1 /*
2  * Copyright (c) 2018 Stefan Sperling <stsp@openbsd.org>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <sys/types.h>
18 #include <sys/stat.h>
19 #include <sys/queue.h>
20 #include <sys/uio.h>
21 #include <sys/socket.h>
22 #include <sys/syslimits.h>
23 #include <sys/wait.h>
24 
25 #include <errno.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <stdint.h>
30 #include <sha1.h>
31 #include <zlib.h>
32 #include <ctype.h>
33 #include <limits.h>
34 #include <imsg.h>
35 #include <time.h>
36 #include <unistd.h>
37 
38 #include "got_error.h"
39 #include "got_object.h"
40 #include "got_repository.h"
41 #include "got_opentemp.h"
42 
43 #include "got_lib_sha1.h"
44 #include "got_lib_delta.h"
45 #include "got_lib_privsep.h"
46 #include "got_lib_pack.h"
47 #include "got_lib_inflate.h"
48 #include "got_lib_object.h"
49 #include "got_lib_object_cache.h"
50 #include "got_lib_repository.h"
51 
52 #ifndef nitems
53 #define nitems(_a) (sizeof(_a) / sizeof((_a)[0]))
54 #endif
55 
56 #define GOT_OBJ_TAG_COMMIT	"commit"
57 #define GOT_OBJ_TAG_TREE	"tree"
58 #define GOT_OBJ_TAG_BLOB	"blob"
59 
60 #define GOT_COMMIT_TAG_TREE		"tree "
61 #define GOT_COMMIT_TAG_PARENT		"parent "
62 #define GOT_COMMIT_TAG_AUTHOR		"author "
63 #define GOT_COMMIT_TAG_COMMITTER	"committer "
64 
65 const struct got_error *
66 got_object_id_str(char **outbuf, struct got_object_id *id)
67 {
68 	static const size_t len = SHA1_DIGEST_STRING_LENGTH;
69 
70 	*outbuf = malloc(len);
71 	if (*outbuf == NULL)
72 		return got_error_from_errno();
73 
74 	if (got_sha1_digest_to_str(id->sha1, *outbuf, len) == NULL) {
75 		free(*outbuf);
76 		*outbuf = NULL;
77 		return got_error(GOT_ERR_BAD_OBJ_ID_STR);
78 	}
79 
80 	return NULL;
81 }
82 
83 void
84 got_object_close(struct got_object *obj)
85 {
86 	if (obj->refcnt > 0) {
87 		obj->refcnt--;
88 		if (obj->refcnt > 0)
89 			return;
90 	}
91 
92 	if (obj->flags & GOT_OBJ_FLAG_DELTIFIED) {
93 		struct got_delta *delta;
94 		while (!SIMPLEQ_EMPTY(&obj->deltas.entries)) {
95 			delta = SIMPLEQ_FIRST(&obj->deltas.entries);
96 			SIMPLEQ_REMOVE_HEAD(&obj->deltas.entries, entry);
97 			got_delta_close(delta);
98 		}
99 	}
100 	if (obj->flags & GOT_OBJ_FLAG_PACKED)
101 		free(obj->path_packfile);
102 	free(obj);
103 }
104 
105 void
106 got_object_qid_free(struct got_object_qid *qid)
107 {
108 	free(qid->id);
109 	free(qid);
110 }
111 
112 static const struct got_error *
113 request_object(struct got_object **obj, struct got_repository *repo, int fd)
114 {
115 	const struct got_error *err = NULL;
116 	struct imsgbuf *ibuf;
117 
118 	ibuf = repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_OBJECT].ibuf;
119 
120 	err = got_privsep_send_obj_req(ibuf, fd, NULL);
121 	if (err)
122 		return err;
123 
124 	return got_privsep_recv_obj(obj, ibuf);
125 }
126 
127 static void
128 exec_privsep_child(int imsg_fds[2], const char *path, const char *repo_path)
129 {
130 	close(imsg_fds[0]);
131 
132 	if (dup2(imsg_fds[1], GOT_IMSG_FD_CHILD) == -1) {
133 		fprintf(stderr, "%s: %s\n", getprogname(),
134 		    strerror(errno));
135 		_exit(1);
136 	}
137 	if (closefrom(GOT_IMSG_FD_CHILD + 1) == -1) {
138 		fprintf(stderr, "%s: %s\n", getprogname(),
139 		    strerror(errno));
140 		_exit(1);
141 	}
142 
143 	if (execl(path, path, repo_path, (char *)NULL) == -1) {
144 		fprintf(stderr, "%s: %s: %s\n", getprogname(), path,
145 		    strerror(errno));
146 		_exit(1);
147 	}
148 }
149 
150 const struct got_error *
