_errno2("fchmod", pack_path);
914 if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.idx",
915 got_repo_get_path(gotd_session.repo), GOT_OBJECTS_PACK_DIR,
916 client->euid) == -1) {
917 err = got_error_from_errno("asprintf");
921 err = got_opentemp_named_fd(&idx_path, &idxfd, basepath, "");
924 if (fchmod(idxfd, GOT_DEFAULT_PACK_MODE) == -1) {
925 err = got_error_from_errno2("fchmod", idx_path);
929 memset(&ifile, 0, sizeof(ifile));
930 ifile.client_id = client->id;
931 if (gotd_imsg_compose_event(&client->repo_child_iev,
932 GOTD_IMSG_PACKIDX_FILE, gotd_session.proc_id,
933 idxfd, &ifile, sizeof(ifile)) == -1) {
934 err = got_error_from_errno("imsg compose PACKIDX_FILE");
940 memset(&ipack, 0, sizeof(ipack));
941 ipack.client_id = client->id;
942 if (client_has_capability(client, GOT_CAPA_REPORT_STATUS))
943 ipack.report_status = 1;
945 if (gotd_imsg_compose_event(&client->repo_child_iev,
946 GOTD_IMSG_RECV_PACKFILE, gotd_session.proc_id, packfd,
947 &ipack, sizeof(ipack)) == -1) {
948 err = got_error_from_errno("imsg compose RECV_PACKFILE");
956 if (pipe[0] != -1 && close(pipe[0]) == -1 && err == NULL)
957 err = got_error_from_errno("close");
958 if (pipe[1] != -1 && close(pipe[1]) == -1 && err == NULL)
959 err = got_error_from_errno("close");
960 if (packfd != -1 && close(packfd) == -1 && err == NULL)
961 err = got_error_from_errno("close");
962 if (idxfd != -1 && close(idxfd) == -1 && err == NULL)
963 err = got_error_from_errno("close");
968 client->packfile_path = pack_path;
969 client->packidx_path = idx_path;
974 static const struct got_error *
975 send_packfile(struct gotd_session_client *client)
977 const struct got_error *err = NULL;
978 struct gotd_imsg_send_packfile ipack;
979 struct gotd_imsg_packfile_pipe ipipe;
982 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pipe) == -1)
983 return got_error_from_errno("socketpair");
985 memset(&ipack, 0, sizeof(ipack));
986 memset(&ipipe, 0, sizeof(ipipe));
988 ipack.client_id = client->id;
989 if (client_has_capability(client, GOT_CAPA_SIDE_BAND_64K))
990 ipack.report_progress = 1;
992 client->delta_cache_fd = got_opentempfd();
993 if (client->delta_cache_fd == -1)
994 return got_error_from_errno("got_opentempfd");
996 if (gotd_imsg_compose_event(&client->repo_child_iev,
997 GOTD_IMSG_SEND_PACKFILE, PROC_GOTD, client->delta_cache_fd,
998 &ipack, sizeof(ipack)) == -1) {
999 err = got_error_from_errno("imsg compose SEND_PACKFILE");
1005 ipipe.client_id = client->id;
1007 /* Send pack pipe end 0 to repo child process. */
1008 if (gotd_imsg_compose_event(&client->repo_child_iev,
1009 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD,
1010 pipe[0], &ipipe, sizeof(ipipe)) == -1) {
1011 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
1016 /* Send pack pipe end 1 to gotsh(1) (expects just an fd, no data). */
1017 if (gotd_imsg_compose_event(&client->iev,
1018 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD, pipe[1], NULL, 0) == -1)
1019 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
1025 session_dispatch_client(int fd, short events, void *arg)
1027 struct gotd_imsgev *iev = arg;
1028 struct imsgbuf *ibuf = &iev->ibuf;
1029 struct gotd_session_client *client = &gotd_session_client;
1030 const struct got_error *err = NULL;
1034 if (events & EV_WRITE) {
1035 while (ibuf->w.queued) {
1036 n = msgbuf_write(&ibuf->w);
1037 if (n == -1 && errno == EPIPE) {
1039 * The client has closed its socket.
