1 /*
2  * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <sys/types.h>
18 #include <sys/queue.h>
19 #include <sys/uio.h>
20 
21 #include <errno.h>
22 #include <event.h>
23 #include <poll.h>
24 #include <limits.h>
25 #include <sha1.h>
26 #include <stdio.h>
27 #include <stdint.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <imsg.h>
31 #include <unistd.h>
32 
33 #include "got_error.h"
34 #include "got_serve.h"
35 #include "got_path.h"
36 #include "got_version.h"
37 #include "got_reference.h"
38 
39 #include "got_lib_pkt.h"
40 #include "got_lib_dial.h"
41 #include "got_lib_gitproto.h"
42 #include "got_lib_sha1.h"
43 #include "got_lib_poll.h"
44 
45 #include "gotd.h"
46 
47 #ifndef nitems
48 #define nitems(_a)	(sizeof((_a)) / sizeof((_a)[0]))
49 #endif
50 
51 static const struct got_capability read_capabilities[] = {
52 	{ GOT_CAPA_AGENT, "got/" GOT_VERSION_STR },
53 	{ GOT_CAPA_OFS_DELTA, NULL },
54 	{ GOT_CAPA_SIDE_BAND_64K, NULL },
55 };
56 
57 static const struct got_capability write_capabilities[] = {
58 	{ GOT_CAPA_AGENT, "got/" GOT_VERSION_STR },
59 	{ GOT_CAPA_OFS_DELTA, NULL },
60 	{ GOT_CAPA_REPORT_STATUS, NULL },
61 	{ GOT_CAPA_NO_THIN, NULL },
62 #if 0
63 	{ GOT_CAPA_DELETE_REFS, NULL },
64 #endif
65 };
66 
67 static const struct got_error *
68 parse_command(char **command, char **repo_path, const char *gitcmd)
69 {
70 	const struct got_error *err = NULL;
71 	size_t len, cmdlen, pathlen;
72 	char *path0 = NULL, *path, *abspath = NULL, *canonpath = NULL;
73 	const char *relpath;
74 
75 	*command = NULL;
76 	*repo_path = NULL;
77 
78 	len = strlen(gitcmd);
79 
80 	if (len >= strlen(GOT_SERVE_CMD_SEND) &&
81 	    strncmp(gitcmd, GOT_SERVE_CMD_SEND,
82 	    strlen(GOT_SERVE_CMD_SEND)) == 0)
83 		cmdlen = strlen(GOT_SERVE_CMD_SEND);
84 	else if (len >= strlen(GOT_SERVE_CMD_FETCH) &&
85 	    strncmp(gitcmd, GOT_SERVE_CMD_FETCH,
86 	    strlen(GOT_SERVE_CMD_FETCH)) == 0)
87 		cmdlen = strlen(GOT_SERVE_CMD_FETCH);
88 	else
89 		return got_error(GOT_ERR_BAD_PACKET);
90 
91 	if (len <= cmdlen + 1 || gitcmd[cmdlen] != ' ')
92 		return got_error(GOT_ERR_BAD_PACKET);
93 
94 	if (memchr(&gitcmd[cmdlen + 1], '\0', len - cmdlen) == NULL)
95 		return got_error(GOT_ERR_BAD_PATH);
96 
97 	/* Forbid linefeeds in paths, like Git does. */
98 	if (memchr(&gitcmd[cmdlen + 1], '\n', len - cmdlen) != NULL)
99 		return got_error(GOT_ERR_BAD_PATH);
100 
101 	path0 = strdup(&gitcmd[cmdlen + 1]);
102 	if (path0 == NULL)
103 		return got_error_from_errno("strdup");
104 	path = path0;
105 	pathlen = strlen(path);
106 
107 	/*
108 	 * Git clients send a shell command.
109 	 * Trim spaces and quotes around the path.
110 	 */
111 	while (path[0] == '\'' || path[0] == '\"' || path[0] == ' ') {
112 		path++;
113 		pathlen--;
114 	}
115 	while (pathlen > 0 &&
116 	    (path[pathlen - 1] == '\'' || path[pathlen - 1] == '\"' ||
117 	    path[pathlen - 1] == ' ')) {
118 		path[pathlen - 1] = '\0';
119 		pathlen--;
120 	}
121 
122 	/* Deny an empty repository path. */
123 	if (path[0] == '\0' || got_path_is_root_dir(path)) {
124 		err = got_error(GOT_ERR_NOT_GIT_REPO);
125 		goto done;
126 	}
127 
128 	if (asprintf(&abspath, "/%s", path) == -1) {
129 		err = got_error_from_errno("asprintf");
130 		goto done;
131 	}
132 	pathlen = strlen(abspath);
133 	canonpath = malloc(pathlen);
134 	if (canonpath == NULL) {
135 		err = got_error_from_errno("malloc");
136 		goto done;
137 	}
138 	err = got_canonpath(abspath, canonpath, pathlen);
139 	if (err)
140 		goto done;
141 
142 	relpath = canonpath;
143 	while (relpath[0] == '/')
144 		relpath++;
145 	*repo_path = strdup(relpath);
146 	if (*repo_path == NULL) {
147 		err = got_error_from_errno("strdup");
148 		goto done;
149 	}
150 	*command = strndup(gitcmd, cmdlen);
151 	if (*command == NULL)
152 		err = got_error_from_errno("strndup");
153 done:
154 	free(path0);
155 	free(abspath);
156 	free(canonpath);
157 	if (err) {
158 		free(*repo_path);
159 		*repo_path = NULL;
160 	}
161 	return err;
162 }
163 
164 static const struct got_error *
165 append_read_capabilities(size_t *capalen, size_t len, const char *symrefstr,
166     uint8_t *buf, size_t bufsize)
167 {
168 	struct got_capability capa[nitems(read_capabilities) + 1];
169 	size_t ncapa;
170 
171 	memcpy(&capa, read_capabilities, sizeof(read_capabilities));
172 	if (symrefstr) {
173 		capa[nitems(read_capabilities)].key = "symref";
174 		capa[nitems(read_capabilities)].value = symrefstr;
175 		ncapa = nitems(capa);
176 	} else
177 		ncapa = nitems(read_capabilities);
178 
179 	return got_gitproto_append_capabilities(capalen, buf, len,
180 	    bufsize, capa, ncapa);
181 }
182 
183 static const struct got_error *
184 send_ref(int outfd, uint8_t *id, const char *refname, int send_capabilities,
185     int client_is_reading, const char *symrefstr, int chattygot)
186 {
187 	const struct got_error *err = NULL;
188 	char hex[SHA1_DIGEST_STRING_LENGTH];
189 	char buf[GOT_PKT_MAX];
190 	size_t len, capalen = 0;
191 
192 	if (got_sha1_digest_to_str(id, hex, sizeof(hex)) == NULL) 
193 		return got_error(GOT_ERR_BAD_OBJ_ID);
194 
195 	len = snprintf(buf, sizeof(buf), "%s %s", hex, refname);
196 	if (len >= sizeof(buf))
197 		return got_error(GOT_ERR_NO_SPACE);
198 
199 	if (send_capabilities) {
200 		if (client_is_reading) {
