Got Mirror

Blob

Date:: Tue Jan 3 09:09:56 2023 UTC
Message:: introduce connection options to gotd.conf Allow administrators to tweak the default authentication and request timeouts if needed, and to tweak the limit of concurrent connections for specific user accounts. with several tweaks from and ok op@
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 
18 #define GOTD_UNIX_SOCKET "/var/run/gotd.sock"
19 #define GOTD_UNIX_SOCKET_BACKLOG 10
20 #define GOTD_UNIX_GROUP	"_gotsh"
21 #define GOTD_USER	"_gotd"
22 #define GOTD_CONF_PATH	"/etc/gotd.conf"
23 #define GOTD_EMPTY_PATH	"/var/empty"
24 
25 #define GOTD_MAXCLIENTS		1024
26 #define GOTD_MAX_CONN_PER_UID	4
27 #define GOTD_FD_RESERVE		5
28 #define GOTD_FD_NEEDED		6
29 #define GOTD_FILENO_MSG_PIPE	3
30 
31 #define GOTD_DEFAULT_REQUEST_TIMEOUT	3600
32 
33 /* Client hash tables need some extra room. */
34 #define GOTD_CLIENT_TABLE_SIZE (GOTD_MAXCLIENTS * 4)
35 
36 enum gotd_procid {
37 	PROC_GOTD	= 0,
38 	PROC_LISTEN,
39 	PROC_AUTH,
40 	PROC_REPO_READ,
41 	PROC_REPO_WRITE,
42 	PROC_MAX,
43 };
44 
45 struct gotd_imsgev {
46 	struct imsgbuf	 ibuf;
47 	void		(*handler)(int, short, void *);
48 	void		*handler_arg;
49 	struct event	 ev;
50 	short		 events;
51 };
52 
53 struct gotd_child_proc {
54 	pid_t pid;
55 	enum gotd_procid type;
56 	char repo_name[NAME_MAX];
57 	char repo_path[PATH_MAX];
58 	int pipe[2];
59 	struct gotd_imsgev iev;
60 	size_t nhelpers;
61 };
62 
63 enum gotd_access {
64 	GOTD_ACCESS_PERMITTED = 1,
65 	GOTD_ACCESS_DENIED
66 };
67 
68 struct gotd_access_rule {
69 	STAILQ_ENTRY(gotd_access_rule) entry;
70 
71 	enum gotd_access access;
72 
73 	int authorization;
74 #define GOTD_AUTH_READ		0x1
75 #define GOTD_AUTH_WRITE		0x2
76 
77 	char *identifier;
78 };
79 STAILQ_HEAD(gotd_access_rule_list, gotd_access_rule);
80 
81 struct gotd_repo {
82 	TAILQ_ENTRY(gotd_repo)	 entry;
83 
84 	char name[NAME_MAX];
85 	char path[PATH_MAX];
86 
87 	struct gotd_access_rule_list rules;
88 };
89 TAILQ_HEAD(gotd_repolist, gotd_repo);
90 
91 enum gotd_client_state {
92 	GOTD_STATE_EXPECT_LIST_REFS,
93 	GOTD_STATE_EXPECT_CAPABILITIES,
94 	GOTD_STATE_EXPECT_WANT,
95 	GOTD_STATE_EXPECT_REF_UPDATE,
96 	GOTD_STATE_EXPECT_MORE_REF_UPDATES,
97 	GOTD_STATE_EXPECT_HAVE,
98 	GOTD_STATE_EXPECT_PACKFILE,
99 	GOTD_STATE_EXPECT_DONE,
100 	GOTD_STATE_DONE,
101 };
102 
103 struct gotd_client_capability {
104 	char *key;
105 	char *value;
106 };
107 
108 struct gotd_object_id_array {
109 	struct got_object_id		**ids;
110 	size_t				 nalloc;
111 	size_t				 nids;
112 };
113 
114 struct gotd_uid_connection_limit {
115 	uid_t uid;
116 	int max_connections;
117 };
118 
119 struct gotd {
120 	pid_t pid;
121 	char unix_socket_path[PATH_MAX];
122 	char unix_group_name[32];
123 	char user_name[32];
124 	struct gotd_repolist repos;
125 	int nrepos;
126 	struct gotd_child_proc listen_proc;
127 	struct timeval request_timeout;
128 	struct timeval auth_timeout;
129 	struct gotd_uid_connection_limit *connection_limits;
130 	size_t nconnection_limits;
131 
132 	char *argv0;
133 	const char *confpath;
134 	int daemonize;
135 	int verbosity;
136 };
137 
138 enum gotd_imsg_type {
139 	/* An error occured while processing a request. */
140 	GOTD_IMSG_ERROR,
141 
142 	/* Commands used by gotctl(8). */
