Blob

Date:
Message:
add initial support for commit notifications to gotd(8) At present only email notifications are implemented. Code for HTTP notifications is not yet finished, hence HTTP-related documentation remains hidden for now. This adds a new 'notify' process which has an "exec" pledge. It runs helper programs which implement the notification transport layer, such as got-notify-email which speaks SMTP. This design avoids having to link all of gotd with network libraries and related crypto libraries. Notification content is generated by the 'repo_write' process. Commit log messages and diffstats are written to a file which the 'notify' process will pass on to its helpers on stdin. The default output looks similar to 'got log -d'. If too many new commits are present the output looks similar to 'got log -s' instead. Tags always look like 'got tag -l'. The session process coordinates generation of notifications. It maintains a notification queue which holds one notification per updated reference, and passes notification requests from this queue to the 'repo_write' process for notification content creation and then to the 'notify' process for notification delivery. Only one notification can be in flight at a time to avoid file descriptor starvation if many references get updated in a single client session. ok op@
Actions:
History | Blame | Raw File
1 /*

2  * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>

3  *

4  * Permission to use, copy, modify, and distribute this software for any

5  * purpose with or without fee is hereby granted, provided that the above

6  * copyright notice and this permission notice appear in all copies.

7  *

8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

15  */

18 #define GOTD_UNIX_SOCKET "/var/run/gotd.sock"

19 #define GOTD_UNIX_SOCKET_BACKLOG 10

20 #define GOTD_USER	"_gotd"

21 #define GOTD_CONF_PATH	"/etc/gotd.conf"

22 #define GOTD_EMPTY_PATH	"/var/empty"

24 #ifndef GOT_LIBEXECDIR

25 #define GOT_LIBEXECDIR /usr/libexec

26 #endif

28 #define GOTD_STRINGIFY(x) #x

29 #define GOTD_STRINGVAL(x) GOTD_STRINGIFY(x)

31 #define GOTD_PROG_NOTIFY_EMAIL	got-notify-email

32 #define GOTD_PROG_NOTIFY_HTTP	got-notify-http

34 #define GOTD_PATH_PROG_NOTIFY_EMAIL \

35 	GOTD_STRINGVAL(GOT_LIBEXECDIR) "/" \

36 	GOTD_STRINGVAL(GOTD_PROG_NOTIFY_EMAIL)

37 #define GOTD_PATH_PROG_NOTIFY_HTTP \

38 	GOTD_STRINGVAL(GOT_LIBEXECDIR) "/" \

39 	GOTD_STRINGVAL(GOTD_PROG_NOTIFY_HTTP)

41 #define GOTD_MAXCLIENTS		1024

42 #define GOTD_MAX_CONN_PER_UID	4

43 #define GOTD_FD_RESERVE		5

44 #define GOTD_FD_NEEDED		6

45 #define GOTD_FILENO_MSG_PIPE	3

47 #define GOTD_DEFAULT_REQUEST_TIMEOUT	3600

49 /* Client hash tables need some extra room. */

50 #define GOTD_CLIENT_TABLE_SIZE (GOTD_MAXCLIENTS * 4)

52 enum gotd_procid {

53 	PROC_GOTD	= 0,

54 	PROC_LISTEN,

55 	PROC_AUTH,

56 	PROC_SESSION_READ,

57 	PROC_SESSION_WRITE,

58 	PROC_REPO_READ,

59 	PROC_REPO_WRITE,

60 	PROC_GITWRAPPER,

61 	PROC_NOTIFY,

62 	PROC_MAX,

63 };

65 struct gotd_imsgev {

66 	struct imsgbuf	 ibuf;

67 	void		(*handler)(int, short, void *);

68 	void		*handler_arg;

69 	struct event	 ev;

70 	short		 events;

71 };

73 enum gotd_access {

74 	GOTD_ACCESS_PERMITTED = 1,

75 	GOTD_ACCESS_DENIED

76 };

78 struct gotd_access_rule {

79 	STAILQ_ENTRY(gotd_access_rule) entry;

81 	enum gotd_access access;

83 	int authorization;

84 #define GOTD_AUTH_READ		0x1

85 #define GOTD_AUTH_WRITE		0x2

87 	char *identifier;

88 };

89 STAILQ_HEAD(gotd_access_rule_list, gotd_access_rule);

91 enum gotd_notification_target_type {

92 	GOTD_NOTIFICATION_VIA_EMAIL,

93 	GOTD_NOTIFICATION_VIA_HTTP

94 };

96 struct gotd_notification_target {

97 	STAILQ_ENTRY(gotd_notification_target) entry;

99 	enum gotd_notification_target_type type;

