2 * Copyright (c) 2022, 2023 Stefan Sperling <stsp@openbsd.org>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 #include <sys/types.h>
18 #include <sys/queue.h>
20 #include <sys/socket.h>
37 #include "got_error.h"
38 #include "got_repository.h"
39 #include "got_object.h"
41 #include "got_reference.h"
42 #include "got_opentemp.h"
44 #include "got_lib_hash.h"
45 #include "got_lib_delta.h"
46 #include "got_lib_object.h"
47 #include "got_lib_object_cache.h"
48 #include "got_lib_pack.h"
49 #include "got_lib_repository.h"
50 #include "got_lib_gitproto.h"
57 static struct gotd_session {
60 struct got_repository *repo;
63 struct gotd_imsgev parent_iev;
64 struct timeval request_timeout;
67 static struct gotd_session_client {
68 enum gotd_session_state state;
70 struct gotd_client_capability *capabilities;
76 struct gotd_imsgev iev;
77 struct gotd_imsgev repo_child_iev;
85 } gotd_session_client;
87 void gotd_session_sighdlr(int sig, short event, void *arg);
88 static void gotd_session_shutdown(void);
91 disconnect(struct gotd_session_client *client)
93 log_debug("uid %d: disconnecting", client->euid);
95 if (gotd_imsg_compose_event(&gotd_session.parent_iev,
96 GOTD_IMSG_DISCONNECT, PROC_SESSION, -1, NULL, 0) == -1)
97 log_warn("imsg compose DISCONNECT");
99 imsg_clear(&client->repo_child_iev.ibuf);
100 event_del(&client->repo_child_iev.ev);
101 evtimer_del(&client->tmo);
103 if (client->delta_cache_fd != -1)
104 close(client->delta_cache_fd);
105 if (client->packfile_path) {
106 if (unlink(client->packfile_path) == -1 && errno != ENOENT)
107 log_warn("unlink %s: ", client->packfile_path);
108 free(client->packfile_path);
110 if (client->packidx_path) {
111 if (unlink(client->packidx_path) == -1 && errno != ENOENT)
112 log_warn("unlink %s: ", client->packidx_path);
113 free(client->packidx_path);
115 free(client->capabilities);
117 gotd_session_shutdown();
121 disconnect_on_error(struct gotd_session_client *client,
122 const struct got_error *err)
126 log_warnx("uid %d: %s", client->euid, err->msg);
127 if (err->code != GOT_ERR_EOF) {
128 imsg_init(&ibuf, client->fd);
129 gotd_imsg_send_error(&ibuf, 0, PROC_SESSION, err);
137 gotd_request_timeout(int fd, short events, void *arg)
139 struct gotd_session_client *client = arg;
141 log_debug("disconnecting uid %d due to timeout", client->euid);
146 gotd_session_sighdlr(int sig, short event, void *arg)
149 * Normal signal handler rules don't apply because libevent
155 log_info("%s: ignoring SIGHUP", __func__);
158 log_info("%s: ignoring SIGUSR1", __func__);
162 gotd_session_shutdown();
166 fatalx("unexpected signal");
170 static const struct got_error *
171 recv_packfile_done(uint32_t *client_id, struct imsg *imsg)
173 struct gotd_imsg_packfile_done idone;
176 log_debug("packfile-done received");
178 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
179 if (datalen != sizeof(idone))
180 return got_error(GOT_ERR_PRIVSEP_LEN);
181 memcpy(&idone, imsg->data, sizeof(idone));
183 *client_id = idone.client_id;
187 static const struct got_error *
188 recv_packfile_install(uint32_t *client_id, struct imsg *imsg)
190 struct gotd_imsg_packfile_install inst;
193 log_debug("packfile-install received");
195 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
196 if (datalen != sizeof(inst))
197 return got_error(GOT_ERR_PRIVSEP_LEN);
198 memcpy(&inst, imsg->data, sizeof(inst));
200 *client_id = inst.client_id;
204 static const struct got_error *
205 recv_ref_updates_start(uint32_t *client_id, struct imsg *imsg)
207 struct gotd_imsg_ref_updates_start istart;
210 log_debug("ref-updates-start received");
212 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
213 if (datalen != sizeof(istart))
214 return got_error(GOT_ERR_PRIVSEP_LEN);
215 memcpy(&istart, imsg->data, sizeof(istart));
217 *client_id = istart.client_id;
221 static const struct got_error *
222 recv_ref_update(uint32_t *client_id, struct imsg *imsg)
224 struct gotd_imsg_ref_update iref;
227 log_debug("ref-update received");
229 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
230 if (datalen < sizeof(iref))
231 return got_error(GOT_ERR_PRIVSEP_LEN);
232 memcpy(&iref, imsg->data, sizeof(iref));
234 *client_id = iref.client_id;
238 static const struct got_error *
239 send_ref_update_ok(struct gotd_session_client *client,
240 struct gotd_imsg_ref_update *iref, const char *refname)
242 struct gotd_imsg_ref_update_ok iok;
243 struct gotd_imsgev *iev = &client->iev;
247 memset(&iok, 0, sizeof(iok));
248 iok.client_id = client->id;
249 memcpy(iok.old_id, iref->old_id, SHA1_DIGEST_LENGTH);
250 memcpy(iok.new_id, iref->new_id, SHA1_DIGEST_LENGTH);
251 iok.name_len = strlen(refname);
