2 729a7e24 2022-11-17 thomas * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
3 729a7e24 2022-11-17 thomas * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
5 729a7e24 2022-11-17 thomas * Permission to use, copy, modify, and distribute this software for any
6 729a7e24 2022-11-17 thomas * purpose with or without fee is hereby granted, provided that the above
7 729a7e24 2022-11-17 thomas * copyright notice and this permission notice appear in all copies.
9 729a7e24 2022-11-17 thomas * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 729a7e24 2022-11-17 thomas * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 729a7e24 2022-11-17 thomas * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 729a7e24 2022-11-17 thomas * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 729a7e24 2022-11-17 thomas * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 729a7e24 2022-11-17 thomas * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 729a7e24 2022-11-17 thomas * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 729a7e24 2022-11-17 thomas #include <sys/types.h>
19 0bcde4c8 2022-12-30 thomas #include <sys/socket.h>
20 729a7e24 2022-11-17 thomas #include <sys/queue.h>
21 729a7e24 2022-11-17 thomas #include <sys/uio.h>
23 729a7e24 2022-11-17 thomas #include <errno.h>
24 729a7e24 2022-11-17 thomas #include <event.h>
25 729a7e24 2022-11-17 thomas #include <limits.h>
26 729a7e24 2022-11-17 thomas #include <pwd.h>
27 729a7e24 2022-11-17 thomas #include <grp.h>
28 729a7e24 2022-11-17 thomas #include <sha1.h>
29 c669c489 2022-12-30 thomas #include <signal.h>
30 729a7e24 2022-11-17 thomas #include <stdint.h>
31 729a7e24 2022-11-17 thomas #include <stdio.h>
32 729a7e24 2022-11-17 thomas #include <stdlib.h>
33 c669c489 2022-12-30 thomas #include <string.h>
34 729a7e24 2022-11-17 thomas #include <imsg.h>
35 ff260661 2022-11-17 thomas #include <unistd.h>
37 729a7e24 2022-11-17 thomas #include "got_error.h"
38 c669c489 2022-12-30 thomas #include "got_path.h"
40 729a7e24 2022-11-17 thomas #include "gotd.h"
41 ff260661 2022-11-17 thomas #include "log.h"
42 729a7e24 2022-11-17 thomas #include "auth.h"
44 c669c489 2022-12-30 thomas static struct gotd_auth {
45 c669c489 2022-12-30 thomas pid_t pid;
46 c669c489 2022-12-30 thomas const char *title;
47 c669c489 2022-12-30 thomas struct gotd_repo *repo;
48 c669c489 2022-12-30 thomas } gotd_auth;
50 c669c489 2022-12-30 thomas static void auth_shutdown(void);
52 c669c489 2022-12-30 thomas static void
53 c669c489 2022-12-30 thomas auth_sighdlr(int sig, short event, void *arg)
56 c669c489 2022-12-30 thomas * Normal signal handler rules don't apply because libevent
57 c669c489 2022-12-30 thomas * decouples for us.
60 c669c489 2022-12-30 thomas switch (sig) {
61 c669c489 2022-12-30 thomas case SIGHUP:
63 c669c489 2022-12-30 thomas case SIGUSR1:
65 c669c489 2022-12-30 thomas case SIGTERM:
66 c669c489 2022-12-30 thomas case SIGINT:
67 c669c489 2022-12-30 thomas auth_shutdown();
68 c669c489 2022-12-30 thomas /* NOTREACHED */
71 c669c489 2022-12-30 thomas fatalx("unexpected signal");
76 0781db0e 2023-01-06 thomas gotd_auth_parseuid(const char *s, uid_t *uid)
78 729a7e24 2022-11-17 thomas struct passwd *pw;
79 729a7e24 2022-11-17 thomas const char *errstr;
81 729a7e24 2022-11-17 thomas if ((pw = getpwnam(s)) != NULL) {
82 729a7e24 2022-11-17 thomas *uid = pw->pw_uid;
83 729a7e24 2022-11-17 thomas if (*uid == UID_MAX)
84 729a7e24 2022-11-17 thomas return -1;
