2 * Copyright (c) 2022, 2023 Stefan Sperling <stsp@openbsd.org>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 #include <sys/types.h>
18 #include <sys/queue.h>
20 #include <sys/socket.h>
37 #include "got_error.h"
38 #include "got_repository.h"
39 #include "got_object.h"
41 #include "got_reference.h"
42 #include "got_opentemp.h"
44 #include "got_lib_hash.h"
45 #include "got_lib_delta.h"
46 #include "got_lib_object.h"
47 #include "got_lib_object_cache.h"
48 #include "got_lib_pack.h"
49 #include "got_lib_repository.h"
50 #include "got_lib_gitproto.h"
57 static struct gotd_session {
60 struct got_repository *repo;
63 struct gotd_imsgev parent_iev;
64 struct timeval request_timeout;
65 enum gotd_procid proc_id;
68 static struct gotd_session_client {
69 enum gotd_session_state state;
71 struct gotd_client_capability *capabilities;
77 struct gotd_imsgev iev;
78 struct gotd_imsgev repo_child_iev;
87 } gotd_session_client;
89 void gotd_session_sighdlr(int sig, short event, void *arg);
90 static void gotd_session_shutdown(void);
93 disconnect(struct gotd_session_client *client)
95 log_debug("uid %d: disconnecting", client->euid);
97 if (gotd_imsg_compose_event(&gotd_session.parent_iev,
98 GOTD_IMSG_DISCONNECT, gotd_session.proc_id, -1, NULL, 0) == -1)
99 log_warn("imsg compose DISCONNECT");
101 imsg_clear(&client->repo_child_iev.ibuf);
102 event_del(&client->repo_child_iev.ev);
103 evtimer_del(&client->tmo);
105 if (client->delta_cache_fd != -1)
106 close(client->delta_cache_fd);
107 if (client->packfile_path) {
108 if (unlink(client->packfile_path) == -1 && errno != ENOENT)
109 log_warn("unlink %s: ", client->packfile_path);
110 free(client->packfile_path);
112 if (client->packidx_path) {
113 if (unlink(client->packidx_path) == -1 && errno != ENOENT)
114 log_warn("unlink %s: ", client->packidx_path);
115 free(client->packidx_path);
117 free(client->capabilities);
119 gotd_session_shutdown();
123 disconnect_on_error(struct gotd_session_client *client,
124 const struct got_error *err)
128 if (err->code != GOT_ERR_EOF) {
129 log_warnx("uid %d: %s", client->euid, err->msg);
130 imsg_init(&ibuf, client->fd);
131 gotd_imsg_send_error(&ibuf, 0, gotd_session.proc_id, err);
139 gotd_request_timeout(int fd, short events, void *arg)
141 struct gotd_session_client *client = arg;
143 log_debug("disconnecting uid %d due to timeout", client->euid);
148 gotd_session_sighdlr(int sig, short event, void *arg)
151 * Normal signal handler rules don't apply because libevent
157 log_info("%s: ignoring SIGHUP", __func__);
160 log_info("%s: ignoring SIGUSR1", __func__);
164 gotd_session_shutdown();
168 fatalx("unexpected signal");
172 static const struct got_error *
173 recv_packfile_done(uint32_t *client_id, struct imsg *imsg)
175 struct gotd_imsg_packfile_done idone;
178 log_debug("packfile-done received");
180 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
181 if (datalen != sizeof(idone))
182 return got_error(GOT_ERR_PRIVSEP_LEN);
183 memcpy(&idone, imsg->data, sizeof(idone));
185 *client_id = idone.client_id;
189 static const struct got_error *
190 recv_packfile_install(uint32_t *client_id, struct imsg *imsg)
192 struct gotd_imsg_packfile_install inst;
195 log_debug("packfile-install received");
197 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
198 if (datalen != sizeof(inst))
199 return got_error(GOT_ERR_PRIVSEP_LEN);
200 memcpy(&inst, imsg->data, sizeof(inst));
202 *client_id = inst.client_id;
206 static const struct got_error *
207 recv_ref_updates_start(uint32_t *client_id, struct imsg *imsg)
209 struct gotd_imsg_ref_updates_start istart;
212 log_debug("ref-updates-start received");
214 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
215 if (datalen != sizeof(istart))
216 return got_error(GOT_ERR_PRIVSEP_LEN);
217 memcpy(&istart, imsg->data, sizeof(istart));
219 *client_id = istart.client_id;
223 static const struct got_error *
224 recv_ref_update(uint32_t *client_id, struct imsg *imsg)
226 struct gotd_imsg_ref_update iref;
229 log_debug("ref-update received");
231 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
232 if (datalen < sizeof(iref))
233 return got_error(GOT_ERR_PRIVSEP_LEN);
234 memcpy(&iref, imsg->data, sizeof(iref));
236 *client_id = iref.client_id;
240 static const struct got_error *
241 send_ref_update_ok(struct gotd_session_client *client,
242 struct gotd_imsg_ref_update *iref, const char *refname)
244 struct gotd_imsg_ref_update_ok iok;
245 struct gotd_imsgev *iev = &client->iev;
249 memset(&iok, 0, sizeof(iok));
250 iok.client_id = client->id;
251 memcpy(iok.old_id, iref->old_id, SHA1_DIGEST_LENGTH);
252 memcpy(iok.new_id, iref->new_id, SHA1_DIGEST_LENGTH);
253 iok.name_len = strlen(refname);
255 len = sizeof(iok) + iok.name_len;
256 wbuf = imsg_create(&iev->ibuf, GOTD_IMSG_REF_UPDATE_OK,