253 len = sizeof(iok) + iok.name_len;
254 wbuf = imsg_create(&iev->ibuf, GOTD_IMSG_REF_UPDATE_OK,
255 PROC_SESSION, gotd_session.pid, len);
257 return got_error_from_errno("imsg_create REF_UPDATE_OK");
259 if (imsg_add(wbuf, &iok, sizeof(iok)) == -1)
260 return got_error_from_errno("imsg_add REF_UPDATE_OK");
261 if (imsg_add(wbuf, refname, iok.name_len) == -1)
262 return got_error_from_errno("imsg_add REF_UPDATE_OK");
265 imsg_close(&iev->ibuf, wbuf);
266 gotd_imsg_event_add(iev);
271 send_refs_updated(struct gotd_session_client *client)
273 if (gotd_imsg_compose_event(&client->iev, GOTD_IMSG_REFS_UPDATED,
274 PROC_SESSION, -1, NULL, 0) == -1)
275 log_warn("imsg compose REFS_UPDATED");
278 static const struct got_error *
279 send_ref_update_ng(struct gotd_session_client *client,
280 struct gotd_imsg_ref_update *iref, const char *refname,
283 const struct got_error *ng_err;
284 struct gotd_imsg_ref_update_ng ing;
285 struct gotd_imsgev *iev = &client->iev;
289 memset(&ing, 0, sizeof(ing));
290 ing.client_id = client->id;
291 memcpy(ing.old_id, iref->old_id, SHA1_DIGEST_LENGTH);
292 memcpy(ing.new_id, iref->new_id, SHA1_DIGEST_LENGTH);
293 ing.name_len = strlen(refname);
295 ng_err = got_error_fmt(GOT_ERR_REF_BUSY, "%s", reason);
296 ing.reason_len = strlen(ng_err->msg);
298 len = sizeof(ing) + ing.name_len + ing.reason_len;
299 wbuf = imsg_create(&iev->ibuf, GOTD_IMSG_REF_UPDATE_NG,
300 PROC_SESSION, gotd_session.pid, len);
302 return got_error_from_errno("imsg_create REF_UPDATE_NG");
304 if (imsg_add(wbuf, &ing, sizeof(ing)) == -1)
305 return got_error_from_errno("imsg_add REF_UPDATE_NG");
306 if (imsg_add(wbuf, refname, ing.name_len) == -1)
307 return got_error_from_errno("imsg_add REF_UPDATE_NG");
308 if (imsg_add(wbuf, ng_err->msg, ing.reason_len) == -1)
309 return got_error_from_errno("imsg_add REF_UPDATE_NG");
312 imsg_close(&iev->ibuf, wbuf);
313 gotd_imsg_event_add(iev);
317 static const struct got_error *
318 install_pack(struct gotd_session_client *client, const char *repo_path,
321 const struct got_error *err = NULL;
322 struct gotd_imsg_packfile_install inst;
323 char hex[SHA1_DIGEST_STRING_LENGTH];
325 char *packfile_path = NULL, *packidx_path = NULL;
327 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
328 if (datalen != sizeof(inst))
329 return got_error(GOT_ERR_PRIVSEP_LEN);
330 memcpy(&inst, imsg->data, sizeof(inst));
332 if (client->packfile_path == NULL)
333 return got_error_msg(GOT_ERR_BAD_REQUEST,
334 "client has no pack file");
335 if (client->packidx_path == NULL)
336 return got_error_msg(GOT_ERR_BAD_REQUEST,
337 "client has no pack file index");
339 if (got_sha1_digest_to_str(inst.pack_sha1, hex, sizeof(hex)) == NULL)
340 return got_error_msg(GOT_ERR_NO_SPACE,
341 "could not convert pack file SHA1 to hex");
343 if (asprintf(&packfile_path, "/%s/%s/pack-%s.pack",
344 repo_path, GOT_OBJECTS_PACK_DIR, hex) == -1) {
345 err = got_error_from_errno("asprintf");
349 if (asprintf(&packidx_path, "/%s/%s/pack-%s.idx",
350 repo_path, GOT_OBJECTS_PACK_DIR, hex) == -1) {
351 err = got_error_from_errno("asprintf");
355 if (rename(client->packfile_path, packfile_path) == -1) {
356 err = got_error_from_errno3("rename", client->packfile_path,
361 free(client->packfile_path);
362 client->packfile_path = NULL;
364 if (rename(client->packidx_path, packidx_path) == -1) {
365 err = got_error_from_errno3("rename", client->packidx_path,
370 free(client->packidx_path);
371 client->packidx_path = NULL;
378 static const struct got_error *
379 begin_ref_updates(struct gotd_session_client *client, struct imsg *imsg)
381 struct gotd_imsg_ref_updates_start istart;
384 if (client->nref_updates != -1)
385 return got_error(GOT_ERR_PRIVSEP_MSG);
387 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
388 if (datalen != sizeof(istart))
389 return got_error(GOT_ERR_PRIVSEP_LEN);
390 memcpy(&istart, imsg->data, sizeof(istart));
392 if (istart.nref_updates <= 0)
393 return got_error(GOT_ERR_PRIVSEP_MSG);
395 client->nref_updates = istart.nref_updates;
399 static const struct got_error *
400 update_ref(int *shut, struct gotd_session_client *client,
401 const char *repo_path, struct imsg *imsg)
403 const struct got_error *err = NULL;
404 struct got_repository *repo = NULL;
405 struct got_reference *ref = NULL;
406 struct gotd_imsg_ref_update iref;
407 struct got_object_id old_id, new_id;
408 struct got_object_id *id = NULL;
409 struct got_object *obj = NULL;
410 char *refname = NULL;
414 log_debug("update-ref from uid %d", client->euid);
416 if (client->nref_updates <= 0)
417 return got_error(GOT_ERR_PRIVSEP_MSG);
419 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
