1 /*
2  * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 
18 #define GOTD_UNIX_SOCKET "/var/run/gotd.sock"
19 #define GOTD_UNIX_SOCKET_BACKLOG 10
20 #define GOTD_USER	"_gotd"
21 #define GOTD_CONF_PATH	"/etc/gotd.conf"
22 #define GOTD_EMPTY_PATH	"/var/empty"
23 
24 #define GOTD_MAXCLIENTS		1024
25 #define GOTD_MAX_CONN_PER_UID	4
26 #define GOTD_FD_RESERVE		5
27 #define GOTD_FD_NEEDED		6
28 #define GOTD_FILENO_MSG_PIPE	3
29 
30 #define GOTD_DEFAULT_REQUEST_TIMEOUT	3600
31 
32 /* Client hash tables need some extra room. */
33 #define GOTD_CLIENT_TABLE_SIZE (GOTD_MAXCLIENTS * 4)
34 
35 enum gotd_procid {
36 	PROC_GOTD	= 0,
37 	PROC_LISTEN,
38 	PROC_AUTH,
39 	PROC_REPO_READ,
40 	PROC_REPO_WRITE,
41 	PROC_MAX,
42 };
43 
44 struct gotd_imsgev {
45 	struct imsgbuf	 ibuf;
46 	void		(*handler)(int, short, void *);
47 	void		*handler_arg;
48 	struct event	 ev;
49 	short		 events;
50 };
51 
52 struct gotd_child_proc {
53 	pid_t pid;
54 	enum gotd_procid type;
55 	char repo_name[NAME_MAX];
56 	char repo_path[PATH_MAX];
57 	int pipe[2];
58 	struct gotd_imsgev iev;
59 	size_t nhelpers;
60 };
61 
62 enum gotd_access {
63 	GOTD_ACCESS_PERMITTED = 1,
64 	GOTD_ACCESS_DENIED
65 };
66 
67 struct gotd_access_rule {
68 	STAILQ_ENTRY(gotd_access_rule) entry;
69 
70 	enum gotd_access access;
71 
72 	int authorization;
73 #define GOTD_AUTH_READ		0x1
74 #define GOTD_AUTH_WRITE		0x2
75 
76 	char *identifier;
77 };
78 STAILQ_HEAD(gotd_access_rule_list, gotd_access_rule);
79 
80 struct gotd_repo {
81 	TAILQ_ENTRY(gotd_repo)	 entry;
82 
83 	char name[NAME_MAX];
84 	char path[PATH_MAX];
85 
86 	struct gotd_access_rule_list rules;
87 };
88 TAILQ_HEAD(gotd_repolist, gotd_repo);
89 
90 enum gotd_client_state {
91 	GOTD_STATE_EXPECT_LIST_REFS,
92 	GOTD_STATE_EXPECT_CAPABILITIES,
93 	GOTD_STATE_EXPECT_WANT,
94 	GOTD_STATE_EXPECT_REF_UPDATE,
95 	GOTD_STATE_EXPECT_MORE_REF_UPDATES,
96 	GOTD_STATE_EXPECT_HAVE,
97 	GOTD_STATE_EXPECT_PACKFILE,
98 	GOTD_STATE_EXPECT_DONE,
99 	GOTD_STATE_DONE,
100 };
101 
102 struct gotd_client_capability {
103 	char *key;
104 	char *value;
105 };
106 
107 struct gotd_object_id_array {
108 	struct got_object_id		**ids;
109 	size_t				 nalloc;
110 	size_t				 nids;
111 };
112 
113 struct gotd_uid_connection_limit {
114 	uid_t uid;
115 	int max_connections;
116 };
117 
118 struct gotd {
119 	pid_t pid;
120 	char unix_socket_path[PATH_MAX];
121 	char user_name[32];
122 	struct gotd_repolist repos;
123 	int nrepos;
124 	struct gotd_child_proc listen_proc;
125 	struct timeval request_timeout;
126 	struct timeval auth_timeout;
127 	struct gotd_uid_connection_limit *connection_limits;
128 	size_t nconnection_limits;
129 
130 	char *argv0;
131 	const char *confpath;
132 	int daemonize;
133 	int verbosity;
134 };
135 
136 enum gotd_imsg_type {
137 	/* An error occured while processing a request. */
138 	GOTD_IMSG_ERROR,
139 
140 	/* Commands used by gotctl(8). */
141 	GOTD_IMSG_INFO,
142 	GOTD_IMSG_INFO_REPO,
143 	GOTD_IMSG_INFO_CLIENT,
144 	GOTD_IMSG_STOP,
145 
146 	/* Request a list of references. */
147 	GOTD_IMSG_LIST_REFS,
148 	GOTD_IMSG_LIST_REFS_INTERNAL,
149 
150 	/* References. */
151 	GOTD_IMSG_REFLIST,
152 	GOTD_IMSG_REF,