257 gotd_session.proc_id, gotd_session.pid, len);
259 return got_error_from_errno("imsg_create REF_UPDATE_OK");
261 if (imsg_add(wbuf, &iok, sizeof(iok)) == -1)
262 return got_error_from_errno("imsg_add REF_UPDATE_OK");
263 if (imsg_add(wbuf, refname, iok.name_len) == -1)
264 return got_error_from_errno("imsg_add REF_UPDATE_OK");
267 imsg_close(&iev->ibuf, wbuf);
268 gotd_imsg_event_add(iev);
273 send_refs_updated(struct gotd_session_client *client)
275 if (gotd_imsg_compose_event(&client->iev, GOTD_IMSG_REFS_UPDATED,
276 gotd_session.proc_id, -1, NULL, 0) == -1)
277 log_warn("imsg compose REFS_UPDATED");
280 static const struct got_error *
281 send_ref_update_ng(struct gotd_session_client *client,
282 struct gotd_imsg_ref_update *iref, const char *refname,
285 const struct got_error *ng_err;
286 struct gotd_imsg_ref_update_ng ing;
287 struct gotd_imsgev *iev = &client->iev;
291 memset(&ing, 0, sizeof(ing));
292 ing.client_id = client->id;
293 memcpy(ing.old_id, iref->old_id, SHA1_DIGEST_LENGTH);
294 memcpy(ing.new_id, iref->new_id, SHA1_DIGEST_LENGTH);
295 ing.name_len = strlen(refname);
297 ng_err = got_error_fmt(GOT_ERR_REF_BUSY, "%s", reason);
298 ing.reason_len = strlen(ng_err->msg);
300 len = sizeof(ing) + ing.name_len + ing.reason_len;
301 wbuf = imsg_create(&iev->ibuf, GOTD_IMSG_REF_UPDATE_NG,
302 gotd_session.proc_id, gotd_session.pid, len);
304 return got_error_from_errno("imsg_create REF_UPDATE_NG");
306 if (imsg_add(wbuf, &ing, sizeof(ing)) == -1)
307 return got_error_from_errno("imsg_add REF_UPDATE_NG");
308 if (imsg_add(wbuf, refname, ing.name_len) == -1)
309 return got_error_from_errno("imsg_add REF_UPDATE_NG");
310 if (imsg_add(wbuf, ng_err->msg, ing.reason_len) == -1)
311 return got_error_from_errno("imsg_add REF_UPDATE_NG");
314 imsg_close(&iev->ibuf, wbuf);
315 gotd_imsg_event_add(iev);
319 static const struct got_error *
320 install_pack(struct gotd_session_client *client, const char *repo_path,
323 const struct got_error *err = NULL;
324 struct gotd_imsg_packfile_install inst;
325 char hex[SHA1_DIGEST_STRING_LENGTH];
327 char *packfile_path = NULL, *packidx_path = NULL;
329 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
330 if (datalen != sizeof(inst))
331 return got_error(GOT_ERR_PRIVSEP_LEN);
332 memcpy(&inst, imsg->data, sizeof(inst));
334 if (client->packfile_path == NULL)
335 return got_error_msg(GOT_ERR_BAD_REQUEST,
336 "client has no pack file");
337 if (client->packidx_path == NULL)
338 return got_error_msg(GOT_ERR_BAD_REQUEST,
339 "client has no pack file index");
341 if (got_sha1_digest_to_str(inst.pack_sha1, hex, sizeof(hex)) == NULL)
342 return got_error_msg(GOT_ERR_NO_SPACE,
343 "could not convert pack file SHA1 to hex");
345 if (asprintf(&packfile_path, "/%s/%s/pack-%s.pack",
346 repo_path, GOT_OBJECTS_PACK_DIR, hex) == -1) {
347 err = got_error_from_errno("asprintf");
351 if (asprintf(&packidx_path, "/%s/%s/pack-%s.idx",
352 repo_path, GOT_OBJECTS_PACK_DIR, hex) == -1) {
353 err = got_error_from_errno("asprintf");
357 if (rename(client->packfile_path, packfile_path) == -1) {
358 err = got_error_from_errno3("rename", client->packfile_path,
363 free(client->packfile_path);
364 client->packfile_path = NULL;
366 if (rename(client->packidx_path, packidx_path) == -1) {
367 err = got_error_from_errno3("rename", client->packidx_path,
372 free(client->packidx_path);
373 client->packidx_path = NULL;
380 static const struct got_error *
381 begin_ref_updates(struct gotd_session_client *client, struct imsg *imsg)
383 struct gotd_imsg_ref_updates_start istart;
386 if (client->nref_updates != -1)
387 return got_error(GOT_ERR_PRIVSEP_MSG);
389 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
390 if (datalen != sizeof(istart))
391 return got_error(GOT_ERR_PRIVSEP_LEN);
392 memcpy(&istart, imsg->data, sizeof(istart));
394 if (istart.nref_updates <= 0)
395 return got_error(GOT_ERR_PRIVSEP_MSG);
397 client->nref_updates = istart.nref_updates;
401 static const struct got_error *
402 update_ref(int *shut, struct gotd_session_client *client,
403 const char *repo_path, struct imsg *imsg)
405 const struct got_error *err = NULL;
406 struct got_repository *repo = NULL;
407 struct got_reference *ref = NULL;
408 struct gotd_imsg_ref_update iref;
409 struct got_object_id old_id, new_id;
410 struct got_object_id *id = NULL;
411 struct got_object *obj = NULL;
412 char *refname = NULL;
415 char hex1[SHA1_DIGEST_STRING_LENGTH];
416 char hex2[SHA1_DIGEST_STRING_LENGTH];
418 log_debug("update-ref from uid %d", client->euid);
420 if (client->nref_updates <= 0)
421 return got_error(GOT_ERR_PRIVSEP_MSG);
423 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
424 if (datalen < sizeof(iref))
425 return got_error(GOT_ERR_PRIVSEP_LEN);
426 memcpy(&iref, imsg->data, sizeof(iref));
427 if (datalen != sizeof(iref) + iref.name_len)
