2 * Copyright (c) 2022, 2023 Stefan Sperling <stsp@openbsd.org>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 #include <sys/types.h>
18 #include <sys/queue.h>
20 #include <sys/socket.h>
37 #include "got_error.h"
38 #include "got_repository.h"
39 #include "got_object.h"
41 #include "got_reference.h"
42 #include "got_opentemp.h"
44 #include "got_lib_hash.h"
45 #include "got_lib_delta.h"
46 #include "got_lib_object.h"
47 #include "got_lib_object_cache.h"
48 #include "got_lib_pack.h"
49 #include "got_lib_repository.h"
50 #include "got_lib_gitproto.h"
57 static struct gotd_session {
60 struct got_repository *repo;
63 struct gotd_imsgev parent_iev;
64 struct timeval request_timeout;
65 enum gotd_procid proc_id;
68 static struct gotd_session_client {
69 enum gotd_session_state state;
71 struct gotd_client_capability *capabilities;
77 struct gotd_imsgev iev;
78 struct gotd_imsgev repo_child_iev;
87 } gotd_session_client;
89 void gotd_session_sighdlr(int sig, short event, void *arg);
90 static void gotd_session_shutdown(void);
93 disconnect(struct gotd_session_client *client)
95 log_debug("uid %d: disconnecting", client->euid);
97 if (gotd_imsg_compose_event(&gotd_session.parent_iev,
98 GOTD_IMSG_DISCONNECT, gotd_session.proc_id, -1, NULL, 0) == -1)
99 log_warn("imsg compose DISCONNECT");
101 imsg_clear(&client->repo_child_iev.ibuf);
102 event_del(&client->repo_child_iev.ev);
103 evtimer_del(&client->tmo);
105 if (client->delta_cache_fd != -1)
106 close(client->delta_cache_fd);
107 if (client->packfile_path) {
108 if (unlink(client->packfile_path) == -1 && errno != ENOENT)
109 log_warn("unlink %s: ", client->packfile_path);
110 free(client->packfile_path);
112 if (client->packidx_path) {
113 if (unlink(client->packidx_path) == -1 && errno != ENOENT)
114 log_warn("unlink %s: ", client->packidx_path);
115 free(client->packidx_path);
117 free(client->capabilities);
119 gotd_session_shutdown();
123 disconnect_on_error(struct gotd_session_client *client,
124 const struct got_error *err)
128 if (err->code != GOT_ERR_EOF) {
129 log_warnx("uid %d: %s", client->euid, err->msg);
130 imsg_init(&ibuf, client->fd);
131 gotd_imsg_send_error(&ibuf, 0, gotd_session.proc_id, err);
139 gotd_request_timeout(int fd, short events, void *arg)
141 struct gotd_session_client *client = arg;
143 log_debug("disconnecting uid %d due to timeout", client->euid);
148 gotd_session_sighdlr(int sig, short event, void *arg)
151 * Normal signal handler rules don't apply because libevent
157 log_info("%s: ignoring SIGHUP", __func__);
160 log_info("%s: ignoring SIGUSR1", __func__);
164 gotd_session_shutdown();
168 fatalx("unexpected signal");
172 static const struct got_error *
173 recv_packfile_done(uint32_t *client_id, struct imsg *imsg)
175 struct gotd_imsg_packfile_done idone;
178 log_debug("packfile-done received");
180 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
181 if (datalen != sizeof(idone))
182 return got_error(GOT_ERR_PRIVSEP_LEN);
183 memcpy(&idone, imsg->data, sizeof(idone));
185 *client_id = idone.client_id;
189 static const struct got_error *
190 recv_packfile_install(uint32_t *client_id, struct imsg *imsg)
192 struct gotd_imsg_packfile_install inst;
195 log_debug("packfile-install received");
197 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
198 if (datalen != sizeof(inst))
199 return got_error(GOT_ERR_PRIVSEP_LEN);
200 memcpy(&inst, imsg->data, sizeof(inst));
202 *client_id = inst.client_id;
206 static const struct got_error *
207 recv_ref_updates_start(uint32_t *client_id, struct imsg *imsg)
209 struct gotd_imsg_ref_updates_start istart;
212 log_debug("ref-updates-start received");
214 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
215 if (datalen != sizeof(istart))
216 return got_error(GOT_ERR_PRIVSEP_LEN);
217 memcpy(&istart, imsg->data, sizeof(istart));
219 *client_id = istart.client_id;
223 static const struct got_error *
224 recv_ref_update(uint32_t *client_id, struct imsg *imsg)
226 struct gotd_imsg_ref_update iref;
229 log_debug("ref-update received");
231 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
232 if (datalen < sizeof(iref))
233 return got_error(GOT_ERR_PRIVSEP_LEN);
234 memcpy(&iref, imsg->data, sizeof(iref));
236 *client_id = iref.client_id;
240 static const struct got_error *
241 send_ref_update_ok(struct gotd_session_client *client,
242 struct gotd_imsg_ref_update *iref, const char *refname)
244 struct gotd_imsg_ref_update_ok iok;
245 struct gotd_imsgev *iev = &client->iev;
249 memset(&iok, 0, sizeof(iok));
250 iok.client_id = client->id;
251 memcpy(iok.old_id, iref->old_id, SHA1_DIGEST_LENGTH);
252 memcpy(iok.new_id, iref->new_id, SHA1_DIGEST_LENGTH);
253 iok.name_len = strlen(refname);
255 len = sizeof(iok) + iok.name_len;
256 wbuf = imsg_create(&iev->ibuf, GOTD_IMSG_REF_UPDATE_OK,
