gotd/gotd.h

   1 /*
   2  * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
   3  *
   4  * Permission to use, copy, modify, and distribute this software for any
   5  * purpose with or without fee is hereby granted, provided that the above
   6  * copyright notice and this permission notice appear in all copies.
   7  *
   8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
   9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  15  */
  16
  17 #include "got_compat.h"
  18
  19 #define GOTD_UNIX_SOCKET "/var/run/gotd.sock"
  20 #define GOTD_UNIX_SOCKET_BACKLOG 10
  21 #define GOTD_USER       "_gotd"
  22 #define GOTD_CONF_PATH  "/etc/gotd.conf"
  23 #ifndef GOTD_EMPTY_PATH
  24 #define GOTD_EMPTY_PATH "/var/empty"
  25 #endif
  26
  27 #ifndef GOT_LIBEXECDIR
  28 #define GOT_LIBEXECDIR /usr/libexec
  29 #endif
  30
  31 #define GOTD_STRINGIFY(x) #x
  32 #define GOTD_STRINGVAL(x) GOTD_STRINGIFY(x)
  33
  34 #define GOTD_PROG_NOTIFY_EMAIL  got-notify-email
  35 #define GOTD_PROG_NOTIFY_HTTP   got-notify-http
  36
  37 #define GOTD_PATH_PROG_NOTIFY_EMAIL \
  38         GOTD_STRINGVAL(GOT_LIBEXECDIR) "/" \
  39         GOTD_STRINGVAL(GOTD_PROG_NOTIFY_EMAIL)
  40 #define GOTD_PATH_PROG_NOTIFY_HTTP \
  41         GOTD_STRINGVAL(GOT_LIBEXECDIR) "/" \
  42         GOTD_STRINGVAL(GOTD_PROG_NOTIFY_HTTP)
  43
  44 #define GOTD_MAXCLIENTS         1024
  45 #define GOTD_MAX_CONN_PER_UID   4
  46 #define GOTD_FD_RESERVE         5
  47 #define GOTD_FD_NEEDED          6
  48 #define GOTD_FILENO_MSG_PIPE    3
  49
  50 #define GOTD_DEFAULT_REQUEST_TIMEOUT    3600
  51
  52 /* Client hash tables need some extra room. */
  53 #define GOTD_CLIENT_TABLE_SIZE (GOTD_MAXCLIENTS * 4)
  54
  55 enum gotd_procid {
  56         PROC_GOTD       = 0,
  57         PROC_LISTEN,
  58         PROC_AUTH,
  59         PROC_SESSION_READ,
  60         PROC_SESSION_WRITE,
  61         PROC_REPO_READ,
  62         PROC_REPO_WRITE,
  63         PROC_GITWRAPPER,
  64         PROC_NOTIFY,
  65         PROC_MAX,
  66 };
  67
  68 struct gotd_imsgev {
  69         struct imsgbuf   ibuf;
  70         void            (*handler)(int, short, void *);
  71         void            *handler_arg;
  72         struct event     ev;
  73         short            events;
  74 };
  75
  76 enum gotd_access {
  77         GOTD_ACCESS_PERMITTED = 1,
  78         GOTD_ACCESS_DENIED
  79 };
  80
  81 struct gotd_access_rule {
  82         STAILQ_ENTRY(gotd_access_rule) entry;
  83
  84         enum gotd_access access;
  85
  86         int authorization;
  87 #define GOTD_AUTH_READ          0x1
  88 #define GOTD_AUTH_WRITE         0x2
  89
  90         char *identifier;
  91 };
  92 STAILQ_HEAD(gotd_access_rule_list, gotd_access_rule);
  93
  94 enum gotd_notification_target_type {
  95         GOTD_NOTIFICATION_VIA_EMAIL,
  96         GOTD_NOTIFICATION_VIA_HTTP
  97 };
  98
  99 struct gotd_notification_target {
 100         STAILQ_ENTRY(gotd_notification_target) entry;
 101
 102         enum gotd_notification_target_type type;
 103         union {
 104                 struct {
 105                         char *sender;
 106                         char *recipient;
 107                         char *responder;
 108                         char *hostname;
 109                         char *port;
 110                 } email;
 111                 struct {
 112                         int   tls;
 113                         char *hostname;
 114                         char *port;
 115                         char *path;
 116                         char *user;
 117                         char *password;