153 	GOTD_IMSG_SYMREF,
154 
155 	/* Git protocol capabilities. */
156 	GOTD_IMSG_CAPABILITIES,
157 	GOTD_IMSG_CAPABILITY,
158 
159 	/* Git protocol chatter. */
160 	GOTD_IMSG_WANT,		/* The client wants an object. */
161 	GOTD_IMSG_HAVE,		/* The client has an object. */
162 	GOTD_IMSG_ACK,		/* The server has an object or a reference. */
163 	GOTD_IMSG_NAK,		/* The server does not have an object/ref. */
164 	GOTD_IMSG_REF_UPDATE,	/* The client wants to update a reference. */
165 	GOTD_IMSG_REF_DELETE,	/* The client wants to delete a reference. */
166 	GOTD_IMSG_FLUSH,	/* The client sent a flush packet. */
167 	GOTD_IMSG_DONE,		/* The client is done chatting. */
168 
169 	/* Sending or receiving a pack file. */
170 	GOTD_IMSG_SEND_PACKFILE, /* The server is sending a pack file. */
171 	GOTD_IMSG_RECV_PACKFILE, /* The server is receiving a pack file. */
172 	GOTD_IMSG_PACKIDX_FILE,  /* Temporary file handle for new pack index. */
173 	GOTD_IMSG_PACKFILE_PIPE, /* Pipe to send/receive a pack file stream. */
174 	GOTD_IMSG_PACKFILE_PROGRESS, /* Progress reporting. */
175 	GOTD_IMSG_PACKFILE_READY, /* Pack file is ready to be sent. */
176 	GOTD_IMSG_PACKFILE_STATUS, /* Received pack success/failure status. */
177 	GOTD_IMSG_PACKFILE_INSTALL, /* Received pack file can be installed. */
178 	GOTD_IMSG_PACKFILE_DONE, /* Pack file has been sent/received. */
179 
180 	/* Reference updates. */
181 	GOTD_IMSG_REF_UPDATES_START, /* Ref updates starting. */
182 	GOTD_IMSG_REF_UPDATE_OK, /* Update went OK. */
183 	GOTD_IMSG_REF_UPDATE_NG, /* Update was not good. */
184 	GOTD_IMSG_REFS_UPDATED, /* The server proccessed all ref updates. */
185 
186 	/* Client connections. */
187 	GOTD_IMSG_DISCONNECT,
188 	GOTD_IMSG_CONNECT,
189 
190 	/* Child process management. */
191 	GOTD_IMSG_REPO_CHILD_READY,
192 
193 	/* Auth child process. */
194 	GOTD_IMSG_AUTHENTICATE,
195 	GOTD_IMSG_ACCESS_GRANTED,
196 };
197 
198 /* Structure for GOTD_IMSG_ERROR. */
199 struct gotd_imsg_error {
200 	int code; /* an error code from got_error.h */
201 	int errno_code; /* in case code equals GOT_ERR_ERRNO */
202 	uint32_t client_id;
203 	char msg[GOT_ERR_MAX_MSG_SIZE];
204 } __attribute__((__packed__));
205 
206 /* Structure for GOTD_IMSG_INFO. */
207 struct gotd_imsg_info {
208 	pid_t pid;
209 	int verbosity;
210 	int nrepos;
211 	int nclients;
212 
213 	/* Followed by nrepos GOTD_IMSG_INFO_REPO messages. */
214 	/* Followed by nclients GOTD_IMSG_INFO_CLIENT messages. */
215 };
216 
217 /* Structure for GOTD_IMSG_INFO_REPO. */
218 struct gotd_imsg_info_repo {
219 	char repo_name[NAME_MAX];
220 	char repo_path[PATH_MAX];
221 };
222 
223 /* Structure for GOTD_IMSG_INFO_CLIENT */
224 struct gotd_imsg_info_client {
225 	uid_t euid;
226 	gid_t egid;
227 	char repo_name[NAME_MAX];
228 	int is_writing;
229 	enum gotd_client_state state;
230 	size_t ncapabilities;
231 
232 	/* Followed by ncapabilities GOTD_IMSG_CAPABILITY. */
233 };
234 
235 /* Structure for GOTD_IMSG_LIST_REFS. */
236 struct gotd_imsg_list_refs {
237 	char repo_name[NAME_MAX];
238 	int client_is_reading; /* 1 if reading, 0 if writing */
239 };
240 
241 /* Structure for GOTD_IMSG_LIST_REFS_INTERNAL. */
