gotd/gotd.h

   1 /*
   2  * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
   3  *
   4  * Permission to use, copy, modify, and distribute this software for any
   5  * purpose with or without fee is hereby granted, provided that the above
   6  * copyright notice and this permission notice appear in all copies.
   7  *
   8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
   9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  15  */
  16
  17 #include "got_compat.h"
  18
  19 #define GOTD_UNIX_SOCKET "/var/run/gotd.sock"
  20 #define GOTD_UNIX_SOCKET_BACKLOG 10
  21 #define GOTD_USER       "_gotd"
  22 #define GOTD_CONF_PATH  "/etc/gotd.conf"
  23 #ifndef GOTD_EMPTY_PATH
  24 #define GOTD_EMPTY_PATH "/var/empty"
  25 #endif
  26
  27 #define GOTD_MAXCLIENTS         1024
  28 #define GOTD_MAX_CONN_PER_UID   4
  29 #define GOTD_FD_RESERVE         5
  30 #define GOTD_FD_NEEDED          6
  31 #define GOTD_FILENO_MSG_PIPE    3
  32
  33 #define GOTD_DEFAULT_REQUEST_TIMEOUT    3600
  34
  35 /* Client hash tables need some extra room. */
  36 #define GOTD_CLIENT_TABLE_SIZE (GOTD_MAXCLIENTS * 4)
  37
  38 enum gotd_procid {
  39         PROC_GOTD       = 0,
  40         PROC_LISTEN,
  41         PROC_AUTH,
  42         PROC_SESSION_READ,
  43         PROC_SESSION_WRITE,
  44         PROC_REPO_READ,
  45         PROC_REPO_WRITE,
  46         PROC_GITWRAPPER,
  47         PROC_MAX,
  48 };
  49
  50 struct gotd_imsgev {
  51         struct imsgbuf   ibuf;
  52         void            (*handler)(int, short, void *);
  53         void            *handler_arg;
  54         struct event     ev;
  55         short            events;
  56 };
  57
  58 enum gotd_access {
  59         GOTD_ACCESS_PERMITTED = 1,
  60         GOTD_ACCESS_DENIED
  61 };
  62
  63 struct gotd_access_rule {
  64         STAILQ_ENTRY(gotd_access_rule) entry;
  65
  66         enum gotd_access access;
  67
  68         int authorization;
  69 #define GOTD_AUTH_READ          0x1
  70 #define GOTD_AUTH_WRITE         0x2
  71
  72         char *identifier;
  73 };
  74 STAILQ_HEAD(gotd_access_rule_list, gotd_access_rule);
  75
  76 struct gotd_repo {
  77         TAILQ_ENTRY(gotd_repo)   entry;
  78
  79         char name[NAME_MAX];
  80         char path[PATH_MAX];
  81
  82         struct gotd_access_rule_list rules;
  83         struct got_pathlist_head protected_tag_namespaces;
  84         struct got_pathlist_head protected_branch_namespaces;
  85         struct got_pathlist_head protected_branches;
  86 };
  87 TAILQ_HEAD(gotd_repolist, gotd_repo);
  88
  89 enum gotd_session_state {
  90         GOTD_STATE_EXPECT_LIST_REFS,
  91         GOTD_STATE_EXPECT_CAPABILITIES,
  92         GOTD_STATE_EXPECT_WANT,
  93         GOTD_STATE_EXPECT_REF_UPDATE,
  94         GOTD_STATE_EXPECT_MORE_REF_UPDATES,
  95         GOTD_STATE_EXPECT_HAVE,
  96         GOTD_STATE_EXPECT_PACKFILE,
  97         GOTD_STATE_EXPECT_DONE,
  98         GOTD_STATE_DONE,
  99 };
 100
 101 struct gotd_client_capability {
 102         char *key;
 103         char *value;
 104 };
 105
 106 struct gotd_object_id_array {
 107         struct got_object_id            **ids;
 108         size_t                           nalloc;
