Blob


1 /*
2 * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
3 * Copyright (c) 2016-2019, 2020-2021 Tracey Emery <tracey@traceyemery.net>
4 * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
5 * Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org>
6 * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
7 * Copyright (c) 2001 Markus Friedl. All rights reserved.
8 * Copyright (c) 2001 Daniel Hartmeier. All rights reserved.
9 * Copyright (c) 2001 Theo de Raadt. All rights reserved.
10 *
11 * Permission to use, copy, modify, and distribute this software for any
12 * purpose with or without fee is hereby granted, provided that the above
13 * copyright notice and this permission notice appear in all copies.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
16 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
17 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
18 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
19 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 */
24 %{
25 #include <sys/time.h>
26 #include <sys/types.h>
27 #include <sys/queue.h>
28 #include <sys/stat.h>
30 #include <ctype.h>
31 #include <err.h>
32 #include <errno.h>
33 #include <event.h>
34 #include <imsg.h>
35 #include <limits.h>
36 #include <pwd.h>
37 #include <sha1.h>
38 #include <sha2.h>
39 #include <stdarg.h>
40 #include <stdlib.h>
41 #include <stdio.h>
42 #include <string.h>
43 #include <syslog.h>
44 #include <unistd.h>
46 #include "got_error.h"
47 #include "got_path.h"
48 #include "got_reference.h"
50 #include "log.h"
51 #include "gotd.h"
52 #include "auth.h"
53 #include "listen.h"
55 TAILQ_HEAD(files, file) files = TAILQ_HEAD_INITIALIZER(files);
56 static struct file {
57 TAILQ_ENTRY(file) entry;
58 FILE *stream;
59 char *name;
60 int lineno;
61 int errors;
62 } *file;
63 struct file *newfile(const char *, int, int);
64 static void closefile(struct file *);
65 int check_file_secrecy(int, const char *);
66 int yyparse(void);
67 int yylex(void);
68 int yyerror(const char *, ...)
69 __attribute__((__format__ (printf, 1, 2)))
70 __attribute__((__nonnull__ (1)));
71 int kw_cmp(const void *, const void *);
72 int lookup(char *);
73 int lgetc(int);
74 int lungetc(int);
75 int findeol(void);
77 TAILQ_HEAD(symhead, sym) symhead = TAILQ_HEAD_INITIALIZER(symhead);
78 struct sym {
79 TAILQ_ENTRY(sym) entry;
80 int used;
81 int persist;
82 char *nam;
83 char *val;
84 };
86 int symset(const char *, const char *, int);
87 char *symget(const char *);
89 static int errors;
91 static struct gotd *gotd;
92 static struct gotd_repo *new_repo;
93 static int conf_limit_user_connections(const char *, int);
94 static struct gotd_repo *conf_new_repo(const char *);
95 static void conf_new_access_rule(struct gotd_repo *,
96 enum gotd_access, int, char *);
97 static int conf_protect_ref_namespace(char **,
98 struct got_pathlist_head *, char *);
99 static int conf_protect_tag_namespace(struct gotd_repo *,
100 char *);
101 static int conf_protect_branch_namespace(
102 struct gotd_repo *, char *);
103 static int conf_protect_branch(struct gotd_repo *,
104 char *);
105 static enum gotd_procid gotd_proc_id;
107 typedef struct {
108 union {
109 long long number;
110 char *string;
111 struct timeval tv;
112 } v;
113 int lineno;
114 } YYSTYPE;
116 %}
118 %token PATH ERROR LISTEN ON USER REPOSITORY PERMIT DENY
119 %token RO RW CONNECTION LIMIT REQUEST TIMEOUT
120 %token PROTECT NAMESPACE BRANCH TAG
122 %token <v.string> STRING
123 %token <v.number> NUMBER
124 %type <v.tv> timeout
126 %%
128 grammar :
129 | grammar '\n'
130 | grammar main '\n'
131 | grammar repository '\n'
134 timeout : NUMBER {
135 if ($1 < 0) {
