Blob


1 /*
2 * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
3 * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
18 #include <sys/types.h>
19 #include <sys/socket.h>
20 #include <sys/queue.h>
21 #include <sys/uio.h>
23 #include <errno.h>
24 #include <event.h>
25 #include <limits.h>
26 #include <pwd.h>
27 #include <grp.h>
28 #include <sha1.h>
29 #include <sha2.h>
30 #include <signal.h>
31 #include <stdint.h>
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <string.h>
35 #include <imsg.h>
36 #include <unistd.h>
38 #include "got_error.h"
39 #include "got_object.h"
40 #include "got_path.h"
42 #include "gotd.h"
43 #include "log.h"
44 #include "auth.h"
46 static struct gotd_auth {
47 pid_t pid;
48 const char *title;
49 struct gotd_repo *repo;
50 } gotd_auth;
52 static void auth_shutdown(void);
54 static void
55 auth_sighdlr(int sig, short event, void *arg)
56 {
57 /*
58 * Normal signal handler rules don't apply because libevent
59 * decouples for us.
60 */
62 switch (sig) {
63 case SIGHUP:
64 break;
65 case SIGUSR1:
66 break;
67 case SIGTERM:
68 case SIGINT:
69 auth_shutdown();
70 /* NOTREACHED */
71 break;
72 default:
73 fatalx("unexpected signal");
74 }
75 }
77 static int
78 uidcheck(const char *s, uid_t desired)
79 {
80 uid_t uid;
82 if (gotd_parseuid(s, &uid) != 0)
83 return -1;
84 if (uid != desired)
85 return -1;
86 return 0;
87 }
89 static int
90 parsegid(const char *s, gid_t *gid)
91 {
92 struct group *gr;
93 const char *errstr;
95 if ((gr = getgrnam(s)) != NULL) {
96 *gid = gr->gr_gid;
97 if (*gid == GID_MAX)
98 return -1;
99 return 0;
101 *gid = strtonum(s, 0, GID_MAX - 1, &errstr);
102 if (errstr)
103 return -1;
104 return 0;
107 static int
108 match_identifier(const char *identifier, gid_t *groups, int ngroups,
109 uid_t euid, gid_t egid)
111 int i;
113 if (identifier[0] == ':') {
114 gid_t rgid;
115 if (parsegid(identifier + 1, &rgid) == -1)
116 return 0;
117 if (rgid == egid)
118 return 1;
119 for (i = 0; i < ngroups; i++) {
120 if (rgid == groups[i])
121 break;
123 if (i == ngroups)
124 return 0;
125 } else if (uidcheck(identifier, euid) != 0)
126 return 0;
128 return 1;
131 static const struct got_error *
132 auth_check(char **username, struct gotd_access_rule_list *rules,
133 const char *repo_name, uid_t euid, gid_t egid, int required_auth)
135 struct gotd_access_rule *rule;
136 enum gotd_access access = GOTD_ACCESS_DENIED;
137 struct passwd *pw;
138 gid_t groups[NGROUPS_MAX];
139 int ngroups = NGROUPS_MAX;
140 int matched_user = 0;
142 *username = NULL;
144 pw = getpwuid(euid);
145 if (pw == NULL) {
146 if (errno)
147 return got_error_from_errno("getpwuid");
148 else
149 return got_error_set_errno(EACCES, repo_name);
152 *username = strdup(pw->pw_name);
153 if (*username == NULL)
154 return got_error_from_errno("strdup");
156 if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups) == -1)
157 log_warnx("group membership list truncated");
159 STAILQ_FOREACH(rule, rules, entry) {
160 if (!match_identifier(rule->identifier, groups, ngroups,
161 euid, egid))
162 continue;
164 matched_user = 1;
165 access = rule->access;
166 if (rule->access == GOTD_ACCESS_PERMITTED &&
167 (rule->authorization & required_auth) != required_auth)
168 access = GOTD_ACCESS_DENIED;
171 if (access == GOTD_ACCESS_DENIED) {
172 /*
173 * If a user has no explicit read or write access then
174 * do not leak the existence of a repository to them.