428 return got_error(GOT_ERR_PRIVSEP_LEN);
429 refname = strndup(imsg->data + sizeof(iref), iref.name_len);
431 return got_error_from_errno("strndup");
433 log_debug("updating ref %s for uid %d", refname, client->euid);
435 err = got_repo_open(&repo, repo_path, NULL, NULL);
439 memcpy(old_id.sha1, iref.old_id, SHA1_DIGEST_LENGTH);
440 memcpy(new_id.sha1, iref.new_id, SHA1_DIGEST_LENGTH);
441 err = got_object_open(&obj, repo,
442 iref.delete_ref ? &old_id : &new_id);
446 if (iref.ref_is_new) {
447 err = got_ref_open(&ref, repo, refname, 0);
449 if (err->code != GOT_ERR_NOT_REF)
451 err = got_ref_alloc(&ref, refname, &new_id);
454 err = got_ref_write(ref, repo); /* will lock/unlock */
458 err = got_ref_resolve(&id, repo, ref);
461 got_object_id_hex(&new_id, hex1, sizeof(hex1));
462 got_object_id_hex(id, hex2, sizeof(hex2));
463 err = got_error_fmt(GOT_ERR_REF_BUSY,
464 "Addition %s: %s failed; %s: %s has been "
465 "created by someone else while transaction "
467 got_ref_get_name(ref), hex1,
468 got_ref_get_name(ref), hex2);
471 } else if (iref.delete_ref) {
472 err = got_ref_open(&ref, repo, refname, 1 /* lock */);
477 err = got_ref_resolve(&id, repo, ref);
481 if (got_object_id_cmp(id, &old_id) != 0) {
482 got_object_id_hex(&old_id, hex1, sizeof(hex1));
483 got_object_id_hex(id, hex2, sizeof(hex2));
484 err = got_error_fmt(GOT_ERR_REF_BUSY,
485 "Deletion %s: %s failed; %s: %s has been "
486 "created by someone else while transaction "
488 got_ref_get_name(ref), hex1,
489 got_ref_get_name(ref), hex2);
493 err = got_ref_delete(ref, repo);
500 err = got_ref_open(&ref, repo, refname, 1 /* lock */);
505 err = got_ref_resolve(&id, repo, ref);
509 if (got_object_id_cmp(id, &old_id) != 0) {
510 got_object_id_hex(&old_id, hex1, sizeof(hex1));
511 got_object_id_hex(id, hex2, sizeof(hex2));
512 err = got_error_fmt(GOT_ERR_REF_BUSY,
513 "Update %s: %s failed; %s: %s has been "
514 "created by someone else while transaction "
516 got_ref_get_name(ref), hex1,
517 got_ref_get_name(ref), hex2);
521 if (got_object_id_cmp(&new_id, &old_id) != 0) {
522 err = got_ref_change_ref(ref, &new_id);
526 err = got_ref_write(ref, repo);
536 if (err->code == GOT_ERR_LOCKFILE_TIMEOUT) {
537 err = got_error_fmt(GOT_ERR_LOCKFILE_TIMEOUT,
538 "could not acquire exclusive file lock for %s",
541 send_ref_update_ng(client, &iref, refname, err->msg);
543 send_ref_update_ok(client, &iref, refname);
545 if (client->nref_updates > 0) {
546 client->nref_updates--;
547 if (client->nref_updates == 0) {
548 send_refs_updated(client);
549 client->flush_disconnect = 1;
554 const struct got_error *unlock_err;
555 unlock_err = got_ref_unlock(ref);
556 if (unlock_err && err == NULL)
562 got_object_close(obj);
564 got_repo_close(repo);
571 session_dispatch_repo_child(int fd, short event, void *arg)
573 struct gotd_imsgev *iev = arg;
574 struct imsgbuf *ibuf = &iev->ibuf;
575 struct gotd_session_client *client = &gotd_session_client;
580 if (event & EV_READ) {
581 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
582 fatal("imsg_read error");
584 /* Connection closed. */
590 if (event & EV_WRITE) {
591 n = msgbuf_write(&ibuf->w);
592 if (n == -1 && errno != EAGAIN)
593 fatal("msgbuf_write");
595 /* Connection closed. */
602 const struct got_error *err = NULL;
603 uint32_t client_id = 0;
604 int do_disconnect = 0;
605 int do_ref_updates = 0, do_ref_update = 0;
606 int do_packfile_install = 0;
608 if ((n = imsg_get(ibuf, &imsg)) == -1)
609 fatal("%s: imsg_get error", __func__);
610 if (n == 0) /* No more messages. */
613 switch (imsg.hdr.type) {
614 case GOTD_IMSG_ERROR:
616 err = gotd_imsg_recv_error(&client_id, &imsg);
618 case GOTD_IMSG_PACKFILE_DONE:
620 err = recv_packfile_done(&client_id, &imsg);
622 case GOTD_IMSG_PACKFILE_INSTALL:
623 err = recv_packfile_install(&client_id, &imsg);
625 do_packfile_install = 1;
627 case GOTD_IMSG_REF_UPDATES_START:
628 err = recv_ref_updates_start(&client_id, &imsg);
632 case GOTD_IMSG_REF_UPDATE:
633 err = recv_ref_update(&client_id, &imsg);
638 log_debug("unexpected imsg %d", imsg.hdr.type);
644 disconnect_on_error(client, err);
648 if (do_packfile_install)
649 err = install_pack(client,
650 gotd_session.repo->path, &imsg);
651 else if (do_ref_updates)
652 err = begin_ref_updates(client, &imsg);
653 else if (do_ref_update)
654 err = update_ref(&shut, client,
655 gotd_session.repo->path, &imsg);
657 log_warnx("uid %d: %s", client->euid, err->msg);
663 gotd_imsg_event_add(iev);
665 /* This pipe is dead. Remove its event handler */
667 event_loopexit(NULL);
671 static const struct got_error *
672 recv_capabilities(struct gotd_session_client *client, struct imsg *imsg)
674 struct gotd_imsg_capabilities icapas;
677 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
678 if (datalen != sizeof(icapas))
