1 /*
2  * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <sys/types.h>
18 #include <sys/queue.h>
19 #include <sys/uio.h>
20 
21 #include <errno.h>
22 #include <event.h>
23 #include <poll.h>
24 #include <limits.h>
25 #include <sha1.h>
26 #include <stdio.h>
27 #include <stdint.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <imsg.h>
31 #include <unistd.h>
32 
33 #include "got_error.h"
34 #include "got_serve.h"
35 #include "got_path.h"
36 #include "got_version.h"
37 #include "got_reference.h"
38 
39 #include "got_lib_pkt.h"
40 #include "got_lib_dial.h"
41 #include "got_lib_gitproto.h"
42 #include "got_lib_sha1.h"
43 #include "got_lib_poll.h"
44 
45 #include "gotd.h"
46 
47 #ifndef nitems
48 #define nitems(_a)	(sizeof((_a)) / sizeof((_a)[0]))
49 #endif
50 
51 static const struct got_capability read_capabilities[] = {
52 	{ GOT_CAPA_AGENT, "got/" GOT_VERSION_STR },
53 	{ GOT_CAPA_OFS_DELTA, NULL },
54 	{ GOT_CAPA_SIDE_BAND_64K, NULL },
55 };
56 
57 static const struct got_capability write_capabilities[] = {
58 	{ GOT_CAPA_AGENT, "got/" GOT_VERSION_STR },
59 	{ GOT_CAPA_OFS_DELTA, NULL },
60 	{ GOT_CAPA_REPORT_STATUS, NULL },
61 	{ GOT_CAPA_NO_THIN, NULL },
62 #if 0
63 	{ GOT_CAPA_DELETE_REFS, NULL },
64 #endif
65 };
66 
67 static const struct got_error *
68 parse_command(char **command, char **repo_path, const char *gitcmd)
69 {
70 	const struct got_error *err = NULL;
71 	size_t len, cmdlen, pathlen;
72 	char *path0 = NULL, *path, *abspath = NULL, *canonpath = NULL;
73 	const char *relpath;
74 
75 	*command = NULL;
76 	*repo_path = NULL;
77 
78 	len = strlen(gitcmd);
79 
80 	if (len >= strlen(GOT_SERVE_CMD_SEND) &&
81 	    strncmp(gitcmd, GOT_SERVE_CMD_SEND,
82 	    strlen(GOT_SERVE_CMD_SEND)) == 0)
83 		cmdlen = strlen(GOT_SERVE_CMD_SEND);
84 	else if (len >= strlen(GOT_SERVE_CMD_FETCH) &&
85 	    strncmp(gitcmd, GOT_SERVE_CMD_FETCH,
86 	    strlen(GOT_SERVE_CMD_FETCH)) == 0)
87 		cmdlen = strlen(GOT_SERVE_CMD_FETCH);
88 	else
89 		return got_error(GOT_ERR_BAD_PACKET);
90 
91 	if (len <= cmdlen + 1 || gitcmd[cmdlen] != ' ')
92 		return got_error(GOT_ERR_BAD_PACKET);
93 
94 	if (memchr(&gitcmd[cmdlen + 1], '\0', len - cmdlen) == NULL)
95 		return got_error(GOT_ERR_BAD_PATH);
96 
97 	/* Forbid linefeeds in paths, like Git does. */
98 	if (memchr(&gitcmd[cmdlen + 1], '\n', len - cmdlen) != NULL)
99 		return got_error(GOT_ERR_BAD_PATH);
100 
101 	path0 = strdup(&gitcmd[cmdlen + 1]);
102 	if (path0 == NULL)
103 		return got_error_from_errno("strdup");
104 	path = path0;
105 	pathlen = strlen(path);
106 
107 	/*
108 	 * Git clients send a shell command.
109 	 * Trim spaces and quotes around the path.
110 	 */
111 	while (path[0] == '\'' || path[0] == '\"' || path[0] == ' ') {
112 		path++;
113 		pathlen--;
114 	}
115 	while (pathlen > 0 &&
116 	    (path[pathlen - 1] == '\'' || path[pathlen - 1] == '\"' ||
117 	    path[pathlen - 1] == ' ')) {
118 		path[pathlen - 1] = '\0';
119 		pathlen--;
120 	}
121 
122 	/* Deny an empty repository path. */
123 	if (path[0] == '\0' || got_path_is_root_dir(path)) {
124 		err = got_error(GOT_ERR_NOT_GIT_REPO);
125 		goto done;
126 	}
127 
128 	if (asprintf(&abspath, "/%s", path) == -1) {
129 		err = got_error_from_errno("asprintf");
130 		goto done;
131 	}
132 	pathlen = strlen(abspath);
133 	canonpath = malloc(pathlen);
134 	if (canonpath == NULL) {
135 		err = got_error_from_errno("malloc");
136 		goto done;
137 	}
138 	err = got_canonpath(abspath, canonpath, pathlen);
139 	if (err)
140 		goto done;
141 
142 	relpath = canonpath;
143 	while (relpath[0] == '/')
144 		relpath++;
145 	*repo_path = strdup(relpath);
146 	if (*repo_path == NULL) {
147 		err = got_error_from_errno("strdup");
148 		goto done;
149 	}
150 	*command = strndup(gitcmd, cmdlen);
151 	if (*command == NULL)
152 		err = got_error_from_errno("strndup");
153 done:
154 	free(path0);
155 	free(abspath);
156 	free(canonpath);
157 	if (err) {
158 		free(*repo_path);
159 		*repo_path = NULL;
160 	}
161 	return err;
162 }
163 
164 static const struct got_error *
165 append_read_capabilities(size_t *capalen, size_t len, const char *symrefstr,
166     uint8_t *buf, size_t bufsize)
167 {
168 	struct got_capability capa[nitems(read_capabilities) + 1];
169 	size_t ncapa;
170 
171 	memcpy(&capa, read_capabilities, sizeof(read_capabilities));
172 	if (symrefstr) {
173 		capa[nitems(read_capabilities)].key = "symref";
174 		capa[nitems(read_capabilities)].value = symrefstr;
175 		ncapa = nitems(capa);
176 	} else
177 		ncapa = nitems(read_capabilities);
178 
179 	return got_gitproto_append_capabilities(capalen, buf, len,
180 	    bufsize, capa, ncapa);
181 }
182 
183 static const struct got_error *
184 send_ref(int outfd, uint8_t *id, const char *refname, int send_capabilities,
185     int client_is_reading, const char *symrefstr, int chattygot)
186 {
187 	const struct got_error *err = NULL;
188 	char hex[SHA1_DIGEST_STRING_LENGTH];
189 	char buf[GOT_PKT_MAX];
190 	size_t len, capalen = 0;
191 
192 	if (got_sha1_digest_to_str(id, hex, sizeof(hex)) == NULL)
193 		return got_error(GOT_ERR_BAD_OBJ_ID);
194 
195 	len = snprintf(buf, sizeof(buf), "%s %s", hex, refname);
196 	if (len >= sizeof(buf))
197 		return got_error(GOT_ERR_NO_SPACE);
198 
199 	if (send_capabilities) {
200 		if (client_is_reading) {
201 			err = append_read_capabilities(&capalen, len,
202 			    symrefstr, buf, sizeof(buf));