257 gotd_session.proc_id, gotd_session.pid, len);
259 return got_error_from_errno("imsg_create REF_UPDATE_OK");
261 if (imsg_add(wbuf, &iok, sizeof(iok)) == -1)
262 return got_error_from_errno("imsg_add REF_UPDATE_OK");
263 if (imsg_add(wbuf, refname, iok.name_len) == -1)
264 return got_error_from_errno("imsg_add REF_UPDATE_OK");
266 imsg_close(&iev->ibuf, wbuf);
267 gotd_imsg_event_add(iev);
272 send_refs_updated(struct gotd_session_client *client)
274 if (gotd_imsg_compose_event(&client->iev, GOTD_IMSG_REFS_UPDATED,
275 gotd_session.proc_id, -1, NULL, 0) == -1)
276 log_warn("imsg compose REFS_UPDATED");
279 static const struct got_error *
280 send_ref_update_ng(struct gotd_session_client *client,
281 struct gotd_imsg_ref_update *iref, const char *refname,
284 const struct got_error *ng_err;
285 struct gotd_imsg_ref_update_ng ing;
286 struct gotd_imsgev *iev = &client->iev;
290 memset(&ing, 0, sizeof(ing));
291 ing.client_id = client->id;
292 memcpy(ing.old_id, iref->old_id, SHA1_DIGEST_LENGTH);
293 memcpy(ing.new_id, iref->new_id, SHA1_DIGEST_LENGTH);
294 ing.name_len = strlen(refname);
296 ng_err = got_error_fmt(GOT_ERR_REF_BUSY, "%s", reason);
297 ing.reason_len = strlen(ng_err->msg);
299 len = sizeof(ing) + ing.name_len + ing.reason_len;
300 wbuf = imsg_create(&iev->ibuf, GOTD_IMSG_REF_UPDATE_NG,
301 gotd_session.proc_id, gotd_session.pid, len);
303 return got_error_from_errno("imsg_create REF_UPDATE_NG");
305 if (imsg_add(wbuf, &ing, sizeof(ing)) == -1)
306 return got_error_from_errno("imsg_add REF_UPDATE_NG");
307 if (imsg_add(wbuf, refname, ing.name_len) == -1)
308 return got_error_from_errno("imsg_add REF_UPDATE_NG");
309 if (imsg_add(wbuf, ng_err->msg, ing.reason_len) == -1)
310 return got_error_from_errno("imsg_add REF_UPDATE_NG");
312 imsg_close(&iev->ibuf, wbuf);
313 gotd_imsg_event_add(iev);
317 static const struct got_error *
318 install_pack(struct gotd_session_client *client, const char *repo_path,
321 const struct got_error *err = NULL;
322 struct gotd_imsg_packfile_install inst;
323 char hex[SHA1_DIGEST_STRING_LENGTH];
325 char *packfile_path = NULL, *packidx_path = NULL;
327 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
328 if (datalen != sizeof(inst))
329 return got_error(GOT_ERR_PRIVSEP_LEN);
330 memcpy(&inst, imsg->data, sizeof(inst));
332 if (client->packfile_path == NULL)
333 return got_error_msg(GOT_ERR_BAD_REQUEST,
334 "client has no pack file");
335 if (client->packidx_path == NULL)
336 return got_error_msg(GOT_ERR_BAD_REQUEST,
337 "client has no pack file index");
339 if (got_sha1_digest_to_str(inst.pack_sha1, hex, sizeof(hex)) == NULL)
340 return got_error_msg(GOT_ERR_NO_SPACE,
341 "could not convert pack file SHA1 to hex");
343 if (asprintf(&packfile_path, "/%s/%s/pack-%s.pack",
344 repo_path, GOT_OBJECTS_PACK_DIR, hex) == -1) {
345 err = got_error_from_errno("asprintf");
349 if (asprintf(&packidx_path, "/%s/%s/pack-%s.idx",
350 repo_path, GOT_OBJECTS_PACK_DIR, hex) == -1) {
351 err = got_error_from_errno("asprintf");
355 if (rename(client->packfile_path, packfile_path) == -1) {
356 err = got_error_from_errno3("rename", client->packfile_path,
361 free(client->packfile_path);
362 client->packfile_path = NULL;
364 if (rename(client->packidx_path, packidx_path) == -1) {
365 err = got_error_from_errno3("rename", client->packidx_path,
370 /* Ensure we re-read the pack index list upon next access. */
371 gotd_session.repo->pack_path_mtime.tv_sec = 0;
372 gotd_session.repo->pack_path_mtime.tv_nsec = 0;
374 free(client->packidx_path);
375 client->packidx_path = NULL;
382 static const struct got_error *
383 begin_ref_updates(struct gotd_session_client *client, struct imsg *imsg)
385 struct gotd_imsg_ref_updates_start istart;
388 if (client->nref_updates != -1)
389 return got_error(GOT_ERR_PRIVSEP_MSG);
391 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
392 if (datalen != sizeof(istart))
393 return got_error(GOT_ERR_PRIVSEP_LEN);
394 memcpy(&istart, imsg->data, sizeof(istart));
396 if (istart.nref_updates <= 0)
397 return got_error(GOT_ERR_PRIVSEP_MSG);
399 client->nref_updates = istart.nref_updates;
403 static const struct got_error *
404 update_ref(int *shut, struct gotd_session_client *client,
405 const char *repo_path, struct imsg *imsg)
407 const struct got_error *err = NULL;
408 struct got_repository *repo = gotd_session.repo;
409 struct got_reference *ref = NULL;
410 struct gotd_imsg_ref_update iref;
411 struct got_object_id old_id, new_id;
412 struct got_object_id *id = NULL;
413 char *refname = NULL;
416 char hex1[SHA1_DIGEST_STRING_LENGTH];
417 char hex2[SHA1_DIGEST_STRING_LENGTH];
419 log_debug("update-ref from uid %d", client->euid);
421 if (client->nref_updates <= 0)
422 return got_error(GOT_ERR_PRIVSEP_MSG);
424 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