143 	GOTD_IMSG_INFO,
144 	GOTD_IMSG_INFO_REPO,
145 	GOTD_IMSG_INFO_CLIENT,
146 	GOTD_IMSG_STOP,
147 
148 	/* Request a list of references. */
149 	GOTD_IMSG_LIST_REFS,
150 	GOTD_IMSG_LIST_REFS_INTERNAL,
151 
152 	/* References. */
153 	GOTD_IMSG_REFLIST,
154 	GOTD_IMSG_REF,
155 	GOTD_IMSG_SYMREF,
156 
157 	/* Git protocol capabilities. */
158 	GOTD_IMSG_CAPABILITIES,
159 	GOTD_IMSG_CAPABILITY,
160 
161 	/* Git protocol chatter. */
162 	GOTD_IMSG_WANT,		/* The client wants an object. */
163 	GOTD_IMSG_HAVE,		/* The client has an object. */
164 	GOTD_IMSG_ACK,		/* The server has an object or a reference. */
165 	GOTD_IMSG_NAK,		/* The server does not have an object/ref. */
166 	GOTD_IMSG_REF_UPDATE,	/* The client wants to update a reference. */
167 	GOTD_IMSG_REF_DELETE,	/* The client wants to delete a reference. */
168 	GOTD_IMSG_FLUSH,	/* The client sent a flush packet. */
169 	GOTD_IMSG_DONE,		/* The client is done chatting. */
170 
171 	/* Sending or receiving a pack file. */
172 	GOTD_IMSG_SEND_PACKFILE, /* The server is sending a pack file. */
173 	GOTD_IMSG_RECV_PACKFILE, /* The server is receiving a pack file. */
174 	GOTD_IMSG_PACKIDX_FILE,  /* Temporary file handle for new pack index. */
175 	GOTD_IMSG_PACKFILE_PIPE, /* Pipe to send/receive a pack file stream. */
176 	GOTD_IMSG_PACKFILE_PROGRESS, /* Progress reporting. */
177 	GOTD_IMSG_PACKFILE_READY, /* Pack file is ready to be sent. */
178 	GOTD_IMSG_PACKFILE_STATUS, /* Received pack success/failure status. */
179 	GOTD_IMSG_PACKFILE_INSTALL, /* Received pack file can be installed. */
180 	GOTD_IMSG_PACKFILE_DONE, /* Pack file has been sent/received. */
181 
182 	/* Reference updates. */
183 	GOTD_IMSG_REF_UPDATES_START, /* Ref updates starting. */
184 	GOTD_IMSG_REF_UPDATE_OK, /* Update went OK. */
185 	GOTD_IMSG_REF_UPDATE_NG, /* Update was not good. */
186 	GOTD_IMSG_REFS_UPDATED, /* The server proccessed all ref updates. */
187 
188 	/* Client connections. */
189 	GOTD_IMSG_DISCONNECT,
190 	GOTD_IMSG_CONNECT,
191 
192 	/* Child process management. */
193 	GOTD_IMSG_REPO_CHILD_READY,
194 
195 	/* Auth child process. */
196 	GOTD_IMSG_AUTHENTICATE,
197 	GOTD_IMSG_ACCESS_GRANTED,
198 };
199 
200 /* Structure for GOTD_IMSG_ERROR. */
201 struct gotd_imsg_error {
202 	int code; /* an error code from got_error.h */
203 	int errno_code; /* in case code equals GOT_ERR_ERRNO */
204 	uint32_t client_id;
205 	char msg[GOT_ERR_MAX_MSG_SIZE];
206 } __attribute__((__packed__));
207 
208 /* Structure for GOTD_IMSG_INFO. */
209 struct gotd_imsg_info {
210 	pid_t pid;
211 	int verbosity;
212 	int nrepos;
213 	int nclients;
214 
215 	/* Followed by nrepos GOTD_IMSG_INFO_REPO messages. */
216 	/* Followed by nclients GOTD_IMSG_INFO_CLIENT messages. */
217 };
218 
219 /* Structure for GOTD_IMSG_INFO_REPO. */
220 struct gotd_imsg_info_repo {
221 	char repo_name[NAME_MAX];
222 	char repo_path[PATH_MAX];
223 };
224 
225 /* Structure for GOTD_IMSG_INFO_CLIENT */
226 struct gotd_imsg_info_client {
227 	uid_t euid;
228 	gid_t egid;
229 	char repo_name[NAME_MAX];
230 	int is_writing;
231 	enum gotd_client_state state;
232 	size_t ncapabilities;
233 
234 	/* Followed by ncapabilities GOTD_IMSG_CAPABILITY. */
235 };
236 
237 /* Structure for GOTD_IMSG_LIST_REFS. */