201 			err = append_read_capabilities(&capalen, len,
202 			    symrefstr, buf, sizeof(buf));
203 		} else {
204 			err = got_gitproto_append_capabilities(&capalen,
205 			    buf, len, sizeof(buf), write_capabilities,
206 			    nitems(write_capabilities));
207 		}
208 		if (err)
209 			return err;
210 		len += capalen;
211 	}
212 
213 	if (len + 1 >= sizeof(buf))
214 		return got_error(GOT_ERR_NO_SPACE);
215 	buf[len] = '\n';
216 	len++;
217 	buf[len] = '\0';
218 
219 	return got_pkt_writepkt(outfd, buf, len, chattygot);
220 }
221 
222 static const struct got_error *
223 send_zero_refs(int outfd, int chattygot)
224 {
225 	const struct got_error *err = NULL;
226 	char buf[GOT_PKT_MAX];
227 	uint8_t zero[SHA1_DIGEST_LENGTH];
228 	char hex[SHA1_DIGEST_STRING_LENGTH];
229 	size_t len, capalen = 0;
230 
231 	memset(&zero, 0, sizeof(zero));
232 
233 	if (got_sha1_digest_to_str(zero, hex, sizeof(hex)) == NULL) 
234 		return got_error(GOT_ERR_BAD_OBJ_ID);
235 
236 	len = snprintf(buf, sizeof(buf), "%s capabilities^{}", hex);
237 	if (len >= sizeof(buf))
238 		return got_error(GOT_ERR_NO_SPACE);
239 
240 	err = got_gitproto_append_capabilities(&capalen, buf, len,
241 	    sizeof(buf), read_capabilities, nitems(read_capabilities));
242 	if (err)
243 		return err;
244 
245 	return got_pkt_writepkt(outfd, buf, len, chattygot);
246 }
247 
248 static void
249 echo_error(const struct got_error *err, int outfd, int chattygot)
250 {
251 	char buf[4 + GOT_ERR_MAX_MSG_SIZE];
252 	size_t len;
253 
254 	/*
255 	 * Echo the error to the client on a pkt-line.
256 	 * The client should then terminate its session.
257 	 */
258 	buf[0] = 'E'; buf[1] = 'R'; buf[2] = 'R'; buf[3] = ' '; buf[4] = '\0';
259 	len = strlcat(buf, err->msg, sizeof(buf));
260 	err = got_pkt_writepkt(outfd, buf, len, chattygot);
261 	abort();
262 }
263 
264 static const struct got_error *
265 announce_refs(int outfd, struct imsgbuf *ibuf, int client_is_reading,
266     const char *repo_path, int chattygot)
267 {
268 	const struct got_error *err = NULL;
269 	struct imsg imsg;
270 	size_t datalen;
271 	struct gotd_imsg_list_refs lsref;
272 	struct gotd_imsg_reflist ireflist;
273 	struct gotd_imsg_ref iref;
274 	struct gotd_imsg_symref isymref;
275 	size_t nrefs = 0;
276 	int have_nrefs = 0, sent_capabilities = 0;
277 	char *symrefname = NULL, *symreftarget = NULL, *symrefstr = NULL;
278 	char *refname = NULL;
279 
280 	memset(&imsg, 0, sizeof(imsg));
281 	memset(&lsref, 0, sizeof(lsref));
282 
283 	if (strlcpy(lsref.repo_name, repo_path, sizeof(lsref.repo_name)) >=
284 	    sizeof(lsref.repo_name))
285 		return got_error(GOT_ERR_NO_SPACE);
286 	lsref.client_is_reading = client_is_reading;
287 	
288 	if (imsg_compose(ibuf, GOTD_IMSG_LIST_REFS, 0, 0, -1,
289 	    &lsref, sizeof(lsref)) == -1)
290 		return got_error_from_errno("imsg_compose LIST_REFS");
291 
292 	err = gotd_imsg_flush(ibuf);
293 	if (err)
294 		return err;
295 
296 	while (!have_nrefs || nrefs > 0) {
297 		err = gotd_imsg_poll_recv(&imsg, ibuf, 0);
298 		if (err)
299 			goto done;
300 		datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
301 		switch (imsg.hdr.type) {
302 		case GOTD_IMSG_ERROR:
303 			err = gotd_imsg_recv_error(NULL, &imsg);
304 			goto done;
305 		case GOTD_IMSG_REFLIST:
306 			if (have_nrefs || nrefs > 0) {
307 				err = got_error(GOT_ERR_PRIVSEP_MSG);
308 				goto done;
309 			}
310 			if (datalen != sizeof(ireflist)) {
311 				err = got_error(GOT_ERR_PRIVSEP_MSG);
312 				goto done;
313 			}
314 			memcpy(&ireflist, imsg.data, sizeof(ireflist));
315 			nrefs = ireflist.nrefs;
316 			have_nrefs = 1;
317 			if (nrefs == 0)
318 				err = send_zero_refs(outfd, chattygot);
319 			break;
320 		case GOTD_IMSG_REF:
321 			if (!have_nrefs || nrefs == 0) {
322 				err = got_error(GOT_ERR_PRIVSEP_MSG);
323 				goto done;
324 			}
325 			if (datalen < sizeof(iref)) {
326 				err = got_error(GOT_ERR_PRIVSEP_MSG);
327 				goto done;
328 			}
329 			memcpy(&iref, imsg.data, sizeof(iref));
330 			if (datalen != sizeof(iref) + iref.name_len) {
331 				err = got_error(GOT_ERR_PRIVSEP_LEN);
332 				goto done;
333 			}
334 			refname = malloc(iref.name_len + 1);
335 			if (refname == NULL) {
336 				err = got_error_from_errno("malloc");
337 				goto done;
338 			}
339 			memcpy(refname, imsg.data + sizeof(iref),
340 			    iref.name_len);
341 			refname[iref.name_len] = '\0';
342 			err = send_ref(outfd, iref.id, refname,
343 			    !sent_capabilities, client_is_reading,
344 			    NULL, chattygot);
345 			free(refname);
346 			refname = NULL;
347 			if (err)
348 				goto done;
349 			sent_capabilities = 1;
350 			if (nrefs > 0)
351 				nrefs--;
352 			break;
353 		case GOTD_IMSG_SYMREF:
354 			if (!have_nrefs || nrefs == 0) {
355 				err = got_error(GOT_ERR_PRIVSEP_MSG);
356 				goto done;
357 			}
358 			if (datalen < sizeof(isymref)) {
359 				err = got_error(GOT_ERR_PRIVSEP_LEN);
360 				goto done;
361 			}
362 			memcpy(&isymref, imsg.data, sizeof(isymref));
363 			if (datalen != sizeof(isymref) + isymref.name_len +
364 			    isymref.target_len) {
365 				err = got_error(GOT_ERR_PRIVSEP_LEN);
366 				goto done;
367 			}
368 
369 			/*
370 			 * For now, we only announce one symbolic ref,
371 			 * as part of our capability advertisement.