 109         size_t                           nids;
 110 };
 111
 112 struct gotd_uid_connection_limit {
 113         uid_t uid;
 114         int max_connections;
 115 };
 116
 117 struct gotd_child_proc;
 118
 119 struct gotd {
 120         pid_t pid;
 121         char unix_socket_path[PATH_MAX];
 122         char user_name[32];
 123         struct gotd_repolist repos;
 124         int nrepos;
 125         struct gotd_child_proc *listen_proc;
 126         struct timeval request_timeout;
 127         struct timeval auth_timeout;
 128         struct gotd_uid_connection_limit *connection_limits;
 129         size_t nconnection_limits;
 130
 131         char *argv0;
 132         const char *confpath;
 133         int daemonize;
 134         int verbosity;
 135 };
 136
 137 enum gotd_imsg_type {
 138         /* An error occured while processing a request. */
 139         GOTD_IMSG_ERROR,
 140
 141         /* Commands used by gotctl(8). */
 142         GOTD_IMSG_INFO,
 143         GOTD_IMSG_INFO_REPO,
 144         GOTD_IMSG_INFO_CLIENT,
 145         GOTD_IMSG_STOP,
 146
 147         /* Request a list of references. */
 148         GOTD_IMSG_LIST_REFS,
 149         GOTD_IMSG_LIST_REFS_INTERNAL,
 150
 151         /* References. */
 152         GOTD_IMSG_REFLIST,
 153         GOTD_IMSG_REF,
 154         GOTD_IMSG_SYMREF,
 155
 156         /* Git protocol capabilities. */
 157         GOTD_IMSG_CAPABILITIES,
 158         GOTD_IMSG_CAPABILITY,
 159
 160         /* Git protocol chatter. */
 161         GOTD_IMSG_WANT,         /* The client wants an object. */
 162         GOTD_IMSG_HAVE,         /* The client has an object. */
 163         GOTD_IMSG_ACK,          /* The server has an object or a reference. */
 164         GOTD_IMSG_NAK,          /* The server does not have an object/ref. */
 165         GOTD_IMSG_REF_UPDATE,   /* The client wants to update a reference. */
 166         GOTD_IMSG_REF_DELETE,   /* The client wants to delete a reference. */
 167         GOTD_IMSG_FLUSH,        /* The client sent a flush packet. */
 168         GOTD_IMSG_DONE,         /* The client is done chatting. */
 169
 170         /* Sending or receiving a pack file. */
 171         GOTD_IMSG_SEND_PACKFILE, /* The server is sending a pack file. */
 172         GOTD_IMSG_RECV_PACKFILE, /* The server is receiving a pack file. */
 173         GOTD_IMSG_PACKIDX_FILE,  /* Temporary file handle for new pack index. */
 174         GOTD_IMSG_PACKFILE_PIPE, /* Pipe to send/receive a pack file stream. */
 175         GOTD_IMSG_PACKFILE_PROGRESS, /* Progress reporting. */
 176         GOTD_IMSG_PACKFILE_READY, /* Pack file is ready to be sent. */
 177         GOTD_IMSG_PACKFILE_STATUS, /* Received pack success/failure status. */
 178         GOTD_IMSG_PACKFILE_INSTALL, /* Received pack file can be installed. */
 179         GOTD_IMSG_PACKFILE_DONE, /* Pack file has been sent/received. */
 180
 181         /* Reference updates. */
 182         GOTD_IMSG_REF_UPDATES_START, /* Ref updates starting. */
 183         GOTD_IMSG_REF_UPDATE_OK, /* Update went OK. */
 184         GOTD_IMSG_REF_UPDATE_NG, /* Update was not good. */
 185         GOTD_IMSG_REFS_UPDATED, /* The server proccessed all ref updates. */
