2 * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 #include <sys/queue.h>
20 #include <sys/types.h>
22 #include <sys/socket.h>
43 #include "got_error.h"
44 #include "got_opentemp.h"
46 #include "got_repository.h"
47 #include "got_object.h"
48 #include "got_reference.h"
50 #include "got_lib_delta.h"
51 #include "got_lib_object.h"
52 #include "got_lib_object_cache.h"
53 #include "got_lib_sha1.h"
54 #include "got_lib_gitproto.h"
55 #include "got_lib_pack.h"
56 #include "got_lib_repository.h"
62 #include "repo_read.h"
63 #include "repo_write.h"
66 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
70 STAILQ_ENTRY(gotd_client) entry;
71 enum gotd_client_state state;
72 struct gotd_client_capability *capabilities;
78 struct gotd_imsgev iev;
82 struct gotd_child_proc *repo_read;
83 struct gotd_child_proc *repo_write;
84 struct gotd_child_proc *auth;
90 STAILQ_HEAD(gotd_clients, gotd_client);
92 static struct gotd_clients gotd_clients[GOTD_CLIENT_TABLE_SIZE];
93 static SIPHASH_KEY clients_hash_key;
94 volatile int client_cnt;
95 static struct timeval auth_timeout = { 5, 0 };
96 static struct gotd gotd;
98 void gotd_sighdlr(int sig, short event, void *arg);
99 static void gotd_shutdown(void);
100 static const struct got_error *start_repo_child(struct gotd_client *,
101 enum gotd_procid, struct gotd_repo *, char *, const char *, int, int);
102 static const struct got_error *start_auth_child(struct gotd_client *, int,
103 struct gotd_repo *, char *, const char *, int, int);
104 static void kill_proc(struct gotd_child_proc *, int);
109 fprintf(stderr, "usage: %s [-dv] [-f config-file]\n", getprogname());
114 unix_socket_listen(const char *unix_socket_path, uid_t uid, gid_t gid)
116 struct sockaddr_un sun;
118 mode_t old_umask, mode;
120 fd = socket(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK| SOCK_CLOEXEC, 0);
126 sun.sun_family = AF_UNIX;
127 if (strlcpy(sun.sun_path, unix_socket_path,
128 sizeof(sun.sun_path)) >= sizeof(sun.sun_path)) {
129 log_warnx("%s: name too long", unix_socket_path);
134 if (unlink(unix_socket_path) == -1) {
135 if (errno != ENOENT) {
136 log_warn("unlink %s", unix_socket_path);
142 old_umask = umask(S_IXUSR|S_IXGRP|S_IWOTH|S_IROTH|S_IXOTH);
143 mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH;
145 if (bind(fd, (struct sockaddr *)&sun, sizeof(sun)) == -1) {
146 log_warn("bind: %s", unix_socket_path);
154 if (chmod(unix_socket_path, mode) == -1) {
155 log_warn("chmod %o %s", mode, unix_socket_path);
157 unlink(unix_socket_path);
161 if (chown(unix_socket_path, uid, gid) == -1) {
162 log_warn("chown %s uid=%d gid=%d", unix_socket_path, uid, gid);
164 unlink(unix_socket_path);
168 if (listen(fd, GOTD_UNIX_SOCKET_BACKLOG) == -1) {
171 unlink(unix_socket_path);
179 client_hash(uint32_t client_id)
181 return SipHash24(&clients_hash_key, &client_id, sizeof(client_id));
185 add_client(struct gotd_client *client)
187 uint64_t slot = client_hash(client->id) % nitems(gotd_clients);
188 STAILQ_INSERT_HEAD(&gotd_clients[slot], client, entry);
192 static struct gotd_client *
193 find_client(uint32_t client_id)
196 struct gotd_client *c;
198 slot = client_hash(client_id) % nitems(gotd_clients);
199 STAILQ_FOREACH(c, &gotd_clients[slot], entry) {
200 if (c->id == client_id)
207 static struct gotd_child_proc *
208 get_client_proc(struct gotd_client *client)
210 if (client->repo_read && client->repo_write) {
211 fatalx("uid %d is reading and writing in the same session",
216 if (client->repo_read)
217 return client->repo_read;
218 else if (client->repo_write)
219 return client->repo_write;
224 static struct gotd_client *
225 find_client_by_proc_fd(int fd)
229 for (slot = 0; slot < nitems(gotd_clients); slot++) {
230 struct gotd_client *c;
232 STAILQ_FOREACH(c, &gotd_clients[slot], entry) {
233 struct gotd_child_proc *proc = get_client_proc(c);
234 if (proc && proc->iev.ibuf.fd == fd)
236 if (c->auth && c->auth->iev.ibuf.fd == fd)
245 client_is_reading(struct gotd_client *client)
247 return client->repo_read != NULL;
251 client_is_writing(struct gotd_client *client)
253 return client->repo_write != NULL;
256 static const struct got_error *
257 ensure_client_is_reading(struct gotd_client *client)
259 if (!client_is_reading(client)) {
260 return got_error_fmt(GOT_ERR_BAD_PACKET,
261 "uid %d made a read-request but is not reading from "
262 "a repository", client->euid);
268 static const struct got_error *
269 ensure_client_is_writing(struct gotd_client *client)
271 if (!client_is_writing(client)) {
272 return got_error_fmt(GOT_ERR_BAD_PACKET,
273 "uid %d made a write-request but is not writing to "
274 "a repository", client->euid);
280 static const struct got_error *
281 ensure_client_is_not_writing(struct gotd_client *client)
283 if (client_is_writing(client)) {
284 return got_error_fmt(GOT_ERR_BAD_PACKET,
285 "uid %d made a read-request but is writing to "
286 "a repository", client->euid);
292 static const struct got_error *
293 ensure_client_is_not_reading(struct gotd_client *client)
295 if (client_is_reading(client)) {
296 return got_error_fmt(GOT_ERR_BAD_PACKET,
297 "uid %d made a write-request but is reading from "
298 "a repository", client->euid);
305 wait_for_child(pid_t child_pid)
310 log_debug("waiting for child PID %ld to terminate",
314 pid = waitpid(child_pid, &status, WNOHANG);
316 if (errno != EINTR && errno != ECHILD)
318 } else if (WIFSIGNALED(status)) {
319 log_warnx("child PID %ld terminated; signal %d",
320 (long)pid, WTERMSIG(status));
322 } while (pid != -1 || (pid == -1 && errno == EINTR));
326 kill_auth_proc(struct gotd_client *client)
328 struct gotd_child_proc *proc;
330 if (client->auth == NULL)
336 event_del(&proc->iev.ev);
337 msgbuf_clear(&proc->iev.ibuf.w);
338 close(proc->iev.ibuf.fd);
340 wait_for_child(proc->pid);
345 disconnect(struct gotd_client *client)
347 struct gotd_imsg_disconnect idisconnect;
348 struct gotd_child_proc *proc = get_client_proc(client);
349 struct gotd_child_proc *listen_proc = &gotd.listen_proc;
352 log_debug("uid %d: disconnecting", client->euid);
354 kill_auth_proc(client);
356 idisconnect.client_id = client->id;
358 if (gotd_imsg_compose_event(&proc->iev,
359 GOTD_IMSG_DISCONNECT, PROC_GOTD, -1,
360 &idisconnect, sizeof(idisconnect)) == -1)
361 log_warn("imsg compose DISCONNECT");
363 msgbuf_clear(&proc->iev.ibuf.w);
364 close(proc->iev.ibuf.fd);
366 wait_for_child(proc->pid);
371 if (gotd_imsg_compose_event(&listen_proc->iev,
372 GOTD_IMSG_DISCONNECT, PROC_GOTD, -1,
373 &idisconnect, sizeof(idisconnect)) == -1)
374 log_warn("imsg compose DISCONNECT");
376 slot = client_hash(client->id) % nitems(gotd_clients);
377 STAILQ_REMOVE(&gotd_clients[slot], client, gotd_client, entry);
378 imsg_clear(&client->iev.ibuf);
379 event_del(&client->iev.ev);
380 evtimer_del(&client->tmo);
382 if (client->delta_cache_fd != -1)
383 close(client->delta_cache_fd);
384 if (client->packfile_path) {
385 if (unlink(client->packfile_path) == -1 && errno != ENOENT)
386 log_warn("unlink %s: ", client->packfile_path);
387 free(client->packfile_path);
389 if (client->packidx_path) {
390 if (unlink(client->packidx_path) == -1 && errno != ENOENT)
391 log_warn("unlink %s: ", client->packidx_path);