203 		} else {
204 			err = got_gitproto_append_capabilities(&capalen,
205 			    buf, len, sizeof(buf), write_capabilities,
206 			    nitems(write_capabilities));
207 		}
208 		if (err)
209 			return err;
210 		len += capalen;
211 	}
212 
213 	if (len + 1 >= sizeof(buf))
214 		return got_error(GOT_ERR_NO_SPACE);
215 	buf[len] = '\n';
216 	len++;
217 	buf[len] = '\0';
218 
219 	return got_pkt_writepkt(outfd, buf, len, chattygot);
220 }
221 
222 static const struct got_error *
223 send_zero_refs(int outfd, int client_is_reading, int chattygot)
224 {
225 	const struct got_error *err = NULL;
226 	char buf[GOT_PKT_MAX];
227 	uint8_t zero[SHA1_DIGEST_LENGTH];
228 	char hex[SHA1_DIGEST_STRING_LENGTH];
229 	size_t len, capalen = 0;
230 
231 	memset(&zero, 0, sizeof(zero));
232 
233 	if (got_sha1_digest_to_str(zero, hex, sizeof(hex)) == NULL)
234 		return got_error(GOT_ERR_BAD_OBJ_ID);
235 
236 	len = snprintf(buf, sizeof(buf), "%s capabilities^{}", hex);
237 	if (len >= sizeof(buf))
238 		return got_error(GOT_ERR_NO_SPACE);
239 
240 	if (client_is_reading) {
241 		err = got_gitproto_append_capabilities(&capalen, buf, len,
242 		    sizeof(buf), read_capabilities, nitems(read_capabilities));
243 		if (err)
244 			return err;
245 	} else {
246 		err = got_gitproto_append_capabilities(&capalen, buf, len,
247 		    sizeof(buf), write_capabilities,
248 		    nitems(write_capabilities));
249 		if (err)
250 			return err;
251 	}
252 
253 	return got_pkt_writepkt(outfd, buf, len + capalen, chattygot);
254 }
255 
256 static void
257 echo_error(const struct got_error *err, int outfd, int chattygot)
258 {
259 	char buf[4 + GOT_ERR_MAX_MSG_SIZE];
260 	size_t len;
261 
262 	/*
263 	 * Echo the error to the client on a pkt-line.
264 	 * The client should then terminate its session.
265 	 */
266 	buf[0] = 'E'; buf[1] = 'R'; buf[2] = 'R'; buf[3] = ' '; buf[4] = '\0';
267 	len = strlcat(buf, err->msg, sizeof(buf));
268 	got_pkt_writepkt(outfd, buf, len, chattygot);
269 }
270 
271 static const struct got_error *
272 announce_refs(int outfd, struct imsgbuf *ibuf, int client_is_reading,
273     const char *repo_path, int chattygot)
274 {
275 	const struct got_error *err = NULL;
276 	struct imsg imsg;
277 	size_t datalen;
278 	struct gotd_imsg_list_refs lsref;
279 	struct gotd_imsg_reflist ireflist;
280 	struct gotd_imsg_ref iref;
281 	struct gotd_imsg_symref isymref;
282 	size_t nrefs = 0;
283 	int have_nrefs = 0, sent_capabilities = 0;
284 	char *symrefname = NULL, *symreftarget = NULL, *symrefstr = NULL;
285 	char *refname = NULL;
286 
287 	memset(&imsg, 0, sizeof(imsg));
288 	memset(&lsref, 0, sizeof(lsref));
289 
290 	if (strlcpy(lsref.repo_name, repo_path, sizeof(lsref.repo_name)) >=
291 	    sizeof(lsref.repo_name))
292 		return got_error(GOT_ERR_NO_SPACE);
293 	lsref.client_is_reading = client_is_reading;
294 	
295 	if (imsg_compose(ibuf, GOTD_IMSG_LIST_REFS, 0, 0, -1,
296 	    &lsref, sizeof(lsref)) == -1)
297 		return got_error_from_errno("imsg_compose LIST_REFS");
298 
299 	err = gotd_imsg_flush(ibuf);
300 	if (err)
301 		return err;
302 
303 	while (!have_nrefs || nrefs > 0) {
304 		err = gotd_imsg_poll_recv(&imsg, ibuf, 0);
305 		if (err)
306 			goto done;
307 		datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
308 		switch (imsg.hdr.type) {
309 		case GOTD_IMSG_ERROR:
310 			err = gotd_imsg_recv_error(NULL, &imsg);
311 			goto done;
312 		case GOTD_IMSG_REFLIST:
313 			if (have_nrefs || nrefs > 0) {
314 				err = got_error(GOT_ERR_PRIVSEP_MSG);
315 				goto done;
316 			}
317 			if (datalen != sizeof(ireflist)) {
318 				err = got_error(GOT_ERR_PRIVSEP_MSG);
319 				goto done;
320 			}
321 			memcpy(&ireflist, imsg.data, sizeof(ireflist));
322 			nrefs = ireflist.nrefs;
323 			have_nrefs = 1;
324 			if (nrefs == 0)
325 				err = send_zero_refs(outfd, client_is_reading,
326 				    chattygot);
327 			break;
328 		case GOTD_IMSG_REF:
329 			if (!have_nrefs || nrefs == 0) {
330 				err = got_error(GOT_ERR_PRIVSEP_MSG);
331 				goto done;
332 			}
333 			if (datalen < sizeof(iref)) {
334 				err = got_error(GOT_ERR_PRIVSEP_MSG);
335 				goto done;
336 			}
337 			memcpy(&iref, imsg.data, sizeof(iref));
338 			if (datalen != sizeof(iref) + iref.name_len) {
339 				err = got_error(GOT_ERR_PRIVSEP_LEN);
340 				goto done;
341 			}
342 			refname = strndup(imsg.data + sizeof(iref),
343 			    iref.name_len);
344 			if (refname == NULL) {
345 				err = got_error_from_errno("strndup");
346 				goto done;
347 			}
348 			err = send_ref(outfd, iref.id, refname,
349 			    !sent_capabilities, client_is_reading,
350 			    NULL, chattygot);
351 			free(refname);
352 			refname = NULL;
353 			if (err)
354 				goto done;
355 			sent_capabilities = 1;
356 			if (nrefs > 0)
357 				nrefs--;
358 			break;
359 		case GOTD_IMSG_SYMREF:
360 			if (!have_nrefs || nrefs == 0) {
361 				err = got_error(GOT_ERR_PRIVSEP_MSG);
362 				goto done;
363 			}
364 			if (datalen < sizeof(isymref)) {
365 				err = got_error(GOT_ERR_PRIVSEP_LEN);
366 				goto done;
367 			}
368 			memcpy(&isymref, imsg.data, sizeof(isymref));
369 			if (datalen != sizeof(isymref) + isymref.name_len +
370 			    isymref.target_len) {
371 				err = got_error(GOT_ERR_PRIVSEP_LEN);
372 				goto done;
373 			}
374 
375 			/*
376 			 * For now, we only announce one symbolic ref,
377 			 * as part of our capability advertisement.