136 yyerror("invalid timeout: %lld", $1);
137 YYERROR;
139 $$.tv_sec = $1;
140 $$.tv_usec = 0;
142 | STRING {
143 const char *errstr;
144 const char *type = "seconds";
145 size_t len;
146 int mul = 1;
148 if (*$1 == '\0') {
149 yyerror("invalid number of seconds: %s", $1);
150 free($1);
151 YYERROR;
154 len = strlen($1);
155 switch ($1[len - 1]) {
156 case 'S':
157 case 's':
158 $1[len - 1] = '\0';
159 break;
160 case 'M':
161 case 'm':
162 type = "minutes";
163 mul = 60;
164 $1[len - 1] = '\0';
165 break;
166 case 'H':
167 case 'h':
168 type = "hours";
169 mul = 60 * 60;
170 $1[len - 1] = '\0';
171 break;
174 $$.tv_usec = 0;
175 $$.tv_sec = strtonum($1, 0, INT_MAX / mul, &errstr);
176 if (errstr) {
177 yyerror("number of %s is %s: %s", type,
178 errstr, $1);
179 free($1);
180 YYERROR;
183 $$.tv_sec *= mul;
184 free($1);
188 main : LISTEN ON STRING {
189 if (!got_path_is_absolute($3))
190 yyerror("bad unix socket path \"%s\": "
191 "must be an absolute path", $3);
193 if (gotd_proc_id == PROC_LISTEN) {
194 if (strlcpy(gotd->unix_socket_path, $3,
195 sizeof(gotd->unix_socket_path)) >=
196 sizeof(gotd->unix_socket_path)) {
197 yyerror("%s: unix socket path too long",
198 __func__);
199 free($3);
200 YYERROR;
203 free($3);
205 | USER STRING {
206 if (strlcpy(gotd->user_name, $2,
207 sizeof(gotd->user_name)) >=
208 sizeof(gotd->user_name)) {
209 yyerror("%s: user name too long", __func__);
210 free($2);
211 YYERROR;
213 free($2);
215 | connection
218 connection : CONNECTION '{' optnl conflags_l '}'
219 | CONNECTION conflags
221 conflags_l : conflags optnl conflags_l
222 | conflags optnl
225 conflags : REQUEST TIMEOUT timeout {
226 if ($3.tv_sec <= 0) {
227 yyerror("invalid timeout: %lld", $3.tv_sec);
228 YYERROR;
230 memcpy(&gotd->request_timeout, &$3,
231 sizeof(gotd->request_timeout));
233 | LIMIT USER STRING NUMBER {
234 if (gotd_proc_id == PROC_LISTEN &&
235 conf_limit_user_connections($3, $4) == -1) {
236 free($3);
237 YYERROR;
239 free($3);
243 protect : PROTECT '{' optnl protectflags_l '}'
244 | PROTECT protectflags
246 protectflags_l : protectflags optnl protectflags_l
247 | protectflags optnl
250 protectflags : TAG NAMESPACE STRING {
251 if (gotd_proc_id == PROC_GOTD ||
252 gotd_proc_id == PROC_REPO_WRITE) {
253 if (conf_protect_tag_namespace(new_repo, $3)) {
254 free($3);
255 YYERROR;
258 free($3);
260 | BRANCH NAMESPACE STRING {
261 if (gotd_proc_id == PROC_GOTD ||
262 gotd_proc_id == PROC_REPO_WRITE) {
263 if (conf_protect_branch_namespace(new_repo,
264 $3)) {
265 free($3);
266 YYERROR;
269 free($3);
271 | BRANCH STRING {
272 if (gotd_proc_id == PROC_GOTD ||
273 gotd_proc_id == PROC_REPO_WRITE) {
274 if (conf_protect_branch(new_repo, $2)) {
275 free($2);
276 YYERROR;
279 free($2);
283 repository : REPOSITORY STRING {
284 struct gotd_repo *repo;
286 TAILQ_FOREACH(repo, &gotd->repos, entry) {
287 if (strcmp(repo->name, $2) == 0) {
288 yyerror("duplicate repository '%s'", $2);
289 free($2);
290 YYERROR;
294 if (gotd_proc_id == PROC_GOTD ||
295 gotd_proc_id == PROC_AUTH ||
296 gotd_proc_id == PROC_REPO_WRITE ||
297 gotd_proc_id == PROC_GITWRAPPER) {
298 new_repo = conf_new_repo($2);
300 free($2);
301 } '{' optnl repoopts2 '}' {
305 repoopts1 : PATH STRING {
306 if (gotd_proc_id == PROC_GOTD ||
307 gotd_proc_id == PROC_AUTH ||
308 gotd_proc_id == PROC_REPO_WRITE ||
309 gotd_proc_id == PROC_GITWRAPPER) {
310 if (!got_path_is_absolute($2)) {
311 yyerror("%s: path %s is not absolute",
312 __func__, $2);
313 free($2);
314 YYERROR;
316 if (realpath($2, new_repo->path) == NULL) {
317 /*
318 * To give admins a chance to create
319 * missing repositories at run-time
320 * we only warn about ENOENT here.