 186
 187         /* Client connections. */
 188         GOTD_IMSG_DISCONNECT,
 189         GOTD_IMSG_CONNECT,
 190
 191         /* Child process management. */
 192         GOTD_IMSG_CLIENT_SESSION_READY,
 193         GOTD_IMSG_REPO_CHILD_READY,
 194         GOTD_IMSG_CONNECT_REPO_CHILD,
 195
 196         /* Auth child process. */
 197         GOTD_IMSG_AUTHENTICATE,
 198         GOTD_IMSG_ACCESS_GRANTED,
 199 };
 200
 201 /* Structure for GOTD_IMSG_ERROR. */
 202 struct gotd_imsg_error {
 203         int code; /* an error code from got_error.h */
 204         int errno_code; /* in case code equals GOT_ERR_ERRNO */
 205         uint32_t client_id;
 206         char msg[GOT_ERR_MAX_MSG_SIZE];
 207 } __attribute__((__packed__));
 208
 209 /* Structure for GOTD_IMSG_INFO. */
 210 struct gotd_imsg_info {
 211         pid_t pid;
 212         int verbosity;
 213         int nrepos;
 214         int nclients;
 215
 216         /* Followed by nrepos GOTD_IMSG_INFO_REPO messages. */
 217         /* Followed by nclients GOTD_IMSG_INFO_CLIENT messages. */
 218 };
 219
 220 /* Structure for GOTD_IMSG_INFO_REPO. */
 221 struct gotd_imsg_info_repo {
 222         char repo_name[NAME_MAX];
 223         char repo_path[PATH_MAX];
 224 };
 225
 226 /* Structure for GOTD_IMSG_INFO_CLIENT */
 227 struct gotd_imsg_info_client {
 228         uid_t euid;
 229         gid_t egid;
 230         char repo_name[NAME_MAX];
 231         int is_writing;
 232         pid_t session_child_pid;
 233         pid_t repo_child_pid;
 234 };
 235
 236 /* Structure for GOTD_IMSG_LIST_REFS. */
 237 struct gotd_imsg_list_refs {
 238         char repo_name[NAME_MAX];
 239         int client_is_reading; /* 1 if reading, 0 if writing */
 240 };
 241
 242 /* Structure for GOTD_IMSG_LIST_REFS_INTERNAL. */
 243 struct gotd_imsg_list_refs_internal {
 244         uint32_t client_id;
 245 };
 246
 247 /* Structure for GOTD_IMSG_REFLIST. */
 248 struct gotd_imsg_reflist {
 249         size_t nrefs;
 250
 251         /* Followed by nrefs times of gotd_imsg_ref/gotd_imsg_symref data. */
 252 } __attribute__((__packed__));
 253
 254 /* Structure for GOTD_IMSG_REF data. */
 255 struct gotd_imsg_ref {
 256         uint8_t id[SHA1_DIGEST_LENGTH];
 257         size_t name_len;
 258         /* Followed by name_len data bytes. */
 259 } __attribute__((__packed__));
 260
 261 /* Structure for GOTD_IMSG_SYMREF data. */
 262 struct gotd_imsg_symref {
 263         size_t name_len;
 264         size_t target_len;
 265         uint8_t target_id[SHA1_DIGEST_LENGTH];
 266
 267         /*
 268          * Followed by name_len + target_len data bytes.
 269          */
 270 } __attribute__((__packed__));
 271
 272 /* Structure for GOTD_IMSG_CAPABILITIES data. */
 273 struct gotd_imsg_capabilities {
 274         size_t ncapabilities;
 275
 276         /*
 277          * Followed by ncapabilities * GOTD_IMSG_CAPABILITY.
 278          */
 279 } __attribute__((__packed__));
 280
 281 /* Structure for GOTD_IMSG_CAPABILITY data. */
 282 struct gotd_imsg_capability {
 283         size_t key_len;
 284         size_t value_len;
 285
 286         /*
 287          * Followed by key_len + value_len data bytes.