378 			 */
379 			if (sent_capabilities || symrefstr != NULL ||
380 			    symrefname != NULL || symreftarget != NULL)
381 				break;
382 
383 			symrefname = strndup(imsg.data + sizeof(isymref),
384 			    isymref.name_len);
385 			if (symrefname == NULL) {
386 				err = got_error_from_errno("malloc");
387 				goto done;
388 			}
389 
390 			symreftarget = strndup(
391 			    imsg.data + sizeof(isymref) + isymref.name_len,
392 			    isymref.target_len);
393 			if (symreftarget == NULL) {
394 				err = got_error_from_errno("strndup");
395 				goto done;
396 			}
397 
398 			if (asprintf(&symrefstr, "%s:%s", symrefname,
399 			    symreftarget) == -1) {
400 				err = got_error_from_errno("asprintf");
401 				goto done;
402 			}
403 			err = send_ref(outfd, isymref.target_id, symrefname,
404 			    !sent_capabilities, client_is_reading, symrefstr,
405 			    chattygot);
406 			free(refname);
407 			refname = NULL;
408 			if (err)
409 				goto done;
410 			sent_capabilities = 1;
411 			if (nrefs > 0)
412 				nrefs--;
413 			break;
414 		default:
415 			err = got_error(GOT_ERR_PRIVSEP_MSG);
416 			break;
417 		}
418 
419 		imsg_free(&imsg);
420 	}
421 
422 	err = got_pkt_flushpkt(outfd, chattygot);
423 	if (err)
424 		goto done;
425 done:
426 	free(symrefstr);
427 	free(symrefname);
428 	free(symreftarget);
429 	return err;
430 }
431 
432 static const struct got_error *
433 parse_want_line(char **common_capabilities, uint8_t *id, char *buf, size_t len)
434 {
435 	const struct got_error *err;
436 	char *id_str = NULL, *client_capabilities = NULL;
437 
438 	err = got_gitproto_parse_want_line(&id_str,
439 	    &client_capabilities, buf, len);
440 	if (err)
441 		return err;
442 
443 	if (!got_parse_sha1_digest(id, id_str)) {
444 		err = got_error_msg(GOT_ERR_BAD_PACKET,
445 		    "want-line with bad object ID");
446 		goto done;
447 	}
448 
449 	if (client_capabilities) {
450 		err = got_gitproto_match_capabilities(common_capabilities,
451 		    NULL, client_capabilities, read_capabilities,
452 		    nitems(read_capabilities));
453 		if (err)
454 			goto done;
455 	}
456 done:
457 	free(id_str);
458 	free(client_capabilities);
459 	return err;
460 }
461 
462 static const struct got_error *
463 parse_have_line(uint8_t *id, char *buf, size_t len)
464 {
465 	const struct got_error *err;
466 	char *id_str = NULL;
467 
468 	err = got_gitproto_parse_have_line(&id_str, buf, len);
469 	if (err)
470 		return err;
471 
472 	if (!got_parse_sha1_digest(id, id_str)) {
473 		err = got_error_msg(GOT_ERR_BAD_PACKET,
474 		    "have-line with bad object ID");
475 		goto done;
476 	}
477 done:
478 	free(id_str);
479 	return err;
480 }
481 
482 static const struct got_error *
483 send_capability(struct got_capability *capa, struct imsgbuf *ibuf)
484 {
485 	const struct got_error *err = NULL;
486 	struct gotd_imsg_capability icapa;
487 	size_t len;
488 	struct ibuf *wbuf;
489 
490 	memset(&icapa, 0, sizeof(icapa));
491 
492 	icapa.key_len = strlen(capa->key);
493 	len = sizeof(icapa) + icapa.key_len;
494 	if (capa->value) {
495 		icapa.value_len = strlen(capa->value);
496 		len += icapa.value_len;
497 	}
498 
499 	wbuf = imsg_create(ibuf, GOTD_IMSG_CAPABILITY, 0, 0, len);
500 	if (wbuf == NULL) {
501 		err = got_error_from_errno("imsg_create CAPABILITY");
502 		return err;
503 	}
504 
505 	if (imsg_add(wbuf, &icapa, sizeof(icapa)) == -1)
506 		return got_error_from_errno("imsg_add CAPABILITY");
507 	if (imsg_add(wbuf, capa->key, icapa.key_len) == -1)
508 		return got_error_from_errno("imsg_add CAPABILITY");
509 	if (capa->value) {
510 		if (imsg_add(wbuf, capa->value, icapa.value_len) == -1)
511 			return got_error_from_errno("imsg_add CAPABILITY");
512 	}
513 
514 	wbuf->fd = -1;
515 	imsg_close(ibuf, wbuf);
516 
517 	return NULL;
518 }
519 
520 static const struct got_error *
521 send_capabilities(int *use_sidebands, int *report_status,
522     char *capabilities_str, struct imsgbuf *ibuf)
523 {
524 	const struct got_error *err = NULL;
525 	struct gotd_imsg_capabilities icapas;
526 	struct got_capability *capa = NULL;
527 	size_t ncapa, i;
528 
529 	err = got_gitproto_split_capabilities_str(&capa, &ncapa,
530 	    capabilities_str);
531 	if (err)
532 		return err;
533 
534 	icapas.ncapabilities = ncapa;
535 	if (imsg_compose(ibuf, GOTD_IMSG_CAPABILITIES, 0, 0, -1,
536 	    &icapas, sizeof(icapas)) == -1) {
537 		err = got_error_from_errno("imsg_compose IMSG_CAPABILITIES");
538 		goto done;
539 	}
540 
541 	for (i = 0; i < ncapa; i++) {
542 		err = send_capability(&capa[i], ibuf);
543 		if (err)
544 			goto done;
545 		if (use_sidebands &&
546 		    strcmp(capa[i].key, GOT_CAPA_SIDE_BAND_64K) == 0)
547 			*use_sidebands = 1;
548 		if (report_status &&