 118                 } http;
 119         } conf;
 120 };
 121 STAILQ_HEAD(gotd_notification_targets, gotd_notification_target);
 122
 123 struct gotd_repo {
 124         TAILQ_ENTRY(gotd_repo)   entry;
 125
 126         char name[NAME_MAX];
 127         char path[PATH_MAX];
 128
 129         struct gotd_access_rule_list rules;
 130         struct got_pathlist_head protected_tag_namespaces;
 131         struct got_pathlist_head protected_branch_namespaces;
 132         struct got_pathlist_head protected_branches;
 133
 134         struct got_pathlist_head notification_refs;
 135         struct got_pathlist_head notification_ref_namespaces;
 136         struct gotd_notification_targets notification_targets;
 137 };
 138 TAILQ_HEAD(gotd_repolist, gotd_repo);
 139
 140 struct gotd_client_capability {
 141         char *key;
 142         char *value;
 143 };
 144
 145 struct gotd_object_id_array {
 146         struct got_object_id            **ids;
 147         size_t                           nalloc;
 148         size_t                           nids;
 149 };
 150
 151 struct gotd_uid_connection_limit {
 152         uid_t uid;
 153         int max_connections;
 154 };
 155
 156 struct gotd_child_proc;
 157
 158 struct gotd {
 159         pid_t pid;
 160         char unix_socket_path[PATH_MAX];
 161         char user_name[32];
 162         struct gotd_repolist repos;
 163         int nrepos;
 164         struct gotd_child_proc *listen_proc;
 165         struct gotd_child_proc *notify_proc;
 166         int notifications_enabled;
 167         struct timeval request_timeout;
 168         struct timeval auth_timeout;
 169         struct gotd_uid_connection_limit *connection_limits;
 170         size_t nconnection_limits;
 171
 172         char *argv0;
 173         const char *confpath;
 174         int daemonize;
 175         int verbosity;
 176 };
 177
 178 enum gotd_imsg_type {
 179         /* An error occured while processing a request. */
 180         GOTD_IMSG_ERROR,
 181
 182         /* Commands used by gotctl(8). */
 183         GOTD_IMSG_INFO,
 184         GOTD_IMSG_INFO_REPO,
 185         GOTD_IMSG_INFO_CLIENT,
 186         GOTD_IMSG_STOP,
 187
 188         /* Request a list of references. */
 189         GOTD_IMSG_LIST_REFS,
 190         GOTD_IMSG_LIST_REFS_INTERNAL,
 191
 192         /* References. */
 193         GOTD_IMSG_REFLIST,
 194         GOTD_IMSG_REF,
 195         GOTD_IMSG_SYMREF,
 196
 197         /* Git protocol capabilities. */
 198         GOTD_IMSG_CAPABILITIES,
 199         GOTD_IMSG_CAPABILITY,
 200
 201         /* Git protocol chatter. */
 202         GOTD_IMSG_WANT,         /* The client wants an object. */
 203         GOTD_IMSG_HAVE,         /* The client has an object. */
 204         GOTD_IMSG_ACK,          /* The server has an object or a reference. */
 205         GOTD_IMSG_NAK,          /* The server does not have an object/ref. */
 206         GOTD_IMSG_REF_UPDATE,   /* The client wants to update a reference. */
 207         GOTD_IMSG_REF_DELETE,   /* The client wants to delete a reference. */
 208         GOTD_IMSG_FLUSH,        /* The client sent a flush packet. */
 209         GOTD_IMSG_DONE,         /* The client is done chatting. */
 210
 211         /* Sending or receiving a pack file. */
 212         GOTD_IMSG_SEND_PACKFILE, /* The server is sending a pack file. */
 213         GOTD_IMSG_RECV_PACKFILE, /* The server is receiving a pack file. */
 214         GOTD_IMSG_PACKIDX_FILE,  /* Temporary file handle for new pack index. */
 215         GOTD_IMSG_PACKFILE_PIPE, /* Pipe to send/receive a pack file stream. */