151 got_object_read_header_privsep(struct got_object **obj,
152     struct got_repository *repo, int obj_fd)
153 {
154 	int imsg_fds[2];
155 	pid_t pid;
156 	struct imsgbuf *ibuf;
157 
158 	if (repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_OBJECT].imsg_fd != -1)
159 		return request_object(obj, repo, obj_fd);
160 
161 	ibuf = calloc(1, sizeof(*ibuf));
162 	if (ibuf == NULL)
163 		return got_error_from_errno();
164 
165 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
166 		return got_error_from_errno();
167 
168 	pid = fork();
169 	if (pid == -1)
170 		return got_error_from_errno();
171 	else if (pid == 0) {
172 		exec_privsep_child(imsg_fds, GOT_PATH_PROG_READ_OBJECT,
173 		    repo->path);
174 		/* not reached */
175 	}
176 
177 	close(imsg_fds[1]);
178 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_OBJECT].imsg_fd =
179 	    imsg_fds[0];
180 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_OBJECT].pid = pid;
181 	imsg_init(ibuf, imsg_fds[0]);
182 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_OBJECT].ibuf = ibuf;
183 
184 	return request_object(obj, repo, obj_fd);
185 }
186 
187 static const struct got_error *
188 request_packed_object(struct got_object **obj, struct got_pack *pack, int idx,
189     struct got_object_id *id)
190 {
191 	const struct got_error *err = NULL;
192 	struct imsgbuf *ibuf = pack->privsep_child->ibuf;
193 
194 	err = got_privsep_send_packed_obj_req(ibuf, idx);
195 	if (err)
196 		return err;
197 
198 	err = got_privsep_recv_obj(obj, ibuf);
199 	if (err)
200 		return err;
201 
202 	(*obj)->path_packfile = strdup(pack->path_packfile);
203 	if ((*obj)->path_packfile == NULL) {
204 		err = got_error_from_errno();
205 		return err;
206 	}
207 	memcpy(&(*obj)->id, id, sizeof((*obj)->id));
208 
209 	return NULL;
210 }
211 
212 const struct got_error *
213 got_object_packed_read_privsep(struct got_object **obj,
214     struct got_repository *repo, struct got_pack *pack,
215     struct got_packidx *packidx, int idx, struct got_object_id *id)
216 {
217 	const struct got_error *err = NULL;
218 	int imsg_fds[2];
219 	pid_t pid;
220 	struct imsgbuf *ibuf;
221 
222 	if (pack->privsep_child)
223 		return request_packed_object(obj, pack, idx, id);
224 
225 	ibuf = calloc(1, sizeof(*ibuf));
226 	if (ibuf == NULL)
227 		return got_error_from_errno();
228 
229 	pack->privsep_child = calloc(1, sizeof(*pack->privsep_child));
230 	if (pack->privsep_child == NULL) {
231 		err = got_error_from_errno();
232 		free(ibuf);
233 		return err;
234 	}
235 
236 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1) {
237 		err = got_error_from_errno();
238 		goto done;
239 	}
240 
241 	pid = fork();
242 	if (pid == -1) {
243 		err = got_error_from_errno();
244 		goto done;
245 	} else if (pid == 0) {
246 		exec_privsep_child(imsg_fds, GOT_PATH_PROG_READ_PACK,
247 		    pack->path_packfile);
248 		/* not reached */
249 	}
250 
251 	close(imsg_fds[1]);
252 	pack->privsep_child->imsg_fd = imsg_fds[0];
253 	pack->privsep_child->pid = pid;
254 	imsg_init(ibuf, imsg_fds[0]);
255 	pack->privsep_child->ibuf = ibuf;
256 
257 	err = got_privsep_init_pack_child(ibuf, pack, packidx);
258 	if (err) {
259 		const struct got_error *child_err;
260 		err = got_privsep_send_stop(pack->privsep_child->imsg_fd);
261 		child_err = got_privsep_wait_for_child(
262 		    pack->privsep_child->pid);
263 		if (child_err && err == NULL)
264 			err = child_err;
265 		free(ibuf);
266 		free(pack->privsep_child);
267 		pack->privsep_child = NULL;