549 		    strcmp(capa[i].key, GOT_CAPA_REPORT_STATUS) == 0)
550 			*report_status = 1;
551 	}
552 done:
553 	free(capa);
554 	return err;
555 }
556 
557 static const struct got_error *
558 forward_flushpkt(struct imsgbuf *ibuf)
559 {
560 	if (imsg_compose(ibuf, GOTD_IMSG_FLUSH, 0, 0, -1, NULL, 0) == -1)
561 		return got_error_from_errno("imsg_compose FLUSH");
562 
563 	return gotd_imsg_flush(ibuf);
564 }
565 
566 static const struct got_error *
567 recv_ack(struct imsg *imsg, uint8_t *expected_id)
568 {
569 	struct gotd_imsg_ack iack;
570 	size_t datalen;
571 
572 	datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
573 	if (datalen != sizeof(iack))
574 		return got_error(GOT_ERR_PRIVSEP_LEN);
575 
576 	memcpy(&iack, imsg->data, sizeof(iack));
577 	if (memcmp(iack.object_id, expected_id, SHA1_DIGEST_LENGTH) != 0)
578 		return got_error(GOT_ERR_BAD_OBJ_ID);
579 
580 	return NULL;
581 }
582 
583 static const struct got_error *
584 recv_nak(struct imsg *imsg, uint8_t *expected_id)
585 {
586 	struct gotd_imsg_ack inak;
587 	size_t datalen;
588 
589 	datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
590 	if (datalen != sizeof(inak))
591 		return got_error(GOT_ERR_PRIVSEP_LEN);
592 
593 	memcpy(&inak, imsg->data, sizeof(inak));
594 	if (memcmp(inak.object_id, expected_id, SHA1_DIGEST_LENGTH) != 0)
595 		return got_error(GOT_ERR_BAD_OBJ_ID);
596 
597 	return NULL;
598 }
599 
600 
601 static const struct got_error *
602 recv_want(int *use_sidebands, int outfd, struct imsgbuf *ibuf,
603     char *buf, size_t len, int expect_capabilities, int chattygot)
604 {
605 	const struct got_error *err;
606 	struct gotd_imsg_want iwant;
607 	char *capabilities_str;
608 	int done = 0;
609 	struct imsg imsg;
610 
611 	memset(&iwant, 0, sizeof(iwant));
612 	memset(&imsg, 0, sizeof(imsg));
613 
614 	err = parse_want_line(&capabilities_str, iwant.object_id, buf, len);
615 	if (err)
616 		return err;
617 
618 	if (capabilities_str) {
619 		if (!expect_capabilities) {
620 			err = got_error_msg(GOT_ERR_BAD_PACKET,
621 			    "unexpected capability announcement received");
622 			goto done;
623 		}
624 		err = send_capabilities(use_sidebands, NULL, capabilities_str,
625 		    ibuf);
626 		if (err)
627 			goto done;
628 
629 	}
630 
631 	if (imsg_compose(ibuf, GOTD_IMSG_WANT, 0, 0, -1,
632 	    &iwant, sizeof(iwant)) == -1) {
633 		err = got_error_from_errno("imsg_compose WANT");
634 		goto done;
635 	}
636 
637 	err = gotd_imsg_flush(ibuf);
638 	if (err)
639 		goto done;
640 
641 	/*
642 	 * Wait for an ACK, or an error in case the desired object
643 	 * does not exist.
644 	 */
645 	while (!done && err == NULL) {
646 		err = gotd_imsg_poll_recv(&imsg, ibuf, 0);
647 		if (err)
648 			break;
649 		switch (imsg.hdr.type) {
650 		case GOTD_IMSG_ERROR:
651 			err = gotd_imsg_recv_error(NULL, &imsg);
652 			break;
653 		case GOTD_IMSG_ACK:
654 			err = recv_ack(&imsg, iwant.object_id);
655 			if (err)
656 				break;
657 			done = 1;
658 			break;
659 		default:
660 			err = got_error(GOT_ERR_PRIVSEP_MSG);
661 			break;
662 		}
663 
664 		imsg_free(&imsg);
665 	}
666 done:
667 	free(capabilities_str);
668 	return err;
669 }
670 
671 static const struct got_error *
672 send_ack(int outfd, uint8_t *id, int chattygot)
673 {
674 	char hex[SHA1_DIGEST_STRING_LENGTH];
675 	char buf[GOT_PKT_MAX];
676 	int len;
677 
678 	if (got_sha1_digest_to_str(id, hex, sizeof(hex)) == NULL)
679 		return got_error(GOT_ERR_BAD_OBJ_ID);
680 
681 	len = snprintf(buf, sizeof(buf), "ACK %s\n", hex);
682 	if (len >= sizeof(buf))
683 		return got_error(GOT_ERR_NO_SPACE);
684 
685 	return got_pkt_writepkt(outfd, buf, len, chattygot);
686 }
687 
688 static const struct got_error *
689 send_nak(int outfd, int chattygot)
690 {
691 	char buf[5];
692 	int len;
693 
694 	len = snprintf(buf, sizeof(buf), "NAK\n");
695 	if (len >= sizeof(buf))
696 		return got_error(GOT_ERR_NO_SPACE);
697 
698 	return got_pkt_writepkt(outfd, buf, len, chattygot);
699 }
700 
701 static const struct got_error *
702 recv_have(int *have_ack, int outfd, struct imsgbuf *ibuf, char *buf,
703     size_t len, int chattygot)
704 {
705 	const struct got_error *err;
706 	struct gotd_imsg_have ihave;
707 	int done = 0;
708 	struct imsg imsg;
709 
710 	memset(&ihave, 0, sizeof(ihave));
711 	memset(&imsg, 0, sizeof(imsg));
712 
713 	err = parse_have_line(ihave.object_id, buf, len);
714 	if (err)
715 		return err;
716 
717 	if (imsg_compose(ibuf, GOTD_IMSG_HAVE, 0, 0, -1,
718 	    &ihave, sizeof(ihave)) == -1)
719 		return got_error_from_errno("imsg_compose HAVE");
720 
721 	err = gotd_imsg_flush(ibuf);
722 	if (err)
723 		return err;
724 
725 	/*
726 	 * Wait for an ACK or a NAK, indicating whether a common
727 	 * commit object has been found.