679 return got_error(GOT_ERR_PRIVSEP_LEN);
680 memcpy(&icapas, imsg->data, sizeof(icapas));
682 client->ncapa_alloc = icapas.ncapabilities;
683 client->capabilities = calloc(client->ncapa_alloc,
684 sizeof(*client->capabilities));
685 if (client->capabilities == NULL) {
686 client->ncapa_alloc = 0;
687 return got_error_from_errno("calloc");
690 log_debug("expecting %zu capabilities from uid %d",
691 client->ncapa_alloc, client->euid);
695 static const struct got_error *
696 recv_capability(struct gotd_session_client *client, struct imsg *imsg)
698 struct gotd_imsg_capability icapa;
699 struct gotd_client_capability *capa;
701 char *key, *value = NULL;
703 if (client->capabilities == NULL ||
704 client->ncapabilities >= client->ncapa_alloc) {
705 return got_error_msg(GOT_ERR_BAD_REQUEST,
706 "unexpected capability received");
709 memset(&icapa, 0, sizeof(icapa));
711 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
712 if (datalen < sizeof(icapa))
713 return got_error(GOT_ERR_PRIVSEP_LEN);
714 memcpy(&icapa, imsg->data, sizeof(icapa));
716 if (datalen != sizeof(icapa) + icapa.key_len + icapa.value_len)
717 return got_error(GOT_ERR_PRIVSEP_LEN);
719 key = strndup(imsg->data + sizeof(icapa), icapa.key_len);
721 return got_error_from_errno("strndup");
722 if (icapa.value_len > 0) {
723 value = strndup(imsg->data + sizeof(icapa) + icapa.key_len,
727 return got_error_from_errno("strndup");
731 capa = &client->capabilities[client->ncapabilities++];
736 log_debug("uid %d: capability %s=%s", client->euid, key, value);
738 log_debug("uid %d: capability %s", client->euid, key);
743 static const struct got_error *
744 ensure_client_is_reading(struct gotd_session_client *client)
746 if (client->is_writing) {
747 return got_error_fmt(GOT_ERR_BAD_PACKET,
748 "uid %d made a read-request but is not reading from "
749 "a repository", client->euid);
755 static const struct got_error *
756 ensure_client_is_writing(struct gotd_session_client *client)
758 if (!client->is_writing) {
759 return got_error_fmt(GOT_ERR_BAD_PACKET,
760 "uid %d made a write-request but is not writing to "
761 "a repository", client->euid);
767 static const struct got_error *
768 forward_want(struct gotd_session_client *client, struct imsg *imsg)
770 struct gotd_imsg_want ireq;
771 struct gotd_imsg_want iwant;
774 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
775 if (datalen != sizeof(ireq))
776 return got_error(GOT_ERR_PRIVSEP_LEN);
778 memcpy(&ireq, imsg->data, datalen);
780 memset(&iwant, 0, sizeof(iwant));
781 memcpy(iwant.object_id, ireq.object_id, SHA1_DIGEST_LENGTH);
782 iwant.client_id = client->id;
784 if (gotd_imsg_compose_event(&client->repo_child_iev, GOTD_IMSG_WANT,
785 gotd_session.proc_id, -1, &iwant, sizeof(iwant)) == -1)
786 return got_error_from_errno("imsg compose WANT");
791 static const struct got_error *
792 forward_ref_update(struct gotd_session_client *client, struct imsg *imsg)
794 const struct got_error *err = NULL;
795 struct gotd_imsg_ref_update ireq;
796 struct gotd_imsg_ref_update *iref = NULL;
799 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
800 if (datalen < sizeof(ireq))
801 return got_error(GOT_ERR_PRIVSEP_LEN);
802 memcpy(&ireq, imsg->data, sizeof(ireq));
803 if (datalen != sizeof(ireq) + ireq.name_len)
804 return got_error(GOT_ERR_PRIVSEP_LEN);
806 iref = malloc(datalen);
808 return got_error_from_errno("malloc");
809 memcpy(iref, imsg->data, datalen);
811 iref->client_id = client->id;
812 if (gotd_imsg_compose_event(&client->repo_child_iev,
813 GOTD_IMSG_REF_UPDATE, gotd_session.proc_id, -1,
814 iref, datalen) == -1)
815 err = got_error_from_errno("imsg compose REF_UPDATE");
820 static const struct got_error *
821 forward_have(struct gotd_session_client *client, struct imsg *imsg)
823 struct gotd_imsg_have ireq;
824 struct gotd_imsg_have ihave;
827 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
828 if (datalen != sizeof(ireq))
829 return got_error(GOT_ERR_PRIVSEP_LEN);
831 memcpy(&ireq, imsg->data, datalen);
833 memset(&ihave, 0, sizeof(ihave));
834 memcpy(ihave.object_id, ireq.object_id, SHA1_DIGEST_LENGTH);
835 ihave.client_id = client->id;
837 if (gotd_imsg_compose_event(&client->repo_child_iev, GOTD_IMSG_HAVE,
838 gotd_session.proc_id, -1, &ihave, sizeof(ihave)) == -1)
839 return got_error_from_errno("imsg compose HAVE");
845 client_has_capability(struct gotd_session_client *client, const char *capastr)
847 struct gotd_client_capability *capa;
850 if (client->ncapabilities == 0)
853 for (i = 0; i < client->ncapabilities; i++) {
854 capa = &client->capabilities[i];
855 if (strcmp(capa->key, capastr) == 0)
862 static const struct got_error *
863 recv_packfile(struct gotd_session_client *client)
865 const struct got_error *err = NULL;
866 struct gotd_imsg_recv_packfile ipack;