392 free(client->packidx_path);
394 free(client->capabilities);
400 disconnect_on_error(struct gotd_client *client, const struct got_error *err)
404 log_warnx("uid %d: %s", client->euid, err->msg);
405 if (err->code != GOT_ERR_EOF) {
406 imsg_init(&ibuf, client->fd);
407 gotd_imsg_send_error(&ibuf, 0, PROC_GOTD, err);
413 static const struct got_error *
414 send_repo_info(struct gotd_imsgev *iev, struct gotd_repo *repo)
416 const struct got_error *err = NULL;
417 struct gotd_imsg_info_repo irepo;
419 memset(&irepo, 0, sizeof(irepo));
421 if (strlcpy(irepo.repo_name, repo->name, sizeof(irepo.repo_name))
422 >= sizeof(irepo.repo_name))
423 return got_error_msg(GOT_ERR_NO_SPACE, "repo name too long");
424 if (strlcpy(irepo.repo_path, repo->path, sizeof(irepo.repo_path))
425 >= sizeof(irepo.repo_path))
426 return got_error_msg(GOT_ERR_NO_SPACE, "repo path too long");
428 if (gotd_imsg_compose_event(iev, GOTD_IMSG_INFO_REPO, PROC_GOTD, -1,
429 &irepo, sizeof(irepo)) == -1) {
430 err = got_error_from_errno("imsg compose INFO_REPO");
438 static const struct got_error *
439 send_capability(struct gotd_client_capability *capa, struct gotd_imsgev* iev)
441 const struct got_error *err = NULL;
442 struct gotd_imsg_capability icapa;
446 memset(&icapa, 0, sizeof(icapa));
448 icapa.key_len = strlen(capa->key);
449 len = sizeof(icapa) + icapa.key_len;
451 icapa.value_len = strlen(capa->value);
452 len += icapa.value_len;
455 wbuf = imsg_create(&iev->ibuf, GOTD_IMSG_CAPABILITY, 0, 0, len);
457 err = got_error_from_errno("imsg_create CAPABILITY");
461 if (imsg_add(wbuf, &icapa, sizeof(icapa)) == -1)
462 return got_error_from_errno("imsg_add CAPABILITY");
463 if (imsg_add(wbuf, capa->key, icapa.key_len) == -1)
464 return got_error_from_errno("imsg_add CAPABILITY");
466 if (imsg_add(wbuf, capa->value, icapa.value_len) == -1)
467 return got_error_from_errno("imsg_add CAPABILITY");
471 imsg_close(&iev->ibuf, wbuf);
473 gotd_imsg_event_add(iev);
478 static const struct got_error *
479 send_client_info(struct gotd_imsgev *iev, struct gotd_client *client)
481 const struct got_error *err = NULL;
482 struct gotd_imsg_info_client iclient;
483 struct gotd_child_proc *proc;
486 memset(&iclient, 0, sizeof(iclient));
487 iclient.euid = client->euid;
488 iclient.egid = client->egid;
490 proc = get_client_proc(client);
492 if (strlcpy(iclient.repo_name, proc->repo_path,
493 sizeof(iclient.repo_name)) >= sizeof(iclient.repo_name)) {
494 return got_error_msg(GOT_ERR_NO_SPACE,
495 "repo name too long");
497 if (client_is_writing(client))
498 iclient.is_writing = 1;
501 iclient.state = client->state;
502 iclient.ncapabilities = client->ncapabilities;
504 if (gotd_imsg_compose_event(iev, GOTD_IMSG_INFO_CLIENT, PROC_GOTD, -1,
505 &iclient, sizeof(iclient)) == -1) {
506 err = got_error_from_errno("imsg compose INFO_CLIENT");
511 for (i = 0; i < client->ncapabilities; i++) {
512 struct gotd_client_capability *capa;
513 capa = &client->capabilities[i];
514 err = send_capability(capa, iev);
522 static const struct got_error *
523 send_info(struct gotd_client *client)
525 const struct got_error *err = NULL;
526 struct gotd_imsg_info info;
528 struct gotd_repo *repo;
531 info.verbosity = gotd.verbosity;
532 info.nrepos = gotd.nrepos;
533 info.nclients = client_cnt - 1;
535 if (gotd_imsg_compose_event(&client->iev, GOTD_IMSG_INFO, PROC_GOTD, -1,
536 &info, sizeof(info)) == -1) {
537 err = got_error_from_errno("imsg compose INFO");
542 TAILQ_FOREACH(repo, &gotd.repos, entry) {
543 err = send_repo_info(&client->iev, repo);
548 for (slot = 0; slot < nitems(gotd_clients); slot++) {
549 struct gotd_client *c;
550 STAILQ_FOREACH(c, &gotd_clients[slot], entry) {
551 if (c->id == client->id)
553 err = send_client_info(&client->iev, c);
562 static const struct got_error *
563 stop_gotd(struct gotd_client *client)
566 if (client->euid != 0)
567 return got_error_set_errno(EPERM, "stop");
574 static struct gotd_repo *
575 find_repo_by_name(const char *repo_name)
577 struct gotd_repo *repo;
580 TAILQ_FOREACH(repo, &gotd.repos, entry) {
581 namelen = strlen(repo->name);
582 if (strncmp(repo->name, repo_name, namelen) != 0)
584 if (repo_name[namelen] == '\0' ||
585 strcmp(&repo_name[namelen], ".git") == 0)
592 static const struct got_error *
593 start_client_session(struct gotd_client *client, struct imsg *imsg)
595 const struct got_error *err;
596 struct gotd_imsg_list_refs ireq;
597 struct gotd_repo *repo = NULL;
600 log_debug("list-refs request from uid %d", client->euid);
602 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
603 if (datalen != sizeof(ireq))
604 return got_error(GOT_ERR_PRIVSEP_LEN);
606 memcpy(&ireq, imsg->data, datalen);
608 if (ireq.client_is_reading) {
609 err = ensure_client_is_not_writing(client);
612 repo = find_repo_by_name(ireq.repo_name);
614 return got_error(GOT_ERR_NOT_GIT_REPO);
615 err = start_auth_child(client, GOTD_AUTH_READ, repo,
616 gotd.argv0, gotd.confpath, gotd.daemonize,
621 err = ensure_client_is_not_reading(client);
624 repo = find_repo_by_name(ireq.repo_name);
626 return got_error(GOT_ERR_NOT_GIT_REPO);
627 err = start_auth_child(client,
628 GOTD_AUTH_READ | GOTD_AUTH_WRITE,
629 repo, gotd.argv0, gotd.confpath, gotd.daemonize,
635 /* Flow continues upon authentication successs/failure or timeout. */
639 static const struct got_error *
640 forward_want(struct gotd_client *client, struct imsg *imsg)
642 struct gotd_imsg_want ireq;
643 struct gotd_imsg_want iwant;
646 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
647 if (datalen != sizeof(ireq))
648 return got_error(GOT_ERR_PRIVSEP_LEN);
650 memcpy(&ireq, imsg->data, datalen);
652 memset(&iwant, 0, sizeof(iwant));
653 memcpy(iwant.object_id, ireq.object_id, SHA1_DIGEST_LENGTH);
654 iwant.client_id = client->id;
656 if (gotd_imsg_compose_event(&client->repo_read->iev, GOTD_IMSG_WANT,
657 PROC_GOTD, -1, &iwant, sizeof(iwant)) == -1)
658 return got_error_from_errno("imsg compose WANT");
663 static const struct got_error *
664 forward_ref_update(struct gotd_client *client, struct imsg *imsg)
666 const struct got_error *err = NULL;
667 struct gotd_imsg_ref_update ireq;
668 struct gotd_imsg_ref_update *iref = NULL;
671 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
672 if (datalen < sizeof(ireq))
673 return got_error(GOT_ERR_PRIVSEP_LEN);
674 memcpy(&ireq, imsg->data, sizeof(ireq));
675 if (datalen != sizeof(ireq) + ireq.name_len)
676 return got_error(GOT_ERR_PRIVSEP_LEN);
678 iref = malloc(datalen);
680 return got_error_from_errno("malloc");
681 memcpy(iref, imsg->data, datalen);
683 iref->client_id = client->id;
684 if (gotd_imsg_compose_event(&client->repo_write->iev,
685 GOTD_IMSG_REF_UPDATE, PROC_GOTD, -1, iref, datalen) == -1)
686 err = got_error_from_errno("imsg compose REF_UPDATE");
691 static const struct got_error *
692 forward_have(struct gotd_client *client, struct imsg *imsg)
694 struct gotd_imsg_have ireq;
695 struct gotd_imsg_have ihave;
698 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
699 if (datalen != sizeof(ireq))
700 return got_error(GOT_ERR_PRIVSEP_LEN);
702 memcpy(&ireq, imsg->data, datalen);
704 memset(&ihave, 0, sizeof(ihave));