728 	 */
729 	while (!done && err == NULL) {
730 		err = gotd_imsg_poll_recv(&imsg, ibuf, 0);
731 		if (err)
732 			return err;
733 		switch (imsg.hdr.type) {
734 		case GOTD_IMSG_ERROR:
735 			err = gotd_imsg_recv_error(NULL, &imsg);
736 			break;
737 		case GOTD_IMSG_ACK:
738 			err = recv_ack(&imsg, ihave.object_id);
739 			if (err)
740 				break;
741 			if (!*have_ack) {
742 				err = send_ack(outfd, ihave.object_id,
743 				    chattygot);
744 				if (err)
745 					return err;
746 				*have_ack = 1;
747 			}
748 			done = 1;
749 			break;
750 		case GOTD_IMSG_NAK:
751 			err = recv_nak(&imsg, ihave.object_id);
752 			if (err)
753 				break;
754 			done = 1;
755 			break;
756 		default:
757 			err = got_error(GOT_ERR_PRIVSEP_MSG);
758 			break;
759 		}
760 
761 		imsg_free(&imsg);
762 	}
763 
764 	return err;
765 }
766 
767 static const struct got_error *
768 recv_done(int *packfd, int outfd, struct imsgbuf *ibuf, int chattygot)
769 {
770 	const struct got_error *err;
771 	struct imsg imsg;
772 
773 	*packfd = -1;
774 
775 	if (imsg_compose(ibuf, GOTD_IMSG_DONE, 0, 0, -1, NULL, 0) == -1)
776 		return got_error_from_errno("imsg_compose DONE");
777 
778 	err = gotd_imsg_flush(ibuf);
779 	if (err)
780 		return err;
781 
782 	while (*packfd == -1 && err == NULL) {
783 		err = gotd_imsg_poll_recv(&imsg, ibuf, 0);
784 		if (err)
785 			break;
786 
787 		switch (imsg.hdr.type) {
788 		case GOTD_IMSG_ERROR:
789 			err = gotd_imsg_recv_error(NULL, &imsg);
790 			break;
791 		case GOTD_IMSG_PACKFILE_PIPE:
792 			if (imsg.fd != -1)
793 				*packfd = imsg.fd;
794 			else
795 				err = got_error(GOT_ERR_PRIVSEP_NO_FD);
796 			break;
797 		default:
798 			err = got_error(GOT_ERR_PRIVSEP_MSG);
799 			break;
800 		}
801 
802 		imsg_free(&imsg);
803 	}
804 
805 	return err;
806 }
807 
808 static const struct got_error *
809 relay_progress_reports(struct imsgbuf *ibuf, int outfd, int chattygot)
810 {
811 	const struct got_error *err = NULL;
812 	int pack_starting = 0;
813 	struct gotd_imsg_packfile_progress iprog;
814 	char buf[GOT_PKT_MAX];
815 	struct imsg imsg;
816 	size_t datalen;
817 	int p_deltify = 0, n;
818 	const char *eol = "\r";
819 
820 	memset(&imsg, 0, sizeof(imsg));
821 
822 	while (!pack_starting && err == NULL) {
823 		err = gotd_imsg_poll_recv(&imsg, ibuf, 0);
824 		if (err)
825 			break;
826 
827 		datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
828 		switch (imsg.hdr.type) {
829 		case GOTD_IMSG_ERROR:
830 			err = gotd_imsg_recv_error(NULL, &imsg);
831 			break;
832 		case GOTD_IMSG_PACKFILE_READY:
833 			eol = "\n";
834 			pack_starting = 1;
835 			/* fallthrough */
836 		case GOTD_IMSG_PACKFILE_PROGRESS:
837 			if (datalen != sizeof(iprog)) {
838 				err = got_error(GOT_ERR_PRIVSEP_LEN);
839 				break;
840 			}
841 			memcpy(&iprog, imsg.data, sizeof(iprog));
842 			if (iprog.nobj_total > 0) {
843 				p_deltify = (iprog.nobj_deltify * 100) /
844 				    iprog.nobj_total;
845 			}
846 			buf[0] = GOT_SIDEBAND_PROGRESS_INFO;
847 			n = snprintf(&buf[1], sizeof(buf) - 1,
848 			    "%d commits colored, "
849 			    "%d objects found, "
850 			    "deltify %d%%%s",
851 			    iprog.ncolored,
852 			    iprog.nfound,
853 			    p_deltify, eol);
854 			if (n >= sizeof(buf) - 1)
855 				break;
856 			err = got_pkt_writepkt(outfd, buf, 1 + n, chattygot);
857 			break;
858 		default:
859 			err = got_error(GOT_ERR_PRIVSEP_MSG);
860 			break;
861 		}
862 
863 		imsg_free(&imsg);
864 	}
865 
866 	return err;
867 }
868 
869 static const struct got_error *
870 serve_read(int infd, int outfd, int gotd_sock, const char *repo_path,
871     int chattygot)
872 {
873 	const struct got_error *err = NULL;
874 	char buf[GOT_PKT_MAX];
875 	struct imsgbuf ibuf;
876 	enum protostate {
877 		STATE_EXPECT_WANT,
878 		STATE_EXPECT_MORE_WANT,
879 		STATE_EXPECT_HAVE,
880 		STATE_EXPECT_DONE,
881 		STATE_DONE,
882 	};
883 	enum protostate curstate = STATE_EXPECT_WANT;
884 	int have_ack = 0, use_sidebands = 0, seen_have = 0;
885 	int packfd = -1;
886 	size_t pack_chunksize;
887 
888 	imsg_init(&ibuf, gotd_sock);
889 
890 	err = announce_refs(outfd, &ibuf, 1, repo_path, chattygot);
891 	if (err)
892 		goto done;
893 
894 	while (curstate != STATE_DONE) {
895 		int n;
896 		buf[0] = '\0';
897 		err = got_pkt_readpkt(&n, infd, buf, sizeof(buf), chattygot);
898 		if (err)
899 			break;
900 		if (n == 0) {
901 			if (curstate != STATE_EXPECT_MORE_WANT &&
902 			    curstate != STATE_EXPECT_HAVE) {
903 				err = got_error_msg(GOT_ERR_BAD_PACKET,
904 				    "unexpected flush packet received");
905 				goto done;
906 			}
907 			err = forward_flushpkt(&ibuf);
908 			if (err)
909 				goto done;
910 			if (curstate == STATE_EXPECT_HAVE && !have_ack) {
911 				err = send_nak(outfd, chattygot);
912 				if (err)
913 					goto done;
914 			}
915 			if (curstate == STATE_EXPECT_MORE_WANT)
916 				curstate = STATE_EXPECT_HAVE;
917 			else
918 				curstate = STATE_EXPECT_DONE;
919 		} else if (n >= 5 && strncmp(buf, "want ", 5) == 0) {
920 			if (curstate != STATE_EXPECT_WANT &&
921 			    curstate != STATE_EXPECT_MORE_WANT) {
922 				err = got_error_msg(GOT_ERR_BAD_PACKET,
923 				    "unexpected 'want' packet");
924 				goto done;
925 			}
926 			err = recv_want(&use_sidebands, outfd, &ibuf, buf, n,
927 			    curstate == STATE_EXPECT_WANT ? 1 : 0, chattygot);
928 			if (err)
929 				goto done;
930 			if (curstate == STATE_EXPECT_WANT)
931 				curstate = STATE_EXPECT_MORE_WANT;
932 		} else if (n >= 5 && strncmp(buf, "have ", 5) == 0) {
933 			if (curstate != STATE_EXPECT_HAVE) {
934 				err = got_error_msg(GOT_ERR_BAD_PACKET,
935 				    "unexpected 'have' packet");
936 				goto done;
937 			}
938 			err = recv_have(&have_ack, outfd, &ibuf, buf, n,
939 			    chattygot);
940 			if (err)
941 				goto done;
942 			seen_have = 1;
943 		} else if (n == 5 && strncmp(buf, "done\n", 5) == 0) {
944 			if (curstate != STATE_EXPECT_HAVE &&
945 			    curstate != STATE_EXPECT_DONE) {
946 				err = got_error_msg(GOT_ERR_BAD_PACKET,
