| blob | 7dcc1e80f53fa249b30e5aa7ce4a8e337967d80b |
1 /*
2 * Copyright (c) 2018, 2019 Stefan Sperling <stsp@openbsd.org>
3 * Copyright (c) 2019, Ori Bernstein <ori@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
18 /*
19 * All code runs under the same UID but sensitive code paths are run in a
20 * separate process with tighter pledge(2) promises; data is communicated
21 * between processes via imsgbuf_flush(3) and imsgbuf_read(3).
22 * This behaviour is transparent to users of the library.
23 *
24 * We generally transmit data in imsg buffers, split across several messages
25 * if necessary. File descriptors are used in cases where this is impractical,
26 * such as when accessing pack files or when transferring large blobs.
27 *
28 * We exec(2) after a fork(2). Parts of our library functionality are
29 * accessible via separate executables in a libexec directory.
30 */
32 #define GOT_IMSG_FD_CHILD (STDERR_FILENO + 1)
34 #ifndef GOT_LIBEXECDIR
35 #define GOT_LIBEXECDIR /usr/local/bin
36 #endif
38 /* Names of helper programs in libexec directory */
39 #define GOT_PROG_READ_OBJECT got-read-object
40 #define GOT_PROG_READ_TREE got-read-tree
41 #define GOT_PROG_READ_COMMIT got-read-commit
42 #define GOT_PROG_READ_BLOB got-read-blob
43 #define GOT_PROG_READ_TAG got-read-tag
44 #define GOT_PROG_READ_PACK got-read-pack
45 #define GOT_PROG_READ_GITCONFIG got-read-gitconfig
46 #define GOT_PROG_READ_GOTCONFIG got-read-gotconfig
47 #define GOT_PROG_READ_PATCH got-read-patch
48 #define GOT_PROG_FETCH_PACK got-fetch-pack
49 #define GOT_PROG_INDEX_PACK got-index-pack
50 #define GOT_PROG_SEND_PACK got-send-pack
51 #define GOT_PROG_FETCH_HTTP got-fetch-http
53 #define GOT_STRINGIFY(x) #x
54 #define GOT_STRINGVAL(x) GOT_STRINGIFY(x)
56 /* Paths to helper programs in libexec directory */
57 #define GOT_PATH_PROG_READ_OBJECT \
59 #define GOT_PATH_PROG_READ_TREE \
61 #define GOT_PATH_PROG_READ_COMMIT \
63 #define GOT_PATH_PROG_READ_BLOB \
65 #define GOT_PATH_PROG_READ_TAG \
67 #define GOT_PATH_PROG_READ_PACK \
69 #define GOT_PATH_PROG_READ_GITCONFIG \
71 #define GOT_PATH_PROG_READ_GOTCONFIG \
73 #define GOT_PATH_PROG_READ_PATCH \
75 #define GOT_PATH_PROG_FETCH_PACK \
77 #define GOT_PATH_PROG_SEND_PACK \
79 #define GOT_PATH_PROG_INDEX_PACK \
81 #define GOT_PATH_PROG_FETCH_HTTP \
85 /* An error occurred while processing a request. */
86 GOT_IMSG_ERROR,
88 /* Stop the child process. */
89 GOT_IMSG_STOP,
91 /*
92 * Messages concerned with read access to objects in a repository.
93 * Object and pack files are opened by the main process, where
94 * data may be read as a byte string but without any interpretation.
95 * Decompression and parsing of object and pack files occurs in a
96 * separate process which runs under pledge("stdio recvfd").
97 * This sandboxes our own repository parsing code, as well as zlib.