268 		return err;
269 	}
270 
271 done:
272 	if (err) {
273 		free(ibuf);
274 		free(pack->privsep_child);
275 		pack->privsep_child = NULL;
276 	} else
277 		err = request_packed_object(obj, pack, idx, id);
278 	return err;
279 }
280 
281 struct got_commit_object *
282 got_object_commit_alloc_partial(void)
283 {
284 	struct got_commit_object *commit;
285 
286 	commit = calloc(1, sizeof(*commit));
287 	if (commit == NULL)
288 		return NULL;
289 	commit->tree_id = calloc(1, sizeof(*commit->tree_id));
290 	if (commit->tree_id == NULL) {
291 		free(commit);
292 		return NULL;
293 	}
294 
295 	SIMPLEQ_INIT(&commit->parent_ids);
296 
297 	return commit;
298 }
299 
300 const struct got_error *
301 got_object_commit_add_parent(struct got_commit_object *commit,
302     const char *id_str)
303 {
304 	const struct got_error *err = NULL;
305 	struct got_object_qid *qid;
306 
307 	qid = malloc(sizeof(*qid));
308 	if (qid == NULL)
309 		return got_error_from_errno();
310 
311 	qid->id = malloc(sizeof(*qid->id));
312 	if (qid->id == NULL) {
313 		err = got_error_from_errno();
314 		got_object_qid_free(qid);
315 		return err;
316 	}
317 
318 	if (!got_parse_sha1_digest(qid->id->sha1, id_str)) {
319 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
320 		free(qid->id);
321 		free(qid);
322 		return err;
323 	}
324 
325 	SIMPLEQ_INSERT_TAIL(&commit->parent_ids, qid, entry);
326 	commit->nparents++;
327 
328 	return NULL;
329 }
330 
331 static const struct got_error *
332 parse_gmtoff(time_t *gmtoff, const char *tzstr)
333 {
334 	int sign = 1;
335 	const char *p = tzstr;
336 	time_t h, m;
337 
338 	*gmtoff = 0;
339 
340 	if (*p == '-')
341 		sign = -1;
342 	else if (*p != '+')
343 		return got_error(GOT_ERR_BAD_OBJ_DATA);
344 	p++;
345 	if (!isdigit(*p) && !isdigit(*(p + 1)))
346 		return got_error(GOT_ERR_BAD_OBJ_DATA);
347 	h = (((*p - '0') * 10) + (*(p + 1) - '0'));
348 
349 	p += 2;
350 	if (!isdigit(*p) && !isdigit(*(p + 1)))
351 		return got_error(GOT_ERR_BAD_OBJ_DATA);
352 	m = ((*p - '0') * 10) + (*(p + 1) - '0');
353 
354 	*gmtoff = (h * 60 * 60 + m * 60) * sign;
355 	return NULL;
356 }
357 
358 static const struct got_error *
359 parse_commit_time(struct tm *tm, char *committer)
360 {
361 	const struct got_error *err = NULL;
362 	const char *errstr;
363 	char *space, *tzstr;
364 	time_t gmtoff;
365 	time_t time;
366 
367 	/* Parse and strip off trailing timezone indicator string. */
368 	space = strrchr(committer, ' ');
369 	if (space == NULL)
370 		return got_error(GOT_ERR_BAD_OBJ_DATA);
371 	tzstr = strdup(space + 1);
372 	if (tzstr == NULL)
373 		return got_error_from_errno();
374 	err = parse_gmtoff(&gmtoff, tzstr);
375 	free(tzstr);
376 	if (err)
377 		return err;
378 	*space = '\0';
379 
380 	/* Timestamp is separated from committer name + email by space. */
381 	space = strrchr(committer, ' ');
382 	if (space == NULL)
383 		return got_error(GOT_ERR_BAD_OBJ_DATA);
384 
385 	/* Timestamp parsed here is expressed in comitter's local time. */
386 	time = strtonum(space + 1, 0, INT64_MAX, &errstr);
387 	if (errstr)
388 		return got_error(GOT_ERR_BAD_OBJ_DATA);
389 
390 	/* Express the time stamp in UTC. */
391 	memset(tm, 0, sizeof(*tm));
392 	time -= gmtoff;
393 	if (localtime_r(&time, tm) == NULL)
394 		return got_error_from_errno();
395 	tm->tm_gmtoff = gmtoff;
396 
397 	/* Strip off parsed time information, leaving just author and email. */
398 	*space = '\0';
399 
400 	return NULL;
401 }
402 
403 void