87 729a7e24 2022-11-17 thomas *uid = strtonum(s, 0, UID_MAX - 1, &errstr);
88 729a7e24 2022-11-17 thomas if (errstr)
89 729a7e24 2022-11-17 thomas return -1;
93 729a7e24 2022-11-17 thomas static int
94 729a7e24 2022-11-17 thomas uidcheck(const char *s, uid_t desired)
96 729a7e24 2022-11-17 thomas uid_t uid;
98 0781db0e 2023-01-06 thomas if (gotd_auth_parseuid(s, &uid) != 0)
99 729a7e24 2022-11-17 thomas return -1;
100 729a7e24 2022-11-17 thomas if (uid != desired)
101 729a7e24 2022-11-17 thomas return -1;
102 729a7e24 2022-11-17 thomas return 0;
105 729a7e24 2022-11-17 thomas static int
106 729a7e24 2022-11-17 thomas parsegid(const char *s, gid_t *gid)
108 729a7e24 2022-11-17 thomas struct group *gr;
109 729a7e24 2022-11-17 thomas const char *errstr;
111 729a7e24 2022-11-17 thomas if ((gr = getgrnam(s)) != NULL) {
112 729a7e24 2022-11-17 thomas *gid = gr->gr_gid;
113 729a7e24 2022-11-17 thomas if (*gid == GID_MAX)
114 729a7e24 2022-11-17 thomas return -1;
115 729a7e24 2022-11-17 thomas return 0;
117 729a7e24 2022-11-17 thomas *gid = strtonum(s, 0, GID_MAX - 1, &errstr);
118 729a7e24 2022-11-17 thomas if (errstr)
119 729a7e24 2022-11-17 thomas return -1;
120 729a7e24 2022-11-17 thomas return 0;
123 729a7e24 2022-11-17 thomas static int
124 729a7e24 2022-11-17 thomas match_identifier(const char *identifier, gid_t *groups, int ngroups,
125 729a7e24 2022-11-17 thomas uid_t euid, gid_t egid)
129 729a7e24 2022-11-17 thomas if (identifier[0] == ':') {
130 729a7e24 2022-11-17 thomas gid_t rgid;
131 729a7e24 2022-11-17 thomas if (parsegid(identifier + 1, &rgid) == -1)
132 729a7e24 2022-11-17 thomas return 0;
133 ff260661 2022-11-17 thomas if (rgid == egid)
134 ff260661 2022-11-17 thomas return 1;
135 729a7e24 2022-11-17 thomas for (i = 0; i < ngroups; i++) {
136 ff260661 2022-11-17 thomas if (rgid == groups[i])
139 729a7e24 2022-11-17 thomas if (i == ngroups)
140 729a7e24 2022-11-17 thomas return 0;
141 729a7e24 2022-11-17 thomas } else if (uidcheck(identifier, euid) != 0)
142 729a7e24 2022-11-17 thomas return 0;
144 729a7e24 2022-11-17 thomas return 1;
147 c669c489 2022-12-30 thomas static const struct got_error *
148 c669c489 2022-12-30 thomas auth_check(struct gotd_access_rule_list *rules, const char *repo_name,
149 ff260661 2022-11-17 thomas uid_t euid, gid_t egid, int required_auth)
151 729a7e24 2022-11-17 thomas struct gotd_access_rule *rule;
152 729a7e24 2022-11-17 thomas enum gotd_access access = GOTD_ACCESS_DENIED;
153 ff260661 2022-11-17 thomas struct passwd *pw;
154 ff260661 2022-11-17 thomas gid_t groups[NGROUPS_MAX];
155 ff260661 2022-11-17 thomas int ngroups = NGROUPS_MAX;
157 ff260661 2022-11-17 thomas pw = getpwuid(euid);
158 9928b132 2022-11-20 thomas if (pw == NULL) {
159 9928b132 2022-11-20 thomas if (errno)
160 9928b132 2022-11-20 thomas return got_error_from_errno("getpwuid");
162 9928b132 2022-11-20 thomas return got_error_set_errno(EACCES, repo_name);
165 ff260661 2022-11-17 thomas if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups) == -1)
166 ff260661 2022-11-17 thomas log_warnx("group membership list truncated");
168 729a7e24 2022-11-17 thomas STAILQ_FOREACH(rule, rules, entry) {
169 729a7e24 2022-11-17 thomas if (!match_identifier(rule->identifier, groups, ngroups,
170 729a7e24 2022-11-17 thomas euid, egid))
171 729a7e24 2022-11-17 thomas continue;
173 729a7e24 2022-11-17 thomas access = rule->access;
174 729a7e24 2022-11-17 thomas if (rule->access == GOTD_ACCESS_PERMITTED &&