705 memcpy(ihave.object_id, ireq.object_id, SHA1_DIGEST_LENGTH);
706 ihave.client_id = client->id;
708 if (gotd_imsg_compose_event(&client->repo_read->iev, GOTD_IMSG_HAVE,
709 PROC_GOTD, -1, &ihave, sizeof(ihave)) == -1)
710 return got_error_from_errno("imsg compose HAVE");
716 client_has_capability(struct gotd_client *client, const char *capastr)
718 struct gotd_client_capability *capa;
721 if (client->ncapabilities == 0)
724 for (i = 0; i < client->ncapabilities; i++) {
725 capa = &client->capabilities[i];
726 if (strcmp(capa->key, capastr) == 0)
733 static const struct got_error *
734 recv_capabilities(struct gotd_client *client, struct imsg *imsg)
736 struct gotd_imsg_capabilities icapas;
739 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
740 if (datalen != sizeof(icapas))
741 return got_error(GOT_ERR_PRIVSEP_LEN);
742 memcpy(&icapas, imsg->data, sizeof(icapas));
744 client->ncapa_alloc = icapas.ncapabilities;
745 client->capabilities = calloc(client->ncapa_alloc,
746 sizeof(*client->capabilities));
747 if (client->capabilities == NULL) {
748 client->ncapa_alloc = 0;
749 return got_error_from_errno("calloc");
752 log_debug("expecting %zu capabilities from uid %d",
753 client->ncapa_alloc, client->euid);
757 static const struct got_error *
758 recv_capability(struct gotd_client *client, struct imsg *imsg)
760 struct gotd_imsg_capability icapa;
761 struct gotd_client_capability *capa;
763 char *key, *value = NULL;
765 if (client->capabilities == NULL ||
766 client->ncapabilities >= client->ncapa_alloc) {
767 return got_error_msg(GOT_ERR_BAD_REQUEST,
768 "unexpected capability received");
771 memset(&icapa, 0, sizeof(icapa));
773 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
774 if (datalen < sizeof(icapa))
775 return got_error(GOT_ERR_PRIVSEP_LEN);
776 memcpy(&icapa, imsg->data, sizeof(icapa));
778 if (datalen != sizeof(icapa) + icapa.key_len + icapa.value_len)
779 return got_error(GOT_ERR_PRIVSEP_LEN);
781 key = malloc(icapa.key_len + 1);
783 return got_error_from_errno("malloc");
784 if (icapa.value_len > 0) {
785 value = malloc(icapa.value_len + 1);
788 return got_error_from_errno("malloc");
792 memcpy(key, imsg->data + sizeof(icapa), icapa.key_len);
793 key[icapa.key_len] = '\0';
795 memcpy(value, imsg->data + sizeof(icapa) + icapa.key_len,
797 value[icapa.value_len] = '\0';
800 capa = &client->capabilities[client->ncapabilities++];
805 log_debug("uid %d: capability %s=%s", client->euid, key, value);
807 log_debug("uid %d: capability %s", client->euid, key);
812 static const struct got_error *
813 send_packfile(struct gotd_client *client)
815 const struct got_error *err = NULL;
816 struct gotd_imsg_send_packfile ipack;
817 struct gotd_imsg_packfile_pipe ipipe;
820 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pipe) == -1)
821 return got_error_from_errno("socketpair");
823 memset(&ipack, 0, sizeof(ipack));
824 memset(&ipipe, 0, sizeof(ipipe));
826 ipack.client_id = client->id;
827 if (client_has_capability(client, GOT_CAPA_SIDE_BAND_64K))
828 ipack.report_progress = 1;
830 client->delta_cache_fd = got_opentempfd();
831 if (client->delta_cache_fd == -1)
832 return got_error_from_errno("got_opentempfd");
834 if (gotd_imsg_compose_event(&client->repo_read->iev,
835 GOTD_IMSG_SEND_PACKFILE, PROC_GOTD, client->delta_cache_fd,
836 &ipack, sizeof(ipack)) == -1) {
837 err = got_error_from_errno("imsg compose SEND_PACKFILE");
843 ipipe.client_id = client->id;
845 /* Send pack pipe end 0 to repo_read. */
846 if (gotd_imsg_compose_event(&client->repo_read->iev,
847 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD, pipe[0],
848 &ipipe, sizeof(ipipe)) == -1) {
849 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
854 /* Send pack pipe end 1 to gotsh(1) (expects just an fd, no data). */
855 if (gotd_imsg_compose_event(&client->iev,
856 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD, pipe[1], NULL, 0) == -1)
857 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
862 static const struct got_error *
863 recv_packfile(struct gotd_client *client)
865 const struct got_error *err = NULL;
866 struct gotd_imsg_recv_packfile ipack;
867 struct gotd_imsg_packfile_pipe ipipe;
868 struct gotd_imsg_packidx_file ifile;
869 char *basepath = NULL, *pack_path = NULL, *idx_path = NULL;
870 int packfd = -1, idxfd = -1;
871 int pipe[2] = { -1, -1 };
873 if (client->packfile_path) {
874 return got_error_fmt(GOT_ERR_PRIVSEP_MSG,
875 "uid %d already has a pack file", client->euid);
878 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pipe) == -1)
879 return got_error_from_errno("socketpair");
881 memset(&ipipe, 0, sizeof(ipipe));
882 ipipe.client_id = client->id;
884 if (gotd_imsg_compose_event(&client->repo_write->iev,
885 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD, pipe[0],
886 &ipipe, sizeof(ipipe)) == -1) {
887 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
893 if (gotd_imsg_compose_event(&client->repo_write->iev,
894 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD, pipe[1],
895 &ipipe, sizeof(ipipe)) == -1)
896 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
899 if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.pack",
900 client->repo_write->repo_path, GOT_OBJECTS_PACK_DIR,
901 client->euid) == -1) {
902 err = got_error_from_errno("asprintf");
906 err = got_opentemp_named_fd(&pack_path, &packfd, basepath, "");
911 if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.idx",
912 client->repo_write->repo_path, GOT_OBJECTS_PACK_DIR,
913 client->euid) == -1) {
914 err = got_error_from_errno("asprintf");
918 err = got_opentemp_named_fd(&idx_path, &idxfd, basepath, "");
922 memset(&ifile, 0, sizeof(ifile));
923 ifile.client_id = client->id;
924 if (gotd_imsg_compose_event(&client->repo_write->iev,
925 GOTD_IMSG_PACKIDX_FILE, PROC_GOTD, idxfd,
926 &ifile, sizeof(ifile)) == -1) {
927 err = got_error_from_errno("imsg compose PACKIDX_FILE");
933 memset(&ipack, 0, sizeof(ipack));
934 ipack.client_id = client->id;
935 if (client_has_capability(client, GOT_CAPA_REPORT_STATUS))
936 ipack.report_status = 1;
938 if (gotd_imsg_compose_event(&client->repo_write->iev,
939 GOTD_IMSG_RECV_PACKFILE, PROC_GOTD, packfd,
940 &ipack, sizeof(ipack)) == -1) {
941 err = got_error_from_errno("imsg compose RECV_PACKFILE");
949 if (pipe[0] != -1 && close(pipe[0]) == -1 && err == NULL)
950 err = got_error_from_errno("close");
951 if (pipe[1] != -1 && close(pipe[1]) == -1 && err == NULL)
952 err = got_error_from_errno("close");
953 if (packfd != -1 && close(packfd) == -1 && err == NULL)
954 err = got_error_from_errno("close");
955 if (idxfd != -1 && close(idxfd) == -1 && err == NULL)
956 err = got_error_from_errno("close");
961 client->packfile_path = pack_path;
962 client->packidx_path = idx_path;
968 gotd_request(int fd, short events, void *arg)
970 struct gotd_imsgev *iev = arg;
971 struct imsgbuf *ibuf = &iev->ibuf;
972 struct gotd_client *client = iev->handler_arg;
973 const struct got_error *err = NULL;
977 if (events & EV_WRITE) {
978 while (ibuf->w.queued) {
979 n = msgbuf_write(&ibuf->w);
980 if (n == -1 && errno == EPIPE) {
982 * The client has closed its socket.
983 * This can happen when Git clients are
984 * done sending pack file data.