100 	union {

101 		struct {

102 			char *sender;

103 			char *recipient;

104 			char *responder;

105 			char *hostname;

106 			char *port;

107 		} email;

108 		struct {

109 			char *url;

110 			char *user;

111 			char *password;

112 		} http;

113 	} conf;

114 };

115 STAILQ_HEAD(gotd_notification_targets, gotd_notification_target);

117 struct gotd_repo {

118 	TAILQ_ENTRY(gotd_repo)	 entry;

120 	char name[NAME_MAX];

121 	char path[PATH_MAX];

123 	struct gotd_access_rule_list rules;

124 	struct got_pathlist_head protected_tag_namespaces;

125 	struct got_pathlist_head protected_branch_namespaces;

126 	struct got_pathlist_head protected_branches;

128 	struct got_pathlist_head notification_refs;

129 	struct got_pathlist_head notification_ref_namespaces;

130 	struct gotd_notification_targets notification_targets;

131 };

132 TAILQ_HEAD(gotd_repolist, gotd_repo);

134 enum gotd_session_state {

135 	GOTD_STATE_EXPECT_LIST_REFS,

136 	GOTD_STATE_EXPECT_CAPABILITIES,

137 	GOTD_STATE_EXPECT_WANT,

138 	GOTD_STATE_EXPECT_REF_UPDATE,

139 	GOTD_STATE_EXPECT_MORE_REF_UPDATES,

140 	GOTD_STATE_EXPECT_HAVE,

141 	GOTD_STATE_EXPECT_PACKFILE,

142 	GOTD_STATE_EXPECT_DONE,

143 	GOTD_STATE_DONE,

144 	GOTD_STATE_NOTIFY,

145 };

147 struct gotd_client_capability {

148 	char *key;

149 	char *value;

150 };

152 struct gotd_object_id_array {

153 	struct got_object_id		**ids;

154 	size_t				 nalloc;

155 	size_t				 nids;

156 };

158 struct gotd_uid_connection_limit {

159 	uid_t uid;

160 	int max_connections;

161 };

163 struct gotd_child_proc;

165 struct gotd {

166 	pid_t pid;

167 	char unix_socket_path[PATH_MAX];

168 	char user_name[32];

169 	struct gotd_repolist repos;

170 	int nrepos;

171 	struct gotd_child_proc *listen_proc;

172 	struct gotd_child_proc *notify_proc;

173 	int notifications_enabled;

174 	struct timeval request_timeout;

175 	struct timeval auth_timeout;

176 	struct gotd_uid_connection_limit *connection_limits;

177 	size_t nconnection_limits;

179 	char *argv0;

180 	const char *confpath;

181 	int daemonize;

182 	int verbosity;

183 };