404 got_object_commit_close(struct got_commit_object *commit)
405 {
406 	struct got_object_qid *qid;
407 
408 	if (commit->refcnt > 0) {
409 		commit->refcnt--;
410 		if (commit->refcnt > 0)
411 			return;
412 	}
413 
414 	while (!SIMPLEQ_EMPTY(&commit->parent_ids)) {
415 		qid = SIMPLEQ_FIRST(&commit->parent_ids);
416 		SIMPLEQ_REMOVE_HEAD(&commit->parent_ids, entry);
417 		got_object_qid_free(qid);
418 	}
419 
420 	free(commit->tree_id);
421 	free(commit->author);
422 	free(commit->committer);
423 	free(commit->logmsg);
424 	free(commit);
425 }
426 
427 const struct got_error *
428 got_object_parse_commit(struct got_commit_object **commit, char *buf, size_t len)
429 {
430 	const struct got_error *err = NULL;
431 	char *s = buf;
432 	size_t tlen;
433 	ssize_t remain = (ssize_t)len;
434  
435 	*commit = got_object_commit_alloc_partial();
436 	if (*commit == NULL)
437 		return got_error_from_errno();
438 
439 	tlen = strlen(GOT_COMMIT_TAG_TREE);
440 	if (strncmp(s, GOT_COMMIT_TAG_TREE, tlen) == 0) {
441 		remain -= tlen;
442 		if (remain < SHA1_DIGEST_STRING_LENGTH) {
443 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
444 			goto done;
445 		}
446 		s += tlen;
447 		if (!got_parse_sha1_digest((*commit)->tree_id->sha1, s)) {
448 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
449 			goto done;
450 		}
451 		remain -= SHA1_DIGEST_STRING_LENGTH;
452 		s += SHA1_DIGEST_STRING_LENGTH;
453 	} else {
454 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
455 		goto done;
456 	}
457 
458 	tlen = strlen(GOT_COMMIT_TAG_PARENT);
459 	while (strncmp(s, GOT_COMMIT_TAG_PARENT, tlen) == 0) {
460 		remain -= tlen;
461 		if (remain < SHA1_DIGEST_STRING_LENGTH) {
462 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
463 			goto done;
464 		}
465 		s += tlen;
466 		err = got_object_commit_add_parent(*commit, s);
467 		if (err)
468 			goto done;
469 
470 		remain -= SHA1_DIGEST_STRING_LENGTH;
471 		s += SHA1_DIGEST_STRING_LENGTH;
472 	}
473 
474 	tlen = strlen(GOT_COMMIT_TAG_AUTHOR);
475 	if (strncmp(s, GOT_COMMIT_TAG_AUTHOR, tlen) == 0) {
476 		char *p;
477 		size_t slen;
478 
479 		remain -= tlen;
480 		if (remain <= 0) {
481 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
482 			goto done;
483 		}
484 		s += tlen;
485 		p = strchr(s, '\n');
486 		if (p == NULL) {
487 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
488 			goto done;
489 		}
490 		*p = '\0';
491 		slen = strlen(s);
492 		err = parse_commit_time(&(*commit)->tm_author, s);
493 		if (err)
494 			goto done;
495 		(*commit)->author = strdup(s);
496 		if ((*commit)->author == NULL) {
497 			err = got_error_from_errno();
498 			goto done;
499 		}
500 		s += slen + 1;
501 		remain -= slen + 1;
502 	}
503 
504 	tlen = strlen(GOT_COMMIT_TAG_COMMITTER);
505 	if (strncmp(s, GOT_COMMIT_TAG_COMMITTER, tlen) == 0) {
506 		char *p;
507 		size_t slen;
508 
509 		remain -= tlen;
510 		if (remain <= 0) {
511 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
512 			goto done;
513 		}
514 		s += tlen;
515 		p = strchr(s, '\n');
516 		if (p == NULL) {
517 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
518 			goto done;
519 		}
520 		*p = '\0';
521 		slen = strlen(s);
522 		err = parse_commit_time(&(*commit)->tm_committer, s);
523 		if (err)
524 			goto done;
525 		(*commit)->committer = strdup(s);
526 		if ((*commit)->committer == NULL) {
527 			err = got_error_from_errno();
528 			goto done;
529 		}
530 		s += slen + 1;
531 		remain -= slen + 1;