372 			 */
373 			if (sent_capabilities || symrefstr != NULL ||
374 			    symrefname != NULL || symreftarget != NULL)
375 				break;
376 
377 			symrefname = malloc(isymref.name_len + 1);
378 			if (symrefname == NULL) {
379 				err = got_error_from_errno("malloc");
380 				goto done;
381 			}
382 			memcpy(symrefname, imsg.data + sizeof(isymref),
383 			    isymref.name_len);
384 			symrefname[isymref.name_len] = '\0';
385 
386 			symreftarget = malloc(isymref.target_len + 1);
387 			if (symreftarget == NULL) {
388 				err = got_error_from_errno("malloc");
389 				goto done;
390 			}
391 			memcpy(symreftarget,
392 			    imsg.data + sizeof(isymref) + isymref.name_len,
393 			    isymref.target_len);
394 			symreftarget[isymref.target_len] = '\0';
395 
396 			if (asprintf(&symrefstr, "%s:%s", symrefname,
397 			    symreftarget) == -1) {
398 				err = got_error_from_errno("asprintf");
399 				goto done;
400 			}
401 			err = send_ref(outfd, isymref.target_id, symrefname,
402 			    !sent_capabilities, client_is_reading, symrefstr,
403 			    chattygot);
404 			free(refname);
405 			refname = NULL;
406 			if (err)
407 				goto done;
408 			sent_capabilities = 1;
409 			if (nrefs > 0)
410 				nrefs--;
411 			break;
412 		default:
413 			err = got_error(GOT_ERR_PRIVSEP_MSG);
414 			break;
415 		}
416 
417 		imsg_free(&imsg);
418 	}
419 
420 	err = got_pkt_flushpkt(outfd, chattygot);
421 	if (err)
422 		goto done;
423 done:
424 	free(symrefstr);
425 	free(symrefname);
426 	free(symreftarget);
427 	return err;
428 }
429 
430 static const struct got_error *
431 parse_want_line(char **common_capabilities, uint8_t *id, char *buf, size_t len)
432 {
433 	const struct got_error *err;
434 	char *id_str = NULL, *client_capabilities = NULL;
435 
436 	err = got_gitproto_parse_want_line(&id_str,
437 	    &client_capabilities, buf, len);
438 	if (err)
439 		return err;
440 
441 	if (!got_parse_sha1_digest(id, id_str)) {
442 		err = got_error_msg(GOT_ERR_BAD_PACKET,
443 		    "want-line with bad object ID");
444 		goto done;
445 	}
446 
447 	if (client_capabilities) {
448 		err = got_gitproto_match_capabilities(common_capabilities,
449 		    NULL, client_capabilities, read_capabilities,
450 		    nitems(read_capabilities));
451 		if (err)
452 			goto done;
453 	}
454 done:
455 	free(id_str);
456 	free(client_capabilities);
457 	return err;
458 }
459 
460 static const struct got_error *
461 parse_have_line(uint8_t *id, char *buf, size_t len)
462 {
463 	const struct got_error *err;
464 	char *id_str = NULL;
465 
466 	err = got_gitproto_parse_have_line(&id_str, buf, len);
467 	if (err)
468 		return err;
469 
470 	if (!got_parse_sha1_digest(id, id_str)) {
471 		err = got_error_msg(GOT_ERR_BAD_PACKET,
472 		    "have-line with bad object ID");
473 		goto done;
474 	}
475 done:
476 	free(id_str);
477 	return err;
478 }
479 
480 static const struct got_error *
481 send_capability(struct got_capability *capa, struct imsgbuf *ibuf)
482 {
483 	const struct got_error *err = NULL;
484 	struct gotd_imsg_capability icapa;
485 	size_t len;
486 	struct ibuf *wbuf;
487 
488 	memset(&icapa, 0, sizeof(icapa));
489 
490 	icapa.key_len = strlen(capa->key);
491 	len = sizeof(icapa) + icapa.key_len;
492 	if (capa->value) {
493 		icapa.value_len = strlen(capa->value);
494 		len += icapa.value_len;
495 	}
496 
497 	wbuf = imsg_create(ibuf, GOTD_IMSG_CAPABILITY, 0, 0, len);
498 	if (wbuf == NULL) {
499 		err = got_error_from_errno("imsg_create CAPABILITY");
500 		return err;
501 	}
502 
503 	if (imsg_add(wbuf, &icapa, sizeof(icapa)) == -1)
504 		return got_error_from_errno("imsg_add CAPABILITY");
505 	if (imsg_add(wbuf, capa->key, icapa.key_len) == -1)
506 		return got_error_from_errno("imsg_add CAPABILITY");
507 	if (capa->value) {
508 		if (imsg_add(wbuf, capa->value, icapa.value_len) == -1)
509 			return got_error_from_errno("imsg_add CAPABILITY");
510 	}
511 
512 	wbuf->fd = -1;
513 	imsg_close(ibuf, wbuf);
514 
515 	return NULL;
516 }
517 
518 static const struct got_error *
519 send_capabilities(int *use_sidebands, int *report_status,
520     char *capabilities_str, struct imsgbuf *ibuf)
521 {
522 	const struct got_error *err = NULL;
523 	struct gotd_imsg_capabilities icapas;
524 	struct got_capability *capa = NULL;
525 	size_t ncapa, i;
526 
527 	err = got_gitproto_split_capabilities_str(&capa, &ncapa,
528 	    capabilities_str);
529 	if (err)
530 		return err;
531 
532 	icapas.ncapabilities = ncapa;
533 	if (imsg_compose(ibuf, GOTD_IMSG_CAPABILITIES, 0, 0, -1,
534 	    &icapas, sizeof(icapas)) == -1) {
535 		err = got_error_from_errno("imsg_compose IMSG_CAPABILITIES");
536 		goto done;
537 	}
538 
539 	for (i = 0; i < ncapa; i++) {
540 		err = send_capability(&capa[i], ibuf);
541 		if (err)
542 			goto done;
543 		if (use_sidebands &&
544 		    strcmp(capa[i].key, GOT_CAPA_SIDE_BAND_64K) == 0)
