Blame

Date:
Message:
getpwuid() returns NULL without setting errno if no user is found pointed out by millert@
Actions:
History | Blob | Raw File
  1 729a7e24 2022-11-17 thomas /*

  2 729a7e24 2022-11-17 thomas  * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>

  3 729a7e24 2022-11-17 thomas  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>

  4 729a7e24 2022-11-17 thomas  *

  5 729a7e24 2022-11-17 thomas  * Permission to use, copy, modify, and distribute this software for any

  6 729a7e24 2022-11-17 thomas  * purpose with or without fee is hereby granted, provided that the above

  7 729a7e24 2022-11-17 thomas  * copyright notice and this permission notice appear in all copies.

  8 729a7e24 2022-11-17 thomas  *

  9 729a7e24 2022-11-17 thomas  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

 10 729a7e24 2022-11-17 thomas  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

 11 729a7e24 2022-11-17 thomas  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

 12 729a7e24 2022-11-17 thomas  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

 13 729a7e24 2022-11-17 thomas  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

 14 729a7e24 2022-11-17 thomas  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

 15 729a7e24 2022-11-17 thomas  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

 16 729a7e24 2022-11-17 thomas  */

 17 729a7e24 2022-11-17 thomas 

 18 729a7e24 2022-11-17 thomas #include <sys/types.h>

 19 729a7e24 2022-11-17 thomas #include <sys/queue.h>

 20 729a7e24 2022-11-17 thomas #include <sys/uio.h>

 21 729a7e24 2022-11-17 thomas 

 22 729a7e24 2022-11-17 thomas #include <errno.h>

 23 729a7e24 2022-11-17 thomas #include <event.h>

 24 729a7e24 2022-11-17 thomas #include <limits.h>

 25 729a7e24 2022-11-17 thomas #include <pwd.h>

 26 729a7e24 2022-11-17 thomas #include <grp.h>

 27 729a7e24 2022-11-17 thomas #include <sha1.h>

 28 729a7e24 2022-11-17 thomas #include <stdint.h>

 29 729a7e24 2022-11-17 thomas #include <stdio.h>

 30 729a7e24 2022-11-17 thomas #include <stdlib.h>

 31 729a7e24 2022-11-17 thomas #include <imsg.h>

 32 ff260661 2022-11-17 thomas #include <unistd.h>

 33 729a7e24 2022-11-17 thomas 

 34 729a7e24 2022-11-17 thomas #include "got_error.h"

 35 729a7e24 2022-11-17 thomas 

 36 729a7e24 2022-11-17 thomas #include "gotd.h"

 37 ff260661 2022-11-17 thomas #include "log.h"

 38 729a7e24 2022-11-17 thomas #include "auth.h"

 39 729a7e24 2022-11-17 thomas 

 40 729a7e24 2022-11-17 thomas static int

 41 729a7e24 2022-11-17 thomas parseuid(const char *s, uid_t *uid)

 42 729a7e24 2022-11-17 thomas {

 43 729a7e24 2022-11-17 thomas 	struct passwd *pw;

 44 729a7e24 2022-11-17 thomas 	const char *errstr;

 45 729a7e24 2022-11-17 thomas 

 46 729a7e24 2022-11-17 thomas 	if ((pw = getpwnam(s)) != NULL) {

 47 729a7e24 2022-11-17 thomas 		*uid = pw->pw_uid;

 48 729a7e24 2022-11-17 thomas 		if (*uid == UID_MAX)

 49 729a7e24 2022-11-17 thomas 			return -1;

 50 729a7e24 2022-11-17 thomas 		return 0;

 51 729a7e24 2022-11-17 thomas 	}

 52 729a7e24 2022-11-17 thomas 	*uid = strtonum(s, 0, UID_MAX - 1, &errstr);

 53 729a7e24 2022-11-17 thomas 	if (errstr)

 54 729a7e24 2022-11-17 thomas 		return -1;

 55 729a7e24 2022-11-17 thomas 	return 0;

 56 729a7e24 2022-11-17 thomas }

 57 729a7e24 2022-11-17 thomas 

 58 729a7e24 2022-11-17 thomas static int

 59 729a7e24 2022-11-17 thomas uidcheck(const char *s, uid_t desired)

 60 729a7e24 2022-11-17 thomas {

 61 729a7e24 2022-11-17 thomas 	uid_t uid;

 62 729a7e24 2022-11-17 thomas 

 63 729a7e24 2022-11-17 thomas 	if (parseuid(s, &uid) != 0)

 64 729a7e24 2022-11-17 thomas 		return -1;

 65 729a7e24 2022-11-17 thomas 	if (uid != desired)

 66 729a7e24 2022-11-17 thomas 		return -1;

 67 729a7e24 2022-11-17 thomas 	return 0;

 68 729a7e24 2022-11-17 thomas }

 69 729a7e24 2022-11-17 thomas 

 70 729a7e24 2022-11-17 thomas static int

 71 729a7e24 2022-11-17 thomas parsegid(const char *s, gid_t *gid)

 72 729a7e24 2022-11-17 thomas {

 73 729a7e24 2022-11-17 thomas 	struct group *gr;

 74 729a7e24 2022-11-17 thomas 	const char *errstr;

 75 729a7e24 2022-11-17 thomas 

 76 729a7e24 2022-11-17 thomas 	if ((gr = getgrnam(s)) != NULL) {

 77 729a7e24 2022-11-17 thomas 		*gid = gr->gr_gid;

 78 729a7e24 2022-11-17 thomas 		if (*gid == GID_MAX)