242 struct gotd_imsg_list_refs_internal {
243 	uint32_t client_id;
244 };
245 
246 /* Structure for GOTD_IMSG_REFLIST. */
247 struct gotd_imsg_reflist {
248 	size_t nrefs;
249 
250 	/* Followed by nrefs times of gotd_imsg_ref/gotd_imsg_symref data. */
251 } __attribute__((__packed__));
252 
253 /* Structure for GOTD_IMSG_REF data. */
254 struct gotd_imsg_ref {
255 	uint8_t id[SHA1_DIGEST_LENGTH];
256 	size_t name_len;
257 	/* Followed by name_len data bytes. */
258 } __attribute__((__packed__));
259 
260 /* Structure for GOTD_IMSG_SYMREF data. */
261 struct gotd_imsg_symref {
262 	size_t name_len;
263 	size_t target_len;
264 	uint8_t target_id[SHA1_DIGEST_LENGTH];
265 
266 	/*
267 	 * Followed by name_len + target_len data bytes.
268 	 */
269 } __attribute__((__packed__));
270 
271 /* Structure for GOTD_IMSG_CAPABILITIES data. */
272 struct gotd_imsg_capabilities {
273 	size_t ncapabilities;
274 
275 	/*
276 	 * Followed by ncapabilities * GOTD_IMSG_CAPABILITY.
277 	 */
278 } __attribute__((__packed__));
279 
280 /* Structure for GOTD_IMSG_CAPABILITY data. */
281 struct gotd_imsg_capability {
282 	size_t key_len;
283 	size_t value_len;
284 
285 	/*
286 	 * Followed by key_len + value_len data bytes.
287 	 */
288 } __attribute__((__packed__));
289 
290 /* Structure for GOTD_IMSG_WANT data. */
291 struct gotd_imsg_want {
292 	uint8_t object_id[SHA1_DIGEST_LENGTH];
293 	uint32_t client_id;
294 } __attribute__((__packed__));
295 
296 /* Structure for GOTD_IMSG_HAVE data. */
297 struct gotd_imsg_have {
298 	uint8_t object_id[SHA1_DIGEST_LENGTH];
299 	uint32_t client_id;
300 } __attribute__((__packed__));
301 
302 /* Structure for GOTD_IMSG_ACK data. */
303 struct gotd_imsg_ack {
304 	uint8_t object_id[SHA1_DIGEST_LENGTH];
305 	uint32_t client_id;
306 } __attribute__((__packed__));
307 
308 /* Structure for GOTD_IMSG_NAK data. */
309 struct gotd_imsg_nak {
310 	uint8_t object_id[SHA1_DIGEST_LENGTH];
311 	uint32_t client_id;
312 } __attribute__((__packed__));
313 
314 /* Structure for GOTD_IMSG_PACKFILE_STATUS data. */
315 struct gotd_imsg_packfile_status {
316 	size_t reason_len;
317 
318 	/* Followed by reason_len data bytes. */
319 } __attribute__((__packed__));
320 
321 
322 /* Structure for GOTD_IMSG_REF_UPDATE data. */
323 struct gotd_imsg_ref_update {
324 	uint8_t old_id[SHA1_DIGEST_LENGTH];
325 	uint8_t new_id[SHA1_DIGEST_LENGTH];
326 	int ref_is_new;
327 	uint32_t client_id;
328 	size_t name_len;
329 
330 	/* Followed by name_len data bytes. */
331 } __attribute__((__packed__));
332 
333 /* Structure for GOTD_IMSG_REF_UPDATES_START data. */
334 struct gotd_imsg_ref_updates_start {
335 	int nref_updates;
336 	uint32_t client_id;
337 
338 	/* Followed by nref_updates GOT_IMSG_REF_UPDATE_OK/NG messages. */
339 };
340 
341 /* Structure for GOTD_IMSG_REF_UPDATE_OK data. */
342 struct gotd_imsg_ref_update_ok {
343 	uint8_t old_id[SHA1_DIGEST_LENGTH];
344 	uint8_t new_id[SHA1_DIGEST_LENGTH];
345 	int ref_is_new;
346 	uint32_t client_id;
347 	size_t name_len;
348 
349 	/* Followed by name_len data bytes. */
350 } __attribute__((__packed__));
351 
352 /* Structure for GOTD_IMSG_REF_UPDATE_NG data. */
353 struct gotd_imsg_ref_update_ng {