238 struct gotd_imsg_list_refs {
239 	char repo_name[NAME_MAX];
240 	int client_is_reading; /* 1 if reading, 0 if writing */
241 };
242 
243 /* Structure for GOTD_IMSG_LIST_REFS_INTERNAL. */
244 struct gotd_imsg_list_refs_internal {
245 	uint32_t client_id;
246 };
247 
248 /* Structure for GOTD_IMSG_REFLIST. */
249 struct gotd_imsg_reflist {
250 	size_t nrefs;
251 
252 	/* Followed by nrefs times of gotd_imsg_ref/gotd_imsg_symref data. */
253 } __attribute__((__packed__));
254 
255 /* Structure for GOTD_IMSG_REF data. */
256 struct gotd_imsg_ref {
257 	uint8_t id[SHA1_DIGEST_LENGTH];
258 	size_t name_len;
259 	/* Followed by name_len data bytes. */
260 } __attribute__((__packed__));
261 
262 /* Structure for GOTD_IMSG_SYMREF data. */
263 struct gotd_imsg_symref {
264 	size_t name_len;
265 	size_t target_len;
266 	uint8_t target_id[SHA1_DIGEST_LENGTH];
267 
268 	/*
269 	 * Followed by name_len + target_len data bytes.
270 	 */
271 } __attribute__((__packed__));
272 
273 /* Structure for GOTD_IMSG_CAPABILITIES data. */
274 struct gotd_imsg_capabilities {
275 	size_t ncapabilities;
276 
277 	/*
278 	 * Followed by ncapabilities * GOTD_IMSG_CAPABILITY.
279 	 */
280 } __attribute__((__packed__));
281 
282 /* Structure for GOTD_IMSG_CAPABILITY data. */
283 struct gotd_imsg_capability {
284 	size_t key_len;
285 	size_t value_len;
286 
287 	/*
288 	 * Followed by key_len + value_len data bytes.
289 	 */
290 } __attribute__((__packed__));
291 
292 /* Structure for GOTD_IMSG_WANT data. */
293 struct gotd_imsg_want {
294 	uint8_t object_id[SHA1_DIGEST_LENGTH];
295 	uint32_t client_id;
296 } __attribute__((__packed__));
297 
298 /* Structure for GOTD_IMSG_HAVE data. */
299 struct gotd_imsg_have {
300 	uint8_t object_id[SHA1_DIGEST_LENGTH];
301 	uint32_t client_id;
302 } __attribute__((__packed__));
303 
304 /* Structure for GOTD_IMSG_ACK data. */
305 struct gotd_imsg_ack {
306 	uint8_t object_id[SHA1_DIGEST_LENGTH];
307 	uint32_t client_id;
308 } __attribute__((__packed__));
309 
310 /* Structure for GOTD_IMSG_NAK data. */
311 struct gotd_imsg_nak {
312 	uint8_t object_id[SHA1_DIGEST_LENGTH];
313 	uint32_t client_id;
314 } __attribute__((__packed__));
315 
316 /* Structure for GOTD_IMSG_PACKFILE_STATUS data. */
317 struct gotd_imsg_packfile_status {
318 	size_t reason_len;
319 
320 	/* Followed by reason_len data bytes. */
321 } __attribute__((__packed__));
322 
323 
324 /* Structure for GOTD_IMSG_REF_UPDATE data. */
325 struct gotd_imsg_ref_update {
326 	uint8_t old_id[SHA1_DIGEST_LENGTH];
327 	uint8_t new_id[SHA1_DIGEST_LENGTH];
328 	int ref_is_new;
329 	uint32_t client_id;
330 	size_t name_len;
331 
332 	/* Followed by name_len data bytes. */
333 } __attribute__((__packed__));
334 
335 /* Structure for GOTD_IMSG_REF_UPDATES_START data. */
336 struct gotd_imsg_ref_updates_start {
337 	int nref_updates;
338 	uint32_t client_id;
339 
340 	/* Followed by nref_updates GOT_IMSG_REF_UPDATE_OK/NG messages. */
341 };
342 
343 /* Structure for GOTD_IMSG_REF_UPDATE_OK data. */
344 struct gotd_imsg_ref_update_ok {
345 	uint8_t old_id[SHA1_DIGEST_LENGTH];
346 	uint8_t new_id[SHA1_DIGEST_LENGTH];
347 	int ref_is_new;
348 	uint32_t client_id;
349 	size_t name_len;
350 
351 	/* Followed by name_len data bytes. */
352 } __attribute__((__packed__));
353 