322 * And ignore 'permission denied' when
323 * running in gitwrapper. Users may be
324 * able to access this repository via
325 * gotd regardless.
326 */
327 if (errno == ENOENT) {
328 yyerror("realpath %s: %s", $2,
329 strerror(errno));
330 } else if (errno != EACCES ||
331 gotd_proc_id != PROC_GITWRAPPER) {
332 yyerror("realpath %s: %s", $2,
333 strerror(errno));
334 free($2);
335 YYERROR;
338 if (strlcpy(new_repo->path, $2,
339 sizeof(new_repo->path)) >=
340 sizeof(new_repo->path))
341 yyerror("path too long");
344 free($2);
346 | PERMIT RO STRING {
347 if (gotd_proc_id == PROC_AUTH) {
348 conf_new_access_rule(new_repo,
349 GOTD_ACCESS_PERMITTED, GOTD_AUTH_READ, $3);
350 } else
351 free($3);
353 | PERMIT RW STRING {
354 if (gotd_proc_id == PROC_AUTH) {
355 conf_new_access_rule(new_repo,
356 GOTD_ACCESS_PERMITTED,
357 GOTD_AUTH_READ | GOTD_AUTH_WRITE, $3);
358 } else
359 free($3);
361 | DENY STRING {
362 if (gotd_proc_id == PROC_AUTH) {
363 conf_new_access_rule(new_repo,
364 GOTD_ACCESS_DENIED, 0, $2);
365 } else
366 free($2);
368 | protect
371 repoopts2 : repoopts2 repoopts1 nl
372 | repoopts1 optnl
375 nl : '\n' optnl
378 optnl : '\n' optnl /* zero or more newlines */
379 | /* empty */
382 %%
384 struct keywords {
385 const char *k_name;
386 int k_val;
387 };
389 int
390 yyerror(const char *fmt, ...)