1040 * This can happen when Git clients are
1041 * done sending pack file data.
1043 msgbuf_clear(&ibuf->w);
1045 } else if (n == -1 && errno != EAGAIN) {
1046 err = got_error_from_errno("imsg_flush");
1047 disconnect_on_error(client, err);
1051 /* Connection closed. */
1052 err = got_error(GOT_ERR_EOF);
1053 disconnect_on_error(client, err);
1058 if (client->flush_disconnect) {
1064 if ((events & EV_READ) == 0)
1067 memset(&imsg, 0, sizeof(imsg));
1069 while (err == NULL) {
1070 err = gotd_imsg_recv(&imsg, ibuf, 0);
1072 if (err->code == GOT_ERR_PRIVSEP_READ)
1074 else if (err->code == GOT_ERR_EOF &&
1075 client->state == GOTD_STATE_EXPECT_CAPABILITIES) {
1077 * The client has closed its socket before
1078 * sending its capability announcement.
1079 * This can happen when Git clients have
1080 * no ref-updates to send.
1082 disconnect_on_error(client, err);
1088 evtimer_del(&client->tmo);
1090 switch (imsg.hdr.type) {
1091 case GOTD_IMSG_CAPABILITIES:
1092 if (client->state != GOTD_STATE_EXPECT_CAPABILITIES) {
1093 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1094 "unexpected capabilities received");
1097 log_debug("receiving capabilities from uid %d",
1099 err = recv_capabilities(client, &imsg);
1101 case GOTD_IMSG_CAPABILITY:
1102 if (client->state != GOTD_STATE_EXPECT_CAPABILITIES) {
1103 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1104 "unexpected capability received");
1107 err = recv_capability(client, &imsg);
1108 if (err || client->ncapabilities < client->ncapa_alloc)
1110 if (!client->is_writing) {
1111 client->state = GOTD_STATE_EXPECT_WANT;
1112 client->accept_flush_pkt = 1;
1113 log_debug("uid %d: expecting want-lines",
1115 } else if (client->is_writing) {
1116 client->state = GOTD_STATE_EXPECT_REF_UPDATE;
1117 client->accept_flush_pkt = 1;
1118 log_debug("uid %d: expecting ref-update-lines",
1121 fatalx("client %d is both reading and writing",
1124 case GOTD_IMSG_WANT:
1125 if (client->state != GOTD_STATE_EXPECT_WANT) {
1126 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1127 "unexpected want-line received");
1130 log_debug("received want-line from uid %d",
1132 err = ensure_client_is_reading(client);
1135 client->accept_flush_pkt = 1;
1136 err = forward_want(client, &imsg);
1138 case GOTD_IMSG_REF_UPDATE:
1139 if (client->state != GOTD_STATE_EXPECT_REF_UPDATE &&
1141 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1142 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1143 "unexpected ref-update-line received");
1146 log_debug("received ref-update-line from uid %d",
1148 err = ensure_client_is_writing(client);
1151 err = forward_ref_update(client, &imsg);
1154 client->state = GOTD_STATE_EXPECT_MORE_REF_UPDATES;
1155 client->accept_flush_pkt = 1;
1157 case GOTD_IMSG_HAVE:
1158 if (client->state != GOTD_STATE_EXPECT_HAVE) {
1159 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1160 "unexpected have-line received");
1163 log_debug("received have-line from uid %d",
1165 err = ensure_client_is_reading(client);
1168 err = forward_have(client, &imsg);
1171 client->accept_flush_pkt = 1;
1173 case GOTD_IMSG_FLUSH:
1174 if (client->state == GOTD_STATE_EXPECT_WANT ||
1175 client->state == GOTD_STATE_EXPECT_HAVE) {
1176 err = ensure_client_is_reading(client);
1179 } else if (client->state ==
1180 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1181 err = ensure_client_is_writing(client);
1184 } else if (client->state != GOTD_STATE_EXPECT_DONE) {
1185 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1186 "unexpected flush-pkt received");
1189 if (!client->accept_flush_pkt) {
1190 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1191 "unexpected flush-pkt received");
1196 * Accept just one flush packet at a time.