545 			*use_sidebands = 1;
546 		if (report_status &&
547 		    strcmp(capa[i].key, GOT_CAPA_REPORT_STATUS) == 0)
548 			*report_status = 1;
549 	}
550 done:
551 	free(capa);
552 	return err;
553 }
554 
555 static const struct got_error *
556 forward_flushpkt(struct imsgbuf *ibuf)
557 {
558 	if (imsg_compose(ibuf, GOTD_IMSG_FLUSH, 0, 0, -1, NULL, 0) == -1)
559 		return got_error_from_errno("imsg_compose FLUSH");
560 
561 	return gotd_imsg_flush(ibuf);
562 }
563 
564 static const struct got_error *
565 recv_ack(struct imsg *imsg, uint8_t *expected_id)
566 {
567 	struct gotd_imsg_ack iack;
568 	size_t datalen;
569 
570 	datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
571 	if (datalen != sizeof(iack))
572 		return got_error(GOT_ERR_PRIVSEP_LEN);
573 
574 	memcpy(&iack, imsg->data, sizeof(iack));
575 	if (memcmp(iack.object_id, expected_id, SHA1_DIGEST_LENGTH) != 0)
576 		return got_error(GOT_ERR_BAD_OBJ_ID);
577 
578 	return NULL;
579 }
580 
581 static const struct got_error *
582 recv_nak(struct imsg *imsg, uint8_t *expected_id)
583 {
584 	struct gotd_imsg_ack inak;
585 	size_t datalen;
586 
587 	datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
588 	if (datalen != sizeof(inak))
589 		return got_error(GOT_ERR_PRIVSEP_LEN);
590 
591 	memcpy(&inak, imsg->data, sizeof(inak));
592 	if (memcmp(inak.object_id, expected_id, SHA1_DIGEST_LENGTH) != 0)
593 		return got_error(GOT_ERR_BAD_OBJ_ID);
594 
595 	return NULL;
596 }
597 
598 
599 static const struct got_error *
600 recv_want(int *use_sidebands, int outfd, struct imsgbuf *ibuf,
601     char *buf, size_t len, int expect_capabilities, int chattygot)
602 {
603 	const struct got_error *err;
604 	struct gotd_imsg_want iwant;
605 	char *capabilities_str;
606 	int done = 0;
607 	struct imsg imsg;
608 
609 	memset(&iwant, 0, sizeof(iwant));
610 	memset(&imsg, 0, sizeof(imsg));
611 
612 	err = parse_want_line(&capabilities_str, iwant.object_id, buf, len);
613 	if (err)
614 		return err;
615 
616 	if (capabilities_str) {
617 		if (!expect_capabilities) {
618 			err = got_error_msg(GOT_ERR_BAD_PACKET,
619 			    "unexpected capability announcement received");
620 			goto done;
621 		}
622 		err = send_capabilities(use_sidebands, NULL, capabilities_str,
623 		    ibuf);
624 		if (err)
625 			goto done;
626 
627 	}
628 
629 	if (imsg_compose(ibuf, GOTD_IMSG_WANT, 0, 0, -1,
630 	    &iwant, sizeof(iwant)) == -1) {
631 		err = got_error_from_errno("imsg_compose WANT");
632 		goto done;
633 	}
634 
635 	err = gotd_imsg_flush(ibuf);
636 	if (err)
637 		goto done;
638 
639 	/*
640 	 * Wait for an ACK, or an error in case the desired object
641 	 * does not exist.
642 	 */
643 	while (!done && err == NULL) {
644 		err = gotd_imsg_poll_recv(&imsg, ibuf, 0);
645 		if (err)
646 			break;
647 		switch (imsg.hdr.type) {
648 		case GOTD_IMSG_ERROR:
649 			err = gotd_imsg_recv_error(NULL, &imsg);
650 			break;
651 		case GOTD_IMSG_ACK:
652 			err = recv_ack(&imsg, iwant.object_id);
653 			if (err)
654 				break;
655 			done = 1;
656 			break;
657 		default:
658 			err = got_error(GOT_ERR_PRIVSEP_MSG);
659 			break;
660 		}
661 
662 		imsg_free(&imsg);
663 	}
664 done:
665 	free(capabilities_str);
666 	return err;
667 }
668 
669 static const struct got_error *
670 send_ack(int outfd, uint8_t *id, int chattygot)
671 {
672 	char hex[SHA1_DIGEST_STRING_LENGTH];
673 	char buf[GOT_PKT_MAX];
674 	int len;
675 
676 	if (got_sha1_digest_to_str(id, hex, sizeof(hex)) == NULL) 
677 		return got_error(GOT_ERR_BAD_OBJ_ID);
678 
679 	len = snprintf(buf, sizeof(buf), "ACK %s\n", hex);
680 	if (len >= sizeof(buf))
681 		return got_error(GOT_ERR_NO_SPACE);
682 
683 	return got_pkt_writepkt(outfd, buf, len, chattygot);
684 }
685 
686 static const struct got_error *
687 send_nak(int outfd, int chattygot)
688 {
689 	char buf[5];
690 	int len;
691 
692 	len = snprintf(buf, sizeof(buf), "NAK\n");
693 	if (len >= sizeof(buf))
694 		return got_error(GOT_ERR_NO_SPACE);
695 
696 	return got_pkt_writepkt(outfd, buf, len, chattygot);
697 }
698 
699 static const struct got_error *
700 recv_have(int *have_ack, int outfd, struct imsgbuf *ibuf, char *buf,
701     size_t len, int chattygot)
702 {
703 	const struct got_error *err;
704 	struct gotd_imsg_have ihave;
705 	int done = 0;
706 	struct imsg imsg;
707 
708 	memset(&ihave, 0, sizeof(ihave));
709 	memset(&imsg, 0, sizeof(imsg));
710 
711 	err = parse_have_line(ihave.object_id, buf, len);
712 	if (err)
713 		return err;
714 
715 	if (imsg_compose(ibuf, GOTD_IMSG_HAVE, 0, 0, -1,
716 	    &ihave, sizeof(ihave)) == -1)
717 		return got_error_from_errno("imsg_compose HAVE");
718 
719 	err = gotd_imsg_flush(ibuf);
720 	if (err)
721 		return err;
722 
723 	/*
724 	 * Wait for an ACK or a NAK, indicating whether a common
725 	 * commit object has been found.