392 va_list ap;
393 char *msg;
395 file->errors++;
396 va_start(ap, fmt);
397 if (vasprintf(&msg, fmt, ap) == -1)
398 fatalx("yyerror vasprintf");
399 va_end(ap);
400 logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg);
401 free(msg);
402 return (0);
405 int
406 kw_cmp(const void *k, const void *e)
408 return (strcmp(k, ((const struct keywords *)e)->k_name));
411 int
412 lookup(char *s)
414 /* This has to be sorted always. */
415 static const struct keywords keywords[] = {
416 { "branch", BRANCH },
417 { "connection", CONNECTION },
418 { "deny", DENY },
419 { "limit", LIMIT },
420 { "listen", LISTEN },
421 { "namespace", NAMESPACE },
422 { "on", ON },
423 { "path", PATH },
424 { "permit", PERMIT },
425 { "protect", PROTECT },
426 { "repository", REPOSITORY },
427 { "request", REQUEST },
428 { "ro", RO },
429 { "rw", RW },
430 { "tag", TAG },
431 { "timeout", TIMEOUT },
432 { "user", USER },
433 };
434 const struct keywords *p;
436 p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
437 sizeof(keywords[0]), kw_cmp);
439 if (p)
440 return (p->k_val);
441 else
442 return (STRING);
445 #define MAXPUSHBACK 128
447 unsigned char *parsebuf;
448 int parseindex;
449 unsigned char pushback_buffer[MAXPUSHBACK];
450 int pushback_index = 0;
452 int
453 lgetc(int quotec)
455 int c, next;
457 if (parsebuf) {
458 /* Read character from the parsebuffer instead of input. */
459 if (parseindex >= 0) {
460 c = parsebuf[parseindex++];
461 if (c != '\0')
462 return (c);
463 parsebuf = NULL;
464 } else
465 parseindex++;
468 if (pushback_index)
469 return (pushback_buffer[--pushback_index]);
471 if (quotec) {
472 c = getc(file->stream);
473 if (c == EOF)
474 yyerror("reached end of file while parsing "
475 "quoted string");
476 return (c);
479 c = getc(file->stream);
480 while (c == '\\') {
481 next = getc(file->stream);
482 if (next != '\n') {
483 c = next;
484 break;
486 yylval.lineno = file->lineno;
487 file->lineno++;
488 c = getc(file->stream);
491 return (c);
494 int
495 lungetc(int c)
497 if (c == EOF)
498 return (EOF);
499 if (parsebuf) {
500 parseindex--;
501 if (parseindex >= 0)
502 return (c);
504 if (pushback_index < MAXPUSHBACK-1)
505 return (pushback_buffer[pushback_index++] = c);
506 else
507 return (EOF);
510 int
511 findeol(void)
513 int c;
515 parsebuf = NULL;
517 /* Skip to either EOF or the first real EOL. */
518 while (1) {
519 if (pushback_index)
520 c = pushback_buffer[--pushback_index];
521 else
522 c = lgetc(0);
523 if (c == '\n') {
524 file->lineno++;
525 break;
527 if (c == EOF)
528 break;
530 return (ERROR);
533 int
534 yylex(void)
536 unsigned char buf[8096];
537 unsigned char *p, *val;
538 int quotec, next, c;
539 int token;
541 top:
542 p = buf;
543 c = lgetc(0);
544 while (c == ' ' || c == '\t')
545 c = lgetc(0); /* nothing */
547 yylval.lineno = file->lineno;
548 if (c == '#') {
549 c = lgetc(0);
550 while (c != '\n' && c != EOF)
551 c = lgetc(0); /* nothing */
553 if (c == '$' && parsebuf == NULL) {
554 while (1) {
555 c = lgetc(0);
556 if (c == EOF)
557 return (0);
559 if (p + 1 >= buf + sizeof(buf) - 1) {
560 yyerror("string too long");
561 return (findeol());
563 if (isalnum(c) || c == '_') {
564 *p++ = c;
565 continue;
567 *p = '\0';
568 lungetc(c);
569 break;
571 val = symget(buf);
572 if (val == NULL) {
573 yyerror("macro '%s' not defined", buf);