 288          */
 289 } __attribute__((__packed__));
 290
 291 /* Structure for GOTD_IMSG_WANT data. */
 292 struct gotd_imsg_want {
 293         uint8_t object_id[SHA1_DIGEST_LENGTH];
 294         uint32_t client_id;
 295 } __attribute__((__packed__));
 296
 297 /* Structure for GOTD_IMSG_HAVE data. */
 298 struct gotd_imsg_have {
 299         uint8_t object_id[SHA1_DIGEST_LENGTH];
 300         uint32_t client_id;
 301 } __attribute__((__packed__));
 302
 303 /* Structure for GOTD_IMSG_ACK data. */
 304 struct gotd_imsg_ack {
 305         uint8_t object_id[SHA1_DIGEST_LENGTH];
 306         uint32_t client_id;
 307 } __attribute__((__packed__));
 308
 309 /* Structure for GOTD_IMSG_NAK data. */
 310 struct gotd_imsg_nak {
 311         uint8_t object_id[SHA1_DIGEST_LENGTH];
 312         uint32_t client_id;
 313 } __attribute__((__packed__));
 314
 315 /* Structure for GOTD_IMSG_PACKFILE_STATUS data. */
 316 struct gotd_imsg_packfile_status {
 317         size_t reason_len;
 318
 319         /* Followed by reason_len data bytes. */
 320 } __attribute__((__packed__));
 321
 322
 323 /* Structure for GOTD_IMSG_REF_UPDATE data. */
 324 struct gotd_imsg_ref_update {
 325         uint8_t old_id[SHA1_DIGEST_LENGTH];
 326         uint8_t new_id[SHA1_DIGEST_LENGTH];
 327         int ref_is_new;
 328         int delete_ref;
 329         uint32_t client_id;
 330         size_t name_len;
 331
 332         /* Followed by name_len data bytes. */
 333 } __attribute__((__packed__));
 334
 335 /* Structure for GOTD_IMSG_REF_UPDATES_START data. */
 336 struct gotd_imsg_ref_updates_start {
 337         int nref_updates;
 338         uint32_t client_id;
 339
 340         /* Followed by nref_updates GOT_IMSG_REF_UPDATE_OK/NG messages. */
 341 };
 342
 343 /* Structure for GOTD_IMSG_REF_UPDATE_OK data. */
 344 struct gotd_imsg_ref_update_ok {
 345         uint8_t old_id[SHA1_DIGEST_LENGTH];
 346         uint8_t new_id[SHA1_DIGEST_LENGTH];
 347         int ref_is_new;
 348         uint32_t client_id;
 349         size_t name_len;
 350
 351         /* Followed by name_len data bytes. */
 352 } __attribute__((__packed__));
 353
 354 /* Structure for GOTD_IMSG_REF_UPDATE_NG data. */
 355 struct gotd_imsg_ref_update_ng {
 356         uint8_t old_id[SHA1_DIGEST_LENGTH];
 357         uint8_t new_id[SHA1_DIGEST_LENGTH];
 358         uint32_t client_id;
 359         size_t name_len;
 360         size_t reason_len;
 361
 362         /* Followed by name_len + reason_len data bytes. */
 363 } __attribute__((__packed__));
 364
 365 /* Structure for GOTD_IMSG_SEND_PACKFILE data. */
 366 struct gotd_imsg_send_packfile {
 367         uint32_t client_id;
 368         int report_progress;
 369
 370         /* delta cache file is sent as a file descriptor */
 371
 372         /* followed by two GOTD_IMSG_PACKFILE_PIPE messages */
 373 };
 374
 375 /* Structure for GOTD_IMSG_RECV_PACKFILE data. */
 376 struct gotd_imsg_recv_packfile {
 377         uint32_t client_id;
 378         int report_status;
 379
 380         /* pack destination temp file is sent as a file descriptor */
 381 };
 382
 383 /* Structure for GOTD_IMSG_PACKFILE_PIPE data. */
 384 struct gotd_imsg_packfile_pipe {
 385         uint32_t client_id;
 386 };
 387
 388 /* Structure for GOTD_IMSG_PACKIDX_FILE data. */
 389 struct gotd_imsg_packidx_file {
 390         uint32_t client_id;
 391 };
 392
 393
 394 /*
 395  * Structure for GOTD_IMSG_PACKFILE_PROGRESS and
 396  * GOTD_IMSG_PACKFILE_READY data.