867 struct gotd_imsg_packfile_pipe ipipe;
868 struct gotd_imsg_packidx_file ifile;
869 char *basepath = NULL, *pack_path = NULL, *idx_path = NULL;
870 int packfd = -1, idxfd = -1;
871 int pipe[2] = { -1, -1 };
873 if (client->packfile_path) {
874 return got_error_fmt(GOT_ERR_PRIVSEP_MSG,
875 "uid %d already has a pack file", client->euid);
878 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pipe) == -1)
879 return got_error_from_errno("socketpair");
881 memset(&ipipe, 0, sizeof(ipipe));
882 ipipe.client_id = client->id;
884 /* Send pack pipe end 0 to repo child process. */
885 if (gotd_imsg_compose_event(&client->repo_child_iev,
886 GOTD_IMSG_PACKFILE_PIPE, gotd_session.proc_id, pipe[0],
887 &ipipe, sizeof(ipipe)) == -1) {
888 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
894 /* Send pack pipe end 1 to gotsh(1) (expects just an fd, no data). */
895 if (gotd_imsg_compose_event(&client->iev,
896 GOTD_IMSG_PACKFILE_PIPE, gotd_session.proc_id, pipe[1],
898 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
901 if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.pack",
902 got_repo_get_path(gotd_session.repo), GOT_OBJECTS_PACK_DIR,
903 client->euid) == -1) {
904 err = got_error_from_errno("asprintf");
908 err = got_opentemp_named_fd(&pack_path, &packfd, basepath, "");
911 if (fchmod(packfd, GOT_DEFAULT_PACK_MODE) == -1) {
912 err = got_error_from_errno2("fchmod", pack_path);
917 if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.idx",
918 got_repo_get_path(gotd_session.repo), GOT_OBJECTS_PACK_DIR,
919 client->euid) == -1) {
920 err = got_error_from_errno("asprintf");
924 err = got_opentemp_named_fd(&idx_path, &idxfd, basepath, "");
927 if (fchmod(idxfd, GOT_DEFAULT_PACK_MODE) == -1) {
928 err = got_error_from_errno2("fchmod", idx_path);
932 memset(&ifile, 0, sizeof(ifile));
933 ifile.client_id = client->id;
934 if (gotd_imsg_compose_event(&client->repo_child_iev,
935 GOTD_IMSG_PACKIDX_FILE, gotd_session.proc_id,
936 idxfd, &ifile, sizeof(ifile)) == -1) {
937 err = got_error_from_errno("imsg compose PACKIDX_FILE");
943 memset(&ipack, 0, sizeof(ipack));
944 ipack.client_id = client->id;
945 if (client_has_capability(client, GOT_CAPA_REPORT_STATUS))
946 ipack.report_status = 1;
948 if (gotd_imsg_compose_event(&client->repo_child_iev,
949 GOTD_IMSG_RECV_PACKFILE, gotd_session.proc_id, packfd,
950 &ipack, sizeof(ipack)) == -1) {
951 err = got_error_from_errno("imsg compose RECV_PACKFILE");
959 if (pipe[0] != -1 && close(pipe[0]) == -1 && err == NULL)
960 err = got_error_from_errno("close");
961 if (pipe[1] != -1 && close(pipe[1]) == -1 && err == NULL)
962 err = got_error_from_errno("close");
963 if (packfd != -1 && close(packfd) == -1 && err == NULL)
964 err = got_error_from_errno("close");
965 if (idxfd != -1 && close(idxfd) == -1 && err == NULL)
966 err = got_error_from_errno("close");
971 client->packfile_path = pack_path;
972 client->packidx_path = idx_path;
977 static const struct got_error *
978 send_packfile(struct gotd_session_client *client)
980 const struct got_error *err = NULL;
981 struct gotd_imsg_send_packfile ipack;
982 struct gotd_imsg_packfile_pipe ipipe;
985 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pipe) == -1)
986 return got_error_from_errno("socketpair");
988 memset(&ipack, 0, sizeof(ipack));
989 memset(&ipipe, 0, sizeof(ipipe));
991 ipack.client_id = client->id;
992 if (client_has_capability(client, GOT_CAPA_SIDE_BAND_64K))
993 ipack.report_progress = 1;
995 client->delta_cache_fd = got_opentempfd();
996 if (client->delta_cache_fd == -1)
997 return got_error_from_errno("got_opentempfd");
999 if (gotd_imsg_compose_event(&client->repo_child_iev,
1000 GOTD_IMSG_SEND_PACKFILE, PROC_GOTD, client->delta_cache_fd,
1001 &ipack, sizeof(ipack)) == -1) {
1002 err = got_error_from_errno("imsg compose SEND_PACKFILE");
1008 ipipe.client_id = client->id;
1010 /* Send pack pipe end 0 to repo child process. */
1011 if (gotd_imsg_compose_event(&client->repo_child_iev,
1012 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD,
1013 pipe[0], &ipipe, sizeof(ipipe)) == -1) {
1014 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
1019 /* Send pack pipe end 1 to gotsh(1) (expects just an fd, no data). */
1020 if (gotd_imsg_compose_event(&client->iev,
1021 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD, pipe[1], NULL, 0) == -1)
1022 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
1028 session_dispatch_client(int fd, short events, void *arg)
1030 struct gotd_imsgev *iev = arg;
1031 struct imsgbuf *ibuf = &iev->ibuf;
1032 struct gotd_session_client *client = &gotd_session_client;
1033 const struct got_error *err = NULL;
1037 if (events & EV_WRITE) {
1038 while (ibuf->w.queued) {
1039 n = msgbuf_write(&ibuf->w);
1040 if (n == -1 && errno == EPIPE) {
1042 * The client has closed its socket.