532 	}
533 
534 	(*commit)->logmsg = strndup(s, remain);
535 	if ((*commit)->logmsg == NULL) {
536 		err = got_error_from_errno();
537 		goto done;
538 	}
539 done:
540 	if (err) {
541 		got_object_commit_close(*commit);
542 		*commit = NULL;
543 	}
544 	return err;
545 }
546 
547 void
548 got_object_tree_entry_close(struct got_tree_entry *te)
549 {
550 	free(te->id);
551 	free(te->name);
552 	free(te);
553 }
554 
555 void
556 got_object_tree_close(struct got_tree_object *tree)
557 {
558 	struct got_tree_entry *te;
559 
560 	if (tree->refcnt > 0) {
561 		tree->refcnt--;
562 		if (tree->refcnt > 0)
563 			return;
564 	}
565 
566 	while (!SIMPLEQ_EMPTY(&tree->entries.head)) {
567 		te = SIMPLEQ_FIRST(&tree->entries.head);
568 		SIMPLEQ_REMOVE_HEAD(&tree->entries.head, entry);
569 		got_object_tree_entry_close(te);
570 	}
571 
572 	free(tree);
573 }
574 
575 struct got_tree_entry *
576 got_alloc_tree_entry_partial(void)
577 {
578 	struct got_tree_entry *te;
579 
580 	te = calloc(1, sizeof(*te));
581 	if (te == NULL)
582 		return NULL;
583 
584 	te->id = calloc(1, sizeof(*te->id));
585 	if (te->id == NULL) {
586 		free(te);
587 		te = NULL;
588 	}
589 	return te;
590 }
591 
592 static const struct got_error *
593 parse_tree_entry(struct got_tree_entry **te, size_t *elen, char *buf,
594     size_t maxlen)
595 {
596 	char *p = buf, *space;
597 	const struct got_error *err = NULL;
598 
599 	*te = got_alloc_tree_entry_partial();
600 	if (*te == NULL)
601 		return got_error_from_errno();
602 
603 	*elen = strlen(buf) + 1;
604 	if (*elen > maxlen) {
605 		free(*te);
606 		*te = NULL;
607 		return got_error(GOT_ERR_BAD_OBJ_DATA);
608 	}
609 
610 	space = strchr(buf, ' ');
611 	if (space == NULL) {
612 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
613 		free(*te);
614 		*te = NULL;
615 		return err;
616 	}
617 	while (*p != ' ') {
618 		if (*p < '0' && *p > '7') {
619 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
620 			goto done;
621 		}
622 		(*te)->mode <<= 3;
623 		(*te)->mode |= *p - '0';
624 		p++;
625 	}
626 
627 	(*te)->name = strdup(space + 1);
628 	if (*elen > maxlen || maxlen - *elen < SHA1_DIGEST_LENGTH) {
629 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
630 		goto done;
631 	}
632 	buf += strlen(buf) + 1;
633 	memcpy((*te)->id->sha1, buf, SHA1_DIGEST_LENGTH);
634 	*elen += SHA1_DIGEST_LENGTH;
635 done:
636 	if (err) {
637 		got_object_tree_entry_close(*te);
638 		*te = NULL;
639 	}
640 	return err;
641 }
642 
643 const struct got_error *
644 got_object_parse_tree(struct got_tree_object **tree, uint8_t *buf, size_t len)
645 {
646 	const struct got_error *err;
647 	size_t remain = len;
648 
649 	*tree = calloc(1, sizeof(**tree));
650 	if (*tree == NULL)
651 		return got_error_from_errno();
652 
653 	SIMPLEQ_INIT(&(*tree)->entries.head);
654 
655 	while (remain > 0) {
656 		struct got_tree_entry *te;
657 		size_t elen;
658 
659 		err = parse_tree_entry(&te, &elen, buf, remain);
660 		if (err)
661 			return err;
662 		(*tree)->entries.nentries++;
663 		SIMPLEQ_INSERT_TAIL(&(*tree)->entries.head, te, entry);
664 		buf += elen;
665 		remain -= elen;
666 	}
667 
668 	if (remain != 0) {
669 		got_object_tree_close(*tree);
670 		return got_error(GOT_ERR_BAD_OBJ_DATA);
671 	}
672 
673 	return NULL;
674 }
675 
676 const struct got_error *
677 got_read_file_to_mem(uint8_t **outbuf, size_t *outlen, FILE *f)
678 {
679 	const struct got_error *err = NULL;
680 	static const size_t blocksize = 512;