175 */
176 if (!matched_user)
177 return got_error(GOT_ERR_NOT_GIT_REPO);
178 else
179 return got_error_set_errno(EACCES, repo_name);
182 if (access == GOTD_ACCESS_PERMITTED)
183 return NULL;
185 /* should not happen, this would be a bug */
186 return got_error_msg(GOT_ERR_NOT_IMPL, "bad access rule");
189 static const struct got_error *
190 recv_authreq(struct imsg *imsg, struct gotd_imsgev *iev)
192 const struct got_error *err;
193 struct imsgbuf *ibuf = &iev->ibuf;
194 struct gotd_imsg_auth iauth;
195 size_t datalen;
196 uid_t euid;
197 gid_t egid;
198 char *username = NULL;
199 size_t len;
200 const size_t maxlen = MAX_IMSGSIZE - IMSG_HEADER_SIZE;
201 int fd = -1;
203 log_debug("authentication request received");
205 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
206 if (datalen != sizeof(iauth))
207 return got_error(GOT_ERR_PRIVSEP_LEN);
209 memcpy(&iauth, imsg->data, datalen);
211 fd = imsg_get_fd(imsg);
212 if (fd == -1)
213 return got_error(GOT_ERR_PRIVSEP_NO_FD);
215 if (getpeereid(fd, &euid, &egid) == -1)
216 return got_error_from_errno("getpeerid");
218 if (iauth.euid != euid)
219 return got_error(GOT_ERR_UID);
220 if (iauth.egid != egid)
221 return got_error(GOT_ERR_GID);
223 log_debug("authenticating uid %d gid %d", euid, egid);
225 err = auth_check(&username, &gotd_auth.repo->rules,
226 gotd_auth.repo->name, iauth.euid, iauth.egid, iauth.required_auth);
227 if (err) {
228 gotd_imsg_send_error(ibuf, PROC_AUTH, iauth.client_id, err);
229 goto done;
232 len = strlen(username);
233 if (len > maxlen)
234 len = maxlen;
236 if (gotd_imsg_compose_event(iev, GOTD_IMSG_ACCESS_GRANTED,
237 PROC_AUTH, -1, username, len) == -1)
238 err = got_error_from_errno("imsg compose ACCESS_GRANTED");
239 done:
240 free(username);
241 return err;
244 static void
245 auth_dispatch(int fd, short event, void *arg)
247 const struct got_error *err = NULL;
248 struct gotd_imsgev *iev = arg;
249 struct imsgbuf *ibuf = &iev->ibuf;
250 struct imsg imsg;
251 ssize_t n;
252 int shut = 0;
254 if (event & EV_READ) {
255 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
256 fatal("imsg_read error");
257 if (n == 0) /* Connection closed. */
258 shut = 1;
261 if (event & EV_WRITE) {
262 n = msgbuf_write(&ibuf->w);
263 if (n == -1 && errno != EAGAIN)
264 fatal("msgbuf_write");
265 if (n == 0) /* Connection closed. */
266 shut = 1;
269 for (;;) {
270 if ((n = imsg_get(ibuf, &imsg)) == -1)
271 fatal("%s: imsg_get", __func__);
272 if (n == 0) /* No more messages. */
273 break;
275 switch (imsg.hdr.type) {
276 case GOTD_IMSG_AUTHENTICATE:
277 err = recv_authreq(&imsg, iev);
278 if (err)
279 log_warnx("%s", err->msg);
280 break;
281 default:
282 log_debug("unexpected imsg %d", imsg.hdr.type);
283 break;
286 imsg_free(&imsg);
289 if (!shut) {
290 gotd_imsg_event_add(iev);
291 } else {
292 /* This pipe is dead. Remove its event handler */
293 event_del(&iev->ev);
294 event_loopexit(NULL);
298 void
299 auth_main(const char *title, struct gotd_repolist *repos,
300 const char *repo_path)
302 struct gotd_repo *repo = NULL;
303 struct gotd_imsgev iev;
304 struct event evsigint, evsigterm, evsighup, evsigusr1;
306 gotd_auth.title = title;
307 gotd_auth.pid = getpid();
308 TAILQ_FOREACH(repo, repos, entry) {
309 if (got_path_cmp(repo->path, repo_path,
310 strlen(repo->path), strlen(repo_path)) == 0)
311 break;
313 if (repo == NULL)
314 fatalx("repository %s not found in config", repo_path);
315 gotd_auth.repo = repo;
317 signal_set(&evsigint, SIGINT, auth_sighdlr, NULL);
318 signal_set(&evsigterm, SIGTERM, auth_sighdlr, NULL);
319 signal_set(&evsighup, SIGHUP, auth_sighdlr, NULL);
320 signal_set(&evsigusr1, SIGUSR1, auth_sighdlr, NULL);
321 signal(SIGPIPE, SIG_IGN);
323 signal_add(&evsigint, NULL);
324 signal_add(&evsigterm, NULL);
325 signal_add(&evsighup, NULL);
326 signal_add(&evsigusr1, NULL);
328 imsg_init(&iev.ibuf, GOTD_FILENO_MSG_PIPE);
329 iev.handler = auth_dispatch;
330 iev.events = EV_READ;
331 iev.handler_arg = NULL;
332 event_set(&iev.ev, iev.ibuf.fd, EV_READ, auth_dispatch, &iev);
333 if (event_add(&iev.ev, NULL) == -1)
334 fatalx("event add");
336 event_dispatch();
338 auth_shutdown();
341 static void
342 auth_shutdown(void)
344 log_debug("%s: shutting down", gotd_auth.title);
345 exit(0);