185 enum gotd_imsg_type {

186 	/* An error occured while processing a request. */

187 	GOTD_IMSG_ERROR,

189 	/* Commands used by gotctl(8). */

190 	GOTD_IMSG_INFO,

191 	GOTD_IMSG_INFO_REPO,

192 	GOTD_IMSG_INFO_CLIENT,

193 	GOTD_IMSG_STOP,

195 	/* Request a list of references. */

196 	GOTD_IMSG_LIST_REFS,

197 	GOTD_IMSG_LIST_REFS_INTERNAL,

199 	/* References. */

200 	GOTD_IMSG_REFLIST,

201 	GOTD_IMSG_REF,

202 	GOTD_IMSG_SYMREF,

204 	/* Git protocol capabilities. */

205 	GOTD_IMSG_CAPABILITIES,

206 	GOTD_IMSG_CAPABILITY,

208 	/* Git protocol chatter. */

209 	GOTD_IMSG_WANT,		/* The client wants an object. */

210 	GOTD_IMSG_HAVE,		/* The client has an object. */

211 	GOTD_IMSG_ACK,		/* The server has an object or a reference. */

212 	GOTD_IMSG_NAK,		/* The server does not have an object/ref. */

213 	GOTD_IMSG_REF_UPDATE,	/* The client wants to update a reference. */

214 	GOTD_IMSG_REF_DELETE,	/* The client wants to delete a reference. */

215 	GOTD_IMSG_FLUSH,	/* The client sent a flush packet. */

216 	GOTD_IMSG_DONE,		/* The client is done chatting. */

218 	/* Sending or receiving a pack file. */

219 	GOTD_IMSG_SEND_PACKFILE, /* The server is sending a pack file. */

220 	GOTD_IMSG_RECV_PACKFILE, /* The server is receiving a pack file. */

221 	GOTD_IMSG_PACKIDX_FILE,  /* Temporary file handle for new pack index. */

222 	GOTD_IMSG_PACKFILE_PIPE, /* Pipe to send/receive a pack file stream. */

223 	GOTD_IMSG_PACKFILE_PROGRESS, /* Progress reporting. */

224 	GOTD_IMSG_PACKFILE_READY, /* Pack file is ready to be sent. */

225 	GOTD_IMSG_PACKFILE_STATUS, /* Received pack success/failure status. */

226 	GOTD_IMSG_PACKFILE_INSTALL, /* Received pack file can be installed. */

227 	GOTD_IMSG_PACKFILE_DONE, /* Pack file has been sent/received. */

229 	/* Reference updates. */

230 	GOTD_IMSG_REF_UPDATES_START, /* Ref updates starting. */

231 	GOTD_IMSG_REF_UPDATE_OK, /* Update went OK. */

232 	GOTD_IMSG_REF_UPDATE_NG, /* Update was not good. */

233 	GOTD_IMSG_REFS_UPDATED, /* The server proccessed all ref updates. */

235 	/* Client connections. */

236 	GOTD_IMSG_DISCONNECT,

237 	GOTD_IMSG_CONNECT,

239 	/* Child process management. */

240 	GOTD_IMSG_CLIENT_SESSION_READY,

241 	GOTD_IMSG_REPO_CHILD_READY,

242 	GOTD_IMSG_CONNECT_REPO_CHILD,

244 	/* Auth child process. */

245 	GOTD_IMSG_AUTHENTICATE,

246 	GOTD_IMSG_ACCESS_GRANTED,

248 	/* Notify child process. */

249 	GOTD_IMSG_CONNECT_NOTIFIER,

250 	GOTD_IMSG_CONNECT_SESSION,

251 	GOTD_IMSG_NOTIFY,

252 	GOTD_IMSG_NOTIFICATION_SENT

253 };

255 /* Structure for GOTD_IMSG_ERROR. */

256 struct gotd_imsg_error {

257 	int code; /* an error code from got_error.h */

258 	int errno_code; /* in case code equals GOT_ERR_ERRNO */

259 	uint32_t client_id;

260 	char msg[GOT_ERR_MAX_MSG_SIZE];

261 } __attribute__((__packed__));

263 /* Structure for GOTD_IMSG_INFO. */

264 struct gotd_imsg_info {

265 	pid_t pid;

266 	int verbosity;

267 	int nrepos;

268 	int nclients;

270 	/* Followed by nrepos GOTD_IMSG_INFO_REPO messages. */

271 	/* Followed by nclients GOTD_IMSG_INFO_CLIENT messages. */

272 };

274 /* Structure for GOTD_IMSG_INFO_REPO. */

275 struct gotd_imsg_info_repo {

276 	char repo_name[NAME_MAX];

277 	char repo_path[PATH_MAX];

278 };

280 /* Structure for GOTD_IMSG_INFO_CLIENT */

281 struct gotd_imsg_info_client {

282 	uid_t euid;

283 	gid_t egid;

284 	char repo_name[NAME_MAX];

285 	int is_writing;

286 	pid_t session_child_pid;

287 	pid_t repo_child_pid;

288 };

290 /* Structure for GOTD_IMSG_LIST_REFS. */

291 struct gotd_imsg_list_refs {

292 	char repo_name[NAME_MAX];

293 	int client_is_reading; /* 1 if reading, 0 if writing */

294 };

296 /* Structure for GOTD_IMSG_LIST_REFS_INTERNAL. */

297 struct gotd_imsg_list_refs_internal {

298 	uint32_t client_id;

299 };

301 /* Structure for GOTD_IMSG_REFLIST. */

302 struct gotd_imsg_reflist {

303 	size_t nrefs;

305 	/* Followed by nrefs times of gotd_imsg_ref/gotd_imsg_symref data. */

306 } __attribute__((__packed__));

308 /* Structure for GOTD_IMSG_REF data. */

309 struct gotd_imsg_ref {

310 	uint8_t id[SHA1_DIGEST_LENGTH];

311 	size_t name_len;

312 	/* Followed by name_len data bytes. */

313 } __attribute__((__packed__));

315 /* Structure for GOTD_IMSG_SYMREF data. */

316 struct gotd_imsg_symref {

317 	size_t name_len;

318 	size_t target_len;

319 	uint8_t target_id[SHA1_DIGEST_LENGTH];

321 	/*

322 	 * Followed by name_len + target_len data bytes.

