1 /*
2  * Copyright (c) 2018 Stefan Sperling <stsp@openbsd.org>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <sys/types.h>
18 #include <sys/stat.h>
19 #include <sys/queue.h>
20 #include <sys/uio.h>
21 #include <sys/socket.h>
22 #include <sys/syslimits.h>
23 #include <sys/wait.h>
24 
25 #include <errno.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <stdint.h>
30 #include <sha1.h>
31 #include <zlib.h>
32 #include <ctype.h>
33 #include <limits.h>
34 #include <imsg.h>
35 #include <time.h>
36 #include <unistd.h>
37 
38 #include "got_error.h"
39 #include "got_object.h"
40 #include "got_repository.h"
41 #include "got_opentemp.h"
42 
43 #include "got_lib_sha1.h"
44 #include "got_lib_delta.h"
45 #include "got_lib_privsep.h"
46 #include "got_lib_pack.h"
47 #include "got_lib_inflate.h"
48 #include "got_lib_object.h"
49 #include "got_lib_repository.h"
50 
51 #ifndef nitems
52 #define nitems(_a) (sizeof(_a) / sizeof((_a)[0]))
53 #endif
54 
55 #define GOT_OBJ_TAG_COMMIT	"commit"
56 #define GOT_OBJ_TAG_TREE	"tree"
57 #define GOT_OBJ_TAG_BLOB	"blob"
58 
59 #define GOT_COMMIT_TAG_TREE		"tree "
60 #define GOT_COMMIT_TAG_PARENT		"parent "
61 #define GOT_COMMIT_TAG_AUTHOR		"author "
62 #define GOT_COMMIT_TAG_COMMITTER	"committer "
63 
64 void
65 got_object_close(struct got_object *obj)
66 {
67 	if (obj->refcnt > 0) {
68 		obj->refcnt--;
69 		if (obj->refcnt > 0)
70 			return;
71 	}
72 
73 	if (obj->flags & GOT_OBJ_FLAG_DELTIFIED) {
74 		struct got_delta *delta;
75 		while (!SIMPLEQ_EMPTY(&obj->deltas.entries)) {
76 			delta = SIMPLEQ_FIRST(&obj->deltas.entries);
77 			SIMPLEQ_REMOVE_HEAD(&obj->deltas.entries, entry);
78 			got_delta_close(delta);
79 		}
80 	}
81 	if (obj->flags & GOT_OBJ_FLAG_PACKED)
82 		free(obj->path_packfile);
83 	free(obj);
84 }
85 
86 void
87 got_object_qid_free(struct got_object_qid *qid)
88 {
89 	free(qid->id);
90 	free(qid);
91 }
92 
93 static const struct got_error *
94 request_object(struct got_object **obj, struct got_repository *repo, int fd)
95 {
96 	const struct got_error *err = NULL;
97 	struct imsgbuf *ibuf;
98 
99 	ibuf = repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_OBJECT].ibuf;
100 
101 	err = got_privsep_send_obj_req(ibuf, fd, NULL);
102 	if (err)
103 		return err;
104 
105 	return got_privsep_recv_obj(obj, ibuf);
106 }
107 
108 static void
109 exec_privsep_child(int imsg_fds[2], const char *path, const char *repo_path)
110 {
111 	close(imsg_fds[0]);
112 
113 	if (dup2(imsg_fds[1], GOT_IMSG_FD_CHILD) == -1) {
114 		fprintf(stderr, "%s: %s\n", getprogname(),
115 		    strerror(errno));
116 		_exit(1);
117 	}
118 	if (closefrom(GOT_IMSG_FD_CHILD + 1) == -1) {
119 		fprintf(stderr, "%s: %s\n", getprogname(),
120 		    strerror(errno));
121 		_exit(1);
122 	}
123 
124 	if (execl(path, path, repo_path, (char *)NULL) == -1) {
125 		fprintf(stderr, "%s: %s: %s\n", getprogname(), path,
126 		    strerror(errno));
127 		_exit(1);
128 	}
129 }
130 
131 const struct got_error *
132 got_object_read_header_privsep(struct got_object **obj,
133     struct got_repository *repo, int obj_fd)
134 {
135 	int imsg_fds[2];
136 	pid_t pid;
137 	struct imsgbuf *ibuf;
138 
139 	if (repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_OBJECT].imsg_fd != -1)
140 		return request_object(obj, repo, obj_fd);