681 	size_t n, total, remain;
682 	uint8_t *buf;
683 
684 	*outbuf = NULL;
685 	*outlen = 0;
686 
687 	buf = malloc(blocksize);
688 	if (buf == NULL)
689 		return got_error_from_errno();
690 
691 	remain = blocksize;
692 	total = 0;
693 	while (1) {
694 		if (remain == 0) {
695 			uint8_t *newbuf;
696 			newbuf = reallocarray(buf, 1, total + blocksize);
697 			if (newbuf == NULL) {
698 				err = got_error_from_errno();
699 				goto done;
700 			}
701 			buf = newbuf;
702 			remain += blocksize;
703 		}
704 		n = fread(buf + total, 1, remain, f);
705 		if (n == 0) {
706 			if (ferror(f)) {
707 				err = got_ferror(f, GOT_ERR_IO);
708 				goto done;
709 			}
710 			break; /* EOF */
711 		}
712 		remain -= n;
713 		total += n;
714 	};
715 
716 done:
717 	if (err == NULL) {
718 		*outbuf = buf;
719 		*outlen = total;
720 	} else
721 		free(buf);
722 	return err;
723 }
724 
725 static const struct got_error *
726 request_commit(struct got_commit_object **commit, struct got_repository *repo,
727     struct got_object *obj, int fd)
728 {
729 	const struct got_error *err = NULL;
730 	struct imsgbuf *ibuf;
731 
732 	ibuf = repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_COMMIT].ibuf;
733 
734 	err = got_privsep_send_obj_req(ibuf, fd, obj);
735 	if (err)
736 		return err;
737 
738 	return got_privsep_recv_commit(commit, ibuf);
739 }
740 
741 const struct got_error *
742 got_object_read_packed_commit_privsep(struct got_commit_object **commit,
743     struct got_object *obj, struct got_pack *pack)
744 {
745 	const struct got_error *err = NULL;
746 
747 	err = got_privsep_send_obj_req(pack->privsep_child->ibuf, -1, obj);
748 	if (err)
749 		return err;
750 
751 	return got_privsep_recv_commit(commit, pack->privsep_child->ibuf);
752 }
753 
754 const struct got_error *
755 got_object_read_commit_privsep(struct got_commit_object **commit,
756     struct got_object *obj, int obj_fd, struct got_repository *repo)
757 {
758 	int imsg_fds[2];
759 	pid_t pid;
760 	struct imsgbuf *ibuf;
761 
762 	if (repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_COMMIT].imsg_fd != -1)
763 		return request_commit(commit, repo, obj, obj_fd);
764 
765 	ibuf = calloc(1, sizeof(*ibuf));
766 	if (ibuf == NULL)
767 		return got_error_from_errno();
768 
769 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
770 		return got_error_from_errno();
771 
772 	pid = fork();
773 	if (pid == -1)
774 		return got_error_from_errno();
775 	else if (pid == 0) {
776 		exec_privsep_child(imsg_fds, GOT_PATH_PROG_READ_COMMIT,
777 		    repo->path);
778 		/* not reached */
779 	}
780 
781 	close(imsg_fds[1]);
782 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_COMMIT].imsg_fd =
783 	    imsg_fds[0];
784 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_COMMIT].pid = pid;
785 	imsg_init(ibuf, imsg_fds[0]);
786 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_COMMIT].ibuf = ibuf;
787 
788 	return request_commit(commit, repo, obj, obj_fd);
789 }
790 
791 static const struct got_error *
792 request_tree(struct got_tree_object **tree, struct got_repository *repo,
793     struct got_object *obj, int fd)
794 {
795 	const struct got_error *err = NULL;
796 	struct imsgbuf *ibuf;
797 
798 	ibuf = repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_TREE].ibuf;
799 
800 	err = got_privsep_send_obj_req(ibuf, fd, obj);
801 	if (err)
802 		return err;
803 
804 	return got_privsep_recv_tree(tree, ibuf);
805 }
806 
807 const struct got_error *