175 729a7e24 2022-11-17 thomas (rule->authorization & required_auth) != required_auth)
176 729a7e24 2022-11-17 thomas access = GOTD_ACCESS_DENIED;
179 729a7e24 2022-11-17 thomas if (access == GOTD_ACCESS_DENIED)
180 729a7e24 2022-11-17 thomas return got_error_set_errno(EACCES, repo_name);
182 729a7e24 2022-11-17 thomas if (access == GOTD_ACCESS_PERMITTED)
183 729a7e24 2022-11-17 thomas return NULL;
185 729a7e24 2022-11-17 thomas /* should not happen, this would be a bug */
186 729a7e24 2022-11-17 thomas return got_error_msg(GOT_ERR_NOT_IMPL, "bad access rule");
189 c669c489 2022-12-30 thomas static const struct got_error *
190 c669c489 2022-12-30 thomas recv_authreq(struct imsg *imsg, struct gotd_imsgev *iev)
192 c669c489 2022-12-30 thomas const struct got_error *err;
193 c669c489 2022-12-30 thomas struct imsgbuf *ibuf = &iev->ibuf;
194 c669c489 2022-12-30 thomas struct gotd_imsg_auth iauth;
195 c669c489 2022-12-30 thomas size_t datalen;
196 0bcde4c8 2022-12-30 thomas uid_t euid;
197 0bcde4c8 2022-12-30 thomas gid_t egid;
199 c669c489 2022-12-30 thomas log_debug("authentication request received");
201 c669c489 2022-12-30 thomas datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
202 c669c489 2022-12-30 thomas if (datalen != sizeof(iauth))
203 c669c489 2022-12-30 thomas return got_error(GOT_ERR_PRIVSEP_LEN);
205 c669c489 2022-12-30 thomas memcpy(&iauth, imsg->data, datalen);
207 0bcde4c8 2022-12-30 thomas if (imsg->fd == -1)
208 0bcde4c8 2022-12-30 thomas return got_error(GOT_ERR_PRIVSEP_NO_FD);
210 0bcde4c8 2022-12-30 thomas if (getpeereid(imsg->fd, &euid, &egid) == -1)
211 0bcde4c8 2022-12-30 thomas return got_error_from_errno("getpeerid");
213 0bcde4c8 2022-12-30 thomas if (iauth.euid != euid)
214 0bcde4c8 2022-12-30 thomas return got_error(GOT_ERR_UID);
215 0bcde4c8 2022-12-30 thomas if (iauth.egid != egid)
216 0bcde4c8 2022-12-30 thomas return got_error(GOT_ERR_GID);
218 0bcde4c8 2022-12-30 thomas log_debug("authenticating uid %d gid %d", euid, egid);
220 c669c489 2022-12-30 thomas err = auth_check(&gotd_auth.repo->rules, gotd_auth.repo->name,
221 c669c489 2022-12-30 thomas iauth.euid, iauth.egid, iauth.required_auth);
222 c669c489 2022-12-30 thomas if (err) {
223 c669c489 2022-12-30 thomas gotd_imsg_send_error(ibuf, PROC_AUTH, iauth.client_id, err);
224 c669c489 2022-12-30 thomas return err;
227 c669c489 2022-12-30 thomas if (gotd_imsg_compose_event(iev, GOTD_IMSG_ACCESS_GRANTED,
228 c669c489 2022-12-30 thomas PROC_AUTH, -1, NULL, 0) == -1)
229 c669c489 2022-12-30 thomas return got_error_from_errno("imsg compose ACCESS_GRANTED");
231 c669c489 2022-12-30 thomas return NULL;
234 c669c489 2022-12-30 thomas static void
235 c669c489 2022-12-30 thomas auth_dispatch(int fd, short event, void *arg)
237 c669c489 2022-12-30 thomas const struct got_error *err = NULL;
238 c669c489 2022-12-30 thomas struct gotd_imsgev *iev = arg;
239 c669c489 2022-12-30 thomas struct imsgbuf *ibuf = &iev->ibuf;
240 c669c489 2022-12-30 thomas struct imsg imsg;
241 c669c489 2022-12-30 thomas ssize_t n;
242 c669c489 2022-12-30 thomas int shut = 0;
244 c669c489 2022-12-30 thomas if (event & EV_READ) {
245 c669c489 2022-12-30 thomas if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
246 c669c489 2022-12-30 thomas fatal("imsg_read error");
247 c669c489 2022-12-30 thomas if (n == 0) /* Connection closed. */
248 c669c489 2022-12-30 thomas shut = 1;
251 c669c489 2022-12-30 thomas if (event & EV_WRITE) {