 216         GOTD_IMSG_PACKFILE_PROGRESS, /* Progress reporting. */
 217         GOTD_IMSG_PACKFILE_READY, /* Pack file is ready to be sent. */
 218         GOTD_IMSG_PACKFILE_STATUS, /* Received pack success/failure status. */
 219         GOTD_IMSG_PACKFILE_INSTALL, /* Received pack file can be installed. */
 220         GOTD_IMSG_PACKFILE_DONE, /* Pack file has been sent/received. */
 221
 222         /* Reference updates. */
 223         GOTD_IMSG_REF_UPDATES_START, /* Ref updates starting. */
 224         GOTD_IMSG_REF_UPDATE_OK, /* Update went OK. */
 225         GOTD_IMSG_REF_UPDATE_NG, /* Update was not good. */
 226         GOTD_IMSG_REFS_UPDATED, /* The server proccessed all ref updates. */
 227
 228         /* Client connections. */
 229         GOTD_IMSG_DISCONNECT,
 230         GOTD_IMSG_CONNECT,
 231
 232         /* Child process management. */
 233         GOTD_IMSG_CLIENT_SESSION_READY,
 234         GOTD_IMSG_REPO_CHILD_READY,
 235         GOTD_IMSG_CONNECT_REPO_CHILD,
 236
 237         /* Auth child process. */
 238         GOTD_IMSG_AUTHENTICATE,
 239         GOTD_IMSG_ACCESS_GRANTED,
 240
 241         /* Notify child process. */
 242         GOTD_IMSG_CONNECT_NOTIFIER,
 243         GOTD_IMSG_CONNECT_SESSION,
 244         GOTD_IMSG_NOTIFY,
 245         GOTD_IMSG_NOTIFICATION_SENT
 246 };
 247
 248 /* Structure for GOTD_IMSG_ERROR. */
 249 struct gotd_imsg_error {
 250         int code; /* an error code from got_error.h */
 251         int errno_code; /* in case code equals GOT_ERR_ERRNO */
 252         uint32_t client_id;
 253         char msg[GOT_ERR_MAX_MSG_SIZE];
 254 } __attribute__((__packed__));
 255
 256 /* Structure for GOTD_IMSG_INFO. */
 257 struct gotd_imsg_info {
 258         pid_t pid;
 259         int verbosity;
 260         int nrepos;
 261         int nclients;
 262
 263         /* Followed by nrepos GOTD_IMSG_INFO_REPO messages. */
 264         /* Followed by nclients GOTD_IMSG_INFO_CLIENT messages. */
 265 };
 266
 267 /* Structure for GOTD_IMSG_INFO_REPO. */
 268 struct gotd_imsg_info_repo {
 269         char repo_name[NAME_MAX];
 270         char repo_path[PATH_MAX];
 271 };
 272
 273 /* Structure for GOTD_IMSG_INFO_CLIENT */
 274 struct gotd_imsg_info_client {
 275         uid_t euid;
 276         gid_t egid;
 277         char repo_name[NAME_MAX];
 278         int is_writing;
 279         pid_t session_child_pid;
 280         pid_t repo_child_pid;
 281 };
 282
 283 /* Structure for GOTD_IMSG_LIST_REFS. */
 284 struct gotd_imsg_list_refs {
 285         char repo_name[NAME_MAX];
 286         int client_is_reading; /* 1 if reading, 0 if writing */
 287 };
 288
 289 /* Structure for GOTD_IMSG_REFLIST. */
 290 struct gotd_imsg_reflist {
 291         size_t nrefs;
 292
 293         /* Followed by nrefs times of gotd_imsg_ref/gotd_imsg_symref data. */
 294 } __attribute__((__packed__));
 295
 296 /* Structure for GOTD_IMSG_REF data. */
 297 struct gotd_imsg_ref {
 298         uint8_t id[SHA1_DIGEST_LENGTH];
 299         size_t name_len;
 300         /* Followed by name_len data bytes. */
 301 } __attribute__((__packed__));
 302
 303 /* Structure for GOTD_IMSG_SYMREF data. */
 304 struct gotd_imsg_symref {
 305         size_t name_len;
 306         size_t target_len;
 307         uint8_t target_id[SHA1_DIGEST_LENGTH];
 308
 309         /*
 310          * Followed by name_len + target_len data bytes.
 311          */
 312 } __attribute__((__packed__));
 313
 314 /* Structure for GOTD_IMSG_CAPABILITIES data. */
 315 struct gotd_imsg_capabilities {
 316         size_t ncapabilities;
 317
 318         /*
 319          * Followed by ncapabilities * GOTD_IMSG_CAPABILITY.