986 msgbuf_clear(&ibuf->w);
988 } else if (n == -1 && errno != EAGAIN) {
989 err = got_error_from_errno("imsg_flush");
990 disconnect_on_error(client, err);
994 /* Connection closed. */
995 err = got_error(GOT_ERR_EOF);
996 disconnect_on_error(client, err);
1001 /* Disconnect gotctl(8) now that messages have been sent. */
1002 if (!client_is_reading(client) && !client_is_writing(client)) {
1008 if ((events & EV_READ) == 0)
1011 memset(&imsg, 0, sizeof(imsg));
1013 while (err == NULL) {
1014 err = gotd_imsg_recv(&imsg, ibuf, 0);
1016 if (err->code == GOT_ERR_PRIVSEP_READ)
1021 evtimer_del(&client->tmo);
1023 switch (imsg.hdr.type) {
1024 case GOTD_IMSG_INFO:
1025 err = send_info(client);
1027 case GOTD_IMSG_STOP:
1028 err = stop_gotd(client);
1030 case GOTD_IMSG_LIST_REFS:
1031 if (client->state != GOTD_STATE_EXPECT_LIST_REFS) {
1032 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1033 "unexpected list-refs request received");
1036 err = start_client_session(client, &imsg);
1040 case GOTD_IMSG_CAPABILITIES:
1041 if (client->state != GOTD_STATE_EXPECT_CAPABILITIES) {
1042 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1043 "unexpected capabilities received");
1046 log_debug("receiving capabilities from uid %d",
1048 err = recv_capabilities(client, &imsg);
1050 case GOTD_IMSG_CAPABILITY:
1051 if (client->state != GOTD_STATE_EXPECT_CAPABILITIES) {
1052 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1053 "unexpected capability received");
1056 err = recv_capability(client, &imsg);
1057 if (err || client->ncapabilities < client->ncapa_alloc)
1059 if (client_is_reading(client)) {
1060 client->state = GOTD_STATE_EXPECT_WANT;
1061 log_debug("uid %d: expecting want-lines",
1063 } else if (client_is_writing(client)) {
1064 client->state = GOTD_STATE_EXPECT_REF_UPDATE;
1065 log_debug("uid %d: expecting ref-update-lines",
1068 fatalx("client %d is both reading and writing",
1071 case GOTD_IMSG_WANT:
1072 if (client->state != GOTD_STATE_EXPECT_WANT) {
1073 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1074 "unexpected want-line received");
1077 log_debug("received want-line from uid %d",
1079 err = ensure_client_is_reading(client);
1082 err = forward_want(client, &imsg);
1084 case GOTD_IMSG_REF_UPDATE:
1085 if (client->state != GOTD_STATE_EXPECT_REF_UPDATE) {
1086 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1087 "unexpected ref-update-line received");
1090 log_debug("received ref-update-line from uid %d",
1092 err = ensure_client_is_writing(client);
1095 err = forward_ref_update(client, &imsg);
1098 client->state = GOTD_STATE_EXPECT_MORE_REF_UPDATES;
1100 case GOTD_IMSG_HAVE:
1101 if (client->state != GOTD_STATE_EXPECT_HAVE) {
1102 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1103 "unexpected have-line received");
1106 log_debug("received have-line from uid %d",
1108 err = ensure_client_is_reading(client);
1111 err = forward_have(client, &imsg);
1115 case GOTD_IMSG_FLUSH:
1116 if (client->state == GOTD_STATE_EXPECT_WANT ||
1117 client->state == GOTD_STATE_EXPECT_HAVE) {
1118 err = ensure_client_is_reading(client);
1121 } else if (client->state ==
1122 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1123 err = ensure_client_is_writing(client);
1127 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1128 "unexpected flush-pkt received");
1131 log_debug("received flush-pkt from uid %d",
1133 if (client->state == GOTD_STATE_EXPECT_WANT) {
1134 client->state = GOTD_STATE_EXPECT_HAVE;
1135 log_debug("uid %d: expecting have-lines",
1137 } else if (client->state == GOTD_STATE_EXPECT_HAVE) {
1138 client->state = GOTD_STATE_EXPECT_DONE;
1139 log_debug("uid %d: expecting 'done'",
1141 } else if (client->state ==
1142 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1143 client->state = GOTD_STATE_EXPECT_PACKFILE;
1144 log_debug("uid %d: expecting packfile",
1146 err = recv_packfile(client);
1148 /* should not happen, see above */
1149 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1150 "unexpected client state");
1154 case GOTD_IMSG_DONE:
1155 if (client->state != GOTD_STATE_EXPECT_HAVE &&
1156 client->state != GOTD_STATE_EXPECT_DONE) {
1157 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1158 "unexpected flush-pkt received");
1161 log_debug("received 'done' from uid %d", client->euid);
1162 err = ensure_client_is_reading(client);
1165 client->state = GOTD_STATE_DONE;
1166 err = send_packfile(client);
1169 err = got_error(GOT_ERR_PRIVSEP_MSG);
1177 if (err->code != GOT_ERR_EOF ||
1178 client->state != GOTD_STATE_EXPECT_PACKFILE)
1179 disconnect_on_error(client, err);
1181 gotd_imsg_event_add(&client->iev);
1182 if (client->state == GOTD_STATE_EXPECT_LIST_REFS)
1183 evtimer_add(&client->tmo, &auth_timeout);
1185 evtimer_add(&client->tmo, &gotd.request_timeout);
1190 gotd_request_timeout(int fd, short events, void *arg)
1192 struct gotd_client *client = arg;
1194 log_debug("disconnecting uid %d due to timeout", client->euid);
1198 static const struct got_error *
1199 recv_connect(uint32_t *client_id, struct imsg *imsg)
1201 const struct got_error *err = NULL;
1202 struct gotd_imsg_connect iconnect;
1205 struct gotd_client *client = NULL;
1209 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1210 if (datalen != sizeof(iconnect))
1211 return got_error(GOT_ERR_PRIVSEP_LEN);
1212 memcpy(&iconnect, imsg->data, sizeof(iconnect));
1216 err = got_error(GOT_ERR_PRIVSEP_NO_FD);
1220 if (find_client(iconnect.client_id)) {
1221 err = got_error_msg(GOT_ERR_CLIENT_ID, "duplicate client ID");
1225 client = calloc(1, sizeof(*client));
1226 if (client == NULL) {
1227 err = got_error_from_errno("calloc");
1231 *client_id = iconnect.client_id;
1233 client->state = GOTD_STATE_EXPECT_LIST_REFS;
1234 client->id = iconnect.client_id;
1237 client->delta_cache_fd = -1;
1238 /* The auth process will verify UID/GID for us. */
1239 client->euid = iconnect.euid;
1240 client->egid = iconnect.egid;
1241 client->nref_updates = -1;
1243 imsg_init(&client->iev.ibuf, client->fd);
1244 client->iev.handler = gotd_request;
1245 client->iev.events = EV_READ;
1246 client->iev.handler_arg = client;
1248 event_set(&client->iev.ev, client->fd, EV_READ, gotd_request,
1250 gotd_imsg_event_add(&client->iev);
1252 evtimer_set(&client->tmo, gotd_request_timeout, client);
1255 log_debug("%s: new client uid %d connected on fd %d", __func__,
1256 client->euid, client->fd);
1259 struct gotd_child_proc *listen_proc = &gotd.listen_proc;
1260 struct gotd_imsg_disconnect idisconnect;
1262 idisconnect.client_id = client->id;
1263 if (gotd_imsg_compose_event(&listen_proc->iev,
1264 GOTD_IMSG_DISCONNECT, PROC_GOTD, -1,
1265 &idisconnect, sizeof(idisconnect)) == -1)
1266 log_warn("imsg compose DISCONNECT");
1275 static const char *gotd_proc_names[PROC_MAX] = {
1284 kill_proc(struct gotd_child_proc *proc, int fatal)
1287 log_warnx("sending SIGKILL to PID %d", proc->pid);
1288 kill(proc->pid, SIGKILL);
1290 kill(proc->pid, SIGTERM);
1296 struct gotd_child_proc *proc;
1299 for (slot = 0; slot < nitems(gotd_clients); slot++) {
1300 struct gotd_client *c, *tmp;
1302 STAILQ_FOREACH_SAFE(c, &gotd_clients[slot], entry, tmp)
1306 proc = &gotd.listen_proc;
1307 msgbuf_clear(&proc->iev.ibuf.w);
1308 close(proc->iev.ibuf.fd);