354 	uint8_t old_id[SHA1_DIGEST_LENGTH];
355 	uint8_t new_id[SHA1_DIGEST_LENGTH];
356 	uint32_t client_id;
357 	size_t name_len;
358 	size_t reason_len;
359 
360 	/* Followed by name_len + reason_len data bytes. */
361 } __attribute__((__packed__));
362 
363 /* Structure for GOTD_IMSG_SEND_PACKFILE data. */
364 struct gotd_imsg_send_packfile {
365 	uint32_t client_id;
366 	int report_progress;
367 
368 	/* delta cache file is sent as a file descriptor */
369 
370 	/* followed by two GOTD_IMSG_PACKFILE_PIPE messages */
371 };
372 
373 /* Structure for GOTD_IMSG_RECV_PACKFILE data. */
374 struct gotd_imsg_recv_packfile {
375 	uint32_t client_id;
376 	int report_status;
377 
378 	/* pack destination temp file is sent as a file descriptor */
379 };
380 
381 /* Structure for GOTD_IMSG_PACKFILE_PIPE data. */
382 struct gotd_imsg_packfile_pipe {
383 	uint32_t client_id;
384 };
385 
386 /* Structure for GOTD_IMSG_PACKIDX_FILE data. */
387 struct gotd_imsg_packidx_file {
388 	uint32_t client_id;
389 };
390 
391 
392 /*
393  * Structure for GOTD_IMSG_PACKFILE_PROGRESS and
394  * GOTD_IMSG_PACKFILE_READY data.
395  */
396 struct gotd_imsg_packfile_progress {
397 	uint32_t client_id;
398 	int ncolored;
399 	int nfound;
400 	int ntrees;
401 	off_t packfile_size;
402 	int ncommits;
403 	int nobj_total;
404 	int nobj_deltify;
405 	int nobj_written;
406 };
407 
408 /* Structure for GOTD_IMSG_PACKFILE_INSTALL. */
409 struct gotd_imsg_packfile_install {
410 	uint32_t client_id;
411 	uint8_t pack_sha1[SHA1_DIGEST_LENGTH];
412 };
413 
414 /* Structure for GOTD_IMSG_PACKFILE_DONE data. */
415 struct gotd_imsg_packfile_done {
416 	uint32_t client_id;
417 };
418 
419 /* Structure for GOTD_IMSG_DISCONNECT data. */
420 struct gotd_imsg_disconnect {
421 	uint32_t client_id;
422 };
423 
424 /* Structure for GOTD_IMSG_CONNECT. */
425 struct gotd_imsg_connect {
426 	uint32_t client_id;
427 	uid_t euid;
428 	gid_t egid;
429 };
430 
431 /* Structure for GOTD_IMSG_AUTHENTICATE. */
432 struct gotd_imsg_auth {
433 	uid_t euid;
434 	gid_t egid;
435 	int required_auth;
436 	uint32_t client_id;
437 };
438 
439 int parse_config(const char *, enum gotd_procid, struct gotd *);
440 
441 /* imsg.c */
442 const struct got_error *gotd_imsg_flush(struct imsgbuf *);
443 const struct got_error *gotd_imsg_recv(struct imsg *, struct imsgbuf *, size_t);
444 const struct got_error *gotd_imsg_poll_recv(struct imsg *, struct imsgbuf *,
445     size_t);
446 const struct got_error *gotd_imsg_recv_error(uint32_t *client_id,
447     struct imsg *imsg);
448 int gotd_imsg_send_error(struct imsgbuf *ibuf, uint32_t, uint32_t,
449     const struct got_error *);
450 int gotd_imsg_send_error_event(struct gotd_imsgev *, uint32_t, uint32_t,
451     const struct got_error *);
452 void gotd_imsg_event_add(struct gotd_imsgev *);
453 int gotd_imsg_compose_event(struct gotd_imsgev *, uint16_t, uint32_t, int,
454     void *, uint16_t);
455 int gotd_imsg_forward(struct gotd_imsgev *, struct imsg *, int);
456 
457 void gotd_imsg_send_ack(struct got_object_id *, struct imsgbuf *,
458     uint32_t, pid_t);
459 void gotd_imsg_send_nak(struct got_object_id *, struct imsgbuf *,
460     uint32_t, pid_t);