726 	 */
727 	while (!done && err == NULL) {
728 		err = gotd_imsg_poll_recv(&imsg, ibuf, 0);
729 		if (err)
730 			return err;
731 		switch (imsg.hdr.type) {
732 		case GOTD_IMSG_ERROR:
733 			err = gotd_imsg_recv_error(NULL, &imsg);
734 			break;
735 		case GOTD_IMSG_ACK:
736 			err = recv_ack(&imsg, ihave.object_id);
737 			if (err)
738 				break;
739 			if (!*have_ack) {
740 				err = send_ack(outfd, ihave.object_id,
741 				    chattygot);
742 				if (err)
743 					return err;
744 				*have_ack = 1;
745 			}
746 			done = 1;
747 			break;
748 		case GOTD_IMSG_NAK:
749 			err = recv_nak(&imsg, ihave.object_id);
750 			if (err)
751 				break;
752 			done = 1;
753 			break;
754 		default:
755 			err = got_error(GOT_ERR_PRIVSEP_MSG);
756 			break;
757 		}
758 
759 		imsg_free(&imsg);
760 	}
761 
762 	return err;
763 }
764 
765 static const struct got_error *
766 recv_done(int *packfd, int outfd, struct imsgbuf *ibuf, int chattygot)
767 {
768 	const struct got_error *err;
769 	struct imsg imsg;
770 
771 	*packfd = -1;
772 
773 	if (imsg_compose(ibuf, GOTD_IMSG_DONE, 0, 0, -1, NULL, 0) == -1)
774 		return got_error_from_errno("imsg_compose DONE");
775 
776 	err = gotd_imsg_flush(ibuf);
777 	if (err)
778 		return err;
779 
780 	while (*packfd == -1 && err == NULL) {
781 		err = gotd_imsg_poll_recv(&imsg, ibuf, 0);
782 		if (err)
783 			break;
784 
785 		switch (imsg.hdr.type) {
786 		case GOTD_IMSG_ERROR:
787 			err = gotd_imsg_recv_error(NULL, &imsg);
788 			break;
789 		case GOTD_IMSG_PACKFILE_PIPE:
790 			if (imsg.fd != -1)
791 				*packfd = imsg.fd;
792 			else
793 				err = got_error(GOT_ERR_PRIVSEP_NO_FD);
794 			break;
795 		default:
796 			err = got_error(GOT_ERR_PRIVSEP_MSG);
797 			break;
798 		}
799 
800 		imsg_free(&imsg);
801 	}
802 
803 	return err;
804 }
805 
806 static const struct got_error *
807 relay_progress_reports(struct imsgbuf *ibuf, int outfd, int chattygot)
808 {
809 	const struct got_error *err = NULL;
810 	int pack_starting = 0;
811 	struct gotd_imsg_packfile_progress iprog;
812 	char buf[GOT_PKT_MAX];
813 	struct imsg imsg;
814 	size_t datalen;
815 	int p_deltify = 0, n;
816 	const char *eol = "\r";
817 
818 	memset(&imsg, 0, sizeof(imsg));
819 
820 	while (!pack_starting && err == NULL) {
821 		err = gotd_imsg_poll_recv(&imsg, ibuf, 0);
822 		if (err)
823 			break;
824 
825 		datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
826 		switch (imsg.hdr.type) {
827 		case GOTD_IMSG_ERROR:
828 			err = gotd_imsg_recv_error(NULL, &imsg);
829 			break;
830 		case GOTD_IMSG_PACKFILE_READY:
831 			eol = "\n";
832 			pack_starting = 1;
833 			/* fallthrough */
834 		case GOTD_IMSG_PACKFILE_PROGRESS:
835 			if (datalen != sizeof(iprog)) {
836 				err = got_error(GOT_ERR_PRIVSEP_LEN);
837 				break;
838 			}
839 			memcpy(&iprog, imsg.data, sizeof(iprog));
840 			if (iprog.nobj_total > 0) {
841 				p_deltify = (iprog.nobj_deltify * 100) /
842 				    iprog.nobj_total;
843 			}
844 			buf[0] = GOT_SIDEBAND_PROGRESS_INFO;
845 			n = snprintf(&buf[1], sizeof(buf) - 1,
846 			    "%d commits colored, "
847 			    "%d objects found, "
848 			    "deltify %d%%%s",
849 			    iprog.ncolored, 
850 			    iprog.nfound, 
851 			    p_deltify, eol);
852 			if (n >= sizeof(buf) - 1)
853 				break;
854 			err = got_pkt_writepkt(outfd, buf, 1 + n, chattygot);
855 			break;
856 		default:
857 			err = got_error(GOT_ERR_PRIVSEP_MSG);
858 			break;
859 		}
860 
861 		imsg_free(&imsg);
862 	}
863 
864 	return err;
865 }
866 
867 static const struct got_error *
868 serve_read(int infd, int outfd, int gotd_sock, const char *repo_path,
869     int chattygot)
870 {
871 	const struct got_error *err = NULL;
872 	char buf[GOT_PKT_MAX];
873 	struct imsgbuf ibuf;
874 	enum protostate {
875 		STATE_EXPECT_WANT,
876 		STATE_EXPECT_MORE_WANT,
877 		STATE_EXPECT_HAVE,
878 		STATE_EXPECT_DONE,
879 		STATE_DONE,
880 	};
881 	enum protostate curstate = STATE_EXPECT_WANT;
882 	int have_ack = 0, use_sidebands = 0, seen_have = 0;
883 	int packfd = -1;
884 	size_t pack_chunksize;
885 
886 	imsg_init(&ibuf, gotd_sock);
887 
888 	err = announce_refs(outfd, &ibuf, 1, repo_path, chattygot);
889 	if (err)
890 		goto done;
891 
892 	while (curstate != STATE_DONE) {
893 		int n;
894 		buf[0] = '\0';
895 		err = got_pkt_readpkt(&n, infd, buf, sizeof(buf), chattygot);
896 		if (err)
897 			break;
898 		if (n == 0) {
899 			if (curstate != STATE_EXPECT_MORE_WANT &&
900 			    curstate != STATE_EXPECT_HAVE) {
901 				err = got_error_msg(GOT_ERR_BAD_PACKET,
902 				    "unexpected flush packet received");
903 				goto done;
904 			}
905 			err = forward_flushpkt(&ibuf);
906 			if (err)
907 				goto done;
908 			if (curstate == STATE_EXPECT_HAVE && !have_ack) {
909 				err = send_nak(outfd, chattygot);
910 				if (err)
911 					goto done;
912 			}
913 			if (curstate == STATE_EXPECT_MORE_WANT)
914 				curstate = STATE_EXPECT_HAVE;
915 			else
916 				curstate = STATE_EXPECT_DONE;
917 		} else if (n >= 5 && strncmp(buf, "want ", 5) == 0) {
918 			if (curstate != STATE_EXPECT_WANT &&
919 			    curstate != STATE_EXPECT_MORE_WANT) {
920 				err = got_error_msg(GOT_ERR_BAD_PACKET,
921 				    "unexpected 'want' packet");
922 				goto done;
923 			}
924 			err = recv_want(&use_sidebands, outfd, &ibuf, buf, n,
925 			    curstate == STATE_EXPECT_WANT ? 1 : 0, chattygot);
926 			if (err)
927 				goto done;
928 			if (curstate == STATE_EXPECT_WANT)
929 				curstate = STATE_EXPECT_MORE_WANT;
930 		} else if (n >= 5 && strncmp(buf, "have ", 5) == 0) {
931 			if (curstate != STATE_EXPECT_HAVE) {
932 				err = got_error_msg(GOT_ERR_BAD_PACKET,
933 				    "unexpected 'have' packet");
934 				goto done;
935 			}
936 			err = recv_have(&have_ack, outfd, &ibuf, buf, n,
937 			    chattygot);
938 			if (err)
939 				goto done;
940 			seen_have = 1;
941 		} else if (n == 5 && strncmp(buf, "done\n", 5) == 0) {
942 			if (curstate != STATE_EXPECT_HAVE &&
943 			    curstate != STATE_EXPECT_DONE) {
944 				err = got_error_msg(GOT_ERR_BAD_PACKET,
945 				    "unexpected 'done' packet");