420 if (datalen < sizeof(iref))
421 return got_error(GOT_ERR_PRIVSEP_LEN);
422 memcpy(&iref, imsg->data, sizeof(iref));
423 if (datalen != sizeof(iref) + iref.name_len)
424 return got_error(GOT_ERR_PRIVSEP_LEN);
425 refname = strndup(imsg->data + sizeof(iref), iref.name_len);
427 return got_error_from_errno("strndup");
429 log_debug("updating ref %s for uid %d", refname, client->euid);
431 err = got_repo_open(&repo, repo_path, NULL, NULL);
435 memcpy(old_id.sha1, iref.old_id, SHA1_DIGEST_LENGTH);
436 memcpy(new_id.sha1, iref.new_id, SHA1_DIGEST_LENGTH);
437 err = got_object_open(&obj, repo,
438 iref.delete_ref ? &old_id : &new_id);
442 if (iref.ref_is_new) {
443 err = got_ref_open(&ref, repo, refname, 0);
445 if (err->code != GOT_ERR_NOT_REF)
447 err = got_ref_alloc(&ref, refname, &new_id);
450 err = got_ref_write(ref, repo); /* will lock/unlock */
454 err = got_error_fmt(GOT_ERR_REF_BUSY,
455 "%s has been created by someone else "
456 "while transaction was in progress",
457 got_ref_get_name(ref));
460 } else if (iref.delete_ref) {
461 err = got_ref_open(&ref, repo, refname, 1 /* lock */);
466 err = got_ref_resolve(&id, repo, ref);
470 if (got_object_id_cmp(id, &old_id) != 0) {
471 err = got_error_fmt(GOT_ERR_REF_BUSY,
472 "%s has been modified by someone else "
473 "while transaction was in progress",
474 got_ref_get_name(ref));
478 err = got_ref_delete(ref, repo);
485 err = got_ref_open(&ref, repo, refname, 1 /* lock */);
490 err = got_ref_resolve(&id, repo, ref);
494 if (got_object_id_cmp(id, &old_id) != 0) {
495 err = got_error_fmt(GOT_ERR_REF_BUSY,
496 "%s has been modified by someone else "
497 "while transaction was in progress",
498 got_ref_get_name(ref));
502 err = got_ref_change_ref(ref, &new_id);
506 err = got_ref_write(ref, repo);
515 if (err->code == GOT_ERR_LOCKFILE_TIMEOUT) {
516 err = got_error_fmt(GOT_ERR_LOCKFILE_TIMEOUT,
517 "could not acquire exclusive file lock for %s",
520 send_ref_update_ng(client, &iref, refname, err->msg);
522 send_ref_update_ok(client, &iref, refname);
524 if (client->nref_updates > 0) {
525 client->nref_updates--;
526 if (client->nref_updates == 0) {
527 send_refs_updated(client);
533 const struct got_error *unlock_err;
534 unlock_err = got_ref_unlock(ref);
535 if (unlock_err && err == NULL)
541 got_object_close(obj);
543 got_repo_close(repo);
550 session_dispatch_repo_child(int fd, short event, void *arg)
552 struct gotd_imsgev *iev = arg;
553 struct imsgbuf *ibuf = &iev->ibuf;
554 struct gotd_session_client *client = &gotd_session_client;
559 if (event & EV_READ) {
560 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
561 fatal("imsg_read error");
563 /* Connection closed. */
569 if (event & EV_WRITE) {
570 n = msgbuf_write(&ibuf->w);
571 if (n == -1 && errno != EAGAIN)
572 fatal("msgbuf_write");
574 /* Connection closed. */
581 const struct got_error *err = NULL;
582 uint32_t client_id = 0;
583 int do_disconnect = 0;
584 int do_ref_updates = 0, do_ref_update = 0;
585 int do_packfile_install = 0;
587 if ((n = imsg_get(ibuf, &imsg)) == -1)
588 fatal("%s: imsg_get error", __func__);
589 if (n == 0) /* No more messages. */
592 switch (imsg.hdr.type) {
593 case GOTD_IMSG_ERROR:
595 err = gotd_imsg_recv_error(&client_id, &imsg);
597 case GOTD_IMSG_PACKFILE_DONE:
599 err = recv_packfile_done(&client_id, &imsg);
601 case GOTD_IMSG_PACKFILE_INSTALL:
602 err = recv_packfile_install(&client_id, &imsg);
604 do_packfile_install = 1;
606 case GOTD_IMSG_REF_UPDATES_START:
607 err = recv_ref_updates_start(&client_id, &imsg);
611 case GOTD_IMSG_REF_UPDATE:
612 err = recv_ref_update(&client_id, &imsg);
617 log_debug("unexpected imsg %d", imsg.hdr.type);
623 disconnect_on_error(client, err);
627 if (do_packfile_install)
628 err = install_pack(client,
629 gotd_session.repo->path, &imsg);
630 else if (do_ref_updates)
631 err = begin_ref_updates(client, &imsg);
632 else if (do_ref_update)
633 err = update_ref(&shut, client,
634 gotd_session.repo->path, &imsg);
636 log_warnx("uid %d: %s", client->euid, err->msg);
642 gotd_imsg_event_add(iev);
644 /* This pipe is dead. Remove its event handler */
646 event_loopexit(NULL);
650 static const struct got_error *
651 recv_capabilities(struct gotd_session_client *client, struct imsg *imsg)
653 struct gotd_imsg_capabilities icapas;
656 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
657 if (datalen != sizeof(icapas))
658 return got_error(GOT_ERR_PRIVSEP_LEN);
659 memcpy(&icapas, imsg->data, sizeof(icapas));
661 client->ncapa_alloc = icapas.ncapabilities;
662 client->capabilities = calloc(client->ncapa_alloc,
663 sizeof(*client->capabilities));
664 if (client->capabilities == NULL) {