98 */
99 GOT_IMSG_OBJECT_REQUEST,
100 GOT_IMSG_OBJECT,
101 GOT_IMSG_COMMIT_REQUEST,
102 GOT_IMSG_COMMIT,
103 GOT_IMSG_COMMIT_LOGMSG,
104 GOT_IMSG_TREE_REQUEST,
105 GOT_IMSG_TREE,
106 GOT_IMSG_TREE_ENTRIES,
107 GOT_IMSG_BLOB_REQUEST,
108 GOT_IMSG_BLOB_OUTFD,
109 GOT_IMSG_BLOB,
110 GOT_IMSG_TAG_REQUEST,
111 GOT_IMSG_TAG,
112 GOT_IMSG_TAG_TAGMSG,
114 /* Messages related to networking. */
115 GOT_IMSG_FETCH_REQUEST,
116 GOT_IMSG_FETCH_HAVE_REF,
117 GOT_IMSG_FETCH_WANTED_BRANCH,
118 GOT_IMSG_FETCH_WANTED_REF,
119 GOT_IMSG_FETCH_OUTFD,
120 GOT_IMSG_FETCH_SYMREFS,
121 GOT_IMSG_FETCH_REF,
122 GOT_IMSG_FETCH_SERVER_PROGRESS,
123 GOT_IMSG_FETCH_DOWNLOAD_PROGRESS,
124 GOT_IMSG_FETCH_DONE,
125 GOT_IMSG_IDXPACK_REQUEST,
126 GOT_IMSG_IDXPACK_OUTFD,
127 GOT_IMSG_IDXPACK_PROGRESS,
128 GOT_IMSG_IDXPACK_DONE,
129 GOT_IMSG_SEND_REQUEST,
130 GOT_IMSG_SEND_REF,
131 GOT_IMSG_SEND_REMOTE_REF,
132 GOT_IMSG_SEND_REF_STATUS,
133 GOT_IMSG_SEND_PACK_REQUEST,
134 GOT_IMSG_SEND_PACKFD,
135 GOT_IMSG_SEND_UPLOAD_PROGRESS,
136 GOT_IMSG_SEND_DONE,
138 /* Messages related to pack files. */
139 GOT_IMSG_PACKIDX,
140 GOT_IMSG_PACK,
141 GOT_IMSG_PACKED_OBJECT_REQUEST,
142 GOT_IMSG_COMMIT_TRAVERSAL_REQUEST,
143 GOT_IMSG_TRAVERSED_COMMITS,
144 GOT_IMSG_COMMIT_TRAVERSAL_DONE,
145 GOT_IMSG_OBJECT_ENUMERATION_REQUEST,
146 GOT_IMSG_ENUMERATED_COMMIT,
147 GOT_IMSG_ENUMERATED_TREE,
148 GOT_IMSG_TREE_ENUMERATION_DONE,
149 GOT_IMSG_OBJECT_ENUMERATION_DONE,
150 GOT_IMSG_OBJECT_ENUMERATION_INCOMPLETE,
152 /* Message sending file descriptor to a temporary file. */
153 GOT_IMSG_TMPFD,
155 /* Messages related to gitconfig files. */
156 GOT_IMSG_GITCONFIG_PARSE_REQUEST,
157 GOT_IMSG_GITCONFIG_REPOSITORY_FORMAT_VERSION_REQUEST,
158 GOT_IMSG_GITCONFIG_REPOSITORY_EXTENSIONS_REQUEST,
159 GOT_IMSG_GITCONFIG_AUTHOR_NAME_REQUEST,
160 GOT_IMSG_GITCONFIG_AUTHOR_EMAIL_REQUEST,
161 GOT_IMSG_GITCONFIG_REMOTES_REQUEST,
162 GOT_IMSG_GITCONFIG_INT_VAL,
163 GOT_IMSG_GITCONFIG_STR_VAL,
164 GOT_IMSG_GITCONFIG_PAIR,
165 GOT_IMSG_GITCONFIG_REMOTES,
166 GOT_IMSG_GITCONFIG_REMOTE,
167 GOT_IMSG_GITCONFIG_OWNER_REQUEST,
168 GOT_IMSG_GITCONFIG_OWNER,
170 /* Messages related to gotconfig files. */
171 GOT_IMSG_GOTCONFIG_PARSE_REQUEST,
172 GOT_IMSG_GOTCONFIG_AUTHOR_REQUEST,
173 GOT_IMSG_GOTCONFIG_ALLOWEDSIGNERS_REQUEST,
174 GOT_IMSG_GOTCONFIG_REVOKEDSIGNERS_REQUEST,
175 GOT_IMSG_GOTCONFIG_SIGNERID_REQUEST,
176 GOT_IMSG_GOTCONFIG_REMOTES_REQUEST,
177 GOT_IMSG_GOTCONFIG_INT_VAL,
178 GOT_IMSG_GOTCONFIG_STR_VAL,