946 				goto done;
947 			}
948 			err = recv_done(&packfd, outfd, &ibuf, chattygot);
949 			if (err)
950 				goto done;
951 			curstate = STATE_DONE;
952 			break;
953 		} else {
954 			err = got_error(GOT_ERR_BAD_PACKET);
955 			goto done;
956 		}
957 	}
958 
959 	if (!seen_have) {
960 		err = send_nak(outfd, chattygot);
961 		if (err)
962 			goto done;
963 	}
964 
965 	if (use_sidebands) {
966 		err = relay_progress_reports(&ibuf, outfd, chattygot);
967 		if (err)
968 			goto done;
969 		pack_chunksize = GOT_SIDEBAND_64K_PACKFILE_DATA_MAX;
970 	} else
971 		pack_chunksize = sizeof(buf);
972 
973 	for (;;) {
974 		ssize_t r, w;
975 
976 		r = read(packfd, use_sidebands ? &buf[1] : buf,
977 		    pack_chunksize);
978 		if (r == -1) {
979 			err = got_error_from_errno("read");
980 			break;
981 		} else if (r == 0) {
982 			err = got_pkt_flushpkt(outfd, chattygot);
983 			break;
984 		}
985 
986 		if (use_sidebands) {
987 			buf[0] = GOT_SIDEBAND_PACKFILE_DATA;
988 			err = got_pkt_writepkt(outfd, buf, 1 + r, chattygot);
989 			if (err)
990 				break;
991 		} else {
992 			w = write(outfd, buf, r);
993 			if (w == -1) {
994 				err = got_error_from_errno("write");
995 				break;
996 			} else if (w != r) {
997 				err = got_error(GOT_ERR_IO);
998 				break;
999 			}
1000 		}
1001 	}
1002 done:
1003 	imsg_clear(&ibuf);
1004 	if (packfd != -1 && close(packfd) == -1 && err == NULL)
1005 		err = got_error_from_errno("close");
1006 	if (err)
1007 		echo_error(err, outfd, chattygot);
1008 	return err;
1009 }
1010 
1011 static const struct got_error *
1012 parse_ref_update_line(char **common_capabilities, char **refname,
1013     uint8_t *old_id, uint8_t *new_id, char *buf, size_t len)
1014 {
1015 	const struct got_error *err;
1016 	char *old_id_str = NULL, *new_id_str = NULL;
1017 	char *client_capabilities = NULL;
1018 
1019 	*refname = NULL;
1020 
1021 	err = got_gitproto_parse_ref_update_line(&old_id_str, &new_id_str,
1022 	    refname, &client_capabilities, buf, len);
1023 	if (err)
1024 		return err;
1025 
1026 	if (!got_parse_sha1_digest(old_id, old_id_str) ||
1027 	    !got_parse_sha1_digest(new_id, new_id_str)) {
1028 		err = got_error_msg(GOT_ERR_BAD_PACKET,
1029 		    "ref-update with bad object ID");
1030 		goto done;
1031 	}
1032 	if (!got_ref_name_is_valid(*refname)) {
1033 		err = got_error_msg(GOT_ERR_BAD_PACKET,
1034 		    "ref-update with bad reference name");
1035 		goto done;
1036 	}
1037 
1038 	if (client_capabilities) {
1039 		err = got_gitproto_match_capabilities(common_capabilities,
1040 		    NULL, client_capabilities, write_capabilities,
1041 		    nitems(write_capabilities));
1042 		if (err)
1043 			goto done;
1044 	}
1045 done:
1046 	free(old_id_str);
1047 	free(new_id_str);
1048 	free(client_capabilities);
1049 	if (err) {
1050 		free(*refname);
1051 		*refname = NULL;
1052 	}
1053 	return err;
1054 }
1055 
1056 static const struct got_error *
1057 recv_ref_update(int *report_status, int outfd, struct imsgbuf *ibuf,
1058     char *buf, size_t len, int expect_capabilities, int chattygot)
1059 {
1060 	const struct got_error *err;
1061 	struct gotd_imsg_ref_update iref;
1062 	struct ibuf *wbuf;
1063 	char *capabilities_str = NULL, *refname = NULL;
1064 	int done = 0;
1065 	struct imsg imsg;
1066 
1067 	memset(&iref, 0, sizeof(iref));
1068 	memset(&imsg, 0, sizeof(imsg));
1069 
1070 	err = parse_ref_update_line(&capabilities_str, &refname,
1071 	    iref.old_id, iref.new_id, buf, len);
1072 	if (err)
1073 		return err;
1074 
1075 	if (capabilities_str) {
1076 		if (!expect_capabilities) {
1077 			err = got_error_msg(GOT_ERR_BAD_PACKET,
1078 			    "unexpected capability announcement received");
1079 			goto done;
1080 		}
1081 		err = send_capabilities(NULL, report_status, capabilities_str,
1082 		    ibuf);
1083 		if (err)
1084 			goto done;
1085 	}
1086 
1087 	iref.name_len = strlen(refname);
1088 	len = sizeof(iref) + iref.name_len;
1089 	wbuf = imsg_create(ibuf, GOTD_IMSG_REF_UPDATE, 0, 0, len);
1090 	if (wbuf == NULL) {
1091 		err = got_error_from_errno("imsg_create REF_UPDATE");
1092 		goto done;
1093 	}
1094 
1095 	if (imsg_add(wbuf, &iref, sizeof(iref)) == -1)
1096 		return got_error_from_errno("imsg_add REF_UPDATE");
1097 	if (imsg_add(wbuf, refname, iref.name_len) == -1)
1098 		return got_error_from_errno("imsg_add REF_UPDATE");
1099 	wbuf->fd = -1;
1100 	imsg_close(ibuf, wbuf);
1101 
1102 	err = gotd_imsg_flush(ibuf);
1103 	if (err)
1104 		goto done;
1105 
1106 	/* Wait for ACK or an error. */
1107 	while (!done && err == NULL) {
1108 		err = gotd_imsg_poll_recv(&imsg, ibuf, 0);
1109 		if (err)
1110 			break;
1111 		switch (imsg.hdr.type) {
1112 		case GOTD_IMSG_ERROR:
1113 			err = gotd_imsg_recv_error(NULL, &imsg);
1114 			break;
1115 		case GOTD_IMSG_ACK:
1116 			err = recv_ack(&imsg, iref.new_id);
1117 			if (err)
1118 				break;
1119 			done = 1;
1120 			break;
1121 		default:
1122 			err = got_error(GOT_ERR_PRIVSEP_MSG);
1123 			break;
1124 		}
1125 
1126 		imsg_free(&imsg);
1127 	}
1128 done:
1129 	free(capabilities_str);
1130 	free(refname);
1131 	return err;
1132 }
1133 
1134 static const struct got_error *
1135 recv_packfile(struct imsg *imsg, int infd)
1136 {
1137 	const struct got_error *err = NULL;
1138 	size_t datalen;
1139 	int packfd;
1140 	char buf[GOT_PKT_MAX];
1141 	int pack_done = 0;
1142 
1143 	datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1144 	if (datalen != 0)
1145 		return got_error(GOT_ERR_PRIVSEP_MSG);
1146 
1147 	if (imsg->fd == -1)
1148 		return got_error(GOT_ERR_PRIVSEP_NO_FD);
1149 	
1150 	packfd = imsg->fd;
1151 	while (!pack_done) {
1152 		ssize_t r = 0;
1153 
1154 		err = got_poll_fd(infd, POLLIN, 1);
1155 		if (err) {
1156 			if (err->code != GOT_ERR_TIMEOUT)
1157 				break;
1158 			err = NULL;
1159 		} else {
1160 			r = read(infd, buf, sizeof(buf));
1161 			if (r == -1) {
1162 				err = got_error_from_errno("read");
1163 				break;
1164 			}
1165 			if (r == 0) {
1166 				/*
1167 				 * Git clients hang up their side of the
1168 				 * connection after sending the pack file.