1043 * This can happen when Git clients are
1044 * done sending pack file data.
1046 msgbuf_clear(&ibuf->w);
1048 } else if (n == -1 && errno != EAGAIN) {
1049 err = got_error_from_errno("imsg_flush");
1050 disconnect_on_error(client, err);
1054 /* Connection closed. */
1055 err = got_error(GOT_ERR_EOF);
1056 disconnect_on_error(client, err);
1061 if (client->flush_disconnect) {
1067 if ((events & EV_READ) == 0)
1070 memset(&imsg, 0, sizeof(imsg));
1072 while (err == NULL) {
1073 err = gotd_imsg_recv(&imsg, ibuf, 0);
1075 if (err->code == GOT_ERR_PRIVSEP_READ)
1077 else if (err->code == GOT_ERR_EOF &&
1078 client->state == GOTD_STATE_EXPECT_CAPABILITIES) {
1080 * The client has closed its socket before
1081 * sending its capability announcement.
1082 * This can happen when Git clients have
1083 * no ref-updates to send.
1085 disconnect_on_error(client, err);
1091 evtimer_del(&client->tmo);
1093 switch (imsg.hdr.type) {
1094 case GOTD_IMSG_CAPABILITIES:
1095 if (client->state != GOTD_STATE_EXPECT_CAPABILITIES) {
1096 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1097 "unexpected capabilities received");
1100 log_debug("receiving capabilities from uid %d",
1102 err = recv_capabilities(client, &imsg);
1104 case GOTD_IMSG_CAPABILITY:
1105 if (client->state != GOTD_STATE_EXPECT_CAPABILITIES) {
1106 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1107 "unexpected capability received");
1110 err = recv_capability(client, &imsg);
1111 if (err || client->ncapabilities < client->ncapa_alloc)
1113 if (!client->is_writing) {
1114 client->state = GOTD_STATE_EXPECT_WANT;
1115 client->accept_flush_pkt = 1;
1116 log_debug("uid %d: expecting want-lines",
1118 } else if (client->is_writing) {
1119 client->state = GOTD_STATE_EXPECT_REF_UPDATE;
1120 client->accept_flush_pkt = 1;
1121 log_debug("uid %d: expecting ref-update-lines",
1124 fatalx("client %d is both reading and writing",
1127 case GOTD_IMSG_WANT:
1128 if (client->state != GOTD_STATE_EXPECT_WANT) {
1129 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1130 "unexpected want-line received");
1133 log_debug("received want-line from uid %d",
1135 err = ensure_client_is_reading(client);
1138 client->accept_flush_pkt = 1;
1139 err = forward_want(client, &imsg);
1141 case GOTD_IMSG_REF_UPDATE:
1142 if (client->state != GOTD_STATE_EXPECT_REF_UPDATE &&
1144 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1145 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1146 "unexpected ref-update-line received");
1149 log_debug("received ref-update-line from uid %d",
1151 err = ensure_client_is_writing(client);
1154 err = forward_ref_update(client, &imsg);
1157 client->state = GOTD_STATE_EXPECT_MORE_REF_UPDATES;
1158 client->accept_flush_pkt = 1;
1160 case GOTD_IMSG_HAVE:
1161 if (client->state != GOTD_STATE_EXPECT_HAVE) {
1162 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1163 "unexpected have-line received");
1166 log_debug("received have-line from uid %d",
1168 err = ensure_client_is_reading(client);
1171 err = forward_have(client, &imsg);
1174 client->accept_flush_pkt = 1;
1176 case GOTD_IMSG_FLUSH:
1177 if (client->state == GOTD_STATE_EXPECT_WANT ||
1178 client->state == GOTD_STATE_EXPECT_HAVE) {
1179 err = ensure_client_is_reading(client);
1182 } else if (client->state ==
1183 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1184 err = ensure_client_is_writing(client);
1187 } else if (client->state != GOTD_STATE_EXPECT_DONE) {
1188 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1189 "unexpected flush-pkt received");
1192 if (!client->accept_flush_pkt) {
1193 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1194 "unexpected flush-pkt received");
1199 * Accept just one flush packet at a time.