141 
142 	ibuf = calloc(1, sizeof(*ibuf));
143 	if (ibuf == NULL)
144 		return got_error_from_errno();
145 
146 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
147 		return got_error_from_errno();
148 
149 	pid = fork();
150 	if (pid == -1)
151 		return got_error_from_errno();
152 	else if (pid == 0) {
153 		exec_privsep_child(imsg_fds, GOT_PATH_PROG_READ_OBJECT,
154 		    repo->path);
155 		/* not reached */
156 	}
157 
158 	close(imsg_fds[1]);
159 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_OBJECT].imsg_fd =
160 	    imsg_fds[0];
161 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_OBJECT].pid = pid;
162 	imsg_init(ibuf, imsg_fds[0]);
163 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_OBJECT].ibuf = ibuf;
164 
165 	return request_object(obj, repo, obj_fd);
166 }
167 
168 static const struct got_error *
169 request_packed_object(struct got_object **obj, struct got_pack *pack, int idx,
170     struct got_object_id *id)
171 {
172 	const struct got_error *err = NULL;
173 	struct imsgbuf *ibuf = pack->privsep_child->ibuf;
174 
175 	err = got_privsep_send_packed_obj_req(ibuf, idx);
176 	if (err)
177 		return err;
178 
179 	err = got_privsep_recv_obj(obj, ibuf);
180 	if (err)
181 		return err;
182 
183 	(*obj)->path_packfile = strdup(pack->path_packfile);
184 	if ((*obj)->path_packfile == NULL) {
185 		err = got_error_from_errno();
186 		return err;
187 	}
188 	memcpy(&(*obj)->id, id, sizeof((*obj)->id));
189 
190 	return NULL;
191 }
192 
193 const struct got_error *
194 got_object_packed_read_privsep(struct got_object **obj,
195     struct got_repository *repo, struct got_pack *pack,
196     struct got_packidx *packidx, int idx, struct got_object_id *id)
197 {
198 	const struct got_error *err = NULL;
199 	int imsg_fds[2];
200 	pid_t pid;
201 	struct imsgbuf *ibuf;
202 
203 	if (pack->privsep_child)
204 		return request_packed_object(obj, pack, idx, id);
205 
206 	ibuf = calloc(1, sizeof(*ibuf));
207 	if (ibuf == NULL)
208 		return got_error_from_errno();
209 
210 	pack->privsep_child = calloc(1, sizeof(*pack->privsep_child));
211 	if (pack->privsep_child == NULL) {
212 		err = got_error_from_errno();
213 		free(ibuf);
214 		return err;
215 	}
216 
217 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1) {
218 		err = got_error_from_errno();
219 		goto done;
220 	}
221 
222 	pid = fork();
223 	if (pid == -1) {
224 		err = got_error_from_errno();
225 		goto done;
226 	} else if (pid == 0) {
227 		exec_privsep_child(imsg_fds, GOT_PATH_PROG_READ_PACK,
228 		    pack->path_packfile);
229 		/* not reached */
230 	}
231 
232 	close(imsg_fds[1]);
233 	pack->privsep_child->imsg_fd = imsg_fds[0];
234 	pack->privsep_child->pid = pid;
235 	imsg_init(ibuf, imsg_fds[0]);
236 	pack->privsep_child->ibuf = ibuf;
237 
238 	err = got_privsep_init_pack_child(ibuf, pack, packidx);
239 	if (err) {
240 		const struct got_error *child_err;
241 		err = got_privsep_send_stop(pack->privsep_child->imsg_fd);
242 		child_err = got_privsep_wait_for_child(
243 		    pack->privsep_child->pid);
244 		if (child_err && err == NULL)
245 			err = child_err;
246 		free(ibuf);
247 		free(pack->privsep_child);
248 		pack->privsep_child = NULL;
249 		return err;
250 	}
251 
252 done:
253 	if (err) {
254 		free(ibuf);