574 return (findeol());
576 parsebuf = val;
577 parseindex = 0;
578 goto top;
581 switch (c) {
582 case '\'':
583 case '"':
584 quotec = c;
585 while (1) {
586 c = lgetc(quotec);
587 if (c == EOF)
588 return (0);
589 if (c == '\n') {
590 file->lineno++;
591 continue;
592 } else if (c == '\\') {
593 next = lgetc(quotec);
594 if (next == EOF)
595 return (0);
596 if (next == quotec || c == ' ' || c == '\t')
597 c = next;
598 else if (next == '\n') {
599 file->lineno++;
600 continue;
601 } else
602 lungetc(next);
603 } else if (c == quotec) {
604 *p = '\0';
605 break;
606 } else if (c == '\0') {
607 yyerror("syntax error");
608 return (findeol());
610 if (p + 1 >= buf + sizeof(buf) - 1) {
611 yyerror("string too long");
612 return (findeol());
614 *p++ = c;
616 yylval.v.string = strdup(buf);
617 if (yylval.v.string == NULL)
618 err(1, "yylex: strdup");
619 return (STRING);
622 #define allowed_to_end_number(x) \
623 (isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
625 if (c == '-' || isdigit(c)) {
626 do {
627 *p++ = c;
628 if ((unsigned)(p-buf) >= sizeof(buf)) {
629 yyerror("string too long");
630 return (findeol());
632 c = lgetc(0);
633 } while (c != EOF && isdigit(c));
634 lungetc(c);
635 if (p == buf + 1 && buf[0] == '-')
636 goto nodigits;
637 if (c == EOF || allowed_to_end_number(c)) {
638 const char *errstr = NULL;
640 *p = '\0';
641 yylval.v.number = strtonum(buf, LLONG_MIN,
642 LLONG_MAX, &errstr);
643 if (errstr) {
644 yyerror("\"%s\" invalid number: %s",
645 buf, errstr);
646 return (findeol());
648 return (NUMBER);
649 } else {
650 nodigits:
651 while (p > buf + 1)
652 lungetc(*--p);
653 c = *--p;
654 if (c == '-')
655 return (c);
659 #define allowed_in_string(x) \
660 (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
661 x != '{' && x != '}' && \
662 x != '!' && x != '=' && x != '#' && \
663 x != ','))
665 if (isalnum(c) || c == ':' || c == '_') {
666 do {
667 *p++ = c;
668 if ((unsigned)(p-buf) >= sizeof(buf)) {
669 yyerror("string too long");
670 return (findeol());
672 c = lgetc(0);
673 } while (c != EOF && (allowed_in_string(c)));
674 lungetc(c);
675 *p = '\0';
676 token = lookup(buf);
677 if (token == STRING) {
678 yylval.v.string = strdup(buf);
679 if (yylval.v.string == NULL)
680 err(1, "yylex: strdup");
682 return (token);
684 if (c == '\n') {
685 yylval.lineno = file->lineno;
686 file->lineno++;
688 if (c == EOF)
689 return (0);
690 return (c);
693 int
694 check_file_secrecy(int fd, const char *fname)
696 struct stat st;
698 if (fstat(fd, &st)) {
699 log_warn("cannot stat %s", fname);
700 return (-1);
702 if (st.st_uid != 0 && st.st_uid != getuid()) {
703 log_warnx("%s: owner not root or current user", fname);
704 return (-1);
706 if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {
707 log_warnx("%s: group writable or world read/writable", fname);
708 return (-1);
710 return (0);
713 struct file *
714 newfile(const char *name, int secret, int required)
716 struct file *nfile;
718 nfile = calloc(1, sizeof(struct file));
719 if (nfile == NULL) {
720 log_warn("calloc");
721 return (NULL);
723 nfile->name = strdup(name);
724 if (nfile->name == NULL) {
725 log_warn("strdup");
726 free(nfile);
727 return (NULL);
729 nfile->stream = fopen(nfile->name, "r");
730 if (nfile->stream == NULL) {
731 if (required)