323 	 */

324 } __attribute__((__packed__));

326 /* Structure for GOTD_IMSG_CAPABILITIES data. */

327 struct gotd_imsg_capabilities {

328 	size_t ncapabilities;

330 	/*

331 	 * Followed by ncapabilities * GOTD_IMSG_CAPABILITY.

332 	 */

333 } __attribute__((__packed__));

335 /* Structure for GOTD_IMSG_CAPABILITY data. */

336 struct gotd_imsg_capability {

337 	size_t key_len;

338 	size_t value_len;

340 	/*

341 	 * Followed by key_len + value_len data bytes.

342 	 */

343 } __attribute__((__packed__));

345 /* Structure for GOTD_IMSG_WANT data. */

346 struct gotd_imsg_want {

347 	uint8_t object_id[SHA1_DIGEST_LENGTH];

348 	uint32_t client_id;

349 } __attribute__((__packed__));

351 /* Structure for GOTD_IMSG_HAVE data. */

352 struct gotd_imsg_have {

353 	uint8_t object_id[SHA1_DIGEST_LENGTH];

354 	uint32_t client_id;

355 } __attribute__((__packed__));

357 /* Structure for GOTD_IMSG_ACK data. */

358 struct gotd_imsg_ack {

359 	uint8_t object_id[SHA1_DIGEST_LENGTH];

360 	uint32_t client_id;

361 } __attribute__((__packed__));

363 /* Structure for GOTD_IMSG_NAK data. */

364 struct gotd_imsg_nak {

365 	uint8_t object_id[SHA1_DIGEST_LENGTH];

366 	uint32_t client_id;

367 } __attribute__((__packed__));

369 /* Structure for GOTD_IMSG_PACKFILE_STATUS data. */

370 struct gotd_imsg_packfile_status {

371 	size_t reason_len;

373 	/* Followed by reason_len data bytes. */

374 } __attribute__((__packed__));

377 /* Structure for GOTD_IMSG_REF_UPDATE data. */

378 struct gotd_imsg_ref_update {

379 	uint8_t old_id[SHA1_DIGEST_LENGTH];

380 	uint8_t new_id[SHA1_DIGEST_LENGTH];

381 	int ref_is_new;

382 	int delete_ref;

383 	uint32_t client_id;

384 	size_t name_len;

386 	/* Followed by name_len data bytes. */

387 } __attribute__((__packed__));

389 /* Structure for GOTD_IMSG_REF_UPDATES_START data. */

390 struct gotd_imsg_ref_updates_start {

391 	int nref_updates;

392 	uint32_t client_id;

394 	/* Followed by nref_updates GOT_IMSG_REF_UPDATE_OK/NG messages. */

395 };

397 /* Structure for GOTD_IMSG_REF_UPDATE_OK data. */

398 struct gotd_imsg_ref_update_ok {

399 	uint8_t old_id[SHA1_DIGEST_LENGTH];

400 	uint8_t new_id[SHA1_DIGEST_LENGTH];

401 	int ref_is_new;

402 	uint32_t client_id;

403 	size_t name_len;

405 	/* Followed by name_len data bytes. */

406 } __attribute__((__packed__));

408 /* Structure for GOTD_IMSG_REF_UPDATE_NG data. */

409 struct gotd_imsg_ref_update_ng {

410 	uint8_t old_id[SHA1_DIGEST_LENGTH];

411 	uint8_t new_id[SHA1_DIGEST_LENGTH];

412 	uint32_t client_id;

413 	size_t name_len;

414 	size_t reason_len;

416 	/* Followed by name_len + reason_len data bytes. */

417 } __attribute__((__packed__));

419 /* Structure for GOTD_IMSG_SEND_PACKFILE data. */

420 struct gotd_imsg_send_packfile {

421 	uint32_t client_id;

422 	int report_progress;

424 	/* delta cache file is sent as a file descriptor */

426 	/* followed by two GOTD_IMSG_PACKFILE_PIPE messages */

427 };

429 /* Structure for GOTD_IMSG_RECV_PACKFILE data. */

430 struct gotd_imsg_recv_packfile {

431 	uint32_t client_id;

432 	int report_status;

434 	/* pack destination temp file is sent as a file descriptor */

435 };

437 /* Structure for GOTD_IMSG_PACKFILE_PIPE data. */

438 struct gotd_imsg_packfile_pipe {

439 	uint32_t client_id;

440 };

442 /* Structure for GOTD_IMSG_PACKIDX_FILE data. */

443 struct gotd_imsg_packidx_file {

444 	uint32_t client_id;

445 };

448 /*

449  * Structure for GOTD_IMSG_PACKFILE_PROGRESS and

450  * GOTD_IMSG_PACKFILE_READY data.