947 				    "unexpected 'done' packet");
948 				goto done;
949 			}
950 			err = recv_done(&packfd, outfd, &ibuf, chattygot);
951 			if (err)
952 				goto done;
953 			curstate = STATE_DONE;
954 			break;
955 		} else {
956 			err = got_error(GOT_ERR_BAD_PACKET);
957 			goto done;
958 		}
959 	}
960 
961 	if (!seen_have) {
962 		err = send_nak(outfd, chattygot);
963 		if (err)
964 			goto done;
965 	}
966 
967 	if (use_sidebands) {
968 		err = relay_progress_reports(&ibuf, outfd, chattygot);
969 		if (err)
970 			goto done;
971 		pack_chunksize = GOT_SIDEBAND_64K_PACKFILE_DATA_MAX;
972 	} else
973 		pack_chunksize = sizeof(buf);
974 
975 	for (;;) {
976 		ssize_t r;
977 
978 		r = read(packfd, use_sidebands ? &buf[1] : buf,
979 		    pack_chunksize);
980 		if (r == -1) {
981 			err = got_error_from_errno("read");
982 			break;
983 		} else if (r == 0) {
984 			err = got_pkt_flushpkt(outfd, chattygot);
985 			break;
986 		}
987 
988 		if (use_sidebands) {
989 			buf[0] = GOT_SIDEBAND_PACKFILE_DATA;
990 			err = got_pkt_writepkt(outfd, buf, 1 + r, chattygot);
991 			if (err)
992 				break;
993 		} else {
994 			err = got_poll_write_full(outfd, buf, r);
995 			if (err) {
996 				if (err->code == GOT_ERR_EOF)
997 					err = NULL;
998 				break;
999 			}
1000 		}
1001 	}
1002 done:
1003 	imsg_clear(&ibuf);
1004 	if (packfd != -1 && close(packfd) == -1 && err == NULL)
1005 		err = got_error_from_errno("close");
1006 	if (err)
1007 		echo_error(err, outfd, chattygot);
1008 	return err;
1009 }
1010 
1011 static const struct got_error *
1012 parse_ref_update_line(char **common_capabilities, char **refname,
1013     uint8_t *old_id, uint8_t *new_id, char *buf, size_t len)
1014 {
1015 	const struct got_error *err;
1016 	char *old_id_str = NULL, *new_id_str = NULL;
1017 	char *client_capabilities = NULL;
1018 
1019 	*refname = NULL;
1020 
1021 	err = got_gitproto_parse_ref_update_line(&old_id_str, &new_id_str,
1022 	    refname, &client_capabilities, buf, len);
1023 	if (err)
1024 		return err;
1025 
1026 	if (!got_parse_sha1_digest(old_id, old_id_str) ||
1027 	    !got_parse_sha1_digest(new_id, new_id_str)) {
1028 		err = got_error_msg(GOT_ERR_BAD_PACKET,
1029 		    "ref-update with bad object ID");
1030 		goto done;
1031 	}
1032 	if (!got_ref_name_is_valid(*refname)) {
1033 		err = got_error_msg(GOT_ERR_BAD_PACKET,
1034 		    "ref-update with bad reference name");
1035 		goto done;
1036 	}
1037 
1038 	if (client_capabilities) {
1039 		err = got_gitproto_match_capabilities(common_capabilities,
1040 		    NULL, client_capabilities, write_capabilities,
1041 		    nitems(write_capabilities));
1042 		if (err)
1043 			goto done;
1044 	}
1045 done:
1046 	free(old_id_str);
1047 	free(new_id_str);
1048 	free(client_capabilities);
1049 	if (err) {
1050 		free(*refname);
1051 		*refname = NULL;
1052 	}
1053 	return err;
1054 }
1055 
1056 static const struct got_error *
1057 recv_ref_update(int *report_status, int outfd, struct imsgbuf *ibuf,
1058     char *buf, size_t len, int expect_capabilities, int chattygot)
1059 {
1060 	const struct got_error *err;
1061 	struct gotd_imsg_ref_update iref;
1062 	struct ibuf *wbuf;
1063 	char *capabilities_str = NULL, *refname = NULL;
1064 	int done = 0;
1065 	struct imsg imsg;
1066 
1067 	memset(&iref, 0, sizeof(iref));
1068 	memset(&imsg, 0, sizeof(imsg));
1069 
1070 	err = parse_ref_update_line(&capabilities_str, &refname,
1071 	    iref.old_id, iref.new_id, buf, len);
1072 	if (err)
1073 		return err;
1074 
1075 	if (capabilities_str) {
1076 		if (!expect_capabilities) {
1077 			err = got_error_msg(GOT_ERR_BAD_PACKET,
1078 			    "unexpected capability announcement received");
1079 			goto done;
1080 		}
1081 		err = send_capabilities(NULL, report_status, capabilities_str,
1082 		    ibuf);
1083 		if (err)
1084 			goto done;
1085 	}
1086 
1087 	iref.name_len = strlen(refname);
1088 	len = sizeof(iref) + iref.name_len;
1089 	wbuf = imsg_create(ibuf, GOTD_IMSG_REF_UPDATE, 0, 0, len);
1090 	if (wbuf == NULL) {
1091 		err = got_error_from_errno("imsg_create REF_UPDATE");
1092 		goto done;
1093 	}
1094 
1095 	if (imsg_add(wbuf, &iref, sizeof(iref)) == -1)
1096 		return got_error_from_errno("imsg_add REF_UPDATE");
1097 	if (imsg_add(wbuf, refname, iref.name_len) == -1)
1098 		return got_error_from_errno("imsg_add REF_UPDATE");
1099 	wbuf->fd = -1;
1100 	imsg_close(ibuf, wbuf);
1101 
1102 	err = gotd_imsg_flush(ibuf);
1103 	if (err)
1104 		goto done;
1105 
1106 	/* Wait for ACK or an error. */
1107 	while (!done && err == NULL) {
1108 		err = gotd_imsg_poll_recv(&imsg, ibuf, 0);
1109 		if (err)
1110 			break;
1111 		switch (imsg.hdr.type) {
1112 		case GOTD_IMSG_ERROR:
1113 			err = gotd_imsg_recv_error(NULL, &imsg);
1114 			break;
1115 		case GOTD_IMSG_ACK:
1116 			err = recv_ack(&imsg, iref.new_id);
1117 			if (err)
1118 				break;
1119 			done = 1;
1120 			break;
1121 		default:
1122 			err = got_error(GOT_ERR_PRIVSEP_MSG);
1123 			break;
1124 		}
1125 
1126 		imsg_free(&imsg);
1127 	}
1128 done:
1129 	free(capabilities_str);
1130 	free(refname);
1131 	return err;
1132 }
1133 
1134 static const struct got_error *
1135 recv_packfile(struct imsg *imsg, int infd)
1136 {
1137 	const struct got_error *err = NULL;
1138 	size_t datalen;
1139 	int packfd;
1140 	char buf[GOT_PKT_MAX];
1141 	int pack_done = 0;
1142 
1143 	datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1144 	if (datalen != 0)
1145 		return got_error(GOT_ERR_PRIVSEP_MSG);
1146 
1147 	if (imsg->fd == -1)
1148 		return got_error(GOT_ERR_PRIVSEP_NO_FD);
1149 	
1150 	packfd = imsg->fd;
1151 	while (!pack_done) {
1152 		ssize_t r = 0;
1153 
1154 		err = got_poll_fd(infd, POLLIN, 1);
1155 		if (err) {
1156 			if (err->code != GOT_ERR_TIMEOUT)
1157 				break;
1158 			err = NULL;
1159 		} else {
1160 			r = read(infd, buf, sizeof(buf));
1161 			if (r == -1) {
1162 				err = got_error_from_errno("read");
1163 				break;
1164 			}
1165 			if (r == 0) {
1166 				/*
1167 				 * Git clients hang up their side of the
1168 				 * connection after sending the pack file.