732 log_warn("open %s", nfile->name);
733 free(nfile->name);
734 free(nfile);
735 return (NULL);
736 } else if (secret &&
737 check_file_secrecy(fileno(nfile->stream), nfile->name)) {
738 fclose(nfile->stream);
739 free(nfile->name);
740 free(nfile);
741 return (NULL);
743 nfile->lineno = 1;
744 return (nfile);
747 static void
748 closefile(struct file *xfile)
750 fclose(xfile->stream);
751 free(xfile->name);
752 free(xfile);
755 int
756 parse_config(const char *filename, enum gotd_procid proc_id,
757 struct gotd *env)
759 struct sym *sym, *next;
760 struct gotd_repo *repo;
761 int require_config_file = (proc_id != PROC_GITWRAPPER);
763 memset(env, 0, sizeof(*env));
765 gotd = env;
766 gotd_proc_id = proc_id;
767 TAILQ_INIT(&gotd->repos);
769 /* Apply default values. */
770 if (strlcpy(gotd->unix_socket_path, GOTD_UNIX_SOCKET,
771 sizeof(gotd->unix_socket_path)) >= sizeof(gotd->unix_socket_path)) {
772 fprintf(stderr, "%s: unix socket path too long", __func__);
773 return -1;
775 if (strlcpy(gotd->user_name, GOTD_USER,
776 sizeof(gotd->user_name)) >= sizeof(gotd->user_name)) {
777 fprintf(stderr, "%s: user name too long", __func__);
778 return -1;
781 gotd->request_timeout.tv_sec = GOTD_DEFAULT_REQUEST_TIMEOUT;
782 gotd->request_timeout.tv_usec = 0;
784 file = newfile(filename, 0, require_config_file);
785 if (file == NULL)
786 return require_config_file ? -1 : 0;
788 yyparse();
789 errors = file->errors;
790 closefile(file);
792 /* Free macros and check which have not been used. */
793 TAILQ_FOREACH_SAFE(sym, &symhead, entry, next) {
794 if ((gotd->verbosity > 1) && !sym->used)
795 fprintf(stderr, "warning: macro '%s' not used\n",
796 sym->nam);
797 if (!sym->persist) {
798 free(sym->nam);
799 free(sym->val);
800 TAILQ_REMOVE(&symhead, sym, entry);
801 free(sym);
805 if (errors)
806 return (-1);
808 TAILQ_FOREACH(repo, &gotd->repos, entry) {
809 if (repo->path[0] == '\0') {
810 log_warnx("repository \"%s\": no path provided in "
811 "configuration file", repo->name);
812 return (-1);
816 if (proc_id == PROC_GOTD && TAILQ_EMPTY(&gotd->repos)) {
817 log_warnx("no repository defined in configuration file");
818 return (-1);
821 return (0);
824 static int
825 uid_connection_limit_cmp(const void *pa, const void *pb)
827 const struct gotd_uid_connection_limit *a = pa, *b = pb;
829 if (a->uid < b->uid)
830 return -1;
831 else if (a->uid > b->uid);
832 return 1;
834 return 0;
837 static int
838 conf_limit_user_connections(const char *user, int maximum)
840 uid_t uid;
841 struct gotd_uid_connection_limit *limit;
842 size_t nlimits;
844 if (maximum < 1) {
845 yyerror("max connections cannot be smaller 1");
846 return -1;
848 if (maximum > GOTD_MAXCLIENTS) {
849 yyerror("max connections must be <= %d", GOTD_MAXCLIENTS);
850 return -1;
853 if (gotd_parseuid(user, &uid) == -1) {
854 yyerror("%s: no such user", user);
855 return -1;
858 limit = gotd_find_uid_connection_limit(gotd->connection_limits,
859 gotd->nconnection_limits, uid);
860 if (limit) {
861 limit->max_connections = maximum;
862 return 0;
865 limit = gotd->connection_limits;
866 nlimits = gotd->nconnection_limits + 1;
867 limit = reallocarray(limit, nlimits, sizeof(*limit));
868 if (limit == NULL)
869 fatal("reallocarray");
871 limit[nlimits - 1].uid = uid;
872 limit[nlimits - 1].max_connections = maximum;
