Gotweb

Blob

Date:: Fri Dec 30 14:58:03 2022 UTC
Message:: run gotd authentication in a separate child process ok op@
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 
18 #define GOTD_UNIX_SOCKET "/var/run/gotd.sock"
19 #define GOTD_UNIX_SOCKET_BACKLOG 10
20 #define GOTD_UNIX_GROUP	"_gotsh"
21 #define GOTD_USER	"_gotd"
22 #define GOTD_CONF_PATH	"/etc/gotd.conf"
23 #define GOTD_EMPTY_PATH	"/var/empty"
24 
25 #define GOTD_MAXCLIENTS		1024
26 #define GOTD_FD_RESERVE		5
27 #define GOTD_FD_NEEDED		6
28 #define GOTD_FILENO_MSG_PIPE	3
29 
30 /* Client hash tables need some extra room. */
31 #define GOTD_CLIENT_TABLE_SIZE (GOTD_MAXCLIENTS * 4)
32 
33 enum gotd_procid {
34 	PROC_GOTD	= 0,
35 	PROC_LISTEN,
36 	PROC_AUTH,
37 	PROC_REPO_READ,
38 	PROC_REPO_WRITE,
39 	PROC_MAX,
40 };
41 
42 struct gotd_imsgev {
43 	struct imsgbuf	 ibuf;
44 	void		(*handler)(int, short, void *);
45 	void		*handler_arg;
46 	struct event	 ev;
47 	short		 events;
48 };
49 
50 struct gotd_child_proc {
51 	pid_t pid;
52 	enum gotd_procid type;
53 	char repo_name[NAME_MAX];
54 	char repo_path[PATH_MAX];
55 	int pipe[2];
56 	struct gotd_imsgev iev;
57 	size_t nhelpers;
58 };
59 
60 enum gotd_access {
61 	GOTD_ACCESS_PERMITTED = 1,
62 	GOTD_ACCESS_DENIED
63 };
64 
65 struct gotd_access_rule {
66 	STAILQ_ENTRY(gotd_access_rule) entry;
67 
68 	enum gotd_access access;
69 
70 	int authorization;
71 #define GOTD_AUTH_READ		0x1
72 #define GOTD_AUTH_WRITE		0x2
73 
74 	char *identifier;
75 };
76 STAILQ_HEAD(gotd_access_rule_list, gotd_access_rule);
77 
78 struct gotd_repo {
79 	TAILQ_ENTRY(gotd_repo)	 entry;
80 
81 	char name[NAME_MAX];
82 	char path[PATH_MAX];
83 
84 	struct gotd_access_rule_list rules;
85 };
86 TAILQ_HEAD(gotd_repolist, gotd_repo);
87 
88 enum gotd_client_state {
89 	GOTD_STATE_EXPECT_LIST_REFS,
90 	GOTD_STATE_EXPECT_CAPABILITIES,
91 	GOTD_STATE_EXPECT_WANT,
92 	GOTD_STATE_EXPECT_REF_UPDATE,
93 	GOTD_STATE_EXPECT_MORE_REF_UPDATES,
94 	GOTD_STATE_EXPECT_HAVE,
95 	GOTD_STATE_EXPECT_PACKFILE,
96 	GOTD_STATE_EXPECT_DONE,
97 	GOTD_STATE_DONE,
98 };
99 
100 struct gotd_client_capability {
101 	char *key;
102 	char *value;
103 };
104 
105 struct gotd_object_id_array {
106 	struct got_object_id		**ids;
107 	size_t				 nalloc;
108 	size_t				 nids;
109 };
110 
111 struct gotd {
112 	pid_t pid;
113 	char unix_socket_path[PATH_MAX];
114 	char unix_group_name[32];
115 	char user_name[32];
116 	struct gotd_repolist repos;
117 	int nrepos;
118 	struct gotd_child_proc listen_proc;
119 
120 	char *argv0;
121 	const char *confpath;
122 	int daemonize;
123 	int verbosity;
124 };
125 
126 enum gotd_imsg_type {
127 	/* An error occured while processing a request. */
128 	GOTD_IMSG_ERROR,
129 
130 	/* Commands used by gotctl(8). */
131 	GOTD_IMSG_INFO,
132 	GOTD_IMSG_INFO_REPO,
133 	GOTD_IMSG_INFO_CLIENT,
134 	GOTD_IMSG_STOP,
135 
136 	/* Request a list of references. */
137 	GOTD_IMSG_LIST_REFS,
138 	GOTD_IMSG_LIST_REFS_INTERNAL,
139 
140 	/* References. */
141 	GOTD_IMSG_REFLIST,
142 	GOTD_IMSG_REF,
143 	GOTD_IMSG_SYMREF,
144 
145 	/* Git protocol capabilities. */
146 	GOTD_IMSG_CAPABILITIES,
147 	GOTD_IMSG_CAPABILITY,
148 
149 	/* Git protocol chatter. */
150 	GOTD_IMSG_WANT,		/* The client wants an object. */
151 	GOTD_IMSG_HAVE,		/* The client has an object. */
152 	GOTD_IMSG_ACK,		/* The server has an object or a reference. */
153 	GOTD_IMSG_NAK,		/* The server does not have an object/ref. */
154 	GOTD_IMSG_REF_UPDATE,	/* The client wants to update a reference. */