665 client->ncapa_alloc = 0;
666 return got_error_from_errno("calloc");
669 log_debug("expecting %zu capabilities from uid %d",
670 client->ncapa_alloc, client->euid);
674 static const struct got_error *
675 recv_capability(struct gotd_session_client *client, struct imsg *imsg)
677 struct gotd_imsg_capability icapa;
678 struct gotd_client_capability *capa;
680 char *key, *value = NULL;
682 if (client->capabilities == NULL ||
683 client->ncapabilities >= client->ncapa_alloc) {
684 return got_error_msg(GOT_ERR_BAD_REQUEST,
685 "unexpected capability received");
688 memset(&icapa, 0, sizeof(icapa));
690 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
691 if (datalen < sizeof(icapa))
692 return got_error(GOT_ERR_PRIVSEP_LEN);
693 memcpy(&icapa, imsg->data, sizeof(icapa));
695 if (datalen != sizeof(icapa) + icapa.key_len + icapa.value_len)
696 return got_error(GOT_ERR_PRIVSEP_LEN);
698 key = strndup(imsg->data + sizeof(icapa), icapa.key_len);
700 return got_error_from_errno("strndup");
701 if (icapa.value_len > 0) {
702 value = strndup(imsg->data + sizeof(icapa) + icapa.key_len,
706 return got_error_from_errno("strndup");
710 capa = &client->capabilities[client->ncapabilities++];
715 log_debug("uid %d: capability %s=%s", client->euid, key, value);
717 log_debug("uid %d: capability %s", client->euid, key);
722 static const struct got_error *
723 ensure_client_is_reading(struct gotd_session_client *client)
725 if (client->is_writing) {
726 return got_error_fmt(GOT_ERR_BAD_PACKET,
727 "uid %d made a read-request but is not reading from "
728 "a repository", client->euid);
734 static const struct got_error *
735 ensure_client_is_writing(struct gotd_session_client *client)
737 if (!client->is_writing) {
738 return got_error_fmt(GOT_ERR_BAD_PACKET,
739 "uid %d made a write-request but is not writing to "
740 "a repository", client->euid);
746 static const struct got_error *
747 forward_want(struct gotd_session_client *client, struct imsg *imsg)
749 struct gotd_imsg_want ireq;
750 struct gotd_imsg_want iwant;
753 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
754 if (datalen != sizeof(ireq))
755 return got_error(GOT_ERR_PRIVSEP_LEN);
757 memcpy(&ireq, imsg->data, datalen);
759 memset(&iwant, 0, sizeof(iwant));
760 memcpy(iwant.object_id, ireq.object_id, SHA1_DIGEST_LENGTH);
761 iwant.client_id = client->id;
763 if (gotd_imsg_compose_event(&client->repo_child_iev, GOTD_IMSG_WANT,
764 PROC_SESSION, -1, &iwant, sizeof(iwant)) == -1)
765 return got_error_from_errno("imsg compose WANT");
770 static const struct got_error *
771 forward_ref_update(struct gotd_session_client *client, struct imsg *imsg)
773 const struct got_error *err = NULL;
774 struct gotd_imsg_ref_update ireq;
775 struct gotd_imsg_ref_update *iref = NULL;
778 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
779 if (datalen < sizeof(ireq))
780 return got_error(GOT_ERR_PRIVSEP_LEN);
781 memcpy(&ireq, imsg->data, sizeof(ireq));
782 if (datalen != sizeof(ireq) + ireq.name_len)
783 return got_error(GOT_ERR_PRIVSEP_LEN);
785 iref = malloc(datalen);
787 return got_error_from_errno("malloc");
788 memcpy(iref, imsg->data, datalen);
790 iref->client_id = client->id;
791 if (gotd_imsg_compose_event(&client->repo_child_iev,
792 GOTD_IMSG_REF_UPDATE, PROC_SESSION, -1, iref, datalen) == -1)
793 err = got_error_from_errno("imsg compose REF_UPDATE");
798 static const struct got_error *
799 forward_have(struct gotd_session_client *client, struct imsg *imsg)
801 struct gotd_imsg_have ireq;
802 struct gotd_imsg_have ihave;
805 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
806 if (datalen != sizeof(ireq))
807 return got_error(GOT_ERR_PRIVSEP_LEN);
809 memcpy(&ireq, imsg->data, datalen);
811 memset(&ihave, 0, sizeof(ihave));
812 memcpy(ihave.object_id, ireq.object_id, SHA1_DIGEST_LENGTH);
813 ihave.client_id = client->id;
815 if (gotd_imsg_compose_event(&client->repo_child_iev, GOTD_IMSG_HAVE,
816 PROC_SESSION, -1, &ihave, sizeof(ihave)) == -1)
817 return got_error_from_errno("imsg compose HAVE");
823 client_has_capability(struct gotd_session_client *client, const char *capastr)
825 struct gotd_client_capability *capa;
828 if (client->ncapabilities == 0)
831 for (i = 0; i < client->ncapabilities; i++) {
832 capa = &client->capabilities[i];
833 if (strcmp(capa->key, capastr) == 0)
840 static const struct got_error *
841 recv_packfile(struct gotd_session_client *client)
843 const struct got_error *err = NULL;
844 struct gotd_imsg_recv_packfile ipack;
845 struct gotd_imsg_packfile_pipe ipipe;
846 struct gotd_imsg_packidx_file ifile;
847 char *basepath = NULL, *pack_path = NULL, *idx_path = NULL;