1200 * Future client state transitions will set this flag
1201 * again if another flush packet is expected.
1203 client->accept_flush_pkt = 0;
1205 log_debug("received flush-pkt from uid %d",
1207 if (client->state == GOTD_STATE_EXPECT_WANT) {
1208 client->state = GOTD_STATE_EXPECT_HAVE;
1209 log_debug("uid %d: expecting have-lines",
1211 } else if (client->state == GOTD_STATE_EXPECT_HAVE) {
1212 client->state = GOTD_STATE_EXPECT_DONE;
1213 client->accept_flush_pkt = 1;
1214 log_debug("uid %d: expecting 'done'",
1216 } else if (client->state ==
1217 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1218 client->state = GOTD_STATE_EXPECT_PACKFILE;
1219 log_debug("uid %d: expecting packfile",
1221 err = recv_packfile(client);
1222 } else if (client->state != GOTD_STATE_EXPECT_DONE) {
1223 /* should not happen, see above */
1224 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1225 "unexpected client state");
1229 case GOTD_IMSG_DONE:
1230 if (client->state != GOTD_STATE_EXPECT_HAVE &&
1231 client->state != GOTD_STATE_EXPECT_DONE) {
1232 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1233 "unexpected flush-pkt received");
1236 log_debug("received 'done' from uid %d", client->euid);
1237 err = ensure_client_is_reading(client);
1240 client->state = GOTD_STATE_DONE;
1241 client->accept_flush_pkt = 1;
1242 err = send_packfile(client);
1245 log_debug("unexpected imsg %d", imsg.hdr.type);
1246 err = got_error(GOT_ERR_PRIVSEP_MSG);
1254 if (err->code != GOT_ERR_EOF ||
1255 client->state != GOTD_STATE_EXPECT_PACKFILE)
1256 disconnect_on_error(client, err);
1258 gotd_imsg_event_add(iev);
1259 evtimer_add(&client->tmo, &gotd_session.request_timeout);
1263 static const struct got_error *
1264 list_refs_request(void)
1266 static const struct got_error *err;
1267 struct gotd_session_client *client = &gotd_session_client;
1268 struct gotd_imsgev *iev = &client->repo_child_iev;
1269 struct gotd_imsg_list_refs_internal ilref;
1272 if (client->state != GOTD_STATE_EXPECT_LIST_REFS)
1273 return got_error(GOT_ERR_PRIVSEP_MSG);
1275 memset(&ilref, 0, sizeof(ilref));
1276 ilref.client_id = client->id;
1278 fd = dup(client->fd);
1280 return got_error_from_errno("dup");
1282 if (gotd_imsg_compose_event(iev, GOTD_IMSG_LIST_REFS_INTERNAL,
1283 gotd_session.proc_id, fd, &ilref, sizeof(ilref)) == -1) {
1284 err = got_error_from_errno("imsg compose LIST_REFS_INTERNAL");
1289 client->state = GOTD_STATE_EXPECT_CAPABILITIES;
1290 log_debug("uid %d: expecting capabilities", client->euid);
1294 static const struct got_error *
1295 recv_connect(struct imsg *imsg)
1297 struct gotd_session_client *client = &gotd_session_client;
1298 struct gotd_imsg_connect iconnect;
1301 if (client->state != GOTD_STATE_EXPECT_LIST_REFS)
1302 return got_error(GOT_ERR_PRIVSEP_MSG);
1304 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1305 if (datalen != sizeof(iconnect))
1306 return got_error(GOT_ERR_PRIVSEP_LEN);
1307 memcpy(&iconnect, imsg->data, sizeof(iconnect));
1310 return got_error(GOT_ERR_PRIVSEP_NO_FD);
1312 client->fd = imsg->fd;
1313 client->euid = iconnect.euid;
1314 client->egid = iconnect.egid;
1316 imsg_init(&client->iev.ibuf, client->fd);
1317 client->iev.handler = session_dispatch_client;
1318 client->iev.events = EV_READ;
1319 client->iev.handler_arg = NULL;
1320 event_set(&client->iev.ev, client->iev.ibuf.fd, EV_READ,
1321 session_dispatch_client, &client->iev);
1322 gotd_imsg_event_add(&client->iev);
1323 evtimer_set(&client->tmo, gotd_request_timeout, client);
1328 static const struct got_error *
1329 recv_repo_child(struct imsg *imsg)
1331 struct gotd_imsg_connect_repo_child ichild;
1332 struct gotd_session_client *client = &gotd_session_client;
1335 if (client->state != GOTD_STATE_EXPECT_LIST_REFS)
1336 return got_error(GOT_ERR_PRIVSEP_MSG);
1338 /* We should already have received a pipe to the listener. */
1339 if (client->fd == -1)
1340 return got_error(GOT_ERR_PRIVSEP_MSG);
1342 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1343 if (datalen != sizeof(ichild))
1344 return got_error(GOT_ERR_PRIVSEP_LEN);
1346 memcpy(&ichild, imsg->data, sizeof(ichild));
1348 client->id = ichild.client_id;
1349 if (ichild.proc_id == PROC_REPO_WRITE)
1350 client->is_writing = 1;
1351 else if (ichild.proc_id == PROC_REPO_READ)
1352 client->is_writing = 0;
1354 return got_error_msg(GOT_ERR_PRIVSEP_MSG,