 320          */
 321 } __attribute__((__packed__));
 322
 323 /* Structure for GOTD_IMSG_CAPABILITY data. */
 324 struct gotd_imsg_capability {
 325         size_t key_len;
 326         size_t value_len;
 327
 328         /*
 329          * Followed by key_len + value_len data bytes.
 330          */
 331 } __attribute__((__packed__));
 332
 333 /* Structure for GOTD_IMSG_WANT data. */
 334 struct gotd_imsg_want {
 335         uint8_t object_id[SHA1_DIGEST_LENGTH];
 336 } __attribute__((__packed__));
 337
 338 /* Structure for GOTD_IMSG_HAVE data. */
 339 struct gotd_imsg_have {
 340         uint8_t object_id[SHA1_DIGEST_LENGTH];
 341 } __attribute__((__packed__));
 342
 343 /* Structure for GOTD_IMSG_ACK data. */
 344 struct gotd_imsg_ack {
 345         uint8_t object_id[SHA1_DIGEST_LENGTH];
 346 } __attribute__((__packed__));
 347
 348 /* Structure for GOTD_IMSG_NAK data. */
 349 struct gotd_imsg_nak {
 350         uint8_t object_id[SHA1_DIGEST_LENGTH];
 351 } __attribute__((__packed__));
 352
 353 /* Structure for GOTD_IMSG_PACKFILE_STATUS data. */
 354 struct gotd_imsg_packfile_status {
 355         size_t reason_len;
 356
 357         /* Followed by reason_len data bytes. */
 358 } __attribute__((__packed__));
 359
 360
 361 /* Structure for GOTD_IMSG_REF_UPDATE data. */
 362 struct gotd_imsg_ref_update {
 363         uint8_t old_id[SHA1_DIGEST_LENGTH];
 364         uint8_t new_id[SHA1_DIGEST_LENGTH];
 365         int ref_is_new;
 366         int delete_ref;
 367         size_t name_len;
 368
 369         /* Followed by name_len data bytes. */
 370 } __attribute__((__packed__));
 371
 372 /* Structure for GOTD_IMSG_REF_UPDATES_START data. */
 373 struct gotd_imsg_ref_updates_start {
 374         int nref_updates;
 375
 376         /* Followed by nref_updates GOT_IMSG_REF_UPDATE_OK/NG messages. */
 377 };
 378
 379 /* Structure for GOTD_IMSG_REF_UPDATE_OK data. */
 380 struct gotd_imsg_ref_update_ok {
 381         uint8_t old_id[SHA1_DIGEST_LENGTH];
 382         uint8_t new_id[SHA1_DIGEST_LENGTH];
 383         int ref_is_new;
 384         size_t name_len;
 385
 386         /* Followed by name_len data bytes. */
 387 } __attribute__((__packed__));
 388
 389 /* Structure for GOTD_IMSG_REF_UPDATE_NG data. */
 390 struct gotd_imsg_ref_update_ng {
 391         uint8_t old_id[SHA1_DIGEST_LENGTH];
 392         uint8_t new_id[SHA1_DIGEST_LENGTH];
 393         size_t name_len;
 394         size_t reason_len;
 395
 396         /* Followed by name_len + reason_len data bytes. */
 397 } __attribute__((__packed__));
 398
 399 /* Structure for GOTD_IMSG_SEND_PACKFILE data. */
 400 struct gotd_imsg_send_packfile {
 401         int report_progress;
 402
 403         /* delta cache file is sent as a file descriptor */
 404
 405         /* followed by two GOTD_IMSG_PACKFILE_PIPE messages */
 406 };
 407
 408 /* Structure for GOTD_IMSG_RECV_PACKFILE data. */
 409 struct gotd_imsg_recv_packfile {
 410         int report_status;
 411
 412         /* pack destination temp file is sent as a file descriptor */
 413 };
 414
 415 /*
 416  * Structure for GOTD_IMSG_PACKFILE_PROGRESS and
 417  * GOTD_IMSG_PACKFILE_READY data.