1169 				 */
1170 				err = NULL;
1171 				pack_done = 1;
1172 				break;
1173 			}
1174 		}
1175 
1176 		if (r == 0) {
1177 			/* Detect gotd(8) closing the pack pipe when done. */
1178 			err = got_poll_fd(packfd, POLLOUT, 1);
1179 			if (err) {
1180 				if (err->code != GOT_ERR_EOF)
1181 					break;
1182 				err = NULL;
1183 				pack_done = 1;
1184 			}
1185 		} else {
1186 			/* Write pack data and/or detect pipe being closed. */
1187 			err = got_poll_write_full(packfd, buf, r);
1188 			if (err) {
1189 				if (err->code == GOT_ERR_EOF)
1190 					err = NULL;
1191 				break;
1192 			}
1193 		}
1194 	}
1195 
1196 	close(packfd);
1197 	return err;
1198 }
1199 
1200 static const struct got_error *
1201 report_unpack_status(struct imsg *imsg, int outfd, int chattygot)
1202 {
1203 	const struct got_error *err = NULL;
1204 	struct gotd_imsg_packfile_status istatus;
1205 	char buf[GOT_PKT_MAX];
1206 	size_t datalen, len;
1207 	char *reason = NULL;
1208 
1209 	datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1210 	if (datalen < sizeof(istatus))
1211 		return got_error(GOT_ERR_PRIVSEP_LEN);
1212 	memcpy(&istatus, imsg->data, sizeof(istatus));
1213 	if (datalen != sizeof(istatus) + istatus.reason_len)
1214 		return got_error(GOT_ERR_PRIVSEP_LEN);
1215 
1216 	reason = strndup(imsg->data + sizeof(istatus), istatus.reason_len);
1217 	if (reason == NULL) {
1218 		err = got_error_from_errno("strndup");
1219 		goto done;
1220 	}
1221 
1222 	if (err == NULL)
1223 		len = snprintf(buf, sizeof(buf), "unpack ok\n");
1224 	else
1225 		len = snprintf(buf, sizeof(buf), "unpack %s\n", reason);
1226 	if (len >= sizeof(buf)) {
1227 		err = got_error(GOT_ERR_NO_SPACE);
1228 		goto done;
1229 	}
1230 
1231 	err = got_pkt_writepkt(outfd, buf, len, chattygot);
1232 done:
1233 	free(reason);
1234 	return err;
1235 }
1236 
1237 static const struct got_error *
1238 recv_ref_update_ok(struct imsg *imsg, int outfd, int chattygot)
1239 {
1240 	const struct got_error *err = NULL;
1241 	struct gotd_imsg_ref_update_ok iok;
1242 	size_t datalen, len;
1243 	char buf[GOT_PKT_MAX];
1244 	char *refname = NULL;
1245 
1246 	datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1247 	if (datalen < sizeof(iok))
1248 		return got_error(GOT_ERR_PRIVSEP_LEN);
1249 	memcpy(&iok, imsg->data, sizeof(iok));
1250 	if (datalen != sizeof(iok) + iok.name_len)
1251 		return got_error(GOT_ERR_PRIVSEP_LEN);
1252 
1253 	memcpy(&iok, imsg->data, sizeof(iok));
1254 
1255 	refname = strndup(imsg->data + sizeof(iok), iok.name_len);
1256 	if (refname == NULL)
1257 		return got_error_from_errno("strndup");
1258 
1259 	len = snprintf(buf, sizeof(buf), "ok %s\n", refname);
1260 	if (len >= sizeof(buf)) {
1261 		err = got_error(GOT_ERR_NO_SPACE);
1262 		goto done;
1263 	}
1264 
1265 	err = got_pkt_writepkt(outfd, buf, len, chattygot);
1266 done:
1267 	free(refname);
1268 	return err;
1269 }
1270 
1271 static const struct got_error *
1272 recv_ref_update_ng(struct imsg *imsg, int outfd, int chattygot)
1273 {
1274 	const struct got_error *err = NULL;
1275 	struct gotd_imsg_ref_update_ng ing;
1276 	size_t datalen, len;
1277 	char buf[GOT_PKT_MAX];
1278 	char *refname = NULL, *reason = NULL;
1279 
1280 	datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
1281 	if (datalen < sizeof(ing))
1282 		return got_error(GOT_ERR_PRIVSEP_LEN);
1283 	memcpy(&ing, imsg->data, sizeof(ing));
1284 	if (datalen != sizeof(ing) + ing.name_len + ing.reason_len)
1285 		return got_error(GOT_ERR_PRIVSEP_LEN);
1286 
1287 	memcpy(&ing, imsg->data, sizeof(ing));
1288 
1289 	refname = strndup(imsg->data + sizeof(ing), ing.name_len);
1290 	if (refname == NULL)
1291 		return got_error_from_errno("strndup");
1292 
1293 	reason = strndup(imsg->data + sizeof(ing) + ing.name_len,
1294 	    ing.reason_len);
1295 	if (reason == NULL) {
1296 		err = got_error_from_errno("strndup");
1297 		goto done;
1298 	}
1299 
1300 	len = snprintf(buf, sizeof(buf), "ng %s %s\n", refname, reason);
1301 	if (len >= sizeof(buf)) {
1302 		err = got_error(GOT_ERR_NO_SPACE);
1303 		goto done;
1304 	}
1305 
1306 	err = got_pkt_writepkt(outfd, buf, len, chattygot);
1307 done:
1308 	free(refname);
1309 	free(reason);
1310 	return err;
1311 }
1312 
1313 static const struct got_error *
1314 serve_write(int infd, int outfd, int gotd_sock, const char *repo_path,
1315     int chattygot)
1316 {
1317 	const struct got_error *err = NULL;
1318 	char buf[GOT_PKT_MAX];
1319 	struct imsgbuf ibuf;
1320 	enum protostate {