848 int packfd = -1, idxfd = -1;
849 int pipe[2] = { -1, -1 };
851 if (client->packfile_path) {
852 return got_error_fmt(GOT_ERR_PRIVSEP_MSG,
853 "uid %d already has a pack file", client->euid);
856 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pipe) == -1)
857 return got_error_from_errno("socketpair");
859 memset(&ipipe, 0, sizeof(ipipe));
860 ipipe.client_id = client->id;
862 /* Send pack pipe end 0 to repo child process. */
863 if (gotd_imsg_compose_event(&client->repo_child_iev,
864 GOTD_IMSG_PACKFILE_PIPE, PROC_SESSION, pipe[0],
865 &ipipe, sizeof(ipipe)) == -1) {
866 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
872 /* Send pack pipe end 1 to gotsh(1) (expects just an fd, no data). */
873 if (gotd_imsg_compose_event(&client->iev,
874 GOTD_IMSG_PACKFILE_PIPE, PROC_SESSION, pipe[1], NULL, 0) == -1)
875 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
878 if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.pack",
879 got_repo_get_path(gotd_session.repo), GOT_OBJECTS_PACK_DIR,
880 client->euid) == -1) {
881 err = got_error_from_errno("asprintf");
885 err = got_opentemp_named_fd(&pack_path, &packfd, basepath, "");
888 if (fchmod(packfd, GOT_DEFAULT_PACK_MODE) == -1) {
889 err = got_error_from_errno2("fchmod", pack_path);
894 if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.idx",
895 got_repo_get_path(gotd_session.repo), GOT_OBJECTS_PACK_DIR,
896 client->euid) == -1) {
897 err = got_error_from_errno("asprintf");
901 err = got_opentemp_named_fd(&idx_path, &idxfd, basepath, "");
904 if (fchmod(idxfd, GOT_DEFAULT_PACK_MODE) == -1) {
905 err = got_error_from_errno2("fchmod", idx_path);
909 memset(&ifile, 0, sizeof(ifile));
910 ifile.client_id = client->id;
911 if (gotd_imsg_compose_event(&client->repo_child_iev,
912 GOTD_IMSG_PACKIDX_FILE, PROC_SESSION,
913 idxfd, &ifile, sizeof(ifile)) == -1) {
914 err = got_error_from_errno("imsg compose PACKIDX_FILE");
920 memset(&ipack, 0, sizeof(ipack));
921 ipack.client_id = client->id;
922 if (client_has_capability(client, GOT_CAPA_REPORT_STATUS))
923 ipack.report_status = 1;
925 if (gotd_imsg_compose_event(&client->repo_child_iev,
926 GOTD_IMSG_RECV_PACKFILE, PROC_SESSION, packfd,
927 &ipack, sizeof(ipack)) == -1) {
928 err = got_error_from_errno("imsg compose RECV_PACKFILE");
936 if (pipe[0] != -1 && close(pipe[0]) == -1 && err == NULL)
937 err = got_error_from_errno("close");
938 if (pipe[1] != -1 && close(pipe[1]) == -1 && err == NULL)
939 err = got_error_from_errno("close");
940 if (packfd != -1 && close(packfd) == -1 && err == NULL)
941 err = got_error_from_errno("close");
942 if (idxfd != -1 && close(idxfd) == -1 && err == NULL)
943 err = got_error_from_errno("close");
948 client->packfile_path = pack_path;
949 client->packidx_path = idx_path;
954 static const struct got_error *
955 send_packfile(struct gotd_session_client *client)
957 const struct got_error *err = NULL;
958 struct gotd_imsg_send_packfile ipack;
959 struct gotd_imsg_packfile_pipe ipipe;
962 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pipe) == -1)
963 return got_error_from_errno("socketpair");
965 memset(&ipack, 0, sizeof(ipack));
966 memset(&ipipe, 0, sizeof(ipipe));
968 ipack.client_id = client->id;
969 if (client_has_capability(client, GOT_CAPA_SIDE_BAND_64K))
970 ipack.report_progress = 1;
972 client->delta_cache_fd = got_opentempfd();
973 if (client->delta_cache_fd == -1)
974 return got_error_from_errno("got_opentempfd");
976 if (gotd_imsg_compose_event(&client->repo_child_iev,
977 GOTD_IMSG_SEND_PACKFILE, PROC_GOTD, client->delta_cache_fd,
978 &ipack, sizeof(ipack)) == -1) {
979 err = got_error_from_errno("imsg compose SEND_PACKFILE");
985 ipipe.client_id = client->id;
987 /* Send pack pipe end 0 to repo child process. */
988 if (gotd_imsg_compose_event(&client->repo_child_iev,
989 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD,
990 pipe[0], &ipipe, sizeof(ipipe)) == -1) {
991 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
996 /* Send pack pipe end 1 to gotsh(1) (expects just an fd, no data). */
997 if (gotd_imsg_compose_event(&client->iev,
998 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD, pipe[1], NULL, 0) == -1)
999 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
1005 session_dispatch_client(int fd, short events, void *arg)
1007 struct gotd_imsgev *iev = arg;
1008 struct imsgbuf *ibuf = &iev->ibuf;
1009 struct gotd_session_client *client = &gotd_session_client;
1010 const struct got_error *err = NULL;
1014 if (events & EV_WRITE) {
1015 while (ibuf->w.queued) {
1016 n = msgbuf_write(&ibuf->w);
1017 if (n == -1 && errno == EPIPE) {
1019 * The client has closed its socket.