425 if (datalen < sizeof(iref))
426 return got_error(GOT_ERR_PRIVSEP_LEN);
427 memcpy(&iref, imsg->data, sizeof(iref));
428 if (datalen != sizeof(iref) + iref.name_len)
429 return got_error(GOT_ERR_PRIVSEP_LEN);
430 refname = strndup(imsg->data + sizeof(iref), iref.name_len);
432 return got_error_from_errno("strndup");
434 log_debug("updating ref %s for uid %d", refname, client->euid);
436 memcpy(old_id.sha1, iref.old_id, SHA1_DIGEST_LENGTH);
437 memcpy(new_id.sha1, iref.new_id, SHA1_DIGEST_LENGTH);
438 err = got_repo_find_object_id(iref.delete_ref ? &old_id : &new_id,
443 if (iref.ref_is_new) {
444 err = got_ref_open(&ref, repo, refname, 0);
446 if (err->code != GOT_ERR_NOT_REF)
448 err = got_ref_alloc(&ref, refname, &new_id);
451 err = got_ref_write(ref, repo); /* will lock/unlock */
455 err = got_ref_resolve(&id, repo, ref);
458 got_object_id_hex(&new_id, hex1, sizeof(hex1));
459 got_object_id_hex(id, hex2, sizeof(hex2));
460 err = got_error_fmt(GOT_ERR_REF_BUSY,
461 "Addition %s: %s failed; %s: %s has been "
462 "created by someone else while transaction "
464 got_ref_get_name(ref), hex1,
465 got_ref_get_name(ref), hex2);
468 } else if (iref.delete_ref) {
469 err = got_ref_open(&ref, repo, refname, 1 /* lock */);
474 err = got_ref_resolve(&id, repo, ref);
478 if (got_object_id_cmp(id, &old_id) != 0) {
479 got_object_id_hex(&old_id, hex1, sizeof(hex1));
480 got_object_id_hex(id, hex2, sizeof(hex2));
481 err = got_error_fmt(GOT_ERR_REF_BUSY,
482 "Deletion %s: %s failed; %s: %s has been "
483 "created by someone else while transaction "
485 got_ref_get_name(ref), hex1,
486 got_ref_get_name(ref), hex2);
490 err = got_ref_delete(ref, repo);
497 err = got_ref_open(&ref, repo, refname, 1 /* lock */);
502 err = got_ref_resolve(&id, repo, ref);
506 if (got_object_id_cmp(id, &old_id) != 0) {
507 got_object_id_hex(&old_id, hex1, sizeof(hex1));
508 got_object_id_hex(id, hex2, sizeof(hex2));
509 err = got_error_fmt(GOT_ERR_REF_BUSY,
510 "Update %s: %s failed; %s: %s has been "
511 "created by someone else while transaction "
513 got_ref_get_name(ref), hex1,
514 got_ref_get_name(ref), hex2);
518 if (got_object_id_cmp(&new_id, &old_id) != 0) {
519 err = got_ref_change_ref(ref, &new_id);
523 err = got_ref_write(ref, repo);
533 if (err->code == GOT_ERR_LOCKFILE_TIMEOUT) {
534 err = got_error_fmt(GOT_ERR_LOCKFILE_TIMEOUT,
535 "could not acquire exclusive file lock for %s",
538 send_ref_update_ng(client, &iref, refname, err->msg);
540 send_ref_update_ok(client, &iref, refname);
542 if (client->nref_updates > 0) {
543 client->nref_updates--;
544 if (client->nref_updates == 0) {
545 send_refs_updated(client);
546 client->flush_disconnect = 1;
551 const struct got_error *unlock_err;
552 unlock_err = got_ref_unlock(ref);
553 if (unlock_err && err == NULL)
564 session_dispatch_repo_child(int fd, short event, void *arg)
566 struct gotd_imsgev *iev = arg;
567 struct imsgbuf *ibuf = &iev->ibuf;
568 struct gotd_session_client *client = &gotd_session_client;
573 if (event & EV_READ) {
574 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
575 fatal("imsg_read error");
577 /* Connection closed. */
583 if (event & EV_WRITE) {
584 n = msgbuf_write(&ibuf->w);
585 if (n == -1 && errno != EAGAIN)
586 fatal("msgbuf_write");
588 /* Connection closed. */
595 const struct got_error *err = NULL;
596 uint32_t client_id = 0;
597 int do_disconnect = 0;
598 int do_ref_updates = 0, do_ref_update = 0;
599 int do_packfile_install = 0;
601 if ((n = imsg_get(ibuf, &imsg)) == -1)
602 fatal("%s: imsg_get error", __func__);
603 if (n == 0) /* No more messages. */
606 switch (imsg.hdr.type) {
607 case GOTD_IMSG_ERROR:
609 err = gotd_imsg_recv_error(&client_id, &imsg);
611 case GOTD_IMSG_PACKFILE_DONE:
613 err = recv_packfile_done(&client_id, &imsg);
615 case GOTD_IMSG_PACKFILE_INSTALL:
616 err = recv_packfile_install(&client_id, &imsg);
618 do_packfile_install = 1;
620 case GOTD_IMSG_REF_UPDATES_START:
621 err = recv_ref_updates_start(&client_id, &imsg);
625 case GOTD_IMSG_REF_UPDATE:
626 err = recv_ref_update(&client_id, &imsg);
631 log_debug("unexpected imsg %d", imsg.hdr.type);
637 disconnect_on_error(client, err);
641 if (do_packfile_install)
642 err = install_pack(client,
643 gotd_session.repo->path, &imsg);
644 else if (do_ref_updates)
645 err = begin_ref_updates(client, &imsg);
646 else if (do_ref_update)
647 err = update_ref(&shut, client,
648 gotd_session.repo->path, &imsg);
650 log_warnx("uid %d: %s", client->euid, err->msg);
656 gotd_imsg_event_add(iev);
658 /* This pipe is dead. Remove its event handler */
660 event_loopexit(NULL);
664 static const struct got_error *
665 recv_capabilities(struct gotd_session_client *client, struct imsg *imsg)
667 struct gotd_imsg_capabilities icapas;
670 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
671 if (datalen != sizeof(icapas))