179 GOT_IMSG_GOTCONFIG_REMOTES,
180 GOT_IMSG_GOTCONFIG_REMOTE,
182 /* Raw object access. Uncompress object data but do not parse it. */
183 GOT_IMSG_RAW_OBJECT_REQUEST,
184 GOT_IMSG_RAW_OBJECT_OUTFD,
185 GOT_IMSG_PACKED_RAW_OBJECT_REQUEST,
186 GOT_IMSG_RAW_OBJECT,
188 /* Read raw delta data from pack files. */
189 GOT_IMSG_RAW_DELTA_OUTFD,
190 GOT_IMSG_RAW_DELTA_REQUEST,
191 GOT_IMSG_RAW_DELTA,
193 /* Reuse deltas found in a pack file. */
194 GOT_IMSG_DELTA_REUSE_REQUEST,
195 GOT_IMSG_REUSED_DELTAS,
196 GOT_IMSG_DELTA_REUSE_DONE,
198 /* Commit coloring in got-read-pack. */
199 GOT_IMSG_COMMIT_PAINTING_INIT,
200 GOT_IMSG_COMMIT_PAINTING_REQUEST,
201 GOT_IMSG_PAINTED_COMMITS,
202 GOT_IMSG_COMMIT_PAINTING_DONE,
204 /* Transfer a list of object IDs. */
205 GOT_IMSG_OBJ_ID_LIST,
206 GOT_IMSG_OBJ_ID_LIST_DONE,
208 /* Messages related to patch files. */
209 GOT_IMSG_PATCH_FILE,
210 GOT_IMSG_PATCH_HUNK,
211 GOT_IMSG_PATCH_DONE,
212 GOT_IMSG_PATCH_LINE,
213 GOT_IMSG_PATCH,
214 GOT_IMSG_PATCH_EOF,
215 };
217 /* Structure for GOT_IMSG_ERROR. */
223 /*
224 * Structure for GOT_IMSG_TREE_REQUEST and GOT_IMSG_OBJECT data.
225 */
229 /* These fields are the same as in struct got_object. */
234 off_t pack_offset;
238 /* Structure for GOT_IMSG_COMMIT data. */
250 /*
251 * Followed by author_len + committer_len data bytes
252 */
254 /* Followed by 'nparents' struct got_object_id */
256 /*
257 * Followed by 'logmsg_len' bytes of commit log message data in
258 * one or more GOT_IMSG_COMMIT_LOGMSG messages.
259 */
265 mode_t mode;
267 /* Followed by namelen bytes of entry's name, not NUL-terminated. */
270 /* Structure for GOT_IMSG_TREE_ENTRIES. */
274 /* Followed by nentries * struct got_imsg_tree_entry */
275 };
277 /* Structure for GOT_IMSG_TREE_OBJECT_REPLY data. */
280 };
282 /* Structure for GOT_IMSG_BLOB. */
287 /*
288 * If size <= GOT_PRIVSEP_INLINE_BLOB_DATA_MAX, blob data follows
289 * in the imsg buffer. Otherwise, blob data has been written to a
290 * file descriptor passed via the GOT_IMSG_BLOB_OUTFD imsg.
291 */
292 #define GOT_PRIVSEP_INLINE_BLOB_DATA_MAX \
293 (MAX_IMSGSIZE - IMSG_HEADER_SIZE - sizeof(struct got_imsg_blob))
294 };
296 /* Structure for GOT_IMSG_RAW_OBJECT. */
298 off_t size;
301 /*
302 * If size <= GOT_PRIVSEP_INLINE_OBJECT_DATA_MAX, object data follows
303 * in the imsg buffer. Otherwise, object data has been written to a
304 * file descriptor passed via the GOT_IMSG_RAW_OBJECT_OUTFD imsg.