1020 * This can happen when Git clients are
1021 * done sending pack file data.
1023 msgbuf_clear(&ibuf->w);
1025 } else if (n == -1 && errno != EAGAIN) {
1026 err = got_error_from_errno("imsg_flush");
1027 disconnect_on_error(client, err);
1031 /* Connection closed. */
1032 err = got_error(GOT_ERR_EOF);
1033 disconnect_on_error(client, err);
1039 if ((events & EV_READ) == 0)
1042 memset(&imsg, 0, sizeof(imsg));
1044 while (err == NULL) {
1045 err = gotd_imsg_recv(&imsg, ibuf, 0);
1047 if (err->code == GOT_ERR_PRIVSEP_READ)
1049 else if (err->code == GOT_ERR_EOF &&
1050 client->state == GOTD_STATE_EXPECT_CAPABILITIES) {
1052 * The client has closed its socket before
1053 * sending its capability announcement.
1054 * This can happen when Git clients have
1055 * no ref-updates to send.
1057 disconnect_on_error(client, err);
1063 evtimer_del(&client->tmo);
1065 switch (imsg.hdr.type) {
1066 case GOTD_IMSG_CAPABILITIES:
1067 if (client->state != GOTD_STATE_EXPECT_CAPABILITIES) {
1068 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1069 "unexpected capabilities received");
1072 log_debug("receiving capabilities from uid %d",
1074 err = recv_capabilities(client, &imsg);
1076 case GOTD_IMSG_CAPABILITY:
1077 if (client->state != GOTD_STATE_EXPECT_CAPABILITIES) {
1078 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1079 "unexpected capability received");
1082 err = recv_capability(client, &imsg);
1083 if (err || client->ncapabilities < client->ncapa_alloc)
1085 if (!client->is_writing) {
1086 client->state = GOTD_STATE_EXPECT_WANT;
1087 client->accept_flush_pkt = 1;
1088 log_debug("uid %d: expecting want-lines",
1090 } else if (client->is_writing) {
1091 client->state = GOTD_STATE_EXPECT_REF_UPDATE;
1092 client->accept_flush_pkt = 1;
1093 log_debug("uid %d: expecting ref-update-lines",
1096 fatalx("client %d is both reading and writing",
1099 case GOTD_IMSG_WANT:
1100 if (client->state != GOTD_STATE_EXPECT_WANT) {
1101 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1102 "unexpected want-line received");
1105 log_debug("received want-line from uid %d",
1107 err = ensure_client_is_reading(client);
1110 client->accept_flush_pkt = 1;
1111 err = forward_want(client, &imsg);
1113 case GOTD_IMSG_REF_UPDATE:
1114 if (client->state != GOTD_STATE_EXPECT_REF_UPDATE &&
1116 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1117 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1118 "unexpected ref-update-line received");
1121 log_debug("received ref-update-line from uid %d",
1123 err = ensure_client_is_writing(client);
1126 err = forward_ref_update(client, &imsg);
1129 client->state = GOTD_STATE_EXPECT_MORE_REF_UPDATES;
1130 client->accept_flush_pkt = 1;
1132 case GOTD_IMSG_HAVE:
1133 if (client->state != GOTD_STATE_EXPECT_HAVE) {
1134 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1135 "unexpected have-line received");
1138 log_debug("received have-line from uid %d",
1140 err = ensure_client_is_reading(client);
1143 err = forward_have(client, &imsg);
1146 client->accept_flush_pkt = 1;
1148 case GOTD_IMSG_FLUSH:
1149 if (client->state == GOTD_STATE_EXPECT_WANT ||
1150 client->state == GOTD_STATE_EXPECT_HAVE) {
1151 err = ensure_client_is_reading(client);
1154 } else if (client->state ==
1155 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1156 err = ensure_client_is_writing(client);
1159 } else if (client->state != GOTD_STATE_EXPECT_DONE) {
1160 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1161 "unexpected flush-pkt received");
1164 if (!client->accept_flush_pkt) {
1165 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1166 "unexpected flush-pkt received");
1171 * Accept just one flush packet at a time.
1172 * Future client state transitions will set this flag
1173 * again if another flush packet is expected.