255 		free(pack->privsep_child);
256 		pack->privsep_child = NULL;
257 	} else
258 		err = request_packed_object(obj, pack, idx, id);
259 	return err;
260 }
261 
262 struct got_commit_object *
263 got_object_commit_alloc_partial(void)
264 {
265 	struct got_commit_object *commit;
266 
267 	commit = calloc(1, sizeof(*commit));
268 	if (commit == NULL)
269 		return NULL;
270 	commit->tree_id = calloc(1, sizeof(*commit->tree_id));
271 	if (commit->tree_id == NULL) {
272 		free(commit);
273 		return NULL;
274 	}
275 
276 	SIMPLEQ_INIT(&commit->parent_ids);
277 
278 	return commit;
279 }
280 
281 const struct got_error *
282 got_object_commit_add_parent(struct got_commit_object *commit,
283     const char *id_str)
284 {
285 	const struct got_error *err = NULL;
286 	struct got_object_qid *qid;
287 
288 	qid = malloc(sizeof(*qid));
289 	if (qid == NULL)
290 		return got_error_from_errno();
291 
292 	qid->id = malloc(sizeof(*qid->id));
293 	if (qid->id == NULL) {
294 		err = got_error_from_errno();
295 		got_object_qid_free(qid);
296 		return err;
297 	}
298 
299 	if (!got_parse_sha1_digest(qid->id->sha1, id_str)) {
300 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
301 		free(qid->id);
302 		free(qid);
303 		return err;
304 	}
305 
306 	SIMPLEQ_INSERT_TAIL(&commit->parent_ids, qid, entry);
307 	commit->nparents++;
308 
309 	return NULL;
310 }
311 
312 static const struct got_error *
313 parse_gmtoff(time_t *gmtoff, const char *tzstr)
314 {
315 	int sign = 1;
316 	const char *p = tzstr;
317 	time_t h, m;
318 
319 	*gmtoff = 0;
320 
321 	if (*p == '-')
322 		sign = -1;
323 	else if (*p != '+')
324 		return got_error(GOT_ERR_BAD_OBJ_DATA);
325 	p++;
326 	if (!isdigit(*p) && !isdigit(*(p + 1)))
327 		return got_error(GOT_ERR_BAD_OBJ_DATA);
328 	h = (((*p - '0') * 10) + (*(p + 1) - '0'));
329 
330 	p += 2;
331 	if (!isdigit(*p) && !isdigit(*(p + 1)))
332 		return got_error(GOT_ERR_BAD_OBJ_DATA);
333 	m = ((*p - '0') * 10) + (*(p + 1) - '0');
334 
335 	*gmtoff = (h * 60 * 60 + m * 60) * sign;
336 	return NULL;
337 }
338 
339 static const struct got_error *
340 parse_commit_time(struct tm *tm, char *committer)
341 {
342 	const struct got_error *err = NULL;
343 	const char *errstr;
344 	char *space, *tzstr;
345 	time_t gmtoff;
346 	time_t time;
347 
348 	/* Parse and strip off trailing timezone indicator string. */
349 	space = strrchr(committer, ' ');
350 	if (space == NULL)
351 		return got_error(GOT_ERR_BAD_OBJ_DATA);
352 	tzstr = strdup(space + 1);
353 	if (tzstr == NULL)
354 		return got_error_from_errno();
355 	err = parse_gmtoff(&gmtoff, tzstr);
356 	free(tzstr);
357 	if (err)
358 		return err;
359 	*space = '\0';
360 
361 	/* Timestamp is separated from committer name + email by space. */
362 	space = strrchr(committer, ' ');
363 	if (space == NULL)
364 		return got_error(GOT_ERR_BAD_OBJ_DATA);
365 
366 	/* Timestamp parsed here is expressed in comitter's local time. */
367 	time = strtonum(space + 1, 0, INT64_MAX, &errstr);
368 	if (errstr)
369 		return got_error(GOT_ERR_BAD_OBJ_DATA);
370 
371 	/* Express the time stamp in UTC. */
372 	memset(tm, 0, sizeof(*tm));
373 	time -= gmtoff;
374 	if (localtime_r(&time, tm) == NULL)
375 		return got_error_from_errno();
376 	tm->tm_gmtoff = gmtoff;
377 
