2 * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
3 * Copyright (c) 2016-2019, 2020-2021 Tracey Emery <tracey@traceyemery.net>
4 * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
5 * Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org>
6 * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
7 * Copyright (c) 2001 Markus Friedl. All rights reserved.
8 * Copyright (c) 2001 Daniel Hartmeier. All rights reserved.
9 * Copyright (c) 2001 Theo de Raadt. All rights reserved.
11 * Permission to use, copy, modify, and distribute this software for any
12 * purpose with or without fee is hereby granted, provided that the above
13 * copyright notice and this permission notice appear in all copies.
15 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
16 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
17 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
18 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
19 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
26 #include <sys/types.h>
27 #include <sys/queue.h>
46 #include "got_error.h"
48 #include "got_reference.h"
55 TAILQ_HEAD(files, file) files = TAILQ_HEAD_INITIALIZER(files);
57 TAILQ_ENTRY(file) entry;
63 struct file *newfile(const char *, int, int);
64 static void closefile(struct file *);
65 int check_file_secrecy(int, const char *);
68 int yyerror(const char *, ...)
69 __attribute__((__format__ (printf, 1, 2)))
70 __attribute__((__nonnull__ (1)));
71 int kw_cmp(const void *, const void *);
76 static char *port_sprintf(int);
78 TAILQ_HEAD(symhead, sym) symhead = TAILQ_HEAD_INITIALIZER(symhead);
80 TAILQ_ENTRY(sym) entry;
87 int symset(const char *, const char *, int);
88 char *symget(const char *);
92 static struct gotd *gotd;
93 static struct gotd_repo *new_repo;
94 static int conf_limit_user_connections(const char *, int);
95 static struct gotd_repo *conf_new_repo(const char *);
96 static void conf_new_access_rule(struct gotd_repo *,
97 enum gotd_access, int, char *);
98 static int conf_protect_ref_namespace(char **,
99 struct got_pathlist_head *, char *);
100 static int conf_protect_tag_namespace(struct gotd_repo *,
102 static int conf_protect_branch_namespace(
103 struct gotd_repo *, char *);
104 static int conf_protect_branch(struct gotd_repo *,
106 static int conf_notify_branch(struct gotd_repo *,
108 static int conf_notify_ref_namespace(struct gotd_repo *,
110 static int conf_notify_email(struct gotd_repo *,
111 char *, char *, char *, char *, char *);
112 static int conf_notify_http(struct gotd_repo *,
113 char *, char *, char *, int);
114 static enum gotd_procid gotd_proc_id;
127 %token PATH ERROR LISTEN ON USER REPOSITORY PERMIT DENY
128 %token RO RW CONNECTION LIMIT REQUEST TIMEOUT
129 %token PROTECT NAMESPACE BRANCH TAG REFERENCE RELAY PORT
130 %token NOTIFY EMAIL FROM REPLY TO URL PASSWORD INSECURE
132 %token <v.string> STRING
133 %token <v.number> NUMBER
140 | grammar varset '\n'
142 | grammar repository '\n'
145 varset : STRING '=' STRING {
148 if (isspace((unsigned char)*s)) {
149 yyerror("macro name cannot contain "
156 if (symset($1, $3, 0) == -1)
157 fatal("cannot store variable");
165 yyerror("invalid timeout: %lld", $1);
173 const char *type = "seconds";
178 yyerror("invalid number of seconds: %s", $1);
184 switch ($1[len - 1]) {
204 $$.tv_sec = strtonum($1, 0, INT_MAX / mul, &errstr);
206 yyerror("number of %s is %s: %s", type,
217 main : LISTEN ON STRING {
218 if (!got_path_is_absolute($3))
219 yyerror("bad unix socket path \"%s\": "
220 "must be an absolute path", $3);
222 if (gotd_proc_id == PROC_LISTEN) {
223 if (strlcpy(gotd->unix_socket_path, $3,
224 sizeof(gotd->unix_socket_path)) >=
225 sizeof(gotd->unix_socket_path)) {
226 yyerror("%s: unix socket path too long",
235 if (strlcpy(gotd->user_name, $2,
236 sizeof(gotd->user_name)) >=
237 sizeof(gotd->user_name)) {
238 yyerror("%s: user name too long", __func__);
247 connection : CONNECTION '{' optnl conflags_l '}'
248 | CONNECTION conflags
250 conflags_l : conflags optnl conflags_l