672 return got_error(GOT_ERR_PRIVSEP_LEN);
673 memcpy(&icapas, imsg->data, sizeof(icapas));
675 client->ncapa_alloc = icapas.ncapabilities;
676 client->capabilities = calloc(client->ncapa_alloc,
677 sizeof(*client->capabilities));
678 if (client->capabilities == NULL) {
679 client->ncapa_alloc = 0;
680 return got_error_from_errno("calloc");
683 log_debug("expecting %zu capabilities from uid %d",
684 client->ncapa_alloc, client->euid);
688 static const struct got_error *
689 recv_capability(struct gotd_session_client *client, struct imsg *imsg)
691 struct gotd_imsg_capability icapa;
692 struct gotd_client_capability *capa;
694 char *key, *value = NULL;
696 if (client->capabilities == NULL ||
697 client->ncapabilities >= client->ncapa_alloc) {
698 return got_error_msg(GOT_ERR_BAD_REQUEST,
699 "unexpected capability received");
702 memset(&icapa, 0, sizeof(icapa));
704 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
705 if (datalen < sizeof(icapa))
706 return got_error(GOT_ERR_PRIVSEP_LEN);
707 memcpy(&icapa, imsg->data, sizeof(icapa));
709 if (datalen != sizeof(icapa) + icapa.key_len + icapa.value_len)
710 return got_error(GOT_ERR_PRIVSEP_LEN);
712 key = strndup(imsg->data + sizeof(icapa), icapa.key_len);
714 return got_error_from_errno("strndup");
715 if (icapa.value_len > 0) {
716 value = strndup(imsg->data + sizeof(icapa) + icapa.key_len,
720 return got_error_from_errno("strndup");
724 capa = &client->capabilities[client->ncapabilities++];
729 log_debug("uid %d: capability %s=%s", client->euid, key, value);
731 log_debug("uid %d: capability %s", client->euid, key);
736 static const struct got_error *
737 ensure_client_is_reading(struct gotd_session_client *client)
739 if (client->is_writing) {
740 return got_error_fmt(GOT_ERR_BAD_PACKET,
741 "uid %d made a read-request but is not reading from "
742 "a repository", client->euid);
748 static const struct got_error *
749 ensure_client_is_writing(struct gotd_session_client *client)
751 if (!client->is_writing) {
752 return got_error_fmt(GOT_ERR_BAD_PACKET,
753 "uid %d made a write-request but is not writing to "
754 "a repository", client->euid);
760 static const struct got_error *
761 forward_want(struct gotd_session_client *client, struct imsg *imsg)
763 struct gotd_imsg_want ireq;
764 struct gotd_imsg_want iwant;
767 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
768 if (datalen != sizeof(ireq))
769 return got_error(GOT_ERR_PRIVSEP_LEN);
771 memcpy(&ireq, imsg->data, datalen);
773 memset(&iwant, 0, sizeof(iwant));
774 memcpy(iwant.object_id, ireq.object_id, SHA1_DIGEST_LENGTH);
775 iwant.client_id = client->id;
777 if (gotd_imsg_compose_event(&client->repo_child_iev, GOTD_IMSG_WANT,
778 gotd_session.proc_id, -1, &iwant, sizeof(iwant)) == -1)
779 return got_error_from_errno("imsg compose WANT");
784 static const struct got_error *
785 forward_ref_update(struct gotd_session_client *client, struct imsg *imsg)
787 const struct got_error *err = NULL;
788 struct gotd_imsg_ref_update ireq;
789 struct gotd_imsg_ref_update *iref = NULL;
792 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
793 if (datalen < sizeof(ireq))
794 return got_error(GOT_ERR_PRIVSEP_LEN);
795 memcpy(&ireq, imsg->data, sizeof(ireq));
796 if (datalen != sizeof(ireq) + ireq.name_len)
797 return got_error(GOT_ERR_PRIVSEP_LEN);
799 iref = malloc(datalen);
801 return got_error_from_errno("malloc");
802 memcpy(iref, imsg->data, datalen);
804 iref->client_id = client->id;
805 if (gotd_imsg_compose_event(&client->repo_child_iev,
806 GOTD_IMSG_REF_UPDATE, gotd_session.proc_id, -1,
807 iref, datalen) == -1)
808 err = got_error_from_errno("imsg compose REF_UPDATE");
813 static const struct got_error *
814 forward_have(struct gotd_session_client *client, struct imsg *imsg)
816 struct gotd_imsg_have ireq;
817 struct gotd_imsg_have ihave;
820 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
821 if (datalen != sizeof(ireq))
822 return got_error(GOT_ERR_PRIVSEP_LEN);
824 memcpy(&ireq, imsg->data, datalen);
826 memset(&ihave, 0, sizeof(ihave));
827 memcpy(ihave.object_id, ireq.object_id, SHA1_DIGEST_LENGTH);
828 ihave.client_id = client->id;
830 if (gotd_imsg_compose_event(&client->repo_child_iev, GOTD_IMSG_HAVE,
831 gotd_session.proc_id, -1, &ihave, sizeof(ihave)) == -1)
832 return got_error_from_errno("imsg compose HAVE");
838 client_has_capability(struct gotd_session_client *client, const char *capastr)
840 struct gotd_client_capability *capa;
843 if (client->ncapabilities == 0)
846 for (i = 0; i < client->ncapabilities; i++) {
847 capa = &client->capabilities[i];
848 if (strcmp(capa->key, capastr) == 0)
855 static const struct got_error *
856 recv_packfile(struct gotd_session_client *client)
858 const struct got_error *err = NULL;
859 struct gotd_imsg_recv_packfile ipack;