874 gotd->connection_limits = limit;
875 gotd->nconnection_limits = nlimits;
876 qsort(gotd->connection_limits, gotd->nconnection_limits,
877 sizeof(gotd->connection_limits[0]), uid_connection_limit_cmp);
879 return 0;
882 static struct gotd_repo *
883 conf_new_repo(const char *name)
885 struct gotd_repo *repo;
887 if (name[0] == '\0') {
888 fatalx("syntax error: empty repository name found in %s",
889 file->name);
892 if (strchr(name, '\n') != NULL)
893 fatalx("repository names must not contain linefeeds: %s", name);
895 repo = calloc(1, sizeof(*repo));
896 if (repo == NULL)
897 fatalx("%s: calloc", __func__);
899 STAILQ_INIT(&repo->rules);
900 TAILQ_INIT(&repo->protected_tag_namespaces);
901 TAILQ_INIT(&repo->protected_branch_namespaces);
902 TAILQ_INIT(&repo->protected_branches);
904 if (strlcpy(repo->name, name, sizeof(repo->name)) >=
905 sizeof(repo->name))
906 fatalx("%s: strlcpy", __func__);
908 TAILQ_INSERT_TAIL(&gotd->repos, repo, entry);
909 gotd->nrepos++;
911 return repo;
912 };
914 static void
915 conf_new_access_rule(struct gotd_repo *repo, enum gotd_access access,
916 int authorization, char *identifier)
918 struct gotd_access_rule *rule;
920 rule = calloc(1, sizeof(*rule));
921 if (rule == NULL)
922 fatal("calloc");
924 rule->access = access;
925 rule->authorization = authorization;
926 rule->identifier = identifier;
928 STAILQ_INSERT_TAIL(&repo->rules, rule, entry);
931 static int
932 refname_is_valid(char *refname)
934 if (strncmp(refname, "refs/", 5) != 0) {
935 yyerror("reference name must begin with \"refs/\": %s",
936 refname);
937 return 0;
940 if (!got_ref_name_is_valid(refname)) {
941 yyerror("invalid reference name: %s", refname);
942 return 0;
945 return 1;
948 static int
949 conf_protect_ref_namespace(char **new, struct got_pathlist_head *refs,
950 char *namespace)
952 const struct got_error *error;
953 struct got_pathlist_entry *pe;
954 char *s;
956 *new = NULL;
958 got_path_strip_trailing_slashes(namespace);
959 if (!refname_is_valid(namespace))
960 return -1;
961 if (asprintf(&s, "%s/", namespace) == -1) {
962 yyerror("asprintf: %s", strerror(errno));
963 return -1;
966 error = got_pathlist_insert(&pe, refs, s, NULL);
967 if (error || pe == NULL) {
968 free(s);
969 if (error)
970 yyerror("got_pathlist_insert: %s", error->msg);
971 else
972 yyerror("duplicate protected namespace %s", namespace);
973 return -1;
976 *new = s;
977 return 0;
980 static int
981 conf_protect_tag_namespace(struct gotd_repo *repo, char *namespace)
983 struct got_pathlist_entry *pe;
984 char *new;
986 if (conf_protect_ref_namespace(&new, &repo->protected_tag_namespaces,
987 namespace) == -1)
988 return -1;
990 TAILQ_FOREACH(pe, &repo->protected_branch_namespaces, entry) {
991 if (strcmp(pe->path, new) == 0) {
992 yyerror("duplicate protected namespace %s", namespace);
993 return -1;
997 return 0;
1000 static int
1001 conf_protect_branch_namespace(struct gotd_repo *repo, char *namespace)
1003 struct got_pathlist_entry *pe;
1004 char *new;
1006 if (conf_protect_ref_namespace(&new,
1007 &repo->protected_branch_namespaces, namespace) == -1)
1008 return -1;
1010 TAILQ_FOREACH(pe, &repo->protected_tag_namespaces, entry) {
1011 if (strcmp(pe->path, new) == 0) {
1012 yyerror("duplicate protected namespace %s", namespace);
1013 return -1;
1017 return 0;