252 c669c489 2022-12-30 thomas n = msgbuf_write(&ibuf->w);
253 c669c489 2022-12-30 thomas if (n == -1 && errno != EAGAIN)
254 c669c489 2022-12-30 thomas fatal("msgbuf_write");
255 c669c489 2022-12-30 thomas if (n == 0) /* Connection closed. */
256 c669c489 2022-12-30 thomas shut = 1;
259 c669c489 2022-12-30 thomas for (;;) {
260 c669c489 2022-12-30 thomas if ((n = imsg_get(ibuf, &imsg)) == -1)
261 c669c489 2022-12-30 thomas fatal("%s: imsg_get", __func__);
262 c669c489 2022-12-30 thomas if (n == 0) /* No more messages. */
265 c669c489 2022-12-30 thomas switch (imsg.hdr.type) {
266 c669c489 2022-12-30 thomas case GOTD_IMSG_AUTHENTICATE:
267 c669c489 2022-12-30 thomas err = recv_authreq(&imsg, iev);
269 c669c489 2022-12-30 thomas log_warnx("%s: %s", gotd_auth.title, err->msg);
272 c669c489 2022-12-30 thomas log_debug("%s: unexpected imsg %d", gotd_auth.title,
273 c669c489 2022-12-30 thomas imsg.hdr.type);
277 c669c489 2022-12-30 thomas imsg_free(&imsg);
280 c669c489 2022-12-30 thomas if (!shut) {
281 c669c489 2022-12-30 thomas gotd_imsg_event_add(iev);
283 c669c489 2022-12-30 thomas /* This pipe is dead. Remove its event handler */
284 c669c489 2022-12-30 thomas event_del(&iev->ev);
285 c669c489 2022-12-30 thomas event_loopexit(NULL);
290 c669c489 2022-12-30 thomas auth_main(const char *title, struct gotd_repolist *repos,
291 c669c489 2022-12-30 thomas const char *repo_path)
293 c669c489 2022-12-30 thomas struct gotd_repo *repo = NULL;
294 c669c489 2022-12-30 thomas struct gotd_imsgev iev;
295 c669c489 2022-12-30 thomas struct event evsigint, evsigterm, evsighup, evsigusr1;
297 c669c489 2022-12-30 thomas gotd_auth.title = title;
298 c669c489 2022-12-30 thomas gotd_auth.pid = getpid();
299 c669c489 2022-12-30 thomas TAILQ_FOREACH(repo, repos, entry) {
300 c669c489 2022-12-30 thomas if (got_path_cmp(repo->path, repo_path,
301 c669c489 2022-12-30 thomas strlen(repo->path), strlen(repo_path)) == 0)
304 c669c489 2022-12-30 thomas if (repo == NULL)
305 c669c489 2022-12-30 thomas fatalx("repository %s not found in config", repo_path);
306 c669c489 2022-12-30 thomas gotd_auth.repo = repo;
308 c669c489 2022-12-30 thomas signal_set(&evsigint, SIGINT, auth_sighdlr, NULL);
309 c669c489 2022-12-30 thomas signal_set(&evsigterm, SIGTERM, auth_sighdlr, NULL);
310 c669c489 2022-12-30 thomas signal_set(&evsighup, SIGHUP, auth_sighdlr, NULL);
311 c669c489 2022-12-30 thomas signal_set(&evsigusr1, SIGUSR1, auth_sighdlr, NULL);
312 c669c489 2022-12-30 thomas signal(SIGPIPE, SIG_IGN);
314 c669c489 2022-12-30 thomas signal_add(&evsigint, NULL);
315 c669c489 2022-12-30 thomas signal_add(&evsigterm, NULL);
316 c669c489 2022-12-30 thomas signal_add(&evsighup, NULL);
317 c669c489 2022-12-30 thomas signal_add(&evsigusr1, NULL);
319 c669c489 2022-12-30 thomas imsg_init(&iev.ibuf, GOTD_FILENO_MSG_PIPE);
320 c669c489 2022-12-30 thomas iev.handler = auth_dispatch;
321 c669c489 2022-12-30 thomas iev.events = EV_READ;
322 c669c489 2022-12-30 thomas iev.handler_arg = NULL;
323 c669c489 2022-12-30 thomas event_set(&iev.ev, iev.ibuf.fd, EV_READ, auth_dispatch, &iev);
324 c669c489 2022-12-30 thomas if (event_add(&iev.ev, NULL) == -1)
325 c669c489 2022-12-30 thomas fatalx("event add");
327 c669c489 2022-12-30 thomas event_dispatch();
329 c669c489 2022-12-30 thomas auth_shutdown();
332 c669c489 2022-12-30 thomas static void
333 c669c489 2022-12-30 thomas auth_shutdown(void)
335 c669c489 2022-12-30 thomas log_debug("%s: shutting down", gotd_auth.title);