1169 				 */
1170 				err = NULL;
1171 				pack_done = 1;
1172 				break;
1173 			}
1174 		}
1175 
1176 		if (r == 0) {
1177 			/* Detect gotd(8) closing the pack pipe when done. */
1178 			err = got_poll_fd(packfd, POLLOUT, 1);
1179 			if (err) {
1180 				if (err->code != GOT_ERR_EOF)
1181 					break;
1182 				err = NULL;
1183 				pack_done = 1;
1184 			}
1185 		} else {
1186 			/* Write pack data and/or detect pipe being closed. */
1187 			err = got_poll_write_full(packfd, buf, r);
1188 			if (err) {
1189 				if (err->code == GOT_ERR_EOF)
1190 					err = NULL;
1191 				break;
1192 			}
1193 		}
1194 	}
1195 
1196 	close(packfd);
1197 	return err;
1198 }
1199 
1200 static const struct got_error *
1201 report_unpack_status(struct imsg *imsg, int outfd, int chattygot)
1202 {
1203 	const struct got_error *err = NULL;
1204 	struct gotd_imsg_packfile_status istatus;
1205 	char buf[GOT_PKT_MAX];
1206 	size_t datalen, len;
1207 	char *reason = NULL;
1208 
1209 	datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1210 	if (datalen < sizeof(istatus))
1211 		return got_error(GOT_ERR_PRIVSEP_LEN);
1212 	memcpy(&istatus, imsg->data, sizeof(istatus));
1213 	if (datalen != sizeof(istatus) + istatus.reason_len)
1214 		return got_error(GOT_ERR_PRIVSEP_LEN);
1215 
1216 	reason = malloc(istatus.reason_len + 1);
1217 	if (reason == NULL) {
1218 		err = got_error_from_errno("malloc");
1219 		goto done;
1220 	}
1221 	memcpy(reason, imsg->data + sizeof(istatus), istatus.reason_len);
1222 	reason[istatus.reason_len] = '\0';
1223 
1224 	if (err == NULL)
1225 		len = snprintf(buf, sizeof(buf), "unpack ok\n");
1226 	else
1227 		len = snprintf(buf, sizeof(buf), "unpack %s\n", reason);
1228 	if (len >= sizeof(buf)) {
1229 		err = got_error(GOT_ERR_NO_SPACE);
1230 		goto done;
1231 	}
1232 
1233 	err = got_pkt_writepkt(outfd, buf, len, chattygot);
1234 done:
1235 	free(reason);
1236 	return err;
1237 }
1238 
1239 static const struct got_error *
1240 recv_ref_update_ok(struct imsg *imsg, int outfd, int chattygot)
1241 {
1242 	const struct got_error *err = NULL;
1243 	struct gotd_imsg_ref_update_ok iok;
1244 	size_t datalen, len;
1245 	char buf[GOT_PKT_MAX];
1246 	char *refname = NULL;
1247 
1248 	datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1249 	if (datalen < sizeof(iok))
1250 		return got_error(GOT_ERR_PRIVSEP_LEN);
1251 	memcpy(&iok, imsg->data, sizeof(iok));
1252 	if (datalen != sizeof(iok) + iok.name_len)
1253 		return got_error(GOT_ERR_PRIVSEP_LEN);
1254 
1255 	memcpy(&iok, imsg->data, sizeof(iok));
1256 
1257 	refname = malloc(iok.name_len + 1);
1258 	if (refname == NULL)
1259 		return got_error_from_errno("malloc");
1260 	memcpy(refname, imsg->data + sizeof(iok), iok.name_len);
1261 	refname[iok.name_len] = '\0';
1262 
1263 	len = snprintf(buf, sizeof(buf), "ok %s\n", refname);
1264 	if (len >= sizeof(buf)) {
1265 		err = got_error(GOT_ERR_NO_SPACE);
1266 		goto done;
1267 	}
1268 
1269 	err = got_pkt_writepkt(outfd, buf, len, chattygot);
1270 done:
1271 	free(refname);
1272 	return err;
1273 }
1274 
1275 static const struct got_error *
1276 recv_ref_update_ng(struct imsg *imsg, int outfd, int chattygot)
1277 {
1278 	const struct got_error *err = NULL;
1279 	struct gotd_imsg_ref_update_ng ing;
1280 	size_t datalen, len;
1281 	char buf[GOT_PKT_MAX];
1282 	char *refname = NULL, *reason = NULL;
1283 
1284 	datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1285 	if (datalen < sizeof(ing))
1286 		return got_error(GOT_ERR_PRIVSEP_LEN);
1287 	memcpy(&ing, imsg->data, sizeof(ing));
1288 	if (datalen != sizeof(ing) + ing.name_len + ing.reason_len)
1289 		return got_error(GOT_ERR_PRIVSEP_LEN);
1290 
1291 	memcpy(&ing, imsg->data, sizeof(ing));
1292 
1293 	refname = malloc(ing.name_len + 1);
1294 	if (refname == NULL)
1295 		return got_error_from_errno("malloc");
1296 	memcpy(refname, imsg->data + sizeof(ing), ing.name_len);
1297 	refname[ing.name_len] = '\0';
1298 
1299 	reason = malloc(ing.reason_len + 1);
1300 	if (reason == NULL) {
1301 		err = got_error_from_errno("malloc");
1302 		goto done;
1303 	}
1304 	memcpy(refname, imsg->data + sizeof(ing) + ing.name_len,
1305 	    ing.reason_len);
1306 	refname[ing.reason_len] = '\0';
1307 
1308 	len = snprintf(buf, sizeof(buf), "ng %s %s\n", refname, reason);
1309 	if (len >= sizeof(buf)) {
1310 		err = got_error(GOT_ERR_NO_SPACE);
1311 		goto done;
1312 	}
1313 
1314 	err = got_pkt_writepkt(outfd, buf, len, chattygot);
1315 done:
1316 	free(refname);
1317 	free(reason);
1318 	return err;
1319 }
1320 
1321 static const struct got_error *
1322 serve_write(int infd, int outfd, int gotd_sock, const char *repo_path,