155 	GOTD_IMSG_REF_DELETE,	/* The client wants to delete a reference. */
156 	GOTD_IMSG_FLUSH,	/* The client sent a flush packet. */
157 	GOTD_IMSG_DONE,		/* The client is done chatting. */
158 
159 	/* Sending or receiving a pack file. */
160 	GOTD_IMSG_SEND_PACKFILE, /* The server is sending a pack file. */
161 	GOTD_IMSG_RECV_PACKFILE, /* The server is receiving a pack file. */
162 	GOTD_IMSG_PACKIDX_FILE,  /* Temporary file handle for new pack index. */
163 	GOTD_IMSG_PACKFILE_PIPE, /* Pipe to send/receive a pack file stream. */
164 	GOTD_IMSG_PACKFILE_PROGRESS, /* Progress reporting. */
165 	GOTD_IMSG_PACKFILE_READY, /* Pack file is ready to be sent. */
166 	GOTD_IMSG_PACKFILE_STATUS, /* Received pack success/failure status. */
167 	GOTD_IMSG_PACKFILE_INSTALL, /* Received pack file can be installed. */
168 	GOTD_IMSG_PACKFILE_DONE, /* Pack file has been sent/received. */
169 
170 	/* Reference updates. */
171 	GOTD_IMSG_REF_UPDATES_START, /* Ref updates starting. */
172 	GOTD_IMSG_REF_UPDATE_OK, /* Update went OK. */
173 	GOTD_IMSG_REF_UPDATE_NG, /* Update was not good. */
174 	GOTD_IMSG_REFS_UPDATED, /* The server proccessed all ref updates. */
175 
176 	/* Client connections. */
177 	GOTD_IMSG_DISCONNECT,
178 	GOTD_IMSG_CONNECT,
179 
180 	/* Child process management. */
181 	GOTD_IMSG_REPO_CHILD_READY,
182 
183 	/* Auth child process. */
184 	GOTD_IMSG_AUTHENTICATE,
185 	GOTD_IMSG_ACCESS_GRANTED,
186 };
187 
188 /* Structure for GOTD_IMSG_ERROR. */
189 struct gotd_imsg_error {
190 	int code; /* an error code from got_error.h */
191 	int errno_code; /* in case code equals GOT_ERR_ERRNO */
192 	uint32_t client_id;
193 	char msg[GOT_ERR_MAX_MSG_SIZE];
194 } __attribute__((__packed__));
195 
196 /* Structure for GOTD_IMSG_INFO. */
197 struct gotd_imsg_info {
198 	pid_t pid;
199 	int verbosity;
200 	int nrepos;
201 	int nclients;
202 
203 	/* Followed by nrepos GOTD_IMSG_INFO_REPO messages. */
204 	/* Followed by nclients GOTD_IMSG_INFO_CLIENT messages. */
205 };
206 
207 /* Structure for GOTD_IMSG_INFO_REPO. */
208 struct gotd_imsg_info_repo {
209 	char repo_name[NAME_MAX];
210 	char repo_path[PATH_MAX];
211 };
212 
213 /* Structure for GOTD_IMSG_INFO_CLIENT */
214 struct gotd_imsg_info_client {
215 	uid_t euid;
216 	gid_t egid;
217 	char repo_name[NAME_MAX];
218 	int is_writing;
219 	enum gotd_client_state state;
220 	size_t ncapabilities;
221 
222 	/* Followed by ncapabilities GOTD_IMSG_CAPABILITY. */
223 };
224 
225 /* Structure for GOTD_IMSG_LIST_REFS. */
226 struct gotd_imsg_list_refs {
227 	char repo_name[NAME_MAX];
228 	int client_is_reading; /* 1 if reading, 0 if writing */
229 };
230 
231 /* Structure for GOTD_IMSG_LIST_REFS_INTERNAL. */
232 struct gotd_imsg_list_refs_internal {
233 	uint32_t client_id;
234 };
235 
236 /* Structure for GOTD_IMSG_REFLIST. */
237 struct gotd_imsg_reflist {
238 	size_t nrefs;
239 
240 	/* Followed by nrefs times of gotd_imsg_ref/gotd_imsg_symref data. */
241 } __attribute__((__packed__));
242 
243 /* Structure for GOTD_IMSG_REF data. */
244 struct gotd_imsg_ref {
245 	uint8_t id[SHA1_DIGEST_LENGTH];
246 	size_t name_len;
247 	/* Followed by name_len data bytes. */
248 } __attribute__((__packed__));
249 
250 /* Structure for GOTD_IMSG_SYMREF data. */
251 struct gotd_imsg_symref {
252 	size_t name_len;
253 	size_t target_len;
254 	uint8_t target_id[SHA1_DIGEST_LENGTH];
255 
256 	/*
257 	 * Followed by name_len + target_len data bytes.