1197 * Future client state transitions will set this flag
1198 * again if another flush packet is expected.
1200 client->accept_flush_pkt = 0;
1202 log_debug("received flush-pkt from uid %d",
1204 if (client->state == GOTD_STATE_EXPECT_WANT) {
1205 client->state = GOTD_STATE_EXPECT_HAVE;
1206 log_debug("uid %d: expecting have-lines",
1208 } else if (client->state == GOTD_STATE_EXPECT_HAVE) {
1209 client->state = GOTD_STATE_EXPECT_DONE;
1210 client->accept_flush_pkt = 1;
1211 log_debug("uid %d: expecting 'done'",
1213 } else if (client->state ==
1214 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1215 client->state = GOTD_STATE_EXPECT_PACKFILE;
1216 log_debug("uid %d: expecting packfile",
1218 err = recv_packfile(client);
1219 } else if (client->state != GOTD_STATE_EXPECT_DONE) {
1220 /* should not happen, see above */
1221 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1222 "unexpected client state");
1226 case GOTD_IMSG_DONE:
1227 if (client->state != GOTD_STATE_EXPECT_HAVE &&
1228 client->state != GOTD_STATE_EXPECT_DONE) {
1229 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1230 "unexpected flush-pkt received");
1233 log_debug("received 'done' from uid %d", client->euid);
1234 err = ensure_client_is_reading(client);
1237 client->state = GOTD_STATE_DONE;
1238 client->accept_flush_pkt = 1;
1239 err = send_packfile(client);
1242 log_debug("unexpected imsg %d", imsg.hdr.type);
1243 err = got_error(GOT_ERR_PRIVSEP_MSG);
1251 if (err->code != GOT_ERR_EOF ||
1252 client->state != GOTD_STATE_EXPECT_PACKFILE)
1253 disconnect_on_error(client, err);
1255 gotd_imsg_event_add(iev);
1256 evtimer_add(&client->tmo, &gotd_session.request_timeout);
1260 static const struct got_error *
1261 list_refs_request(void)
1263 static const struct got_error *err;
1264 struct gotd_session_client *client = &gotd_session_client;
1265 struct gotd_imsgev *iev = &client->repo_child_iev;
1266 struct gotd_imsg_list_refs_internal ilref;
1269 if (client->state != GOTD_STATE_EXPECT_LIST_REFS)
1270 return got_error(GOT_ERR_PRIVSEP_MSG);
1272 memset(&ilref, 0, sizeof(ilref));
1273 ilref.client_id = client->id;
1275 fd = dup(client->fd);
1277 return got_error_from_errno("dup");
1279 if (gotd_imsg_compose_event(iev, GOTD_IMSG_LIST_REFS_INTERNAL,
1280 gotd_session.proc_id, fd, &ilref, sizeof(ilref)) == -1) {
1281 err = got_error_from_errno("imsg compose LIST_REFS_INTERNAL");
1286 client->state = GOTD_STATE_EXPECT_CAPABILITIES;
1287 log_debug("uid %d: expecting capabilities", client->euid);
1291 static const struct got_error *
1292 recv_connect(struct imsg *imsg)
1294 struct gotd_session_client *client = &gotd_session_client;
1295 struct gotd_imsg_connect iconnect;
1298 if (client->state != GOTD_STATE_EXPECT_LIST_REFS)
1299 return got_error(GOT_ERR_PRIVSEP_MSG);
1301 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1302 if (datalen != sizeof(iconnect))
1303 return got_error(GOT_ERR_PRIVSEP_LEN);