860 struct gotd_imsg_packfile_pipe ipipe;
861 struct gotd_imsg_packidx_file ifile;
862 char *basepath = NULL, *pack_path = NULL, *idx_path = NULL;
863 int packfd = -1, idxfd = -1;
864 int pipe[2] = { -1, -1 };
866 if (client->packfile_path) {
867 return got_error_fmt(GOT_ERR_PRIVSEP_MSG,
868 "uid %d already has a pack file", client->euid);
871 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pipe) == -1)
872 return got_error_from_errno("socketpair");
874 memset(&ipipe, 0, sizeof(ipipe));
875 ipipe.client_id = client->id;
877 /* Send pack pipe end 0 to repo child process. */
878 if (gotd_imsg_compose_event(&client->repo_child_iev,
879 GOTD_IMSG_PACKFILE_PIPE, gotd_session.proc_id, pipe[0],
880 &ipipe, sizeof(ipipe)) == -1) {
881 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
887 /* Send pack pipe end 1 to gotsh(1) (expects just an fd, no data). */
888 if (gotd_imsg_compose_event(&client->iev,
889 GOTD_IMSG_PACKFILE_PIPE, gotd_session.proc_id, pipe[1],
891 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
894 if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.pack",
895 got_repo_get_path(gotd_session.repo), GOT_OBJECTS_PACK_DIR,
896 client->euid) == -1) {
897 err = got_error_from_errno("asprintf");
901 err = got_opentemp_named_fd(&pack_path, &packfd, basepath, "");
904 if (fchmod(packfd, GOT_DEFAULT_PACK_MODE) == -1) {
905 err = got_error_from_errno2("fchmod", pack_path);
910 if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.idx",
911 got_repo_get_path(gotd_session.repo), GOT_OBJECTS_PACK_DIR,
912 client->euid) == -1) {
913 err = got_error_from_errno("asprintf");
917 err = got_opentemp_named_fd(&idx_path, &idxfd, basepath, "");
920 if (fchmod(idxfd, GOT_DEFAULT_PACK_MODE) == -1) {
921 err = got_error_from_errno2("fchmod", idx_path);
925 memset(&ifile, 0, sizeof(ifile));
926 ifile.client_id = client->id;
927 if (gotd_imsg_compose_event(&client->repo_child_iev,
928 GOTD_IMSG_PACKIDX_FILE, gotd_session.proc_id,
929 idxfd, &ifile, sizeof(ifile)) == -1) {
930 err = got_error_from_errno("imsg compose PACKIDX_FILE");
936 memset(&ipack, 0, sizeof(ipack));
937 ipack.client_id = client->id;
938 if (client_has_capability(client, GOT_CAPA_REPORT_STATUS))
939 ipack.report_status = 1;
941 if (gotd_imsg_compose_event(&client->repo_child_iev,
942 GOTD_IMSG_RECV_PACKFILE, gotd_session.proc_id, packfd,
943 &ipack, sizeof(ipack)) == -1) {
944 err = got_error_from_errno("imsg compose RECV_PACKFILE");
952 if (pipe[0] != -1 && close(pipe[0]) == -1 && err == NULL)
953 err = got_error_from_errno("close");
954 if (pipe[1] != -1 && close(pipe[1]) == -1 && err == NULL)
955 err = got_error_from_errno("close");
956 if (packfd != -1 && close(packfd) == -1 && err == NULL)
957 err = got_error_from_errno("close");
958 if (idxfd != -1 && close(idxfd) == -1 && err == NULL)
959 err = got_error_from_errno("close");
964 client->packfile_path = pack_path;
965 client->packidx_path = idx_path;
970 static const struct got_error *
971 send_packfile(struct gotd_session_client *client)
973 const struct got_error *err = NULL;
974 struct gotd_imsg_send_packfile ipack;
975 struct gotd_imsg_packfile_pipe ipipe;
978 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pipe) == -1)
979 return got_error_from_errno("socketpair");
981 memset(&ipack, 0, sizeof(ipack));
982 memset(&ipipe, 0, sizeof(ipipe));
984 ipack.client_id = client->id;
985 if (client_has_capability(client, GOT_CAPA_SIDE_BAND_64K))
986 ipack.report_progress = 1;
988 client->delta_cache_fd = got_opentempfd();
989 if (client->delta_cache_fd == -1)
990 return got_error_from_errno("got_opentempfd");
992 if (gotd_imsg_compose_event(&client->repo_child_iev,
993 GOTD_IMSG_SEND_PACKFILE, PROC_GOTD, client->delta_cache_fd,
994 &ipack, sizeof(ipack)) == -1) {
995 err = got_error_from_errno("imsg compose SEND_PACKFILE");
1001 ipipe.client_id = client->id;
1003 /* Send pack pipe end 0 to repo child process. */
1004 if (gotd_imsg_compose_event(&client->repo_child_iev,
1005 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD,
1006 pipe[0], &ipipe, sizeof(ipipe)) == -1) {
1007 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
1012 /* Send pack pipe end 1 to gotsh(1) (expects just an fd, no data). */
1013 if (gotd_imsg_compose_event(&client->iev,
1014 GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD, pipe[1], NULL, 0) == -1)
1015 err = got_error_from_errno("imsg compose PACKFILE_PIPE");
1021 session_dispatch_client(int fd, short events, void *arg)
1023 struct gotd_imsgev *iev = arg;
1024 struct imsgbuf *ibuf = &iev->ibuf;
1025 struct gotd_session_client *client = &gotd_session_client;
1026 const struct got_error *err = NULL;
1030 if (events & EV_WRITE) {
1031 while (ibuf->w.queued) {
1032 n = msgbuf_write(&ibuf->w);
1033 if (n == -1 && errno == EPIPE) {
1035 * The client has closed its socket.