378 	/* Strip off parsed time information, leaving just author and email. */
379 	*space = '\0';
380 
381 	return NULL;
382 }
383 
384 void
385 got_object_commit_close(struct got_commit_object *commit)
386 {
387 	struct got_object_qid *qid;
388 
389 	if (commit->refcnt > 0) {
390 		commit->refcnt--;
391 		if (commit->refcnt > 0)
392 			return;
393 	}
394 
395 	while (!SIMPLEQ_EMPTY(&commit->parent_ids)) {
396 		qid = SIMPLEQ_FIRST(&commit->parent_ids);
397 		SIMPLEQ_REMOVE_HEAD(&commit->parent_ids, entry);
398 		got_object_qid_free(qid);
399 	}
400 
401 	free(commit->tree_id);
402 	free(commit->author);
403 	free(commit->committer);
404 	free(commit->logmsg);
405 	free(commit);
406 }
407 
408 const struct got_error *
409 got_object_parse_commit(struct got_commit_object **commit, char *buf, size_t len)
410 {
411 	const struct got_error *err = NULL;
412 	char *s = buf;
413 	size_t tlen;
414 	ssize_t remain = (ssize_t)len;
415  
416 	*commit = got_object_commit_alloc_partial();
417 	if (*commit == NULL)
418 		return got_error_from_errno();
419 
420 	tlen = strlen(GOT_COMMIT_TAG_TREE);
421 	if (strncmp(s, GOT_COMMIT_TAG_TREE, tlen) == 0) {
422 		remain -= tlen;
423 		if (remain < SHA1_DIGEST_STRING_LENGTH) {
424 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
425 			goto done;
426 		}
427 		s += tlen;
428 		if (!got_parse_sha1_digest((*commit)->tree_id->sha1, s)) {
429 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
430 			goto done;
431 		}
432 		remain -= SHA1_DIGEST_STRING_LENGTH;
433 		s += SHA1_DIGEST_STRING_LENGTH;
434 	} else {
435 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
436 		goto done;
437 	}
438 
439 	tlen = strlen(GOT_COMMIT_TAG_PARENT);
440 	while (strncmp(s, GOT_COMMIT_TAG_PARENT, tlen) == 0) {
441 		remain -= tlen;
442 		if (remain < SHA1_DIGEST_STRING_LENGTH) {
443 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
444 			goto done;
445 		}
446 		s += tlen;
447 		err = got_object_commit_add_parent(*commit, s);
448 		if (err)
449 			goto done;
450 
451 		remain -= SHA1_DIGEST_STRING_LENGTH;
452 		s += SHA1_DIGEST_STRING_LENGTH;
453 	}
454 
455 	tlen = strlen(GOT_COMMIT_TAG_AUTHOR);
456 	if (strncmp(s, GOT_COMMIT_TAG_AUTHOR, tlen) == 0) {
457 		char *p;
458 		size_t slen;
459 
460 		remain -= tlen;
461 		if (remain <= 0) {
462 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
463 			goto done;
464 		}
465 		s += tlen;
466 		p = strchr(s, '\n');
467 		if (p == NULL) {
468 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
469 			goto done;
470 		}
471 		*p = '\0';
472 		slen = strlen(s);
473 		err = parse_commit_time(&(*commit)->tm_author, s);
474 		if (err)
475 			goto done;
476 		(*commit)->author = strdup(s);
477 		if ((*commit)->author == NULL) {
478 			err = got_error_from_errno();
479 			goto done;
480 		}
481 		s += slen + 1;
482 		remain -= slen + 1;
483 	}
484 
485 	tlen = strlen(GOT_COMMIT_TAG_COMMITTER);
486 	if (strncmp(s, GOT_COMMIT_TAG_COMMITTER, tlen) == 0) {
487 		char *p;
488 		size_t slen;
489 
490 		remain -= tlen;
491 		if (remain <= 0) {
492 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
493 			goto done;
494 		}
495 		s += tlen;
496 		p = strchr(s, '\n');
497 		if (p == NULL) {
498 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
499 			goto done;
500 		}
501 		*p = '\0';