808 got_object_read_tree_privsep(struct got_tree_object **tree,
809     struct got_object *obj, int obj_fd, struct got_repository *repo)
810 {
811 	int imsg_fds[2];
812 	pid_t pid;
813 	struct imsgbuf *ibuf;
814 
815 	if (repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_TREE].imsg_fd != -1)
816 		return request_tree(tree, repo, obj, obj_fd);
817 
818 	ibuf = calloc(1, sizeof(*ibuf));
819 	if (ibuf == NULL)
820 		return got_error_from_errno();
821 
822 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
823 		return got_error_from_errno();
824 
825 	pid = fork();
826 	if (pid == -1)
827 		return got_error_from_errno();
828 	else if (pid == 0) {
829 		exec_privsep_child(imsg_fds, GOT_PATH_PROG_READ_TREE,
830 		    repo->path);
831 		/* not reached */
832 	}
833 
834 	close(imsg_fds[1]);
835 
836 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_TREE].imsg_fd =
837 	    imsg_fds[0];
838 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_TREE].pid = pid;
839 	imsg_init(ibuf, imsg_fds[0]);
840 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_TREE].ibuf = ibuf;
841 
842 
843 	return request_tree(tree, repo, obj, obj_fd);
844 }
845 
846 const struct got_error *
847 got_object_read_packed_tree_privsep(struct got_tree_object **tree,
848     struct got_object *obj, struct got_pack *pack)
849 {
850 	const struct got_error *err = NULL;
851 
852 	err = got_privsep_send_obj_req(pack->privsep_child->ibuf, -1, obj);
853 	if (err)
854 		return err;
855 
856 	return got_privsep_recv_tree(tree, pack->privsep_child->ibuf);
857 }
858 
859 static const struct got_error *
860 request_blob(size_t *size, int outfd, int infd, struct imsgbuf *ibuf)
861 {
862 	const struct got_error *err = NULL;
863 	int outfd_child;
864 
865 	outfd_child = dup(outfd);
866 	if (outfd_child == -1)
867 		return got_error_from_errno();
868 
869 	err = got_privsep_send_blob_req(ibuf, infd);
870 	if (err)
871 		return err;
872 
873 	err = got_privsep_send_blob_outfd(ibuf, outfd_child);
874 	if (err) {
875 		close(outfd_child);
876 		return err;
877 	}
878 
879 	err = got_privsep_recv_blob(size, ibuf);
880 	if (err)
881 		return err;
882 
883 	if (lseek(outfd, SEEK_SET, 0) == -1)
884 		return got_error_from_errno();
885 
886 	return err;
887 }
888 
889 const struct got_error *
890 got_object_read_blob_privsep(size_t *size, int outfd, int infd,
891     struct got_repository *repo)
892 {
893 	int imsg_fds[2];
894 	pid_t pid;
895 	struct imsgbuf *ibuf;
896 
897 	if (repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_BLOB].imsg_fd != -1) {
898 		ibuf = repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_BLOB].ibuf;
899 		return request_blob(size, outfd, infd, ibuf);
900 	}
901 
902 	ibuf = calloc(1, sizeof(*ibuf));
903 	if (ibuf == NULL)
904 		return got_error_from_errno();
905 
906 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
907 		return got_error_from_errno();
908 
909 	pid = fork();
910 	if (pid == -1)
911 		return got_error_from_errno();
912 	else if (pid == 0) {
913 		exec_privsep_child(imsg_fds, GOT_PATH_PROG_READ_BLOB,
914 		    repo->path);
915 		/* not reached */
916 	}
917 
918 	close(imsg_fds[1]);
919 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_BLOB].imsg_fd =
920 	    imsg_fds[0];
921 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_BLOB].pid = pid;
922 	imsg_init(ibuf, imsg_fds[0]);
923 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_BLOB].ibuf = ibuf;
924 
925 	return request_blob(size, outfd, infd, ibuf);
926 }