1036 * This can happen when Git clients are
1037 * done sending pack file data.
1039 msgbuf_clear(&ibuf->w);
1041 } else if (n == -1 && errno != EAGAIN) {
1042 err = got_error_from_errno("imsg_flush");
1043 disconnect_on_error(client, err);
1047 /* Connection closed. */
1048 err = got_error(GOT_ERR_EOF);
1049 disconnect_on_error(client, err);
1054 if (client->flush_disconnect) {
1060 if ((events & EV_READ) == 0)
1063 memset(&imsg, 0, sizeof(imsg));
1065 while (err == NULL) {
1066 err = gotd_imsg_recv(&imsg, ibuf, 0);
1068 if (err->code == GOT_ERR_PRIVSEP_READ)
1070 else if (err->code == GOT_ERR_EOF &&
1071 client->state == GOTD_STATE_EXPECT_CAPABILITIES) {
1073 * The client has closed its socket before
1074 * sending its capability announcement.
1075 * This can happen when Git clients have
1076 * no ref-updates to send.
1078 disconnect_on_error(client, err);
1084 evtimer_del(&client->tmo);
1086 switch (imsg.hdr.type) {
1087 case GOTD_IMSG_CAPABILITIES:
1088 if (client->state != GOTD_STATE_EXPECT_CAPABILITIES) {
1089 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1090 "unexpected capabilities received");
1093 log_debug("receiving capabilities from uid %d",
1095 err = recv_capabilities(client, &imsg);
1097 case GOTD_IMSG_CAPABILITY:
1098 if (client->state != GOTD_STATE_EXPECT_CAPABILITIES) {
1099 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1100 "unexpected capability received");
1103 err = recv_capability(client, &imsg);
1104 if (err || client->ncapabilities < client->ncapa_alloc)
1106 if (!client->is_writing) {
1107 client->state = GOTD_STATE_EXPECT_WANT;
1108 client->accept_flush_pkt = 1;
1109 log_debug("uid %d: expecting want-lines",
1111 } else if (client->is_writing) {
1112 client->state = GOTD_STATE_EXPECT_REF_UPDATE;
1113 client->accept_flush_pkt = 1;
1114 log_debug("uid %d: expecting ref-update-lines",
1117 fatalx("client %d is both reading and writing",
1120 case GOTD_IMSG_WANT:
1121 if (client->state != GOTD_STATE_EXPECT_WANT) {
1122 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1123 "unexpected want-line received");
1126 log_debug("received want-line from uid %d",
1128 err = ensure_client_is_reading(client);
1131 client->accept_flush_pkt = 1;
1132 err = forward_want(client, &imsg);
1134 case GOTD_IMSG_REF_UPDATE:
1135 if (client->state != GOTD_STATE_EXPECT_REF_UPDATE &&
1137 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1138 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1139 "unexpected ref-update-line received");
1142 log_debug("received ref-update-line from uid %d",
1144 err = ensure_client_is_writing(client);
1147 err = forward_ref_update(client, &imsg);
1150 client->state = GOTD_STATE_EXPECT_MORE_REF_UPDATES;
1151 client->accept_flush_pkt = 1;
1153 case GOTD_IMSG_HAVE:
1154 if (client->state != GOTD_STATE_EXPECT_HAVE) {
1155 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1156 "unexpected have-line received");
1159 log_debug("received have-line from uid %d",
1161 err = ensure_client_is_reading(client);
1164 err = forward_have(client, &imsg);
1167 client->accept_flush_pkt = 1;
1169 case GOTD_IMSG_FLUSH:
1170 if (client->state == GOTD_STATE_EXPECT_WANT ||
1171 client->state == GOTD_STATE_EXPECT_HAVE) {
1172 err = ensure_client_is_reading(client);
1175 } else if (client->state ==
1176 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1177 err = ensure_client_is_writing(client);
1180 } else if (client->state != GOTD_STATE_EXPECT_DONE) {
1181 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1182 "unexpected flush-pkt received");
1185 if (!client->accept_flush_pkt) {
1186 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1187 "unexpected flush-pkt received");
1192 * Accept just one flush packet at a time.
1193 * Future client state transitions will set this flag
1194 * again if another flush packet is expected.