1321 		STATE_EXPECT_REF_UPDATE,
1322 		STATE_EXPECT_MORE_REF_UPDATES,
1323 		STATE_EXPECT_PACKFILE,
1324 		STATE_PACKFILE_RECEIVED,
1325 		STATE_REFS_UPDATED,
1326 	};
1327 	enum protostate curstate = STATE_EXPECT_REF_UPDATE;
1328 	struct imsg imsg;
1329 	int report_status = 0;
1330 
1331 	imsg_init(&ibuf, gotd_sock);
1332 	memset(&imsg, 0, sizeof(imsg));
1333 
1334 	err = announce_refs(outfd, &ibuf, 0, repo_path, chattygot);
1335 	if (err)
1336 		goto done;
1337 
1338 	while (curstate != STATE_EXPECT_PACKFILE) {
1339 		int n;
1340 		buf[0] = '\0';
1341 		err = got_pkt_readpkt(&n, infd, buf, sizeof(buf), chattygot);
1342 		if (err)
1343 			break;
1344 		if (n == 0) {
1345 			if (curstate != STATE_EXPECT_MORE_REF_UPDATES) {
1346 				err = got_error_msg(GOT_ERR_BAD_PACKET,
1347 				    "unexpected flush packet received");
1348 				goto done;
1349 			}
1350 			err = forward_flushpkt(&ibuf);
1351 			if (err)
1352 				goto done;
1353 			curstate = STATE_EXPECT_PACKFILE;
1354 		} else if (n >= (SHA1_DIGEST_STRING_LENGTH * 2) + 2) {
1355 			if (curstate != STATE_EXPECT_REF_UPDATE &&
1356 			    curstate != STATE_EXPECT_MORE_REF_UPDATES) {
1357 				err = got_error_msg(GOT_ERR_BAD_PACKET,
1358 				    "unexpected ref-update packet");
1359 				goto done;
1360 			}
1361 			if (curstate == STATE_EXPECT_REF_UPDATE) {
1362 				err = recv_ref_update(&report_status,
1363 				    outfd, &ibuf, buf, n, 1, chattygot);
1364 			} else {
1365 				err = recv_ref_update(NULL, outfd, &ibuf,
1366 				    buf, n, 0, chattygot);
1367 			}
1368 			if (err)
1369 				goto done;
1370 			curstate = STATE_EXPECT_MORE_REF_UPDATES;
1371 		} else {
1372 			err = got_error(GOT_ERR_BAD_PACKET);
1373 			goto done;
1374 		}
1375 	}
1376 
1377 	while (curstate != STATE_PACKFILE_RECEIVED) {
1378 		err = gotd_imsg_poll_recv(&imsg, &ibuf, 0);
1379 		if (err)
1380 			goto done;
1381 		switch (imsg.hdr.type) {
1382 		case GOTD_IMSG_ERROR:
1383 			err = gotd_imsg_recv_error(NULL, &imsg);
1384 			goto done;
1385 		case GOTD_IMSG_PACKFILE_PIPE:
1386 			err = recv_packfile(&imsg, infd);
1387 			if (err) {
1388 				if (err->code != GOT_ERR_EOF)
1389 					goto done;
1390 				/*
1391 				 * EOF is reported when the client hangs up,
1392 				 * which can happen with Git clients.
1393 				 * The socket should stay half-open so we
1394 				 * can still send our reports if requested.
1395 				 */
1396 				err = NULL;
1397 			}
1398 			curstate = STATE_PACKFILE_RECEIVED;
1399 			break;
1400 		default:
1401 			err = got_error(GOT_ERR_PRIVSEP_MSG);
1402 			break;
1403 		}
1404 
1405 		imsg_free(&imsg);
1406 		if (err)
1407 			goto done;
1408 	}
1409 
1410 	while (curstate != STATE_REFS_UPDATED && err == NULL) {
1411 		err = gotd_imsg_poll_recv(&imsg, &ibuf, 0);
1412 		if (err)
1413 			break;
1414 		switch (imsg.hdr.type) {
1415 		case GOTD_IMSG_ERROR:
1416 			err = gotd_imsg_recv_error(NULL, &imsg);
1417 			break;
1418 		case GOTD_IMSG_PACKFILE_STATUS:
1419 			if (!report_status)
1420 				break;
1421 			err = report_unpack_status(&imsg, outfd, chattygot);
1422 			break;
1423 		case GOTD_IMSG_REF_UPDATE_OK:
1424 			if (!report_status)
1425 				break;
1426 			err = recv_ref_update_ok(&imsg, outfd, chattygot);
1427 			break;
1428 		case GOTD_IMSG_REF_UPDATE_NG:
1429 			if (!report_status)
1430 				break;
1431 			err = recv_ref_update_ng(&imsg, outfd, chattygot);
1432 			break;
1433 		case GOTD_IMSG_REFS_UPDATED:
1434 			curstate = STATE_REFS_UPDATED;
1435 			err = got_pkt_flushpkt(outfd, chattygot);
1436 			break;
1437 		default:
1438 			err = got_error(GOT_ERR_PRIVSEP_MSG);
1439 			break;
1440 		}
1441 
1442 		imsg_free(&imsg);
1443 	}
1444 done:
1445 	imsg_clear(&ibuf);
1446 	if (err)
1447 		echo_error(err, outfd, chattygot);
1448 	return err;
1449 }
1450 
1451 const struct got_error *
1452 got_serve(int infd, int outfd, const char *gitcmd, int gotd_sock, int chattygot)
1453 {
1454 	const struct got_error *err = NULL;
1455 	char *command = NULL, *repo_path = NULL;
1456 
1457 	err = parse_command(&command, &repo_path, gitcmd);
1458 	if (err)
1459 		return err;
1460 
1461 	if (strcmp(command, GOT_SERVE_CMD_FETCH) == 0)
1462 		err = serve_read(infd, outfd, gotd_sock, repo_path, chattygot);
1463 	else if (strcmp(command, GOT_SERVE_CMD_SEND) == 0)
1464 		err = serve_write(infd, outfd, gotd_sock, repo_path, chattygot);
1465 	else
1466 		err = got_error(GOT_ERR_BAD_PACKET);
1467 
1468 	free(command);
1469 	free(repo_path);
1470 	return err;
1471 }