354 /* Structure for GOTD_IMSG_REF_UPDATE_NG data. */
355 struct gotd_imsg_ref_update_ng {
356 	uint8_t old_id[SHA1_DIGEST_LENGTH];
357 	uint8_t new_id[SHA1_DIGEST_LENGTH];
358 	uint32_t client_id;
359 	size_t name_len;
360 	size_t reason_len;
361 
362 	/* Followed by name_len + reason_len data bytes. */
363 } __attribute__((__packed__));
364 
365 /* Structure for GOTD_IMSG_SEND_PACKFILE data. */
366 struct gotd_imsg_send_packfile {
367 	uint32_t client_id;
368 	int report_progress;
369 
370 	/* delta cache file is sent as a file descriptor */
371 
372 	/* followed by two GOTD_IMSG_PACKFILE_PIPE messages */
373 };
374 
375 /* Structure for GOTD_IMSG_RECV_PACKFILE data. */
376 struct gotd_imsg_recv_packfile {
377 	uint32_t client_id;
378 	int report_status;
379 
380 	/* pack destination temp file is sent as a file descriptor */
381 };
382 
383 /* Structure for GOTD_IMSG_PACKFILE_PIPE data. */
384 struct gotd_imsg_packfile_pipe {
385 	uint32_t client_id;
386 };
387 
388 /* Structure for GOTD_IMSG_PACKIDX_FILE data. */
389 struct gotd_imsg_packidx_file {
390 	uint32_t client_id;
391 };
392 
393 
394 /*
395  * Structure for GOTD_IMSG_PACKFILE_PROGRESS and
396  * GOTD_IMSG_PACKFILE_READY data.
397  */
398 struct gotd_imsg_packfile_progress {
399 	uint32_t client_id;
400 	int ncolored;
401 	int nfound;
402 	int ntrees;
403 	off_t packfile_size;
404 	int ncommits;
405 	int nobj_total;
406 	int nobj_deltify;
407 	int nobj_written;
408 };
409 
410 /* Structure for GOTD_IMSG_PACKFILE_INSTALL. */
411 struct gotd_imsg_packfile_install {
412 	uint32_t client_id;
413 	uint8_t pack_sha1[SHA1_DIGEST_LENGTH];
414 };
415 
416 /* Structure for GOTD_IMSG_PACKFILE_DONE data. */
417 struct gotd_imsg_packfile_done {
418 	uint32_t client_id;
419 };
420 
421 /* Structure for GOTD_IMSG_DISCONNECT data. */
422 struct gotd_imsg_disconnect {
423 	uint32_t client_id;
424 };
425 
426 /* Structure for GOTD_IMSG_CONNECT. */
427 struct gotd_imsg_connect {
428 	uint32_t client_id;
429 	uid_t euid;
430 	gid_t egid;
431 };
432 
433 /* Structure for GOTD_IMSG_AUTHENTICATE. */
434 struct gotd_imsg_auth {
435 	uid_t euid;
436 	gid_t egid;
437 	int required_auth;
438 	uint32_t client_id;
439 };
440 
441 int parse_config(const char *, enum gotd_procid, struct gotd *);
442 
443 /* imsg.c */
444 const struct got_error *gotd_imsg_flush(struct imsgbuf *);
445 const struct got_error *gotd_imsg_recv(struct imsg *, struct imsgbuf *, size_t);
446 const struct got_error *gotd_imsg_poll_recv(struct imsg *, struct imsgbuf *,
447     size_t);
448 const struct got_error *gotd_imsg_recv_error(uint32_t *client_id,
449     struct imsg *imsg);
450 int gotd_imsg_send_error(struct imsgbuf *ibuf, uint32_t, uint32_t,
451     const struct got_error *);
452 int gotd_imsg_send_error_event(struct gotd_imsgev *, uint32_t, uint32_t,
453     const struct got_error *);
454 void gotd_imsg_event_add(struct gotd_imsgev *);
455 int gotd_imsg_compose_event(struct gotd_imsgev *, uint16_t, uint32_t, int,
456     void *, uint16_t);
457 int gotd_imsg_forward(struct gotd_imsgev *, struct imsg *, int);
458 
459 void gotd_imsg_send_ack(struct got_object_id *, struct imsgbuf *,
460     uint32_t, pid_t);
461 void gotd_imsg_send_nak(struct got_object_id *, struct imsgbuf *,
462     uint32_t, pid_t);