1355 "bad child process type");
1358 return got_error(GOT_ERR_PRIVSEP_NO_FD);
1360 imsg_init(&client->repo_child_iev.ibuf, imsg->fd);
1361 client->repo_child_iev.handler = session_dispatch_repo_child;
1362 client->repo_child_iev.events = EV_READ;
1363 client->repo_child_iev.handler_arg = NULL;
1364 event_set(&client->repo_child_iev.ev, client->repo_child_iev.ibuf.fd,
1365 EV_READ, session_dispatch_repo_child, &client->repo_child_iev);
1366 gotd_imsg_event_add(&client->repo_child_iev);
1368 /* The "recvfd" pledge promise is no longer needed. */
1369 if (pledge("stdio rpath wpath cpath sendfd fattr flock", NULL) == -1)
1376 session_dispatch(int fd, short event, void *arg)
1378 struct gotd_imsgev *iev = arg;
1379 struct imsgbuf *ibuf = &iev->ibuf;
1380 struct gotd_session_client *client = &gotd_session_client;
1385 if (event & EV_READ) {
1386 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
1387 fatal("imsg_read error");
1389 /* Connection closed. */
1395 if (event & EV_WRITE) {
1396 n = msgbuf_write(&ibuf->w);
1397 if (n == -1 && errno != EAGAIN)
1398 fatal("msgbuf_write");
1400 /* Connection closed. */
1407 const struct got_error *err = NULL;
1408 uint32_t client_id = 0;
1409 int do_disconnect = 0, do_list_refs = 0;
1411 if ((n = imsg_get(ibuf, &imsg)) == -1)
1412 fatal("%s: imsg_get error", __func__);
1413 if (n == 0) /* No more messages. */
1416 switch (imsg.hdr.type) {
1417 case GOTD_IMSG_ERROR:
1419 err = gotd_imsg_recv_error(&client_id, &imsg);
1421 case GOTD_IMSG_CONNECT:
1422 err = recv_connect(&imsg);
1424 case GOTD_IMSG_DISCONNECT:
1427 case GOTD_IMSG_CONNECT_REPO_CHILD:
1428 err = recv_repo_child(&imsg);
1434 log_debug("unexpected imsg %d", imsg.hdr.type);
1439 if (do_disconnect) {
1441 disconnect_on_error(client, err);
1444 } else if (do_list_refs)
1445 err = list_refs_request();
1448 log_warnx("uid %d: %s", client->euid, err->msg);
1452 gotd_imsg_event_add(iev);
1454 /* This pipe is dead. Remove its event handler */
1455 event_del(&iev->ev);
1456 event_loopexit(NULL);
1461 session_main(const char *title, const char *repo_path,
1462 int *pack_fds, int *temp_fds, struct timeval *request_timeout,
1463 enum gotd_procid proc_id)
1465 const struct got_error *err = NULL;
1466 struct event evsigint, evsigterm, evsighup, evsigusr1;
1468 gotd_session.title = title;
1469 gotd_session.pid = getpid();
1470 gotd_session.pack_fds = pack_fds;
1471 gotd_session.temp_fds = temp_fds;
1472 memcpy(&gotd_session.request_timeout, request_timeout,
1473 sizeof(gotd_session.request_timeout));
1474 gotd_session.proc_id = proc_id;
1476 err = got_repo_open(&gotd_session.repo, repo_path, NULL, pack_fds);
1479 if (!got_repo_is_bare(gotd_session.repo)) {
1480 err = got_error_msg(GOT_ERR_NOT_GIT_REPO,
1481 "bare git repository required");
1485 got_repo_temp_fds_set(gotd_session.repo, temp_fds);
1487 signal_set(&evsigint, SIGINT, gotd_session_sighdlr, NULL);
1488 signal_set(&evsigterm, SIGTERM, gotd_session_sighdlr, NULL);
1489 signal_set(&evsighup, SIGHUP, gotd_session_sighdlr, NULL);
1490 signal_set(&evsigusr1, SIGUSR1, gotd_session_sighdlr, NULL);
1491 signal(SIGPIPE, SIG_IGN);
1493 signal_add(&evsigint, NULL);
1494 signal_add(&evsigterm, NULL);
1495 signal_add(&evsighup, NULL);
1496 signal_add(&evsigusr1, NULL);
1498 gotd_session_client.state = GOTD_STATE_EXPECT_LIST_REFS;
1499 gotd_session_client.fd = -1;
1500 gotd_session_client.nref_updates = -1;
1501 gotd_session_client.delta_cache_fd = -1;
1502 gotd_session_client.accept_flush_pkt = 1;
1504 imsg_init(&gotd_session.parent_iev.ibuf, GOTD_FILENO_MSG_PIPE);
1505 gotd_session.parent_iev.handler = session_dispatch;
1506 gotd_session.parent_iev.events = EV_READ;
1507 gotd_session.parent_iev.handler_arg = NULL;
1508 event_set(&gotd_session.parent_iev.ev, gotd_session.parent_iev.ibuf.fd,
1509 EV_READ, session_dispatch, &gotd_session.parent_iev);
1510 if (gotd_imsg_compose_event(&gotd_session.parent_iev,
1511 GOTD_IMSG_CLIENT_SESSION_READY, gotd_session.proc_id,
1512 -1, NULL, 0) == -1) {
1513 err = got_error_from_errno("imsg compose CLIENT_SESSION_READY");
1520 log_warnx("%s: %s", title, err->msg);
1521 gotd_session_shutdown();
1525 gotd_session_shutdown(void)
1527 log_debug("shutting down");
1528 if (gotd_session.repo)
1529 got_repo_close(gotd_session.repo);
1530 got_repo_pack_fds_close(gotd_session.pack_fds);
1531 got_repo_temp_fds_close(gotd_session.temp_fds);