1304 memcpy(&iconnect, imsg->data, sizeof(iconnect));
1307 return got_error(GOT_ERR_PRIVSEP_NO_FD);
1309 client->fd = imsg->fd;
1310 client->euid = iconnect.euid;
1311 client->egid = iconnect.egid;
1313 imsg_init(&client->iev.ibuf, client->fd);
1314 client->iev.handler = session_dispatch_client;
1315 client->iev.events = EV_READ;
1316 client->iev.handler_arg = NULL;
1317 event_set(&client->iev.ev, client->iev.ibuf.fd, EV_READ,
1318 session_dispatch_client, &client->iev);
1319 gotd_imsg_event_add(&client->iev);
1320 evtimer_set(&client->tmo, gotd_request_timeout, client);
1325 static const struct got_error *
1326 recv_repo_child(struct imsg *imsg)
1328 struct gotd_imsg_connect_repo_child ichild;
1329 struct gotd_session_client *client = &gotd_session_client;
1332 if (client->state != GOTD_STATE_EXPECT_LIST_REFS)
1333 return got_error(GOT_ERR_PRIVSEP_MSG);
1335 /* We should already have received a pipe to the listener. */
1336 if (client->fd == -1)
1337 return got_error(GOT_ERR_PRIVSEP_MSG);
1339 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1340 if (datalen != sizeof(ichild))
1341 return got_error(GOT_ERR_PRIVSEP_LEN);
1343 memcpy(&ichild, imsg->data, sizeof(ichild));
1345 client->id = ichild.client_id;
1346 if (ichild.proc_id == PROC_REPO_WRITE)
1347 client->is_writing = 1;
1348 else if (ichild.proc_id == PROC_REPO_READ)
1349 client->is_writing = 0;
1351 return got_error_msg(GOT_ERR_PRIVSEP_MSG,
1352 "bad child process type");
1355 return got_error(GOT_ERR_PRIVSEP_NO_FD);
1357 imsg_init(&client->repo_child_iev.ibuf, imsg->fd);
1358 client->repo_child_iev.handler = session_dispatch_repo_child;
1359 client->repo_child_iev.events = EV_READ;
1360 client->repo_child_iev.handler_arg = NULL;
1361 event_set(&client->repo_child_iev.ev, client->repo_child_iev.ibuf.fd,
1362 EV_READ, session_dispatch_repo_child, &client->repo_child_iev);
1363 gotd_imsg_event_add(&client->repo_child_iev);
1365 /* The "recvfd" pledge promise is no longer needed. */
1366 if (pledge("stdio rpath wpath cpath sendfd fattr flock", NULL) == -1)
1373 session_dispatch(int fd, short event, void *arg)
1375 struct gotd_imsgev *iev = arg;
1376 struct imsgbuf *ibuf = &iev->ibuf;
1377 struct gotd_session_client *client = &gotd_session_client;
1382 if (event & EV_READ) {
1383 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
1384 fatal("imsg_read error");
1386 /* Connection closed. */
1392 if (event & EV_WRITE) {
1393 n = msgbuf_write(&ibuf->w);
1394 if (n == -1 && errno != EAGAIN)
1395 fatal("msgbuf_write");
1397 /* Connection closed. */
1404 const struct got_error *err = NULL;
1405 uint32_t client_id = 0;
1406 int do_disconnect = 0, do_list_refs = 0;
1408 if ((n = imsg_get(ibuf, &imsg)) == -1)
1409 fatal("%s: imsg_get error", __func__);
1410 if (n == 0) /* No more messages. */
1413 switch (imsg.hdr.type) {
1414 case GOTD_IMSG_ERROR:
1416 err = gotd_imsg_recv_error(&client_id, &imsg);