1196 client->accept_flush_pkt = 0;
1198 log_debug("received flush-pkt from uid %d",
1200 if (client->state == GOTD_STATE_EXPECT_WANT) {
1201 client->state = GOTD_STATE_EXPECT_HAVE;
1202 log_debug("uid %d: expecting have-lines",
1204 } else if (client->state == GOTD_STATE_EXPECT_HAVE) {
1205 client->state = GOTD_STATE_EXPECT_DONE;
1206 client->accept_flush_pkt = 1;
1207 log_debug("uid %d: expecting 'done'",
1209 } else if (client->state ==
1210 GOTD_STATE_EXPECT_MORE_REF_UPDATES) {
1211 client->state = GOTD_STATE_EXPECT_PACKFILE;
1212 log_debug("uid %d: expecting packfile",
1214 err = recv_packfile(client);
1215 } else if (client->state != GOTD_STATE_EXPECT_DONE) {
1216 /* should not happen, see above */
1217 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1218 "unexpected client state");
1222 case GOTD_IMSG_DONE:
1223 if (client->state != GOTD_STATE_EXPECT_HAVE &&
1224 client->state != GOTD_STATE_EXPECT_DONE) {
1225 err = got_error_msg(GOT_ERR_BAD_REQUEST,
1226 "unexpected flush-pkt received");
1229 log_debug("received 'done' from uid %d", client->euid);
1230 err = ensure_client_is_reading(client);
1233 client->state = GOTD_STATE_DONE;
1234 client->accept_flush_pkt = 1;
1235 err = send_packfile(client);
1238 log_debug("unexpected imsg %d", imsg.hdr.type);
1239 err = got_error(GOT_ERR_PRIVSEP_MSG);
1247 if (err->code != GOT_ERR_EOF ||
1248 client->state != GOTD_STATE_EXPECT_PACKFILE)
1249 disconnect_on_error(client, err);
1251 gotd_imsg_event_add(iev);
1252 evtimer_add(&client->tmo, &gotd_session.request_timeout);
1256 static const struct got_error *
1257 list_refs_request(void)
1259 static const struct got_error *err;
1260 struct gotd_session_client *client = &gotd_session_client;
1261 struct gotd_imsgev *iev = &client->repo_child_iev;
1262 struct gotd_imsg_list_refs_internal ilref;
1265 if (client->state != GOTD_STATE_EXPECT_LIST_REFS)
1266 return got_error(GOT_ERR_PRIVSEP_MSG);
1268 memset(&ilref, 0, sizeof(ilref));
1269 ilref.client_id = client->id;
1271 fd = dup(client->fd);
1273 return got_error_from_errno("dup");
1275 if (gotd_imsg_compose_event(iev, GOTD_IMSG_LIST_REFS_INTERNAL,
1276 gotd_session.proc_id, fd, &ilref, sizeof(ilref)) == -1) {
1277 err = got_error_from_errno("imsg compose LIST_REFS_INTERNAL");
1282 client->state = GOTD_STATE_EXPECT_CAPABILITIES;
1283 log_debug("uid %d: expecting capabilities", client->euid);
1287 static const struct got_error *
1288 recv_connect(struct imsg *imsg)
1290 struct gotd_session_client *client = &gotd_session_client;
1291 struct gotd_imsg_connect iconnect;
1294 if (client->state != GOTD_STATE_EXPECT_LIST_REFS)
1295 return got_error(GOT_ERR_PRIVSEP_MSG);
1297 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1298 if (datalen != sizeof(iconnect))
1299 return got_error(GOT_ERR_PRIVSEP_LEN);
1300 memcpy(&iconnect, imsg->data, sizeof(iconnect));
1302 client->euid = iconnect.euid;
1303 client->egid = iconnect.egid;
1304 client->fd = imsg_get_fd(imsg);
1305 if (client->fd == -1)
1306 return got_error(GOT_ERR_PRIVSEP_NO_FD);
1308 imsg_init(&client->iev.ibuf, client->fd);
1309 client->iev.handler = session_dispatch_client;
1310 client->iev.events = EV_READ;
1311 client->iev.handler_arg = NULL;
1312 event_set(&client->iev.ev, client->iev.ibuf.fd, EV_READ,
1313 session_dispatch_client, &client->iev);
1314 gotd_imsg_event_add(&client->iev);
1315 evtimer_set(&client->tmo, gotd_request_timeout, client);
1320 static const struct got_error *
1321 recv_repo_child(struct imsg *imsg)
1323 struct gotd_imsg_connect_repo_child ichild;
1324 struct gotd_session_client *client = &gotd_session_client;
1328 if (client->state != GOTD_STATE_EXPECT_LIST_REFS)
1329 return got_error(GOT_ERR_PRIVSEP_MSG);
1331 /* We should already have received a pipe to the listener. */
1332 if (client->fd == -1)
1333 return got_error(GOT_ERR_PRIVSEP_MSG);
1335 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1336 if (datalen != sizeof(ichild))
1337 return got_error(GOT_ERR_PRIVSEP_LEN);
1339 memcpy(&ichild, imsg->data, sizeof(ichild));
1341 client->id = ichild.client_id;
1342 if (ichild.proc_id == PROC_REPO_WRITE)
1343 client->is_writing = 1;
1344 else if (ichild.proc_id == PROC_REPO_READ)
1345 client->is_writing = 0;
1347 return got_error_msg(GOT_ERR_PRIVSEP_MSG,
1348 "bad child process type");
1350 fd = imsg_get_fd(imsg);