1310 wait_for_child(proc->pid);
1312 log_info("terminating");
1317 gotd_sighdlr(int sig, short event, void *arg)
1320 * Normal signal handler rules don't apply because libevent
1326 log_info("%s: ignoring SIGHUP", __func__);
1329 log_info("%s: ignoring SIGUSR1", __func__);
1334 log_warnx("gotd terminating");
1338 fatalx("unexpected signal");
1342 static const struct got_error *
1343 ensure_proc_is_reading(struct gotd_client *client,
1344 struct gotd_child_proc *proc)
1346 if (!client_is_reading(client)) {
1348 return got_error_fmt(GOT_ERR_BAD_PACKET,
1349 "PID %d handled a read-request for uid %d but this "
1350 "user is not reading from a repository", proc->pid,
1357 static const struct got_error *
1358 ensure_proc_is_writing(struct gotd_client *client,
1359 struct gotd_child_proc *proc)
1361 if (!client_is_writing(client)) {
1363 return got_error_fmt(GOT_ERR_BAD_PACKET,
1364 "PID %d handled a write-request for uid %d but this "
1365 "user is not writing to a repository", proc->pid,
1373 verify_imsg_src(struct gotd_client *client, struct gotd_child_proc *proc,
1376 const struct got_error *err;
1377 struct gotd_child_proc *client_proc;
1380 if (proc->type == PROC_REPO_READ || proc->type == PROC_REPO_WRITE) {
1381 client_proc = get_client_proc(client);
1382 if (client_proc == NULL)
1383 fatalx("no process found for uid %d", client->euid);
1384 if (proc->pid != client_proc->pid) {
1386 log_warnx("received message from PID %d for uid %d, "
1387 "while PID %d is the process serving this user",
1388 proc->pid, client->euid, client_proc->pid);
1393 switch (imsg->hdr.type) {
1394 case GOTD_IMSG_ERROR:
1397 case GOTD_IMSG_CONNECT:
1398 if (proc->type != PROC_LISTEN) {
1399 err = got_error_fmt(GOT_ERR_BAD_PACKET,
1400 "new connection for uid %d from PID %d "
1401 "which is not the listen process",
1402 proc->pid, client->euid);
1406 case GOTD_IMSG_ACCESS_GRANTED:
1407 if (proc->type != PROC_AUTH) {
1408 err = got_error_fmt(GOT_ERR_BAD_PACKET,
1409 "authentication of uid %d from PID %d "
1410 "which is not the auth process",
1411 proc->pid, client->euid);
1415 case GOTD_IMSG_REPO_CHILD_READY:
1416 if (proc->type != PROC_REPO_READ &&
1417 proc->type != PROC_REPO_WRITE) {
1418 err = got_error_fmt(GOT_ERR_BAD_PACKET,
1419 "unexpected \"ready\" signal from PID %d",
1424 case GOTD_IMSG_PACKFILE_DONE:
1425 err = ensure_proc_is_reading(client, proc);
1427 log_warnx("uid %d: %s", client->euid, err->msg);
1431 case GOTD_IMSG_PACKFILE_INSTALL:
1432 case GOTD_IMSG_REF_UPDATES_START:
1433 case GOTD_IMSG_REF_UPDATE:
1434 err = ensure_proc_is_writing(client, proc);
1436 log_warnx("uid %d: %s", client->euid, err->msg);
1441 log_debug("%s: unexpected imsg %d", __func__, imsg->hdr.type);
1448 static const struct got_error *
1449 list_refs_request(struct gotd_client *client, struct gotd_imsgev *iev)
1451 static const struct got_error *err;
1452 struct gotd_imsg_list_refs_internal ilref;
1455 memset(&ilref, 0, sizeof(ilref));
1456 ilref.client_id = client->id;
1458 fd = dup(client->fd);
1460 return got_error_from_errno("dup");
1462 if (gotd_imsg_compose_event(iev, GOTD_IMSG_LIST_REFS_INTERNAL,
1463 PROC_GOTD, fd, &ilref, sizeof(ilref)) == -1) {
1464 err = got_error_from_errno("imsg compose WANT");
1469 client->state = GOTD_STATE_EXPECT_CAPABILITIES;
1470 log_debug("uid %d: expecting capabilities", client->euid);
1474 static const struct got_error *
1475 recv_packfile_done(uint32_t *client_id, struct imsg *imsg)
1477 struct gotd_imsg_packfile_done idone;
1480 log_debug("packfile-done received");
1482 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1483 if (datalen != sizeof(idone))
1484 return got_error(GOT_ERR_PRIVSEP_LEN);
1485 memcpy(&idone, imsg->data, sizeof(idone));
1487 *client_id = idone.client_id;
1491 static const struct got_error *
1492 recv_packfile_install(uint32_t *client_id, struct imsg *imsg)
1494 struct gotd_imsg_packfile_install inst;
1497 log_debug("packfile-install received");
1499 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1500 if (datalen != sizeof(inst))
1501 return got_error(GOT_ERR_PRIVSEP_LEN);
1502 memcpy(&inst, imsg->data, sizeof(inst));
1504 *client_id = inst.client_id;
1508 static const struct got_error *
1509 recv_ref_updates_start(uint32_t *client_id, struct imsg *imsg)
1511 struct gotd_imsg_ref_updates_start istart;
1514 log_debug("ref-updates-start received");
1516 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1517 if (datalen != sizeof(istart))
1518 return got_error(GOT_ERR_PRIVSEP_LEN);
1519 memcpy(&istart, imsg->data, sizeof(istart));
1521 *client_id = istart.client_id;
1525 static const struct got_error *
1526 recv_ref_update(uint32_t *client_id, struct imsg *imsg)
1528 struct gotd_imsg_ref_update iref;
1531 log_debug("ref-update received");
1533 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1534 if (datalen < sizeof(iref))
1535 return got_error(GOT_ERR_PRIVSEP_LEN);
1536 memcpy(&iref, imsg->data, sizeof(iref));
1538 *client_id = iref.client_id;
1542 static const struct got_error *
1543 send_ref_update_ok(struct gotd_client *client,
1544 struct gotd_imsg_ref_update *iref, const char *refname)
1546 struct gotd_imsg_ref_update_ok iok;
1550 memset(&iok, 0, sizeof(iok));
1551 iok.client_id = client->id;
1552 memcpy(iok.old_id, iref->old_id, SHA1_DIGEST_LENGTH);
1553 memcpy(iok.new_id, iref->new_id, SHA1_DIGEST_LENGTH);
1554 iok.name_len = strlen(refname);
1556 len = sizeof(iok) + iok.name_len;
1557 wbuf = imsg_create(&client->iev.ibuf, GOTD_IMSG_REF_UPDATE_OK,
1558 PROC_GOTD, gotd.pid, len);
1560 return got_error_from_errno("imsg_create REF_UPDATE_OK");
1562 if (imsg_add(wbuf, &iok, sizeof(iok)) == -1)
1563 return got_error_from_errno("imsg_add REF_UPDATE_OK");
1564 if (imsg_add(wbuf, refname, iok.name_len) == -1)
1565 return got_error_from_errno("imsg_add REF_UPDATE_OK");
1568 imsg_close(&client->iev.ibuf, wbuf);
1569 gotd_imsg_event_add(&client->iev);
1574 send_refs_updated(struct gotd_client *client)
1576 if (gotd_imsg_compose_event(&client->iev,
1577 GOTD_IMSG_REFS_UPDATED, PROC_GOTD, -1, NULL, 0) == -1)
1578 log_warn("imsg compose REFS_UPDATED");
1581 static const struct got_error *
1582 send_ref_update_ng(struct gotd_client *client,
1583 struct gotd_imsg_ref_update *iref, const char *refname,
1586 const struct got_error *ng_err;
1587 struct gotd_imsg_ref_update_ng ing;
1591 memset(&ing, 0, sizeof(ing));
1592 ing.client_id = client->id;
1593 memcpy(ing.old_id, iref->old_id, SHA1_DIGEST_LENGTH);
1594 memcpy(ing.new_id, iref->new_id, SHA1_DIGEST_LENGTH);
1595 ing.name_len = strlen(refname);
1597 ng_err = got_error_fmt(GOT_ERR_REF_BUSY, "%s", reason);
1598 ing.reason_len = strlen(ng_err->msg);
1600 len = sizeof(ing) + ing.name_len + ing.reason_len;
1601 wbuf = imsg_create(&client->iev.ibuf, GOTD_IMSG_REF_UPDATE_NG,
1602 PROC_GOTD, gotd.pid, len);
1604 return got_error_from_errno("imsg_create REF_UPDATE_NG");
1606 if (imsg_add(wbuf, &ing, sizeof(ing)) == -1)
1607 return got_error_from_errno("imsg_add REF_UPDATE_NG");
1608 if (imsg_add(wbuf, refname, ing.name_len) == -1)
1609 return got_error_from_errno("imsg_add REF_UPDATE_NG");
1610 if (imsg_add(wbuf, ng_err->msg, ing.reason_len) == -1)
1611 return got_error_from_errno("imsg_add REF_UPDATE_NG");
1614 imsg_close(&client->iev.ibuf, wbuf);