1175 client->accept_flush_pkt = 0;
1177 log_debug("received flush-pkt from uid %d",
1179 if (client->state == GOTD_STATE_EXPECT_WANT) {
1180 client->state = GOTD_STATE_EXPECT_HAVE;
1181 log_debug("uid %d: expecting have-lines",
1183 } else if (client->state == GOTD_STATE_EXPECT_HAVE) {
1184 client->state = GOTD_STATE_EXPECT_DONE;
1185 client->accept_flush_pkt = 1;
1186 log_debug("uid %d: expecting 'done'",
1188 } else if (client->state ==
1189 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1190 client->state = GOTD_STATE_EXPECT_PACKFILE;
1191 log_debug("uid %d: expecting packfile",
1193 err = recv_packfile(client);
1194 } else if (client->state != GOTD_STATE_EXPECT_DONE) {
1195 /* should not happen, see above */
1196 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1197 "unexpected client state");
1201 case GOTD_IMSG_DONE:
1202 if (client->state != GOTD_STATE_EXPECT_HAVE &&
1203 client->state != GOTD_STATE_EXPECT_DONE) {
1204 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1205 "unexpected flush-pkt received");
1208 log_debug("received 'done' from uid %d", client->euid);
1209 err = ensure_client_is_reading(client);
1212 client->state = GOTD_STATE_DONE;
1213 client->accept_flush_pkt = 1;
1214 err = send_packfile(client);
1217 log_debug("unexpected imsg %d", imsg.hdr.type);
1218 err = got_error(GOT_ERR_PRIVSEP_MSG);
1226 if (err->code != GOT_ERR_EOF ||
1227 client->state != GOTD_STATE_EXPECT_PACKFILE)
1228 disconnect_on_error(client, err);
1230 gotd_imsg_event_add(iev);
1231 evtimer_add(&client->tmo, &gotd_session.request_timeout);
1235 static const struct got_error *
1236 list_refs_request(void)
1238 static const struct got_error *err;
1239 struct gotd_session_client *client = &gotd_session_client;
1240 struct gotd_imsgev *iev = &client->repo_child_iev;
1241 struct gotd_imsg_list_refs_internal ilref;
1244 if (client->state != GOTD_STATE_EXPECT_LIST_REFS)
1245 return got_error(GOT_ERR_PRIVSEP_MSG);
1247 memset(&ilref, 0, sizeof(ilref));
1248 ilref.client_id = client->id;
1250 fd = dup(client->fd);
1252 return got_error_from_errno("dup");
1254 if (gotd_imsg_compose_event(iev, GOTD_IMSG_LIST_REFS_INTERNAL,
1255 PROC_SESSION, fd, &ilref, sizeof(ilref)) == -1) {
1256 err = got_error_from_errno("imsg compose LIST_REFS_INTERNAL");
1261 client->state = GOTD_STATE_EXPECT_CAPABILITIES;
1262 log_debug("uid %d: expecting capabilities", client->euid);
1266 static const struct got_error *
1267 recv_connect(struct imsg *imsg)
1269 struct gotd_session_client *client = &gotd_session_client;
1270 struct gotd_imsg_connect iconnect;
1273 if (client->state != GOTD_STATE_EXPECT_LIST_REFS)
1274 return got_error(GOT_ERR_PRIVSEP_MSG);
1276 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1277 if (datalen != sizeof(iconnect))
1278 return got_error(GOT_ERR_PRIVSEP_LEN);
1279 memcpy(&iconnect, imsg->data, sizeof(iconnect));
1282 return got_error(GOT_ERR_PRIVSEP_NO_FD);
1284 client->fd = imsg->fd;
1285 client->euid = iconnect.euid;
1286 client->egid = iconnect.egid;
1288 imsg_init(&client->iev.ibuf, client->fd);
1289 client->iev.handler = session_dispatch_client;
1290 client->iev.events = EV_READ;
1291 client->iev.handler_arg = NULL;
1292 event_set(&client->iev.ev, client->iev.ibuf.fd, EV_READ,
1293 session_dispatch_client, &client->iev);
1294 gotd_imsg_event_add(&client->iev);
1295 evtimer_set(&client->tmo, gotd_request_timeout, client);
1300 static const struct got_error *
1301 recv_repo_child(struct imsg *imsg)
1303 struct gotd_imsg_connect_repo_child ichild;
1304 struct gotd_session_client *client = &gotd_session_client;
1307 if (client->state != GOTD_STATE_EXPECT_LIST_REFS)
1308 return got_error(GOT_ERR_PRIVSEP_MSG);
1310 /* We should already have received a pipe to the listener. */
1311 if (client->fd == -1)
1312 return got_error(GOT_ERR_PRIVSEP_MSG);
1314 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1315 if (datalen != sizeof(ichild))
1316 return got_error(GOT_ERR_PRIVSEP_LEN);
1318 memcpy(&ichild, imsg->data, sizeof(ichild));
1320 client->id = ichild.client_id;
1321 if (ichild.proc_id == PROC_REPO_WRITE)
1322 client->is_writing = 1;
1323 else if (ichild.proc_id == PROC_REPO_READ)
1324 client->is_writing = 0;
1326 return got_error_msg(GOT_ERR_PRIVSEP_MSG,
1327 "bad child process type");