1352 return got_error(GOT_ERR_PRIVSEP_NO_FD);
1354 imsg_init(&client->repo_child_iev.ibuf, fd);
1355 client->repo_child_iev.handler = session_dispatch_repo_child;
1356 client->repo_child_iev.events = EV_READ;
1357 client->repo_child_iev.handler_arg = NULL;
1358 event_set(&client->repo_child_iev.ev, client->repo_child_iev.ibuf.fd,
1359 EV_READ, session_dispatch_repo_child, &client->repo_child_iev);
1360 gotd_imsg_event_add(&client->repo_child_iev);
1362 /* The "recvfd" pledge promise is no longer needed. */
1363 if (pledge("stdio rpath wpath cpath sendfd fattr flock", NULL) == -1)
1370 session_dispatch(int fd, short event, void *arg)
1372 struct gotd_imsgev *iev = arg;
1373 struct imsgbuf *ibuf = &iev->ibuf;
1374 struct gotd_session_client *client = &gotd_session_client;
1379 if (event & EV_READ) {
1380 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
1381 fatal("imsg_read error");
1383 /* Connection closed. */
1389 if (event & EV_WRITE) {
1390 n = msgbuf_write(&ibuf->w);
1391 if (n == -1 && errno != EAGAIN)
1392 fatal("msgbuf_write");
1394 /* Connection closed. */
1401 const struct got_error *err = NULL;
1402 uint32_t client_id = 0;
1403 int do_disconnect = 0, do_list_refs = 0;
1405 if ((n = imsg_get(ibuf, &imsg)) == -1)
1406 fatal("%s: imsg_get error", __func__);
1407 if (n == 0) /* No more messages. */
1410 switch (imsg.hdr.type) {
1411 case GOTD_IMSG_ERROR:
1413 err = gotd_imsg_recv_error(&client_id, &imsg);
1415 case GOTD_IMSG_CONNECT:
1416 err = recv_connect(&imsg);
1418 case GOTD_IMSG_DISCONNECT:
1421 case GOTD_IMSG_CONNECT_REPO_CHILD:
1422 err = recv_repo_child(&imsg);
1428 log_debug("unexpected imsg %d", imsg.hdr.type);
1433 if (do_disconnect) {
1435 disconnect_on_error(client, err);
1438 } else if (do_list_refs)
1439 err = list_refs_request();
1442 log_warnx("uid %d: %s", client->euid, err->msg);
1446 gotd_imsg_event_add(iev);
1448 /* This pipe is dead. Remove its event handler */
1449 event_del(&iev->ev);
1450 event_loopexit(NULL);
1455 session_main(const char *title, const char *repo_path,
1456 int *pack_fds, int *temp_fds, struct timeval *request_timeout,
1457 enum gotd_procid proc_id)
1459 const struct got_error *err = NULL;
1460 struct event evsigint, evsigterm, evsighup, evsigusr1;
1462 gotd_session.title = title;
1463 gotd_session.pid = getpid();
1464 gotd_session.pack_fds = pack_fds;
1465 gotd_session.temp_fds = temp_fds;
1466 memcpy(&gotd_session.request_timeout, request_timeout,
1467 sizeof(gotd_session.request_timeout));
1468 gotd_session.proc_id = proc_id;
1470 err = got_repo_open(&gotd_session.repo, repo_path, NULL, pack_fds);
1473 if (!got_repo_is_bare(gotd_session.repo)) {
1474 err = got_error_msg(GOT_ERR_NOT_GIT_REPO,
1475 "bare git repository required");
1479 got_repo_temp_fds_set(gotd_session.repo, temp_fds);
1481 signal_set(&evsigint, SIGINT, gotd_session_sighdlr, NULL);
1482 signal_set(&evsigterm, SIGTERM, gotd_session_sighdlr, NULL);
1483 signal_set(&evsighup, SIGHUP, gotd_session_sighdlr, NULL);
1484 signal_set(&evsigusr1, SIGUSR1, gotd_session_sighdlr, NULL);
1485 signal(SIGPIPE, SIG_IGN);
1487 signal_add(&evsigint, NULL);
1488 signal_add(&evsigterm, NULL);
1489 signal_add(&evsighup, NULL);
1490 signal_add(&evsigusr1, NULL);
1492 gotd_session_client.state = GOTD_STATE_EXPECT_LIST_REFS;
1493 gotd_session_client.fd = -1;
1494 gotd_session_client.nref_updates = -1;
1495 gotd_session_client.delta_cache_fd = -1;
1496 gotd_session_client.accept_flush_pkt = 1;
1498 imsg_init(&gotd_session.parent_iev.ibuf, GOTD_FILENO_MSG_PIPE);
1499 gotd_session.parent_iev.handler = session_dispatch;
1500 gotd_session.parent_iev.events = EV_READ;
1501 gotd_session.parent_iev.handler_arg = NULL;
1502 event_set(&gotd_session.parent_iev.ev, gotd_session.parent_iev.ibuf.fd,
1503 EV_READ, session_dispatch, &gotd_session.parent_iev);
1504 if (gotd_imsg_compose_event(&gotd_session.parent_iev,
1505 GOTD_IMSG_CLIENT_SESSION_READY, gotd_session.proc_id,
1506 -1, NULL, 0) == -1) {
1507 err = got_error_from_errno("imsg compose CLIENT_SESSION_READY");
1514 log_warnx("%s: %s", title, err->msg);
1515 gotd_session_shutdown();
1519 gotd_session_shutdown(void)
1521 log_debug("shutting down");
1522 if (gotd_session.repo)
1523 got_repo_close(gotd_session.repo);
1524 got_repo_pack_fds_close(gotd_session.pack_fds);
1525 got_repo_temp_fds_close(gotd_session.temp_fds);