502 		slen = strlen(s);
503 		err = parse_commit_time(&(*commit)->tm_committer, s);
504 		if (err)
505 			goto done;
506 		(*commit)->committer = strdup(s);
507 		if ((*commit)->committer == NULL) {
508 			err = got_error_from_errno();
509 			goto done;
510 		}
511 		s += slen + 1;
512 		remain -= slen + 1;
513 	}
514 
515 	(*commit)->logmsg = strndup(s, remain);
516 	if ((*commit)->logmsg == NULL) {
517 		err = got_error_from_errno();
518 		goto done;
519 	}
520 done:
521 	if (err) {
522 		got_object_commit_close(*commit);
523 		*commit = NULL;
524 	}
525 	return err;
526 }
527 
528 void
529 got_object_tree_entry_close(struct got_tree_entry *te)
530 {
531 	free(te->id);
532 	free(te->name);
533 	free(te);
534 }
535 
536 void
537 got_object_tree_close(struct got_tree_object *tree)
538 {
539 	struct got_tree_entry *te;
540 
541 	if (tree->refcnt > 0) {
542 		tree->refcnt--;
543 		if (tree->refcnt > 0)
544 			return;
545 	}
546 
547 	while (!SIMPLEQ_EMPTY(&tree->entries.head)) {
548 		te = SIMPLEQ_FIRST(&tree->entries.head);
549 		SIMPLEQ_REMOVE_HEAD(&tree->entries.head, entry);
550 		got_object_tree_entry_close(te);
551 	}
552 
553 	free(tree);
554 }
555 
556 struct got_tree_entry *
557 got_alloc_tree_entry_partial(void)
558 {
559 	struct got_tree_entry *te;
560 
561 	te = calloc(1, sizeof(*te));
562 	if (te == NULL)
563 		return NULL;
564 
565 	te->id = calloc(1, sizeof(*te->id));
566 	if (te->id == NULL) {
567 		free(te);
568 		te = NULL;
569 	}
570 	return te;
571 }
572 
573 static const struct got_error *
574 parse_tree_entry(struct got_tree_entry **te, size_t *elen, char *buf,
575     size_t maxlen)
576 {
577 	char *p = buf, *space;
578 	const struct got_error *err = NULL;
579 
580 	*te = got_alloc_tree_entry_partial();
581 	if (*te == NULL)
582 		return got_error_from_errno();
583 
584 	*elen = strlen(buf) + 1;
585 	if (*elen > maxlen) {
586 		free(*te);
587 		*te = NULL;
588 		return got_error(GOT_ERR_BAD_OBJ_DATA);
589 	}
590 
591 	space = strchr(buf, ' ');
592 	if (space == NULL) {
593 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
594 		free(*te);
595 		*te = NULL;
596 		return err;
597 	}
598 	while (*p != ' ') {
599 		if (*p < '0' && *p > '7') {
600 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
601 			goto done;
602 		}
603 		(*te)->mode <<= 3;
604 		(*te)->mode |= *p - '0';
605 		p++;
606 	}
607 
608 	(*te)->name = strdup(space + 1);
609 	if (*elen > maxlen || maxlen - *elen < SHA1_DIGEST_LENGTH) {
610 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
611 		goto done;
612 	}
613 	buf += strlen(buf) + 1;
614 	memcpy((*te)->id->sha1, buf, SHA1_DIGEST_LENGTH);
615 	*elen += SHA1_DIGEST_LENGTH;
616 done:
617 	if (err) {
618 		got_object_tree_entry_close(*te);
619 		*te = NULL;
620 	}
621 	return err;
622 }
623 
624 const struct got_error *
625 got_object_parse_tree(struct got_tree_object **tree, uint8_t *buf, size_t len)
626 {
627 	const struct got_error *err;
628 	size_t remain = len;
629 
630 	*tree = calloc(1, sizeof(**tree));
631 	if (*tree == NULL)
632 		return got_error_from_errno();
633 
634 	SIMPLEQ_INIT(&(*tree)->entries.head);
635 
636 	while (remain > 0) {
637 		struct got_tree_entry *te;
638 		size_t elen;
639 
640 		err = parse_tree_entry(&te, &elen, buf, remain);
641 		if (err)