1330 return got_error(GOT_ERR_PRIVSEP_NO_FD);
1332 imsg_init(&client->repo_child_iev.ibuf, imsg->fd);
1333 client->repo_child_iev.handler = session_dispatch_repo_child;
1334 client->repo_child_iev.events = EV_READ;
1335 client->repo_child_iev.handler_arg = NULL;
1336 event_set(&client->repo_child_iev.ev, client->repo_child_iev.ibuf.fd,
1337 EV_READ, session_dispatch_repo_child, &client->repo_child_iev);
1338 gotd_imsg_event_add(&client->repo_child_iev);
1340 /* The "recvfd" pledge promise is no longer needed. */
1341 if (pledge("stdio rpath wpath cpath sendfd fattr flock", NULL) == -1)
1348 session_dispatch(int fd, short event, void *arg)
1350 struct gotd_imsgev *iev = arg;
1351 struct imsgbuf *ibuf = &iev->ibuf;
1352 struct gotd_session_client *client = &gotd_session_client;
1357 if (event & EV_READ) {
1358 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
1359 fatal("imsg_read error");
1361 /* Connection closed. */
1367 if (event & EV_WRITE) {
1368 n = msgbuf_write(&ibuf->w);
1369 if (n == -1 && errno != EAGAIN)
1370 fatal("msgbuf_write");
1372 /* Connection closed. */
1379 const struct got_error *err = NULL;
1380 uint32_t client_id = 0;
1381 int do_disconnect = 0, do_list_refs = 0;
1383 if ((n = imsg_get(ibuf, &imsg)) == -1)
1384 fatal("%s: imsg_get error", __func__);
1385 if (n == 0) /* No more messages. */
1388 switch (imsg.hdr.type) {
1389 case GOTD_IMSG_ERROR:
1391 err = gotd_imsg_recv_error(&client_id, &imsg);
1393 case GOTD_IMSG_CONNECT:
1394 err = recv_connect(&imsg);
1396 case GOTD_IMSG_DISCONNECT:
1399 case GOTD_IMSG_CONNECT_REPO_CHILD:
1400 err = recv_repo_child(&imsg);
1406 log_debug("unexpected imsg %d", imsg.hdr.type);
1411 if (do_disconnect) {
1413 disconnect_on_error(client, err);
1416 } else if (do_list_refs)
1417 err = list_refs_request();
1420 log_warnx("uid %d: %s", client->euid, err->msg);
1424 gotd_imsg_event_add(iev);
1426 /* This pipe is dead. Remove its event handler */
1427 event_del(&iev->ev);
1428 event_loopexit(NULL);
1433 session_main(const char *title, const char *repo_path,
1434 int *pack_fds, int *temp_fds, struct timeval *request_timeout)
1436 const struct got_error *err = NULL;
1437 struct event evsigint, evsigterm, evsighup, evsigusr1;
1439 gotd_session.title = title;
1440 gotd_session.pid = getpid();
1441 gotd_session.pack_fds = pack_fds;
1442 gotd_session.temp_fds = temp_fds;
1443 memcpy(&gotd_session.request_timeout, request_timeout,
1444 sizeof(gotd_session.request_timeout));
1446 err = got_repo_open(&gotd_session.repo, repo_path, NULL, pack_fds);
1449 if (!got_repo_is_bare(gotd_session.repo)) {
1450 err = got_error_msg(GOT_ERR_NOT_GIT_REPO,
1451 "bare git repository required");
1455 got_repo_temp_fds_set(gotd_session.repo, temp_fds);
1457 signal_set(&evsigint, SIGINT, gotd_session_sighdlr, NULL);
1458 signal_set(&evsigterm, SIGTERM, gotd_session_sighdlr, NULL);
1459 signal_set(&evsighup, SIGHUP, gotd_session_sighdlr, NULL);
1460 signal_set(&evsigusr1, SIGUSR1, gotd_session_sighdlr, NULL);
1461 signal(SIGPIPE, SIG_IGN);
1463 signal_add(&evsigint, NULL);
1464 signal_add(&evsigterm, NULL);
1465 signal_add(&evsighup, NULL);
1466 signal_add(&evsigusr1, NULL);
1468 gotd_session_client.state = GOTD_STATE_EXPECT_LIST_REFS;
1469 gotd_session_client.fd = -1;
1470 gotd_session_client.nref_updates = -1;
1471 gotd_session_client.delta_cache_fd = -1;
1472 gotd_session_client.accept_flush_pkt = 1;
1474 imsg_init(&gotd_session.parent_iev.ibuf, GOTD_FILENO_MSG_PIPE);
1475 gotd_session.parent_iev.handler = session_dispatch;
1476 gotd_session.parent_iev.events = EV_READ;
1477 gotd_session.parent_iev.handler_arg = NULL;
1478 event_set(&gotd_session.parent_iev.ev, gotd_session.parent_iev.ibuf.fd,
1479 EV_READ, session_dispatch, &gotd_session.parent_iev);
1480 if (gotd_imsg_compose_event(&gotd_session.parent_iev,
1481 GOTD_IMSG_CLIENT_SESSION_READY, PROC_SESSION, -1, NULL, 0) == -1) {
1482 err = got_error_from_errno("imsg compose CLIENT_SESSION_READY");
1489 log_warnx("%s: %s", title, err->msg);
1490 gotd_session_shutdown();
1494 gotd_session_shutdown(void)
1496 log_debug("shutting down");
1497 if (gotd_session.repo)
1498 got_repo_close(gotd_session.repo);
1499 got_repo_pack_fds_close(gotd_session.pack_fds);
1500 got_repo_temp_fds_close(gotd_session.temp_fds);