1615 gotd_imsg_event_add(&client->iev);
1619 static const struct got_error *
1620 install_pack(struct gotd_client *client, const char *repo_path,
1623 const struct got_error *err = NULL;
1624 struct gotd_imsg_packfile_install inst;
1625 char hex[SHA1_DIGEST_STRING_LENGTH];
1627 char *packfile_path = NULL, *packidx_path = NULL;
1629 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1630 if (datalen != sizeof(inst))
1631 return got_error(GOT_ERR_PRIVSEP_LEN);
1632 memcpy(&inst, imsg->data, sizeof(inst));
1634 if (client->packfile_path == NULL)
1635 return got_error_msg(GOT_ERR_BAD_REQUEST,
1636 "client has no pack file");
1637 if (client->packidx_path == NULL)
1638 return got_error_msg(GOT_ERR_BAD_REQUEST,
1639 "client has no pack file index");
1641 if (got_sha1_digest_to_str(inst.pack_sha1, hex, sizeof(hex)) == NULL)
1642 return got_error_msg(GOT_ERR_NO_SPACE,
1643 "could not convert pack file SHA1 to hex");
1645 if (asprintf(&packfile_path, "/%s/%s/pack-%s.pack",
1646 repo_path, GOT_OBJECTS_PACK_DIR, hex) == -1) {
1647 err = got_error_from_errno("asprintf");
1651 if (asprintf(&packidx_path, "/%s/%s/pack-%s.idx",
1652 repo_path, GOT_OBJECTS_PACK_DIR, hex) == -1) {
1653 err = got_error_from_errno("asprintf");
1657 if (rename(client->packfile_path, packfile_path) == -1) {
1658 err = got_error_from_errno3("rename", client->packfile_path,
1663 free(client->packfile_path);
1664 client->packfile_path = NULL;
1666 if (rename(client->packidx_path, packidx_path) == -1) {
1667 err = got_error_from_errno3("rename", client->packidx_path,
1672 free(client->packidx_path);
1673 client->packidx_path = NULL;
1675 free(packfile_path);
1680 static const struct got_error *
1681 begin_ref_updates(struct gotd_client *client, struct imsg *imsg)
1683 struct gotd_imsg_ref_updates_start istart;
1686 if (client->nref_updates != -1)
1687 return got_error(GOT_ERR_PRIVSEP_MSG);
1689 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1690 if (datalen != sizeof(istart))
1691 return got_error(GOT_ERR_PRIVSEP_LEN);
1692 memcpy(&istart, imsg->data, sizeof(istart));
1694 if (istart.nref_updates <= 0)
1695 return got_error(GOT_ERR_PRIVSEP_MSG);
1697 client->nref_updates = istart.nref_updates;
1701 static const struct got_error *
1702 update_ref(struct gotd_client *client, const char *repo_path,
1705 const struct got_error *err = NULL;
1706 struct got_repository *repo = NULL;
1707 struct got_reference *ref = NULL;
1708 struct gotd_imsg_ref_update iref;
1709 struct got_object_id old_id, new_id;
1710 struct got_object_id *id = NULL;
1711 struct got_object *obj = NULL;
1712 char *refname = NULL;
1716 log_debug("update-ref from uid %d", client->euid);
1718 if (client->nref_updates <= 0)
1719 return got_error(GOT_ERR_PRIVSEP_MSG);
1721 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1722 if (datalen < sizeof(iref))
1723 return got_error(GOT_ERR_PRIVSEP_LEN);
1724 memcpy(&iref, imsg->data, sizeof(iref));
1725 if (datalen != sizeof(iref) + iref.name_len)
1726 return got_error(GOT_ERR_PRIVSEP_LEN);
1727 refname = malloc(iref.name_len + 1);
1728 if (refname == NULL)
1729 return got_error_from_errno("malloc");
1730 memcpy(refname, imsg->data + sizeof(iref), iref.name_len);
1731 refname[iref.name_len] = '\0';
1733 log_debug("updating ref %s for uid %d", refname, client->euid);
1735 err = got_repo_open(&repo, repo_path, NULL, NULL);
1739 memcpy(old_id.sha1, iref.old_id, SHA1_DIGEST_LENGTH);
1740 memcpy(new_id.sha1, iref.new_id, SHA1_DIGEST_LENGTH);
1741 err = got_object_open(&obj, repo, &new_id);
1745 if (iref.ref_is_new) {
1746 err = got_ref_open(&ref, repo, refname, 0);
1748 if (err->code != GOT_ERR_NOT_REF)
1750 err = got_ref_alloc(&ref, refname, &new_id);
1753 err = got_ref_write(ref, repo); /* will lock/unlock */
1757 err = got_error_fmt(GOT_ERR_REF_BUSY,
1758 "%s has been created by someone else "
1759 "while transaction was in progress",
1760 got_ref_get_name(ref));
1764 err = got_ref_open(&ref, repo, refname, 1 /* lock */);
1769 err = got_ref_resolve(&id, repo, ref);
1773 if (got_object_id_cmp(id, &old_id) != 0) {
1774 err = got_error_fmt(GOT_ERR_REF_BUSY,
1775 "%s has been modified by someone else "
1776 "while transaction was in progress",
1777 got_ref_get_name(ref));
1781 err = got_ref_change_ref(ref, &new_id);
1785 err = got_ref_write(ref, repo);
1794 if (err->code == GOT_ERR_LOCKFILE_TIMEOUT) {
1795 err = got_error_fmt(GOT_ERR_LOCKFILE_TIMEOUT,
1796 "could not acquire exclusive file lock for %s",
1799 send_ref_update_ng(client, &iref, refname, err->msg);
1801 send_ref_update_ok(client, &iref, refname);
1803 if (client->nref_updates > 0) {
1804 client->nref_updates--;
1805 if (client->nref_updates == 0)
1806 send_refs_updated(client);
1810 const struct got_error *unlock_err;
1811 unlock_err = got_ref_unlock(ref);
1812 if (unlock_err && err == NULL)
1818 got_object_close(obj);
1820 got_repo_close(repo);
1827 gotd_dispatch_listener(int fd, short event, void *arg)
1829 struct gotd_imsgev *iev = arg;
1830 struct imsgbuf *ibuf = &iev->ibuf;
1831 struct gotd_child_proc *proc = &gotd.listen_proc;
1836 if (proc->iev.ibuf.fd != fd)
1837 fatalx("%s: unexpected fd %d", __func__, fd);
1839 if (event & EV_READ) {
1840 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
1841 fatal("imsg_read error");
1843 /* Connection closed. */
1849 if (event & EV_WRITE) {
1850 n = msgbuf_write(&ibuf->w);
1851 if (n == -1 && errno != EAGAIN)
1852 fatal("msgbuf_write");
1854 /* Connection closed. */
1861 const struct got_error *err = NULL;
1862 struct gotd_client *client = NULL;
1863 uint32_t client_id = 0;
1864 int do_disconnect = 0;
1866 if ((n = imsg_get(ibuf, &imsg)) == -1)
1867 fatal("%s: imsg_get error", __func__);
1868 if (n == 0) /* No more messages. */
1871 switch (imsg.hdr.type) {
1872 case GOTD_IMSG_ERROR:
1874 err = gotd_imsg_recv_error(&client_id, &imsg);
1876 case GOTD_IMSG_CONNECT:
1877 err = recv_connect(&client_id, &imsg);
1880 log_debug("unexpected imsg %d", imsg.hdr.type);
1884 client = find_client(client_id);
1885 if (client == NULL) {
1886 log_warnx("%s: client not found", __func__);
1892 log_warnx("uid %d: %s", client->euid, err->msg);
1894 if (do_disconnect) {
1896 disconnect_on_error(client, err);
1905 gotd_imsg_event_add(iev);
1907 /* This pipe is dead. Remove its event handler */
1908 event_del(&iev->ev);
1909 event_loopexit(NULL);
1914 gotd_dispatch_auth_child(int fd, short event, void *arg)
1916 const struct got_error *err = NULL;
1917 struct gotd_imsgev *iev = arg;
1918 struct imsgbuf *ibuf = &iev->ibuf;
1919 struct gotd_client *client;
1920 struct gotd_repo *repo = NULL;
1924 uint32_t client_id = 0;
1925 int do_disconnect = 0;
1926 enum gotd_procid proc_type;
1928 client = find_client_by_proc_fd(fd);
1930 fatalx("cannot find client for fd %d", fd);
1932 if (client->auth == NULL)
1933 fatalx("cannot find auth child process for fd %d", fd);
1935 if (event & EV_READ) {
1936 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
1937 fatal("imsg_read error");
1939 /* Connection closed. */
1945 if (event & EV_WRITE) {
1946 n = msgbuf_write(&ibuf->w);
1947 if (n == -1 && errno != EAGAIN)
1948 fatal("msgbuf_write");
1950 /* Connection closed. */
1956 if (client->auth->iev.ibuf.fd != fd)
1957 fatalx("%s: unexpected fd %d", __func__, fd);
