2 * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
3 * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 #include <sys/types.h>
19 #include <sys/socket.h>
20 #include <sys/queue.h>
38 #include "got_error.h"
45 static struct gotd_auth {
48 struct gotd_repo *repo;
51 static void auth_shutdown(void);
54 auth_sighdlr(int sig, short event, void *arg)
57 * Normal signal handler rules don't apply because libevent
72 fatalx("unexpected signal");
77 uidcheck(const char *s, uid_t desired)
81 if (gotd_parseuid(s, &uid) != 0)
89 parsegid(const char *s, gid_t *gid)
94 if ((gr = getgrnam(s)) != NULL) {
100 *gid = strtonum(s, 0, GID_MAX - 1, &errstr);
107 match_identifier(const char *identifier, gid_t *groups, int ngroups,
108 uid_t euid, gid_t egid)
112 if (identifier[0] == ':') {
114 if (parsegid(identifier + 1, &rgid) == -1)
118 for (i = 0; i < ngroups; i++) {
119 if (rgid == groups[i])
124 } else if (uidcheck(identifier, euid) != 0)
130 static const struct got_error *
131 auth_check(char **username, struct gotd_access_rule_list *rules,
132 const char *repo_name, uid_t euid, gid_t egid, int required_auth)
134 struct gotd_access_rule *rule;
135 enum gotd_access access = GOTD_ACCESS_DENIED;
137 gid_t groups[NGROUPS_MAX];
138 int ngroups = NGROUPS_MAX;
139 int matched_user = 0;
146 return got_error_from_errno("getpwuid");
148 return got_error_set_errno(EACCES, repo_name);
151 *username = strdup(pw->pw_name);
152 if (*username == NULL)
153 return got_error_from_errno("strdup");
155 if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups) == -1)
156 log_warnx("group membership list truncated");
158 STAILQ_FOREACH(rule, rules, entry) {
159 if (!match_identifier(rule->identifier, groups, ngroups,
164 access = rule->access;
165 if (rule->access == GOTD_ACCESS_PERMITTED &&
166 (rule->authorization & required_auth) != required_auth)
167 access = GOTD_ACCESS_DENIED;
170 if (access == GOTD_ACCESS_DENIED) {
172 * If a user has no explicit read or write access then
173 * do not leak the existence of a repository to them.
176 return got_error(GOT_ERR_NOT_GIT_REPO);
178 return got_error_set_errno(EACCES, repo_name);
181 if (access == GOTD_ACCESS_PERMITTED)
184 /* should not happen, this would be a bug */
185 return got_error_msg(GOT_ERR_NOT_IMPL, "bad access rule");
188 static const struct got_error *
189 recv_authreq(struct imsg *imsg, struct gotd_imsgev *iev)
191 const struct got_error *err;
192 struct imsgbuf *ibuf = &iev->ibuf;
193 struct gotd_imsg_auth iauth;
197 char *username = NULL;
199 const size_t maxlen = MAX_IMSGSIZE - IMSG_HEADER_SIZE;
202 log_debug("authentication request received");
204 datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
205 if (datalen != sizeof(iauth))
206 return got_error(GOT_ERR_PRIVSEP_LEN);
208 memcpy(&iauth, imsg->data, datalen);
210 fd = imsg_get_fd(imsg);
212 return got_error(GOT_ERR_PRIVSEP_NO_FD);
214 if (getpeereid(fd, &euid, &egid) == -1)
215 return got_error_from_errno("getpeerid");
217 if (iauth.euid != euid)
218 return got_error(GOT_ERR_UID);
219 if (iauth.egid != egid)
220 return got_error(GOT_ERR_GID);
222 log_debug("authenticating uid %d gid %d", euid, egid);
224 err = auth_check(&username, &gotd_auth.repo->rules,
225 gotd_auth.repo->name, iauth.euid, iauth.egid, iauth.required_auth);
227 gotd_imsg_send_error(ibuf, PROC_AUTH, iauth.client_id, err);
231 len = strlen(username);
235 if (gotd_imsg_compose_event(iev, GOTD_IMSG_ACCESS_GRANTED,
236 PROC_AUTH, -1, username, len) == -1)
237 err = got_error_from_errno("imsg compose ACCESS_GRANTED");
244 auth_dispatch(int fd, short event, void *arg)
246 const struct got_error *err = NULL;
247 struct gotd_imsgev *iev = arg;
248 struct imsgbuf *ibuf = &iev->ibuf;
253 if (event & EV_READ) {
254 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
255 fatal("imsg_read error");
256 if (n == 0) /* Connection closed. */
260 if (event & EV_WRITE) {
261 n = msgbuf_write(&ibuf->w);
262 if (n == -1 && errno != EAGAIN)
263 fatal("msgbuf_write");
264 if (n == 0) /* Connection closed. */
269 if ((n = imsg_get(ibuf, &imsg)) == -1)
270 fatal("%s: imsg_get", __func__);
271 if (n == 0) /* No more messages. */
274 switch (imsg.hdr.type) {
275 case GOTD_IMSG_AUTHENTICATE:
276 err = recv_authreq(&imsg, iev);
278 log_warnx("%s", err->msg);
281 log_debug("unexpected imsg %d", imsg.hdr.type);
289 gotd_imsg_event_add(iev);
291 /* This pipe is dead. Remove its event handler */
293 event_loopexit(NULL);
298 auth_main(const char *title, struct gotd_repolist *repos,
299 const char *repo_path)
301 struct gotd_repo *repo = NULL;
302 struct gotd_imsgev iev;
303 struct event evsigint, evsigterm, evsighup, evsigusr1;
305 gotd_auth.title = title;
306 gotd_auth.pid = getpid();
307 TAILQ_FOREACH(repo, repos, entry) {
308 if (got_path_cmp(repo->path, repo_path,
309 strlen(repo->path), strlen(repo_path)) == 0)
313 fatalx("repository %s not found in config", repo_path);
314 gotd_auth.repo = repo;
316 signal_set(&evsigint, SIGINT, auth_sighdlr, NULL);
317 signal_set(&evsigterm, SIGTERM, auth_sighdlr, NULL);
318 signal_set(&evsighup, SIGHUP, auth_sighdlr, NULL);
319 signal_set(&evsigusr1, SIGUSR1, auth_sighdlr, NULL);
320 signal(SIGPIPE, SIG_IGN);
322 signal_add(&evsigint, NULL);
323 signal_add(&evsigterm, NULL);
324 signal_add(&evsighup, NULL);
325 signal_add(&evsigusr1, NULL);
327 imsg_init(&iev.ibuf, GOTD_FILENO_MSG_PIPE);
328 iev.handler = auth_dispatch;
329 iev.events = EV_READ;
330 iev.handler_arg = NULL;
331 event_set(&iev.ev, iev.ibuf.fd, EV_READ, auth_dispatch, &iev);
332 if (event_add(&iev.ev, NULL) == -1)
343 log_debug("%s: shutting down", gotd_auth.title);