258 	 */
259 } __attribute__((__packed__));
260 
261 /* Structure for GOTD_IMSG_CAPABILITIES data. */
262 struct gotd_imsg_capabilities {
263 	size_t ncapabilities;
264 
265 	/*
266 	 * Followed by ncapabilities * GOTD_IMSG_CAPABILITY.
267 	 */
268 } __attribute__((__packed__));
269 
270 /* Structure for GOTD_IMSG_CAPABILITY data. */
271 struct gotd_imsg_capability {
272 	size_t key_len;
273 	size_t value_len;
274 
275 	/*
276 	 * Followed by key_len + value_len data bytes.
277 	 */
278 } __attribute__((__packed__));
279 
280 /* Structure for GOTD_IMSG_WANT data. */
281 struct gotd_imsg_want {
282 	uint8_t object_id[SHA1_DIGEST_LENGTH];
283 	uint32_t client_id;
284 } __attribute__((__packed__));
285 
286 /* Structure for GOTD_IMSG_HAVE data. */
287 struct gotd_imsg_have {
288 	uint8_t object_id[SHA1_DIGEST_LENGTH];
289 	uint32_t client_id;
290 } __attribute__((__packed__));
291 
292 /* Structure for GOTD_IMSG_ACK data. */
293 struct gotd_imsg_ack {
294 	uint8_t object_id[SHA1_DIGEST_LENGTH];
295 	uint32_t client_id;
296 } __attribute__((__packed__));
297 
298 /* Structure for GOTD_IMSG_NAK data. */
299 struct gotd_imsg_nak {
300 	uint8_t object_id[SHA1_DIGEST_LENGTH];
301 	uint32_t client_id;
302 } __attribute__((__packed__));
303 
304 /* Structure for GOTD_IMSG_PACKFILE_STATUS data. */
305 struct gotd_imsg_packfile_status {
306 	size_t reason_len;
307 
308 	/* Followed by reason_len data bytes. */
309 } __attribute__((__packed__));
310 
311 
312 /* Structure for GOTD_IMSG_REF_UPDATE data. */
313 struct gotd_imsg_ref_update {
314 	uint8_t old_id[SHA1_DIGEST_LENGTH];
315 	uint8_t new_id[SHA1_DIGEST_LENGTH];
316 	int ref_is_new;
317 	uint32_t client_id;
318 	size_t name_len;
319 
320 	/* Followed by name_len data bytes. */
321 } __attribute__((__packed__));
322 
323 /* Structure for GOTD_IMSG_REF_UPDATES_START data. */
324 struct gotd_imsg_ref_updates_start {
325 	int nref_updates;
326 	uint32_t client_id;
327 
328 	/* Followed by nref_updates GOT_IMSG_REF_UPDATE_OK/NG messages. */
329 };
330 
331 /* Structure for GOTD_IMSG_REF_UPDATE_OK data. */
332 struct gotd_imsg_ref_update_ok {
333 	uint8_t old_id[SHA1_DIGEST_LENGTH];
334 	uint8_t new_id[SHA1_DIGEST_LENGTH];
335 	int ref_is_new;
336 	uint32_t client_id;
337 	size_t name_len;
338 
339 	/* Followed by name_len data bytes. */
340 } __attribute__((__packed__));
341 
342 /* Structure for GOTD_IMSG_REF_UPDATE_NG data. */
343 struct gotd_imsg_ref_update_ng {
344 	uint8_t old_id[SHA1_DIGEST_LENGTH];
345 	uint8_t new_id[SHA1_DIGEST_LENGTH];
346 	uint32_t client_id;
347 	size_t name_len;
348 	size_t reason_len;
349 
350 	/* Followed by name_len + reason_len data bytes. */
351 } __attribute__((__packed__));
352 
353 /* Structure for GOTD_IMSG_SEND_PACKFILE data. */
354 struct gotd_imsg_send_packfile {