1323     int chattygot)
1324 {
1325 	const struct got_error *err = NULL;
1326 	char buf[GOT_PKT_MAX];
1327 	struct imsgbuf ibuf;
1328 	enum protostate {
1329 		STATE_EXPECT_REF_UPDATE,
1330 		STATE_EXPECT_MORE_REF_UPDATES,
1331 		STATE_EXPECT_PACKFILE,
1332 		STATE_PACKFILE_RECEIVED,
1333 		STATE_REFS_UPDATED,
1334 	};
1335 	enum protostate curstate = STATE_EXPECT_REF_UPDATE;
1336 	struct imsg imsg;
1337 	int report_status = 0;
1338 
1339 	imsg_init(&ibuf, gotd_sock);
1340 	memset(&imsg, 0, sizeof(imsg));
1341 
1342 	err = announce_refs(outfd, &ibuf, 0, repo_path, chattygot);
1343 	if (err)
1344 		goto done;
1345 
1346 	while (curstate != STATE_EXPECT_PACKFILE) {
1347 		int n;
1348 		buf[0] = '\0';
1349 		err = got_pkt_readpkt(&n, infd, buf, sizeof(buf), chattygot);
1350 		if (err)
1351 			break;
1352 		if (n == 0) {
1353 			if (curstate != STATE_EXPECT_MORE_REF_UPDATES) {
1354 				err = got_error_msg(GOT_ERR_BAD_PACKET,
1355 				    "unexpected flush packet received");
1356 				goto done;
1357 			}
1358 			err = forward_flushpkt(&ibuf);
1359 			if (err)
1360 				goto done;
1361 			curstate = STATE_EXPECT_PACKFILE;
1362 		} else if (n >= (SHA1_DIGEST_STRING_LENGTH * 2) + 2) {
1363 			if (curstate != STATE_EXPECT_REF_UPDATE &&
1364 			    curstate != STATE_EXPECT_MORE_REF_UPDATES) {
1365 				err = got_error_msg(GOT_ERR_BAD_PACKET,
1366 				    "unexpected ref-update packet");
1367 				goto done;
1368 			}
1369 			if (curstate == STATE_EXPECT_REF_UPDATE) {
1370 				err = recv_ref_update(&report_status,
1371 				    outfd, &ibuf, buf, n, 1, chattygot);
1372 			} else {
1373 				err = recv_ref_update(NULL, outfd, &ibuf,
1374 				    buf, n, 0, chattygot);
1375 			}
1376 			if (err)
1377 				goto done;
1378 			curstate = STATE_EXPECT_MORE_REF_UPDATES;
1379 		} else {
1380 			err = got_error(GOT_ERR_BAD_PACKET);
1381 			goto done;
1382 		}
1383 	}
1384 
1385 	while (curstate != STATE_PACKFILE_RECEIVED) {
1386 		err = gotd_imsg_poll_recv(&imsg, &ibuf, 0);
1387 		if (err)
1388 			goto done;
1389 		switch (imsg.hdr.type) {
1390 		case GOTD_IMSG_ERROR:
1391 			err = gotd_imsg_recv_error(NULL, &imsg);
1392 			goto done;
1393 		case GOTD_IMSG_PACKFILE_PIPE:
1394 			err = recv_packfile(&imsg, infd);
1395 			if (err) {
1396 				if (err->code != GOT_ERR_EOF)
1397 					goto done;
1398 				/*
1399 				 * EOF is reported when the client hangs up,
1400 				 * which can happen with Git clients.
1401 				 * The socket should stay half-open so we
1402 				 * can still send our reports if requested.
1403 				 */
1404 				err = NULL;
1405 			}
1406 			curstate = STATE_PACKFILE_RECEIVED;
1407 			break;
1408 		default:
1409 			err = got_error(GOT_ERR_PRIVSEP_MSG);
1410 			break;
1411 		}
1412 
1413 		imsg_free(&imsg);
1414 		if (err)
1415 			goto done;
1416 	}
1417 
1418 	while (curstate != STATE_REFS_UPDATED && err == NULL) {
1419 		err = gotd_imsg_poll_recv(&imsg, &ibuf, 0);
1420 		if (err)
1421 			break;
1422 		switch (imsg.hdr.type) {
1423 		case GOTD_IMSG_ERROR:
1424 			err = gotd_imsg_recv_error(NULL, &imsg);
1425 			break;
1426 		case GOTD_IMSG_PACKFILE_STATUS:
1427 			if (!report_status)
1428 				break;
1429 			err = report_unpack_status(&imsg, outfd, chattygot);
1430 			break;
1431 		case GOTD_IMSG_REF_UPDATE_OK:
1432 			if (!report_status)
1433 				break;
1434 			err = recv_ref_update_ok(&imsg, outfd, chattygot);
1435 			break;
1436 		case GOTD_IMSG_REF_UPDATE_NG:
1437 			if (!report_status)
1438 				break;
1439 			err = recv_ref_update_ng(&imsg, outfd, chattygot);
1440 			break;
1441 		case GOTD_IMSG_REFS_UPDATED:
1442 			curstate = STATE_REFS_UPDATED;
1443 			err = got_pkt_flushpkt(outfd, chattygot);
1444 			break;
1445 		default:
1446 			err = got_error(GOT_ERR_PRIVSEP_MSG);
1447 			break;
1448 		}
1449 
1450 		imsg_free(&imsg);
1451 	}
1452 done:
1453 	imsg_clear(&ibuf);
1454 	if (err)
1455 		echo_error(err, outfd, chattygot);
1456 	return err;
1457 }
1458 
1459 const struct got_error *
1460 got_serve(int infd, int outfd, const char *gitcmd, int gotd_sock, int chattygot)
1461 {
1462 	const struct got_error *err = NULL;
1463 	char *command = NULL, *repo_path = NULL;
1464 
1465 	err = parse_command(&command, &repo_path, gitcmd);
1466 	if (err)
1467 		return err;
1468 
1469 	if (strcmp(command, GOT_SERVE_CMD_FETCH) == 0)
1470 		err = serve_read(infd, outfd, gotd_sock, repo_path, chattygot);
1471 	else if (strcmp(command, GOT_SERVE_CMD_SEND) == 0)
1472 		err = serve_write(infd, outfd, gotd_sock, repo_path, chattygot);
1473 	else
1474 		err = got_error(GOT_ERR_BAD_PACKET);
1475 
1476 	free(command);
1477 	free(repo_path);
1478 	return err;
1479 }