1959 if ((n = imsg_get(ibuf, &imsg)) == -1)
1960 fatal("%s: imsg_get error", __func__);
1961 if (n == 0) /* No more messages. */
1964 evtimer_del(&client->tmo);
1966 switch (imsg.hdr.type) {
1967 case GOTD_IMSG_ERROR:
1969 err = gotd_imsg_recv_error(&client_id, &imsg);
1971 case GOTD_IMSG_ACCESS_GRANTED:
1975 log_debug("unexpected imsg %d", imsg.hdr.type);
1979 if (!verify_imsg_src(client, client->auth, &imsg)) {
1981 log_debug("dropping imsg type %d from PID %d",
1982 imsg.hdr.type, client->auth->pid);
1986 if (do_disconnect) {
1988 disconnect_on_error(client, err);
1994 repo = find_repo_by_name(client->auth->repo_name);
1996 err = got_error(GOT_ERR_NOT_GIT_REPO);
1999 kill_auth_proc(client);
2001 log_info("authenticated uid %d for repository %s\n",
2002 client->euid, repo->name);
2004 if (client->required_auth & GOTD_AUTH_WRITE)
2005 proc_type = PROC_REPO_WRITE;
2007 proc_type = PROC_REPO_READ;
2009 err = start_repo_child(client, proc_type, repo, gotd.argv0,
2010 gotd.confpath, gotd.daemonize, gotd.verbosity);
2013 log_warnx("uid %d: %s", client->euid, err->msg);
2015 /* We might have killed the auth process by now. */
2016 if (client->auth != NULL) {
2018 gotd_imsg_event_add(iev);
2020 /* This pipe is dead. Remove its event handler */
2021 event_del(&iev->ev);
2027 gotd_dispatch_repo_child(int fd, short event, void *arg)
2029 struct gotd_imsgev *iev = arg;
2030 struct imsgbuf *ibuf = &iev->ibuf;
2031 struct gotd_child_proc *proc = NULL;
2032 struct gotd_client *client = NULL;
2037 if (event & EV_READ) {
2038 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
2039 fatal("imsg_read error");
2041 /* Connection closed. */
2047 if (event & EV_WRITE) {
2048 n = msgbuf_write(&ibuf->w);
2049 if (n == -1 && errno != EAGAIN)
2050 fatal("msgbuf_write");
2052 /* Connection closed. */
2058 client = find_client_by_proc_fd(fd);
2060 fatalx("cannot find client for fd %d", fd);
2062 proc = get_client_proc(client);
2064 fatalx("cannot find child process for fd %d", fd);
2067 const struct got_error *err = NULL;
2068 uint32_t client_id = 0;
2069 int do_disconnect = 0;
2070 int do_list_refs = 0, do_ref_updates = 0, do_ref_update = 0;
2071 int do_packfile_install = 0;
2073 if ((n = imsg_get(ibuf, &imsg)) == -1)
2074 fatal("%s: imsg_get error", __func__);
2075 if (n == 0) /* No more messages. */
2078 switch (imsg.hdr.type) {
2079 case GOTD_IMSG_ERROR:
2081 err = gotd_imsg_recv_error(&client_id, &imsg);
2083 case GOTD_IMSG_REPO_CHILD_READY:
2086 case GOTD_IMSG_PACKFILE_DONE:
2088 err = recv_packfile_done(&client_id, &imsg);
2090 case GOTD_IMSG_PACKFILE_INSTALL:
2091 err = recv_packfile_install(&client_id, &imsg);
2093 do_packfile_install = 1;
2095 case GOTD_IMSG_REF_UPDATES_START:
2096 err = recv_ref_updates_start(&client_id, &imsg);
2100 case GOTD_IMSG_REF_UPDATE:
2101 err = recv_ref_update(&client_id, &imsg);
2106 log_debug("unexpected imsg %d", imsg.hdr.type);
2110 if (!verify_imsg_src(client, proc, &imsg)) {
2111 log_debug("dropping imsg type %d from PID %d",
2112 imsg.hdr.type, proc->pid);
2117 log_warnx("uid %d: %s", client->euid, err->msg);
2119 if (do_disconnect) {
2121 disconnect_on_error(client, err);
2126 err = list_refs_request(client, iev);
2127 else if (do_packfile_install)
2128 err = install_pack(client, proc->repo_path,
2130 else if (do_ref_updates)
2131 err = begin_ref_updates(client, &imsg);
2132 else if (do_ref_update)
2133 err = update_ref(client, proc->repo_path,
2136 log_warnx("uid %d: %s", client->euid, err->msg);
2142 gotd_imsg_event_add(iev);
2144 /* This pipe is dead. Remove its event handler */
2145 event_del(&iev->ev);
2146 event_loopexit(NULL);
2151 start_child(enum gotd_procid proc_id, const char *repo_path,
2152 char *argv0, const char *confpath, int fd, int daemonize, int verbosity)
2158 switch (pid = fork()) {
2160 fatal("cannot fork");
2168 if (fd != GOTD_FILENO_MSG_PIPE) {
2169 if (dup2(fd, GOTD_FILENO_MSG_PIPE) == -1)
2170 fatal("cannot setup imsg fd");
2171 } else if (fcntl(fd, F_SETFD, 0) == -1)
2172 fatal("cannot setup imsg fd");
2174 argv[argc++] = argv0;
2177 argv[argc++] = (char *)"-L";
2180 argv[argc++] = (char *)"-A";
2182 case PROC_REPO_READ:
2183 argv[argc++] = (char *)"-R";
2185 case PROC_REPO_WRITE:
2186 argv[argc++] = (char *)"-W";
2189 fatalx("invalid process id %d", proc_id);
2192 argv[argc++] = (char *)"-f";
2193 argv[argc++] = (char *)confpath;
2196 argv[argc++] = (char *)"-P";
2197 argv[argc++] = (char *)repo_path;
2201 argv[argc++] = (char *)"-d";
2203 argv[argc++] = (char *)"-v";
2205 argv[argc++] = (char *)"-v";
2206 argv[argc++] = NULL;
2208 execvp(argv0, argv);
2213 start_listener(char *argv0, const char *confpath, int daemonize, int verbosity)
2215 struct gotd_child_proc *proc = &gotd.listen_proc;
2217 proc->type = PROC_LISTEN;
2219 if (socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK,
2220 PF_UNSPEC, proc->pipe) == -1)
2221 fatal("socketpair");
2223 proc->pid = start_child(proc->type, NULL, argv0, confpath,
2224 proc->pipe[1], daemonize, verbosity);
2225 imsg_init(&proc->iev.ibuf, proc->pipe[0]);
2226 proc->iev.handler = gotd_dispatch_listener;
2227 proc->iev.events = EV_READ;
2228 proc->iev.handler_arg = NULL;
2231 static const struct got_error *
2232 start_repo_child(struct gotd_client *client, enum gotd_procid proc_type,
2233 struct gotd_repo *repo, char *argv0, const char *confpath,
2234 int daemonize, int verbosity)
2236 struct gotd_child_proc *proc;
2238 if (proc_type != PROC_REPO_READ && proc_type != PROC_REPO_WRITE)
2239 return got_error_msg(GOT_ERR_NOT_IMPL, "bad process type");
2241 proc = calloc(1, sizeof(*proc));
2243 return got_error_from_errno("calloc");
2245 proc->type = proc_type;
2246 if (strlcpy(proc->repo_name, repo->name,
2247 sizeof(proc->repo_name)) >= sizeof(proc->repo_name))
2248 fatalx("repository name too long: %s", repo->name);
2249 log_debug("starting %s for repository %s",
2250 proc->type == PROC_REPO_READ ? "reader" : "writer", repo->name);
2251 if (realpath(repo->path, proc->repo_path) == NULL)
2252 fatal("%s", repo->path);
2253 if (socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK,
2254 PF_UNSPEC, proc->pipe) == -1)
2255 fatal("socketpair");
2256 proc->pid = start_child(proc->type, proc->repo_path, argv0,
2257 confpath, proc->pipe[1], daemonize, verbosity);
2258 imsg_init(&proc->iev.ibuf, proc->pipe[0]);
2259 log_debug("proc %s %s is on fd %d",
2260 gotd_proc_names[proc->type], proc->repo_path,
2262 proc->iev.handler = gotd_dispatch_repo_child;
2263 proc->iev.events = EV_READ;
2264 proc->iev.handler_arg = NULL;
2265 event_set(&proc->iev.ev, proc->iev.ibuf.fd, EV_READ,
2266 gotd_dispatch_repo_child, &proc->iev);
2267 gotd_imsg_event_add(&proc->iev);
2269 if (proc->type == PROC_REPO_READ)
2270 client->repo_read = proc;
2272 client->repo_write = proc;
2277 static const struct got_error *
2278 start_auth_child(struct gotd_client *client, int required_auth,
2279 struct gotd_repo *repo, char *argv0, const char *confpath,
2280 int daemonize, int verbosity)
2282 const struct got_error *err = NULL;
2283 struct gotd_child_proc *proc;
2284 struct gotd_imsg_auth iauth;
2287 memset(&iauth, 0, sizeof(iauth));
2289 fd = dup(client->fd);
2291 return got_error_from_errno("dup");
2293 proc = calloc(1, sizeof(*proc));