305 */
306 #define GOT_PRIVSEP_INLINE_OBJECT_DATA_MAX \
307 (MAX_IMSGSIZE - IMSG_HEADER_SIZE - sizeof(struct got_imsg_raw_obj))
308 };
310 /* Structure for GOT_IMSG_RAW_DELTA. */
315 off_t delta_size;
316 off_t delta_compressed_size;
317 off_t delta_offset;
318 off_t delta_out_offset;
320 /*
321 * Delta data has been written at delta_out_offset to the file
322 * descriptor passed via the GOT_IMSG_RAW_DELTA_OUTFD imsg.
323 */
324 };
326 /* Structures for GOT_IMSG_REUSED_DELTAS. */
332 off_t delta_size;
333 off_t delta_compressed_size;
334 off_t delta_offset;
335 };
339 /*
340 * Followed by ndeltas * struct got_imsg_reused_delta.
341 */
343 #define GOT_IMSG_REUSED_DELTAS_MAX_NDELTAS \
344 ((MAX_IMSGSIZE - IMSG_HEADER_SIZE - \
345 sizeof(struct got_imsg_reused_deltas)) \
346 / sizeof(struct got_imsg_reused_delta))
347 };
349 /* Structure for GOT_IMSG_COMMIT_PAINTING_REQUEST. */
356 /* Structure for GOT_IMSG_PAINTED_COMMITS. */
365 /*
366 * Followed by ncommits * struct got_imsg_painted_commit.
367 */
370 /* Structure for GOT_IMSG_TAG data. */
380 /*
381 * Followed by tag_len + tagger_len data bytes
382 */
384 /*
385 * Followed by 'tagmsg_len' bytes of tag message data in
386 * one or more GOT_IMSG_TAG_TAGMSG messages.
387 */
390 /* Structure for GOT_IMSG_FETCH_HAVE_REF data. */
394 /* Followed by name_len data bytes. */
397 /* Structure for GOT_IMSG_FETCH_WANTED_BRANCH data. */
400 /* Followed by name_len data bytes. */
403 /* Structure for GOT_IMSG_FETCH_WANTED_REF data. */
406 /* Followed by name_len data bytes. */
409 /* Structure for GOT_IMSG_FETCH_REQUEST data. */
420 /* Followed by worktree_branch_len bytes of reference name. */
421 /* Followed by remote_head_len bytes of reference name. */
422 /* Followed by n_have_refs GOT_IMSG_FETCH_HAVE_REF messages. */
423 /* Followed by n_wanted_branches times GOT_IMSG_FETCH_WANTED_BRANCH. */
424 /* Followed by n_wanted_refs times GOT_IMSG_FETCH_WANTED_REF. */
427 /* Structures for GOT_IMSG_FETCH_SYMREFS data. */
432 /*
433 * Followed by name_len + target_len data bytes.