 418  */
 419 struct gotd_imsg_packfile_progress {
 420         int ncolored;
 421         int nfound;
 422         int ntrees;
 423         off_t packfile_size;
 424         int ncommits;
 425         int nobj_total;
 426         int nobj_deltify;
 427         int nobj_written;
 428 };
 429
 430 /* Structure for GOTD_IMSG_PACKFILE_INSTALL. */
 431 struct gotd_imsg_packfile_install {
 432         uint8_t pack_sha1[SHA1_DIGEST_LENGTH];
 433 };
 434
 435 /* Structure for GOTD_IMSG_DISCONNECT data. */
 436 struct gotd_imsg_disconnect {
 437         uint32_t client_id;
 438 };
 439
 440 /* Structure for GOTD_IMSG_CONNECT. */
 441 struct gotd_imsg_connect {
 442         uint32_t client_id;
 443         uid_t euid;
 444         gid_t egid;
 445         size_t username_len;
 446
 447         /* Followed by username_len data bytes. */
 448 };
 449
 450 /* Structure for GOTD_IMSG_CONNECT_REPO_CHILD. */
 451 struct gotd_imsg_connect_repo_child {
 452         enum gotd_procid proc_id;
 453
 454         /* repo child imsg pipe is passed via imsg fd */
 455 };
 456
 457 /* Structure for GOTD_IMSG_AUTHENTICATE. */
 458 struct gotd_imsg_auth {
 459         uid_t euid;
 460         gid_t egid;
 461         int required_auth;
 462         uint32_t client_id;
 463 };
 464
 465 /* Structures for GOTD_IMSG_NOTIFY. */
 466 enum gotd_notification_action {
 467         GOTD_NOTIF_ACTION_CREATED,
 468         GOTD_NOTIF_ACTION_REMOVED,
 469         GOTD_NOTIF_ACTION_CHANGED
 470 };
 471 /* IMSG_NOTIFY session <-> repo_write */
 472 struct gotd_imsg_notification_content {
 473         enum gotd_notification_action action;
 474         uint8_t old_id[SHA1_DIGEST_LENGTH];
 475         uint8_t new_id[SHA1_DIGEST_LENGTH];
 476         size_t refname_len;
 477         /* Followed by refname_len data bytes. */
 478 };
 479 /* IMSG_NOTIFY session -> notify*/
 480 struct gotd_imsg_notify {
 481         char repo_name[NAME_MAX];
 482         char subject_line[64];
 483 };
 484
 485 int enter_chroot(const char *);
 486 int parse_config(const char *, enum gotd_procid, struct gotd *);
 487 struct gotd_repo *gotd_find_repo_by_name(const char *, struct gotd_repolist *);
 488 struct gotd_repo *gotd_find_repo_by_path(const char *, struct gotd *);
 489 struct gotd_uid_connection_limit *gotd_find_uid_connection_limit(
 490     struct gotd_uid_connection_limit *limits, size_t nlimits, uid_t uid);
 491 int gotd_parseuid(const char *s, uid_t *uid);
 492 const struct got_error *gotd_parse_url(char **, char **, char **,
 493     char **, const char *);
 494
 495 /* imsg.c */
 496 const struct got_error *gotd_imsg_flush(struct imsgbuf *);
 497 const struct got_error *gotd_imsg_recv(struct imsg *, struct imsgbuf *, size_t);
 498 const struct got_error *gotd_imsg_poll_recv(struct imsg *, struct imsgbuf *,
 499     size_t);
 500 const struct got_error *gotd_imsg_recv_error(uint32_t *client_id,
 501     struct imsg *imsg);
 502 int gotd_imsg_send_error(struct imsgbuf *ibuf, uint32_t, uint32_t,
 503     const struct got_error *);
 504 int gotd_imsg_send_error_event(struct gotd_imsgev *, uint32_t, uint32_t,
 505     const struct got_error *);
 506 void gotd_imsg_event_add(struct gotd_imsgev *);
 507 int gotd_imsg_compose_event(struct gotd_imsgev *, uint16_t, uint32_t, int,
 508     void *, uint16_t);
 509 int gotd_imsg_forward(struct gotd_imsgev *, struct imsg *, int);
 510
 511 void gotd_imsg_send_ack(struct got_object_id *, struct imsgbuf *,
 512     uint32_t, pid_t);
 513 void gotd_imsg_send_nak(struct got_object_id *, struct imsgbuf *,
 514     uint32_t, pid_t);