1418 case GOTD_IMSG_CONNECT:
1419 err = recv_connect(&imsg);
1421 case GOTD_IMSG_DISCONNECT:
1424 case GOTD_IMSG_CONNECT_REPO_CHILD:
1425 err = recv_repo_child(&imsg);
1431 log_debug("unexpected imsg %d", imsg.hdr.type);
1436 if (do_disconnect) {
1438 disconnect_on_error(client, err);
1441 } else if (do_list_refs)
1442 err = list_refs_request();
1445 log_warnx("uid %d: %s", client->euid, err->msg);
1449 gotd_imsg_event_add(iev);
1451 /* This pipe is dead. Remove its event handler */
1452 event_del(&iev->ev);
1453 event_loopexit(NULL);
1458 session_main(const char *title, const char *repo_path,
1459 int *pack_fds, int *temp_fds, struct timeval *request_timeout,
1460 enum gotd_procid proc_id)
1462 const struct got_error *err = NULL;
1463 struct event evsigint, evsigterm, evsighup, evsigusr1;
1465 gotd_session.title = title;
1466 gotd_session.pid = getpid();
1467 gotd_session.pack_fds = pack_fds;
1468 gotd_session.temp_fds = temp_fds;
1469 memcpy(&gotd_session.request_timeout, request_timeout,
1470 sizeof(gotd_session.request_timeout));
1471 gotd_session.proc_id = proc_id;
1473 err = got_repo_open(&gotd_session.repo, repo_path, NULL, pack_fds);
1476 if (!got_repo_is_bare(gotd_session.repo)) {
1477 err = got_error_msg(GOT_ERR_NOT_GIT_REPO,
1478 "bare git repository required");
1482 got_repo_temp_fds_set(gotd_session.repo, temp_fds);
1484 signal_set(&evsigint, SIGINT, gotd_session_sighdlr, NULL);
1485 signal_set(&evsigterm, SIGTERM, gotd_session_sighdlr, NULL);
1486 signal_set(&evsighup, SIGHUP, gotd_session_sighdlr, NULL);
1487 signal_set(&evsigusr1, SIGUSR1, gotd_session_sighdlr, NULL);
1488 signal(SIGPIPE, SIG_IGN);
1490 signal_add(&evsigint, NULL);
1491 signal_add(&evsigterm, NULL);
1492 signal_add(&evsighup, NULL);
1493 signal_add(&evsigusr1, NULL);
1495 gotd_session_client.state = GOTD_STATE_EXPECT_LIST_REFS;
1496 gotd_session_client.fd = -1;
1497 gotd_session_client.nref_updates = -1;
1498 gotd_session_client.delta_cache_fd = -1;
1499 gotd_session_client.accept_flush_pkt = 1;
1501 imsg_init(&gotd_session.parent_iev.ibuf, GOTD_FILENO_MSG_PIPE);
1502 gotd_session.parent_iev.handler = session_dispatch;
1503 gotd_session.parent_iev.events = EV_READ;
1504 gotd_session.parent_iev.handler_arg = NULL;
1505 event_set(&gotd_session.parent_iev.ev, gotd_session.parent_iev.ibuf.fd,
1506 EV_READ, session_dispatch, &gotd_session.parent_iev);
1507 if (gotd_imsg_compose_event(&gotd_session.parent_iev,
1508 GOTD_IMSG_CLIENT_SESSION_READY, gotd_session.proc_id,
1509 -1, NULL, 0) == -1) {
1510 err = got_error_from_errno("imsg compose CLIENT_SESSION_READY");
1517 log_warnx("%s: %s", title, err->msg);
1518 gotd_session_shutdown();
1522 gotd_session_shutdown(void)
1524 log_debug("shutting down");
1525 if (gotd_session.repo)
1526 got_repo_close(gotd_session.repo);
1527 got_repo_pack_fds_close(gotd_session.pack_fds);
1528 got_repo_temp_fds_close(gotd_session.temp_fds);