Commits
- Commit:
52939b686ae906897e9b7956b61d15c255539e6d
- From:
- Stefan Sperling <stsp@stsp.name>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
fix gotd segfault in libevent while disconnecting clients
Sending a DISCONNECT message to the repo process and then killing
it and freeing its structure won't work. The message ends up on
internal libevent queues and will soon crash because we have freed
the memory for the event structre.
Sending that message is a leftover from the times when the repo
procs were persistent.
- Commit:
96d694ac3bc159099a9ad93aa49ec7ac1764b18d
- From:
- Omar Polo <op@omarpolo.com>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
fix gotd and gotsh usage() function declaration
"function declaration isn't a prototype"
should fix the error seen by tracey@ on sparc64
- Commit:
b7acbe65b9c3861892ccd85dce82d78aeb285f54
- From:
- Stefan Sperling <stsp@stsp.name>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
make gotd parent dispatch handlers more robust during teardown
We have observed gotd exiting after "cannot find client for fd N" errors.
If this occurs then we are likely in the process of disconnecting a client
session while processing an event from a child process. Treat the above
error as non-fatal and stop processing more events from the child process.
- Commit:
e17294f7d5e2865bd321c133f76d9d4a9e8e44ea
- From:
- Omar Polo <op@omarpolo.com>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
remove \n from log message
- Commit:
1f1613cf295163e120025e06b138cda25d5e52f1
- From:
- Stefan Sperling <stsp@stsp.name>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
make gotd store own PID after daemon(3), and avoid calling daemon(3) needlessly
ok op, jamsek
- Commit:
f5f71a04830c68cddf72cca7f77c8dec97451abb
- From:
- Omar Polo <op@omarpolo.com>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
gotd: disconnect on client EOF too
Otherwise gotd keeps the (client-closed) sockets around and may prevent
new connections from being established since they still count for the
limits.
ok jamsek, stsp
- Commit:
c855c9f037399e518322eeca99fb2944103555a1
- From:
- Stefan Sperling <stsp@stsp.name>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
document the gotd -n option
- Commit:
7348ded8f8bf5a82c1b0361e0e7591a1af96ff89
- From:
- Omar Polo <op@omarpolo.com>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
gotd: move socket path check to parse.y and error from the main process
It's handy to have a "bad unix socket path" error being reported
directly from the main process since can get caught by `gotd -n'.
ok jamsek stsp
- Commit:
4d24b1fdb79bbc3df9ef996250267ba70f189a4d
- From:
- Omar Polo <op@omarpolo.com>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
gotd: move nrepos check to parse_config
ok jamsek stsp
- Commit:
b4b04e8813ee1b6cd1f84196b3c9a123eb2c8b47
- From:
- Omar Polo <op@omarpolo.com>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
gotd: print configuration errors without -d
Defer the absolute path check on argv[0] and log_init so that it
becomes possible to run `gotd -n' to check the configuration file and
get errors without specifying -d. Erorrs in the configuration now are
actually always printed regardless of -d.
While here also tweak an error message and print 'configuration OK' if -n
ok stsp@
- Commit:
27b11d77adb941c1219dd82ceb47e8243ea37caf
- From:
- Stefan Sperling <stsp@stsp.name>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
use just one pointer variable to keep track of a client's repo process
ok op@
- Commit:
7b1db75e88420c57858703ddfec2851107c6577d
- From:
- Stefan Sperling <stsp@stsp.name>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
update client state tracking in the gotd parent process
The session process takes over the old state definitions under
a new name ("session state"). The parent only needs to keep
track of whether a client has been granted access, so it only
uses two states: NEW, and ACCCESS_GRANTED which is set as soon
as the auth process has granted repository access and before
the session and repo_read/repo_write children are started.
Because 'gotctl info' can no longer observe the session state
remove support code for printing it.
ok op@
- Commit:
c115f13dfefb091ce3bfb4f72a9fe2082ca1c4f7
- From:
- Stefan Sperling <stsp@stsp.name>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
remove support for showing client capabilities in 'gotctl info'
The gotd parent process has lost access to client capabilities.
Take the easy way out and remove related code. If needed, client
capabilities can still be found in the debug log with 'gotd -v'.
ok op, jamsek
- Commit:
3c726c84512abc4fe4b64d1bd40d2077a53f0a5a
- From:
- Stefan Sperling <stsp@stsp.name>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
remove now unused fields from struct gotd_client
- Commit:
62ee7d94746d0e54c308e112e3b47dcd1bf294f9
- From:
- Stefan Sperling <stsp@stsp.name>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
add a gotd session process, split off from the parent process
The new session process is able to manipulate files in the repository
and keeps track of the read/write client session state.
The parent process now restricts its view of the filesystem to the
absolute path stored in argv[0], and combines this with unveil "x"
on this path. As a result the parent process can only re-exec itself.
small tweaks + ok op@
- Commit:
fe6a8988670d1e54478187f93e22a1980f5926e4
- From:
- Stefan Sperling <stsp@stsp.name>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
call realpath() during early startup in gotd's parse.y
This ensures that all repositories exist when the process is first started.
It will also help to avoid an "rpath" pledge promise in a future gotd which
uses a separate session process, by avoiding realpath() calls while starting
new processes.
- Commit:
1487ee74528d56ab29c4bda3f1812fe857abeb18
- From:
- Stefan Sperling <stsp@stsp.name>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
do not treat nonexistent repositories as a fatal error in gotd
- Commit:
0d26b72c238283ec77e4080f4aba81590a912473
- From:
- Omar Polo <op@omarpolo.com>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
gotd: delete unreachable code after gotd_shutdown()
- Commit:
d4940d40064a4fd732c26af1bb551d1ff633852d
- From:
- Stefan Sperling <stsp@stsp.name>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
revoke filesystem access in gotd listen process via unveil(2)
This should avoid involuntary use of bind(2) with arbitrary socket paths.
ok op@
- Commit:
c8cf682107ebbe81da9db3dbd267c51ff151b049
- From:
- Stefan Sperling <stsp@stsp.name>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
expose 'gotctl info' output only to the root user
Now that anyone can connect to the socket, it is probably safer to
expose information about currently connected clients only to root.
- Commit:
f2fc8ce0a3b225e5408c9b26476e395ca7109e63
- From:
- Stefan Sperling <stsp@stsp.name>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
remove the gotsh group requirement from gotd; any user can now connect
Repository access is now controlled by access rules in gotd.conf,
and concurrent connections to the gotd socket by local users are
limited by the listen process. We should keep refining our anti-DoS
measures in the future, but at least we have something in place now.
ok jamsek, op
- Commit:
0781db0e2428460cdb0b48d3797899eede6afa44
- From:
- Stefan Sperling <stsp@stsp.name>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
introduce connection options to gotd.conf
Allow administrators to tweak the default authentication and request
timeouts if needed, and to tweak the limit of concurrent connections
for specific user accounts.
with several tweaks from and ok op@
- Commit:
16373356309bbffea15297b273af79c2c62d9c8b
- From:
- Omar Polo <op@omarpolo.com>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
fmt
- Commit:
46ecc01f5bf28403be0e41b8438bfbec24faadef
- From:
- Mark Jamsek <mark@jamsek.dev>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
gotd: nix trailing whitespace and indentation fix
ok op@, stsp@
- Commit:
b942ab080a771fcaa36e5806fe6ee2ad2a311c8a
- From:
- Stefan Sperling <stsp@stsp.name>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
remove filesystem access via bind(2) from gotd auth process
op@ pointed out a problem in my initial patch where I forgot
to call unveil(2) with a path before unveil(NULL, NULL).
ok op, jamsek