1020 static int
1021 conf_protect_branch(struct gotd_repo *repo, char *branchname)
1023 const struct got_error *error;
1024 struct got_pathlist_entry *new;
1025 char *refname;
1027 if (strncmp(branchname, "refs/heads/", 11) != 0) {
1028 if (asprintf(&refname, "refs/heads/%s", branchname) == -1) {
1029 yyerror("asprintf: %s", strerror(errno));
1030 return -1;
1032 } else {
1033 refname = strdup(branchname);
1034 if (refname == NULL) {
1035 yyerror("strdup: %s", strerror(errno));
1036 return -1;
1040 if (!refname_is_valid(refname)) {
1041 free(refname);
1042 return -1;
1045 error = got_pathlist_insert(&new, &repo->protected_branches,
1046 refname, NULL);
1047 if (error || new == NULL) {
1048 free(refname);
1049 if (error)
1050 yyerror("got_pathlist_insert: %s", error->msg);
1051 else
1052 yyerror("duplicate protect branch %s", branchname);
1053 return -1;
1056 return 0;
1059 int
1060 symset(const char *nam, const char *val, int persist)
1062 struct sym *sym;
1064 TAILQ_FOREACH(sym, &symhead, entry) {
1065 if (strcmp(nam, sym->nam) == 0)
1066 break;
1069 if (sym != NULL) {
1070 if (sym->persist == 1)
1071 return (0);
1072 else {
1073 free(sym->nam);
1074 free(sym->val);
1075 TAILQ_REMOVE(&symhead, sym, entry);
1076 free(sym);
1079 sym = calloc(1, sizeof(*sym));
1080 if (sym == NULL)
1081 return (-1);
1083 sym->nam = strdup(nam);
1084 if (sym->nam == NULL) {
1085 free(sym);
1086 return (-1);
1088 sym->val = strdup(val);
1089 if (sym->val == NULL) {
1090 free(sym->nam);
1091 free(sym);
1092 return (-1);
1094 sym->used = 0;
1095 sym->persist = persist;
1096 TAILQ_INSERT_TAIL(&symhead, sym, entry);
1097 return (0);
1100 char *
1101 symget(const char *nam)
1103 struct sym *sym;
1105 TAILQ_FOREACH(sym, &symhead, entry) {
1106 if (strcmp(nam, sym->nam) == 0) {
1107 sym->used = 1;
1108 return (sym->val);
1111 return (NULL);
1114 struct gotd_repo *
1115 gotd_find_repo_by_name(const char *repo_name, struct gotd *gotd)
1117 struct gotd_repo *repo;
1118 size_t namelen;
1120 TAILQ_FOREACH(repo, &gotd->repos, entry) {
1121 namelen = strlen(repo->name);
1122 if (strncmp(repo->name, repo_name, namelen) != 0)
1123 continue;
1124 if (repo_name[namelen] == '\0' ||
1125 strcmp(&repo_name[namelen], ".git") == 0)
1126 return repo;
1129 return NULL;
1132 struct gotd_repo *
1133 gotd_find_repo_by_path(const char *repo_path, struct gotd *gotd)
1135 struct gotd_repo *repo;
1137 TAILQ_FOREACH(repo, &gotd->repos, entry) {
1138 if (strcmp(repo->path, repo_path) == 0)
1139 return repo;
1142 return NULL;
1145 struct gotd_uid_connection_limit *
1146 gotd_find_uid_connection_limit(struct gotd_uid_connection_limit *limits,
1147 size_t nlimits, uid_t uid)
1149 /* This array is always sorted to allow for binary search. */
1150 int i, left = 0, right = nlimits - 1;
1152 while (left <= right) {
1153 i = ((left + right) / 2);
1154 if (limits[i].uid == uid)
1155 return &limits[i];
1156 if (limits[i].uid > uid)
1157 left = i + 1;
1158 else
1159 right = i - 1;
1162 return NULL;
1165 int
1166 gotd_parseuid(const char *s, uid_t *uid)
1168 struct passwd *pw;
1169 const char *errstr;
1171 if ((pw = getpwnam(s)) != NULL) {
1172 *uid = pw->pw_uid;
1173 if (*uid == UID_MAX)
1174 return -1;
1175 return 0;
1177 *uid = strtonum(s, 0, UID_MAX - 1, &errstr);
1178 if (errstr)
1179 return -1;
1180 return 0;