451  */

452 struct gotd_imsg_packfile_progress {

453 	uint32_t client_id;

454 	int ncolored;

455 	int nfound;

456 	int ntrees;

457 	off_t packfile_size;

458 	int ncommits;

459 	int nobj_total;

460 	int nobj_deltify;

461 	int nobj_written;

462 };

464 /* Structure for GOTD_IMSG_PACKFILE_INSTALL. */

465 struct gotd_imsg_packfile_install {

466 	uint32_t client_id;

467 	uint8_t pack_sha1[SHA1_DIGEST_LENGTH];

468 };

470 /* Structure for GOTD_IMSG_PACKFILE_DONE data. */

471 struct gotd_imsg_packfile_done {

472 	uint32_t client_id;

473 };

475 /* Structure for GOTD_IMSG_DISCONNECT data. */

476 struct gotd_imsg_disconnect {

477 	uint32_t client_id;

478 };

480 /* Structure for GOTD_IMSG_CONNECT. */

481 struct gotd_imsg_connect {

482 	uint32_t client_id;

483 	uid_t euid;

484 	gid_t egid;

485 	size_t username_len;

487 	/* Followed by username_len data bytes. */

488 };

490 /* Structure for GOTD_IMSG_CONNECT_REPO_CHILD. */

491 struct gotd_imsg_connect_repo_child {

492 	uint32_t client_id;

493 	enum gotd_procid proc_id;

495 	/* repo child imsg pipe is passed via imsg fd */

496 };

498 /* Structure for GOTD_IMSG_AUTHENTICATE. */

499 struct gotd_imsg_auth {

500 	uid_t euid;

501 	gid_t egid;

502 	int required_auth;

503 	uint32_t client_id;

504 };

506 /* Structures for GOTD_IMSG_NOTIFY. */

507 enum gotd_notification_action {

508 	GOTD_NOTIF_ACTION_CREATED,

509 	GOTD_NOTIF_ACTION_REMOVED,

510 	GOTD_NOTIF_ACTION_CHANGED

511 };

512 /* IMSG_NOTIFY session <-> repo_write */

513 struct gotd_imsg_notification_content {

514 	uint32_t client_id;

515 	enum gotd_notification_action action;

516 	uint8_t old_id[SHA1_DIGEST_LENGTH];

517 	uint8_t new_id[SHA1_DIGEST_LENGTH];

518 	size_t refname_len;

519 	/* Followed by refname_len data bytes. */

520 };

521 /* IMSG_NOTIFY session -> notify*/

522 struct gotd_imsg_notify {

523 	char repo_name[NAME_MAX];

524 	char subject_line[64];

525 };

527 int parse_config(const char *, enum gotd_procid, struct gotd *);

528 struct gotd_repo *gotd_find_repo_by_name(const char *, struct gotd_repolist *);

529 struct gotd_repo *gotd_find_repo_by_path(const char *, struct gotd *);

530 struct gotd_uid_connection_limit *gotd_find_uid_connection_limit(

531     struct gotd_uid_connection_limit *limits, size_t nlimits, uid_t uid);

532 int gotd_parseuid(const char *s, uid_t *uid);

533 const struct got_error *gotd_parse_url(char **, char **, char **,

534     char **, const char *);

536 /* imsg.c */

537 const struct got_error *gotd_imsg_flush(struct imsgbuf *);

538 const struct got_error *gotd_imsg_recv(struct imsg *, struct imsgbuf *, size_t);

539 const struct got_error *gotd_imsg_poll_recv(struct imsg *, struct imsgbuf *,

540     size_t);

541 const struct got_error *gotd_imsg_recv_error(uint32_t *client_id,

542     struct imsg *imsg);

543 int gotd_imsg_send_error(struct imsgbuf *ibuf, uint32_t, uint32_t,

544     const struct got_error *);

545 int gotd_imsg_send_error_event(struct gotd_imsgev *, uint32_t, uint32_t,

546     const struct got_error *);

547 void gotd_imsg_event_add(struct gotd_imsgev *);

548 int gotd_imsg_compose_event(struct gotd_imsgev *, uint16_t, uint32_t, int,

549     void *, uint16_t);

550 int gotd_imsg_forward(struct gotd_imsgev *, struct imsg *, int);

552 void gotd_imsg_send_ack(struct got_object_id *, struct imsgbuf *,

553     uint32_t, pid_t);

554 void gotd_imsg_send_nak(struct got_object_id *, struct imsgbuf *,

555     uint32_t, pid_t);