434 */
440 /* Followed by nsymrefs times of got_imsg_fetch_symref data. */
443 /* Structure for GOT_IMSG_FETCH_REF data. */
445 /* Describes a reference which will be fetched. */
447 /* Followed by reference name in remaining data of imsg buffer. */
448 };
450 /* Structure for GOT_IMSG_FETCH_DOWNLOAD_PROGRESS data. */
452 /* Number of packfile data bytes downloaded so far. */
453 off_t packfile_bytes;
454 };
456 /* Structure for GOT_IMSG_SEND_REQUEST data. */
460 /* Followed by nrefs GOT_IMSG_SEND_REF messages. */
463 /* Structure for GOT_IMSG_SEND_UPLOAD_PROGRESS data. */
465 /* Number of packfile data bytes uploaded so far. */
466 off_t packfile_bytes;
467 };
469 /* Structure for GOT_IMSG_SEND_REF data. */
474 /* Followed by name_len data bytes. */
477 /* Structure for GOT_IMSG_SEND_REMOTE_REF data. */
481 /* Followed by name_len data bytes. */
484 /* Structure for GOT_IMSG_SEND_REF_STATUS data. */
489 /* Followed by name_len data bytes. */
490 /* Followed by errmsg_len data bytes. */
493 /* Structure for GOT_IMSG_IDXPACK_REQUEST data. */
498 /* Structure for GOT_IMSG_IDXPACK_PROGRESS data. */
500 /* Total number of objects in pack file. */
503 /* Number of objects indexed so far. */
506 /* Number of non-deltified objects in pack file. */
509 /* Number of deltified objects resolved so far. */
511 };
513 /* Structure for GOT_IMSG_PACKIDX. */
516 off_t packfile_size;
518 /* Additionally, a file descriptor is passed via imsg. */
519 };
521 /* Structure for GOT_IMSG_PACK. */
524 off_t filesize;
526 /* Additionally, a file descriptor is passed via imsg. */
529 /*
530 * Structure for GOT_IMSG_OBJECT_REQUEST, GOT_IMSG_BLOB_REQUEST,
531 * GOT_IMSG_TREE_REQUEST, GOT_IMSG_COMMIT_REQUEST, and
532 * GOT_IMSG_TAG_REQUEST data.
533 */
536 /*
537 * Structure for GOT_IMSG_PACKED_OBJECT_REQUEST and
538 * GOT_IMSG_PACKED_RAW_OBJECT_REQUEST data.
539 */
545 /*
546 * Structure for GOT_IMSG_DELTA data.
547 */
549 /* These fields are the same as in struct got_delta. */
550 off_t offset;
554 off_t data_offset;
555 };
557 /*
558 * Structure for GOT_IMSG_RAW_DELTA_REQUEST data.
559 */
563 };
565 /*
566 * Structure for GOT_IMSG_OBJ_ID_LIST data.
567 * Multiple such messages may be sent back-to-back, where each message
568 * contains a chunk of IDs. The entire list must be terminated with a
569 * GOT_IMSG_OBJ_ID_LIST_DONE message.
570 */
574 /*
575 * Followed by nids * struct got_object_id.
576 */
578 #define GOT_IMSG_OBJ_ID_LIST_MAX_NIDS \
579 ((MAX_IMSGSIZE - IMSG_HEADER_SIZE - \
580 sizeof(struct got_imsg_object_idlist)) / sizeof(struct got_object_id))
581 };
583 /* Structure for GOT_IMSG_COMMIT_TRAVERSAL_REQUEST */
587 /* Followed by path_len bytes of path data */
590 /* Structure for GOT_IMSG_TRAVERSED_COMMITS */
593 /* Followed by ncommit struct got_object_id */
596 /* Structure for GOT_IMSG_ENUMERATED_COMMIT */
602 /* Structure for GOT_IMSG_ENUMERATED_TREE */
607 /* Followed by tree's path in remaining data of imsg buffer. */
609 /* Followed by nentries * GOT_IMSG_TREE_ENTRY messages. */
612 /*
613 * Structure for GOT_IMSG_GOTCONFIG_REMOTE and
614 * GOT_IMSG_GOTCONFIG_REMOTE data.
615 */
626 /* Followed by name_len data bytes. */
627 /* Followed by fetch_url_len + send_url_len data bytes. */
628 /* Followed by nfetch_branches GOT_IMSG_GITCONFIG_STR_VAL messages. */
629 /* Followed by nsend_branches GOT_IMSG_GITCONFIG_STR_VAL messages. */
630 /* Followed by nfetch_refs GOT_IMSG_GITCONFIG_STR_VAL messages. */
633 /*
634 * Structure for GOT_IMSG_GITCONFIG_REMOTES data.
635 */
638 };
640 /*
641 * Structure for GOT_IMSG_GITCONFIG_PAIR.
642 */
646 /* Followed by klen data bytes of key string. */
647 /* Followed by vlen data bytes of value string. */
648 };
650 /*
651 * Structure for GOT_IMSG_PATCH data.
652 */
660 };
662 /*
663 * Structure for GOT_IMSG_PATCH_HUNK data.
664 */
670 };