642 			return err;
643 		(*tree)->entries.nentries++;
644 		SIMPLEQ_INSERT_TAIL(&(*tree)->entries.head, te, entry);
645 		buf += elen;
646 		remain -= elen;
647 	}
648 
649 	if (remain != 0) {
650 		got_object_tree_close(*tree);
651 		return got_error(GOT_ERR_BAD_OBJ_DATA);
652 	}
653 
654 	return NULL;
655 }
656 
657 const struct got_error *
658 got_read_file_to_mem(uint8_t **outbuf, size_t *outlen, FILE *f)
659 {
660 	const struct got_error *err = NULL;
661 	static const size_t blocksize = 512;
662 	size_t n, total, remain;
663 	uint8_t *buf;
664 
665 	*outbuf = NULL;
666 	*outlen = 0;
667 
668 	buf = malloc(blocksize);
669 	if (buf == NULL)
670 		return got_error_from_errno();
671 
672 	remain = blocksize;
673 	total = 0;
674 	while (1) {
675 		if (remain == 0) {
676 			uint8_t *newbuf;
677 			newbuf = reallocarray(buf, 1, total + blocksize);
678 			if (newbuf == NULL) {
679 				err = got_error_from_errno();
680 				goto done;
681 			}
682 			buf = newbuf;
683 			remain += blocksize;
684 		}
685 		n = fread(buf + total, 1, remain, f);
686 		if (n == 0) {
687 			if (ferror(f)) {
688 				err = got_ferror(f, GOT_ERR_IO);
689 				goto done;
690 			}
691 			break; /* EOF */
692 		}
693 		remain -= n;
694 		total += n;
695 	};
696 
697 done:
698 	if (err == NULL) {
699 		*outbuf = buf;
700 		*outlen = total;
701 	} else
702 		free(buf);
703 	return err;
704 }
705 
706 static const struct got_error *
707 request_commit(struct got_commit_object **commit, struct got_repository *repo,
708     struct got_object *obj, int fd)
709 {
710 	const struct got_error *err = NULL;
711 	struct imsgbuf *ibuf;
712 
713 	ibuf = repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_COMMIT].ibuf;
714 
715 	err = got_privsep_send_obj_req(ibuf, fd,obj);
716 	if (err)
717 		return err;
718 
719 	return got_privsep_recv_commit(commit, ibuf);
720 }
721 
722 const struct got_error *
723 got_object_read_commit_privsep(struct got_commit_object **commit,
724     struct got_object *obj, int obj_fd, struct got_repository *repo)
725 {
726 	int imsg_fds[2];
727 	pid_t pid;
728 	struct imsgbuf *ibuf;
729 
730 	if (repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_COMMIT].imsg_fd != -1)
731 		return request_commit(commit, repo, obj, obj_fd);
732 
733 	ibuf = calloc(1, sizeof(*ibuf));
734 	if (ibuf == NULL)
735 		return got_error_from_errno();
736 
737 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
738 		return got_error_from_errno();
739 
740 	pid = fork();
741 	if (pid == -1)
742 		return got_error_from_errno();
743 	else if (pid == 0) {
744 		exec_privsep_child(imsg_fds, GOT_PATH_PROG_READ_COMMIT,
745 		    repo->path);
746 		/* not reached */
747 	}
748 
749 	close(imsg_fds[1]);
750 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_COMMIT].imsg_fd =
751 	    imsg_fds[0];
752 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_COMMIT].pid = pid;
753 	imsg_init(ibuf, imsg_fds[0]);
754 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_COMMIT].ibuf = ibuf;
755 
756 	return request_commit(commit, repo, obj, obj_fd);
757 }
758 
759 static const struct got_error *
760 request_tree(struct got_tree_object **tree, struct got_repository *repo,
761     struct got_object *obj, int fd)
762 {
763 	const struct got_error *err = NULL;
764 	struct imsgbuf *ibuf;