355 	uint32_t client_id;
356 	int report_progress;
357 
358 	/* delta cache file is sent as a file descriptor */
359 
360 	/* followed by two GOTD_IMSG_PACKFILE_PIPE messages */
361 };
362 
363 /* Structure for GOTD_IMSG_RECV_PACKFILE data. */
364 struct gotd_imsg_recv_packfile {
365 	uint32_t client_id;
366 	int report_status;
367 
368 	/* pack destination temp file is sent as a file descriptor */
369 };
370 
371 /* Structure for GOTD_IMSG_PACKFILE_PIPE data. */
372 struct gotd_imsg_packfile_pipe {
373 	uint32_t client_id;
374 };
375 
376 /* Structure for GOTD_IMSG_PACKIDX_FILE data. */
377 struct gotd_imsg_packidx_file {
378 	uint32_t client_id;
379 };
380 
381 
382 /*
383  * Structure for GOTD_IMSG_PACKFILE_PROGRESS and
384  * GOTD_IMSG_PACKFILE_READY data.
385  */
386 struct gotd_imsg_packfile_progress {
387 	uint32_t client_id;
388 	int ncolored;
389 	int nfound;
390 	int ntrees;
391 	off_t packfile_size;
392 	int ncommits;
393 	int nobj_total;
394 	int nobj_deltify;
395 	int nobj_written;
396 };
397 
398 /* Structure for GOTD_IMSG_PACKFILE_INSTALL. */
399 struct gotd_imsg_packfile_install {
400 	uint32_t client_id;
401 	uint8_t pack_sha1[SHA1_DIGEST_LENGTH];
402 };
403 
404 /* Structure for GOTD_IMSG_PACKFILE_DONE data. */
405 struct gotd_imsg_packfile_done {
406 	uint32_t client_id;
407 };
408 
409 /* Structure for GOTD_IMSG_DISCONNECT data. */
410 struct gotd_imsg_disconnect {
411 	uint32_t client_id;
412 };
413 
414 /* Structure for GOTD_IMSG_CONNECT. */
415 struct gotd_imsg_connect {
416 	uint32_t client_id;
417 };
418 
419 /* Structure for GOTD_IMSG_AUTHENTICATE. */
420 struct gotd_imsg_auth {
421 	uid_t euid;
422 	gid_t egid;
423 	int required_auth;
424 	uint32_t client_id;
425 };
426 
427 int parse_config(const char *, enum gotd_procid, struct gotd *);
428 
429 /* imsg.c */
430 const struct got_error *gotd_imsg_flush(struct imsgbuf *);
431 const struct got_error *gotd_imsg_recv(struct imsg *, struct imsgbuf *, size_t);
432 const struct got_error *gotd_imsg_poll_recv(struct imsg *, struct imsgbuf *,
433     size_t);
434 const struct got_error *gotd_imsg_recv_error(uint32_t *client_id,
435     struct imsg *imsg);
436 int gotd_imsg_send_error(struct imsgbuf *ibuf, uint32_t, uint32_t,
437     const struct got_error *);
438 int gotd_imsg_send_error_event(struct gotd_imsgev *, uint32_t, uint32_t,
439     const struct got_error *);
440 void gotd_imsg_event_add(struct gotd_imsgev *);
441 int gotd_imsg_compose_event(struct gotd_imsgev *, uint16_t, uint32_t, int,
442     void *, uint16_t);
443 int gotd_imsg_forward(struct gotd_imsgev *, struct imsg *, int);
444 
445 void gotd_imsg_send_ack(struct got_object_id *, struct imsgbuf *,
446     uint32_t, pid_t);
447 void gotd_imsg_send_nak(struct got_object_id *, struct imsgbuf *,
448     uint32_t, pid_t);