2295 err = got_error_from_errno("calloc");
2300 proc->type = PROC_AUTH;
2301 if (strlcpy(proc->repo_name, repo->name,
2302 sizeof(proc->repo_name)) >= sizeof(proc->repo_name))
2303 fatalx("repository name too long: %s", repo->name);
2304 log_debug("starting auth for uid %d repository %s",
2305 client->euid, repo->name);
2306 if (realpath(repo->path, proc->repo_path) == NULL)
2307 fatal("%s", repo->path);
2308 if (socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK,
2309 PF_UNSPEC, proc->pipe) == -1)
2310 fatal("socketpair");
2311 proc->pid = start_child(proc->type, proc->repo_path, argv0,
2312 confpath, proc->pipe[1], daemonize, verbosity);
2313 imsg_init(&proc->iev.ibuf, proc->pipe[0]);
2314 log_debug("proc %s %s is on fd %d",
2315 gotd_proc_names[proc->type], proc->repo_path,
2317 proc->iev.handler = gotd_dispatch_auth_child;
2318 proc->iev.events = EV_READ;
2319 proc->iev.handler_arg = NULL;
2320 event_set(&proc->iev.ev, proc->iev.ibuf.fd, EV_READ,
2321 gotd_dispatch_auth_child, &proc->iev);
2322 gotd_imsg_event_add(&proc->iev);
2324 iauth.euid = client->euid;
2325 iauth.egid = client->egid;
2326 iauth.required_auth = required_auth;
2327 iauth.client_id = client->id;
2328 if (gotd_imsg_compose_event(&proc->iev, GOTD_IMSG_AUTHENTICATE,
2329 PROC_GOTD, fd, &iauth, sizeof(iauth)) == -1) {
2330 log_warn("imsg compose AUTHENTICATE");
2332 /* Let the auth_timeout handler tidy up. */
2335 client->auth = proc;
2336 client->required_auth = required_auth;
2341 apply_unveil_repo_readonly(const char *repo_path)
2343 if (unveil(repo_path, "r") == -1)
2344 fatal("unveil %s", repo_path);
2346 if (unveil(NULL, NULL) == -1)
2351 apply_unveil_none(void)
2353 if (unveil("/", "") == -1)
2356 if (unveil(NULL, NULL) == -1)
2363 struct gotd_repo *repo;
2365 if (unveil(gotd.argv0, "x") == -1)
2366 fatal("unveil %s", gotd.argv0);
2368 TAILQ_FOREACH(repo, &gotd.repos, entry) {
2369 if (unveil(repo->path, "rwc") == -1)
2370 fatal("unveil %s", repo->path);
2373 if (unveil(GOT_TMPDIR_STR, "rwc") == -1)
2374 fatal("unveil %s", GOT_TMPDIR_STR);
2376 if (unveil(NULL, NULL) == -1)
2381 main(int argc, char **argv)
2383 const struct got_error *error = NULL;
2384 int ch, fd = -1, daemonize = 1, verbosity = 0, noaction = 0;
2385 const char *confpath = GOTD_CONF_PATH;
2386 char *argv0 = argv[0];
2388 struct passwd *pw = NULL;
2389 char *repo_path = NULL;
2390 enum gotd_procid proc_id = PROC_GOTD;
2391 struct event evsigint, evsigterm, evsighup, evsigusr1;
2392 int *pack_fds = NULL, *temp_fds = NULL;
2394 log_init(1, LOG_DAEMON); /* Log to stderr until daemonized. */
2396 while ((ch = getopt(argc, argv, "Adf:LnP:RvW")) != -1) {
2399 proc_id = PROC_AUTH;
2408 proc_id = PROC_LISTEN;
2414 repo_path = realpath(optarg, NULL);
2415 if (repo_path == NULL)
2416 fatal("realpath '%s'", optarg);
2419 proc_id = PROC_REPO_READ;
2426 proc_id = PROC_REPO_WRITE;
2439 /* Require an absolute path in argv[0] for reliable re-exec. */
2440 if (!got_path_is_absolute(argv0))
2441 fatalx("bad path \"%s\": must be an absolute path", argv0);
2443 if (geteuid() && (proc_id == PROC_GOTD || proc_id == PROC_LISTEN))
2444 fatalx("need root privileges");
2446 log_init(daemonize ? 0 : 1, LOG_DAEMON);
2447 log_setverbose(verbosity);
2449 if (parse_config(confpath, proc_id, &gotd) != 0)
2453 gotd.daemonize = daemonize;
2454 gotd.verbosity = verbosity;
2455 gotd.confpath = confpath;
2457 if (proc_id == PROC_GOTD &&
2458 (gotd.nrepos == 0 || TAILQ_EMPTY(&gotd.repos)))
2459 fatalx("no repository defined in configuration file");
2461 pw = getpwnam(gotd.user_name);
2463 fatalx("user %s not found", gotd.user_name);
2465 if (pw->pw_uid == 0) {
2466 fatalx("cannot run %s as %s: the user running %s "
2467 "must not be the superuser",
2468 getprogname(), pw->pw_name, getprogname());
2471 if (proc_id == PROC_LISTEN &&
2472 !got_path_is_absolute(gotd.unix_socket_path))
2473 fatalx("bad unix socket path \"%s\": must be an absolute path",
2474 gotd.unix_socket_path);
2479 if (proc_id == PROC_GOTD) {
2480 gotd.pid = getpid();
2481 snprintf(title, sizeof(title), "%s", gotd_proc_names[proc_id]);
2482 start_listener(argv0, confpath, daemonize, verbosity);
2483 arc4random_buf(&clients_hash_key, sizeof(clients_hash_key));
2484 if (daemonize && daemon(1, 0) == -1)
2486 } else if (proc_id == PROC_LISTEN) {
2487 snprintf(title, sizeof(title), "%s", gotd_proc_names[proc_id]);
2489 log_info("socket: %s", gotd.unix_socket_path);
2490 log_info("user: %s", pw->pw_name);
2493 fd = unix_socket_listen(gotd.unix_socket_path, pw->pw_uid,
2496 fatal("cannot listen on unix socket %s",
2497 gotd.unix_socket_path);
2499 if (daemonize && daemon(0, 0) == -1)
2501 } else if (proc_id == PROC_AUTH) {
2502 snprintf(title, sizeof(title), "%s %s",
2503 gotd_proc_names[proc_id], repo_path);
2504 if (daemonize && daemon(0, 0) == -1)
2506 } else if (proc_id == PROC_REPO_READ || proc_id == PROC_REPO_WRITE) {
2507 error = got_repo_pack_fds_open(&pack_fds);
2509 fatalx("cannot open pack tempfiles: %s", error->msg);
2510 error = got_repo_temp_fds_open(&temp_fds);
2512 fatalx("cannot open pack tempfiles: %s", error->msg);
2513 if (repo_path == NULL)
2514 fatalx("repository path not specified");
2515 snprintf(title, sizeof(title), "%s %s",
2516 gotd_proc_names[proc_id], repo_path);
2517 if (daemonize && daemon(0, 0) == -1)
2520 fatal("invalid process id %d", proc_id);
2522 setproctitle("%s", title);
2523 log_procinit(title);
2525 /* Drop root privileges. */
2526 if (setgid(pw->pw_gid) == -1)
2527 fatal("setgid %d failed", pw->pw_gid);
2528 if (setuid(pw->pw_uid) == -1)
2529 fatal("setuid %d failed", pw->pw_uid);
2536 if (pledge("stdio rpath wpath cpath proc exec "
2537 "sendfd recvfd fattr flock unveil", NULL) == -1)
2543 if (pledge("stdio sendfd unix", NULL) == -1)
2546 listen_main(title, fd, gotd.connection_limits,
2547 gotd.nconnection_limits);
2552 if (pledge("stdio getpw recvfd unix unveil", NULL) == -1)
2556 * We need the "unix" pledge promise for getpeername(2) only.
2557 * Ensure that AF_UNIX bind(2) cannot be used by revoking all
2558 * filesystem access via unveil(2). Access to password database
2559 * files will still work since "getpw" bypasses unveil(2).
2561 apply_unveil_none();
2563 auth_main(title, &gotd.repos, repo_path);
2566 case PROC_REPO_READ:
2568 if (pledge("stdio rpath recvfd unveil", NULL) == -1)
2571 apply_unveil_repo_readonly(repo_path);
2572 repo_read_main(title, repo_path, pack_fds, temp_fds);
2575 case PROC_REPO_WRITE:
2577 if (pledge("stdio rpath recvfd unveil", NULL) == -1)
2580 apply_unveil_repo_readonly(repo_path);
2581 repo_write_main(title, repo_path, pack_fds, temp_fds);
2585 fatal("invalid process id %d", proc_id);
2588 if (proc_id != PROC_GOTD)
2589 fatal("invalid process id %d", proc_id);
2593 signal_set(&evsigint, SIGINT, gotd_sighdlr, NULL);
2594 signal_set(&evsigterm, SIGTERM, gotd_sighdlr, NULL);
2595 signal_set(&evsighup, SIGHUP, gotd_sighdlr, NULL);
2596 signal_set(&evsigusr1, SIGUSR1, gotd_sighdlr, NULL);
2597 signal(SIGPIPE, SIG_IGN);
2599 signal_add(&evsigint, NULL);
2600 signal_add(&evsigterm, NULL);
2601 signal_add(&evsighup, NULL);
2602 signal_add(&evsigusr1, NULL);
2604 gotd_imsg_event_add(&gotd.listen_proc.iev);
2609 got_repo_pack_fds_close(pack_fds);