 79 729a7e24 2022-11-17 thomas 			return -1;

 80 729a7e24 2022-11-17 thomas 		return 0;

 81 729a7e24 2022-11-17 thomas 	}

 82 729a7e24 2022-11-17 thomas 	*gid = strtonum(s, 0, GID_MAX - 1, &errstr);

 83 729a7e24 2022-11-17 thomas 	if (errstr)

 84 729a7e24 2022-11-17 thomas 		return -1;

 85 729a7e24 2022-11-17 thomas 	return 0;

 86 729a7e24 2022-11-17 thomas }

 87 729a7e24 2022-11-17 thomas 

 88 729a7e24 2022-11-17 thomas static int

 89 729a7e24 2022-11-17 thomas match_identifier(const char *identifier, gid_t *groups, int ngroups,

 90 729a7e24 2022-11-17 thomas     uid_t euid, gid_t egid)

 91 729a7e24 2022-11-17 thomas {

 92 729a7e24 2022-11-17 thomas 	int i;

 93 729a7e24 2022-11-17 thomas 

 94 729a7e24 2022-11-17 thomas 	if (identifier[0] == ':') {

 95 729a7e24 2022-11-17 thomas 		gid_t rgid;

 96 729a7e24 2022-11-17 thomas 		if (parsegid(identifier + 1, &rgid) == -1)

 97 729a7e24 2022-11-17 thomas 			return 0;

 98 ff260661 2022-11-17 thomas 		if (rgid == egid)

 99 ff260661 2022-11-17 thomas 			return 1;

100 729a7e24 2022-11-17 thomas 		for (i = 0; i < ngroups; i++) {

101 ff260661 2022-11-17 thomas 			if (rgid == groups[i])

102 729a7e24 2022-11-17 thomas 				break;

103 729a7e24 2022-11-17 thomas 		}

104 729a7e24 2022-11-17 thomas 		if (i == ngroups)

105 729a7e24 2022-11-17 thomas 			return 0;

106 729a7e24 2022-11-17 thomas 	} else if (uidcheck(identifier, euid) != 0)

107 729a7e24 2022-11-17 thomas 		return 0;

108 729a7e24 2022-11-17 thomas 

109 729a7e24 2022-11-17 thomas 	return 1;

110 729a7e24 2022-11-17 thomas }

111 729a7e24 2022-11-17 thomas 

112 729a7e24 2022-11-17 thomas const struct got_error *

113 729a7e24 2022-11-17 thomas gotd_auth_check(struct gotd_access_rule_list *rules, const char *repo_name,

114 ff260661 2022-11-17 thomas     uid_t euid, gid_t egid, int required_auth)

115 729a7e24 2022-11-17 thomas {

116 729a7e24 2022-11-17 thomas 	struct gotd_access_rule *rule;

117 729a7e24 2022-11-17 thomas 	enum gotd_access access = GOTD_ACCESS_DENIED;

118 ff260661 2022-11-17 thomas 	struct passwd *pw;

119 ff260661 2022-11-17 thomas 	gid_t groups[NGROUPS_MAX];

120 ff260661 2022-11-17 thomas 	int ngroups = NGROUPS_MAX;

121 729a7e24 2022-11-17 thomas 

122 ff260661 2022-11-17 thomas 	pw = getpwuid(euid);

123 9928b132 2022-11-20 thomas 	if (pw == NULL) {

124 9928b132 2022-11-20 thomas 		if (errno)

125 9928b132 2022-11-20 thomas 			return got_error_from_errno("getpwuid");

126 9928b132 2022-11-20 thomas 		else

127 9928b132 2022-11-20 thomas 			return got_error_set_errno(EACCES, repo_name);

128 9928b132 2022-11-20 thomas 	}

129 ff260661 2022-11-17 thomas 

130 ff260661 2022-11-17 thomas 	if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups) == -1)

131 ff260661 2022-11-17 thomas 		log_warnx("group membership list truncated");

132 ff260661 2022-11-17 thomas 

133 729a7e24 2022-11-17 thomas 	STAILQ_FOREACH(rule, rules, entry) {

134 729a7e24 2022-11-17 thomas 		if (!match_identifier(rule->identifier, groups, ngroups,

135 729a7e24 2022-11-17 thomas 		    euid, egid))

136 729a7e24 2022-11-17 thomas 			continue;

137 729a7e24 2022-11-17 thomas 

138 729a7e24 2022-11-17 thomas 		access = rule->access;

139 729a7e24 2022-11-17 thomas 		if (rule->access == GOTD_ACCESS_PERMITTED &&

140 729a7e24 2022-11-17 thomas 		    (rule->authorization & required_auth) != required_auth)

141 729a7e24 2022-11-17 thomas 			access = GOTD_ACCESS_DENIED;

142 729a7e24 2022-11-17 thomas 	}

143 729a7e24 2022-11-17 thomas 

144 729a7e24 2022-11-17 thomas 	if (access == GOTD_ACCESS_DENIED)

145 729a7e24 2022-11-17 thomas 		return got_error_set_errno(EACCES, repo_name);

146 729a7e24 2022-11-17 thomas 

147 729a7e24 2022-11-17 thomas 	if (access == GOTD_ACCESS_PERMITTED)

148 729a7e24 2022-11-17 thomas 		return NULL;

149 729a7e24 2022-11-17 thomas 

150 729a7e24 2022-11-17 thomas 	/* should not happen, this would be a bug */

151 729a7e24 2022-11-17 thomas 	return got_error_msg(GOT_ERR_NOT_IMPL, "bad access rule");

152 729a7e24 2022-11-17 thomas }