 397  */
 398 struct gotd_imsg_packfile_progress {
 399         uint32_t client_id;
 400         int ncolored;
 401         int nfound;
 402         int ntrees;
 403         off_t packfile_size;
 404         int ncommits;
 405         int nobj_total;
 406         int nobj_deltify;
 407         int nobj_written;
 408 };
 409
 410 /* Structure for GOTD_IMSG_PACKFILE_INSTALL. */
 411 struct gotd_imsg_packfile_install {
 412         uint32_t client_id;
 413         uint8_t pack_sha1[SHA1_DIGEST_LENGTH];
 414 };
 415
 416 /* Structure for GOTD_IMSG_PACKFILE_DONE data. */
 417 struct gotd_imsg_packfile_done {
 418         uint32_t client_id;
 419 };
 420
 421 /* Structure for GOTD_IMSG_DISCONNECT data. */
 422 struct gotd_imsg_disconnect {
 423         uint32_t client_id;
 424 };
 425
 426 /* Structure for GOTD_IMSG_CONNECT. */
 427 struct gotd_imsg_connect {
 428         uint32_t client_id;
 429         uid_t euid;
 430         gid_t egid;
 431 };
 432
 433 /* Structure for GOTD_IMSG_CONNECT_REPO_CHILD. */
 434 struct gotd_imsg_connect_repo_child {
 435         uint32_t client_id;
 436         enum gotd_procid proc_id;
 437
 438         /* repo child imsg pipe is passed via imsg fd */
 439 };
 440
 441 /* Structure for GOTD_IMSG_AUTHENTICATE. */
 442 struct gotd_imsg_auth {
 443         uid_t euid;
 444         gid_t egid;
 445         int required_auth;
 446         uint32_t client_id;
 447 };
 448
 449 int enter_chroot(const char *);
 450 int parse_config(const char *, enum gotd_procid, struct gotd *);
 451 struct gotd_repo *gotd_find_repo_by_name(const char *, struct gotd *);
 452 struct gotd_repo *gotd_find_repo_by_path(const char *, struct gotd *);
 453 struct gotd_uid_connection_limit *gotd_find_uid_connection_limit(
 454     struct gotd_uid_connection_limit *limits, size_t nlimits, uid_t uid);
 455 int gotd_parseuid(const char *s, uid_t *uid);
 456
 457 /* imsg.c */
 458 const struct got_error *gotd_imsg_flush(struct imsgbuf *);
 459 const struct got_error *gotd_imsg_recv(struct imsg *, struct imsgbuf *, size_t);
 460 const struct got_error *gotd_imsg_poll_recv(struct imsg *, struct imsgbuf *,
 461     size_t);
 462 const struct got_error *gotd_imsg_recv_error(uint32_t *client_id,
 463     struct imsg *imsg);
 464 int gotd_imsg_send_error(struct imsgbuf *ibuf, uint32_t, uint32_t,
 465     const struct got_error *);
 466 int gotd_imsg_send_error_event(struct gotd_imsgev *, uint32_t, uint32_t,
 467     const struct got_error *);
 468 void gotd_imsg_event_add(struct gotd_imsgev *);
 469 int gotd_imsg_compose_event(struct gotd_imsgev *, uint16_t, uint32_t, int,
 470     void *, uint16_t);
 471 int gotd_imsg_forward(struct gotd_imsgev *, struct imsg *, int);
 472
 473 void gotd_imsg_send_ack(struct got_object_id *, struct imsgbuf *,
 474     uint32_t, pid_t);
 475 void gotd_imsg_send_nak(struct got_object_id *, struct imsgbuf *,
 476     uint32_t, pid_t);