765 
766 	ibuf = repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_TREE].ibuf;
767 
768 	err = got_privsep_send_obj_req(ibuf, fd,obj);
769 	if (err)
770 		return err;
771 
772 	return got_privsep_recv_tree(tree, ibuf);
773 }
774 
775 const struct got_error *
776 got_object_read_tree_privsep(struct got_tree_object **tree,
777     struct got_object *obj, int obj_fd, struct got_repository *repo)
778 {
779 	int imsg_fds[2];
780 	pid_t pid;
781 	struct imsgbuf *ibuf;
782 
783 	if (repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_TREE].imsg_fd != -1)
784 		return request_tree(tree, repo, obj, obj_fd);
785 
786 	ibuf = calloc(1, sizeof(*ibuf));
787 	if (ibuf == NULL)
788 		return got_error_from_errno();
789 
790 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
791 		return got_error_from_errno();
792 
793 	pid = fork();
794 	if (pid == -1)
795 		return got_error_from_errno();
796 	else if (pid == 0) {
797 		exec_privsep_child(imsg_fds, GOT_PATH_PROG_READ_TREE,
798 		    repo->path);
799 		/* not reached */
800 	}
801 
802 	close(imsg_fds[1]);
803 
804 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_TREE].imsg_fd =
805 	    imsg_fds[0];
806 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_TREE].pid = pid;
807 	imsg_init(ibuf, imsg_fds[0]);
808 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_TREE].ibuf = ibuf;
809 
810 
811 	return request_tree(tree, repo, obj, obj_fd);
812 }
813 
814 static const struct got_error *
815 request_blob(size_t *size, int outfd, int infd, struct got_repository *repo)
816 {
817 	const struct got_error *err = NULL;
818 	int outfd_child;
819 	struct imsgbuf *ibuf;
820 
821 	outfd_child = dup(outfd);
822 	if (outfd_child == -1)
823 		return got_error_from_errno();
824 
825 	ibuf = repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_BLOB].ibuf;
826 
827 	err = got_privsep_send_blob_req(ibuf, outfd_child, infd);
828 	if (err)
829 		return err;
830 
831 	err = got_privsep_recv_blob(size, ibuf);
832 	if (err)
833 		return err;
834 
835 	if (lseek(outfd, SEEK_SET, 0) == -1)
836 		return got_error_from_errno();
837 
838 	return err;
839 }
840 
841 const struct got_error *
842 got_object_read_blob_privsep(size_t *size, int outfd, int infd,
843     struct got_repository *repo)
844 {
845 	int imsg_fds[2];
846 	pid_t pid;
847 	struct imsgbuf *ibuf;
848 
849 	if (repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_BLOB].imsg_fd != -1)
850 		return request_blob(size, outfd, infd, repo);
851 
852 	ibuf = calloc(1, sizeof(*ibuf));
853 	if (ibuf == NULL)
854 		return got_error_from_errno();
855 
856 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
857 		return got_error_from_errno();
858 
859 	pid = fork();
860 	if (pid == -1)
861 		return got_error_from_errno();
862 	else if (pid == 0) {
863 		exec_privsep_child(imsg_fds, GOT_PATH_PROG_READ_BLOB,
864 		    repo->path);
865 		/* not reached */
866 	}
867 
868 	close(imsg_fds[1]);
869 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_BLOB].imsg_fd =
870 	    imsg_fds[0];
871 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_BLOB].pid = pid;
872 	imsg_init(ibuf, imsg_fds[0]);
873 	repo->privsep_children[GOT_REPO_PRIVSEP_CHILD_BLOB].ibuf = ibuf;
874 
875 	return request_blob(size, outfd, infd, repo);
876 }