254 conflags : REQUEST TIMEOUT timeout {
255 if ($3.tv_sec <= 0) {
256 yyerror("invalid timeout: %lld",
257 (long long)$3.tv_sec);
260 memcpy(&gotd->request_timeout, &$3,
261 sizeof(gotd->request_timeout));
263 | LIMIT USER STRING NUMBER {
264 if (gotd_proc_id == PROC_LISTEN &&
265 conf_limit_user_connections($3, $4) == -1) {
273 protect : PROTECT '{' optnl protectflags_l '}'
274 | PROTECT protectflags
276 protectflags_l : protectflags optnl protectflags_l
280 protectflags : TAG NAMESPACE STRING {
281 if (gotd_proc_id == PROC_GOTD ||
282 gotd_proc_id == PROC_REPO_WRITE) {
283 if (conf_protect_tag_namespace(new_repo, $3)) {
290 | BRANCH NAMESPACE STRING {
291 if (gotd_proc_id == PROC_GOTD ||
292 gotd_proc_id == PROC_REPO_WRITE) {
293 if (conf_protect_branch_namespace(new_repo,
302 if (gotd_proc_id == PROC_GOTD ||
303 gotd_proc_id == PROC_REPO_WRITE) {
304 if (conf_protect_branch(new_repo, $2)) {
313 notify : NOTIFY '{' optnl notifyflags_l '}'
316 notifyflags_l : notifyflags optnl notifyflags_l
320 notifyflags : BRANCH STRING {
321 if (gotd_proc_id == PROC_GOTD ||
322 gotd_proc_id == PROC_SESSION_WRITE ||
323 gotd_proc_id == PROC_NOTIFY) {
324 if (conf_notify_branch(new_repo, $2)) {
331 | REFERENCE NAMESPACE STRING {
332 if (gotd_proc_id == PROC_GOTD ||
333 gotd_proc_id == PROC_SESSION_WRITE ||
334 gotd_proc_id == PROC_NOTIFY) {
335 if (conf_notify_ref_namespace(new_repo, $3)) {
343 if (gotd_proc_id == PROC_GOTD ||
344 gotd_proc_id == PROC_SESSION_WRITE ||
345 gotd_proc_id == PROC_NOTIFY) {
346 if (conf_notify_email(new_repo, NULL, $3,
354 | EMAIL FROM STRING TO STRING {
355 if (gotd_proc_id == PROC_GOTD ||
356 gotd_proc_id == PROC_SESSION_WRITE ||
357 gotd_proc_id == PROC_NOTIFY) {
358 if (conf_notify_email(new_repo, $3, $5,
368 | EMAIL TO STRING REPLY TO STRING {
369 if (gotd_proc_id == PROC_GOTD ||
370 gotd_proc_id == PROC_SESSION_WRITE ||
371 gotd_proc_id == PROC_NOTIFY) {
372 if (conf_notify_email(new_repo, NULL, $3,
382 | EMAIL FROM STRING TO STRING REPLY TO STRING {
383 if (gotd_proc_id == PROC_GOTD ||
384 gotd_proc_id == PROC_SESSION_WRITE ||
385 gotd_proc_id == PROC_NOTIFY) {
386 if (conf_notify_email(new_repo, $3, $5,
398 | EMAIL TO STRING RELAY STRING {
399 if (gotd_proc_id == PROC_GOTD ||
400 gotd_proc_id == PROC_SESSION_WRITE ||
401 gotd_proc_id == PROC_NOTIFY) {
402 if (conf_notify_email(new_repo, NULL, $3,
412 | EMAIL FROM STRING TO STRING RELAY STRING {
413 if (gotd_proc_id == PROC_GOTD ||
414 gotd_proc_id == PROC_SESSION_WRITE ||
415 gotd_proc_id == PROC_NOTIFY) {
416 if (conf_notify_email(new_repo, $3, $5,
428 | EMAIL TO STRING REPLY TO STRING RELAY STRING {
429 if (gotd_proc_id == PROC_GOTD ||
430 gotd_proc_id == PROC_SESSION_WRITE ||
431 gotd_proc_id == PROC_NOTIFY) {
432 if (conf_notify_email(new_repo, NULL, $3,
444 | EMAIL FROM STRING TO STRING REPLY TO STRING RELAY STRING {
445 if (gotd_proc_id == PROC_GOTD ||
446 gotd_proc_id == PROC_SESSION_WRITE ||
447 gotd_proc_id == PROC_NOTIFY) {
448 if (conf_notify_email(new_repo, $3, $5,
462 | EMAIL TO STRING RELAY STRING PORT STRING {
463 if (gotd_proc_id == PROC_GOTD ||
464 gotd_proc_id == PROC_SESSION_WRITE ||
465 gotd_proc_id == PROC_NOTIFY) {
466 if (conf_notify_email(new_repo, NULL, $3,
478 | EMAIL FROM STRING TO STRING RELAY STRING PORT STRING {
479 if (gotd_proc_id == PROC_GOTD ||
480 gotd_proc_id == PROC_SESSION_WRITE ||
481 gotd_proc_id == PROC_NOTIFY) {
482 if (conf_notify_email(new_repo, $3, $5,
496 | EMAIL TO STRING REPLY TO STRING RELAY STRING PORT STRING {
497 if (gotd_proc_id == PROC_GOTD ||
498 gotd_proc_id == PROC_SESSION_WRITE ||
499 gotd_proc_id == PROC_NOTIFY) {
500 if (conf_notify_email(new_repo, NULL, $3,
514 | EMAIL FROM STRING TO STRING REPLY TO STRING RELAY STRING PORT STRING {
515 if (gotd_proc_id == PROC_GOTD ||
516 gotd_proc_id == PROC_SESSION_WRITE ||
517 gotd_proc_id == PROC_NOTIFY) {
518 if (conf_notify_email(new_repo, $3, $5,
534 | EMAIL TO STRING RELAY STRING PORT NUMBER {
535 if (gotd_proc_id == PROC_GOTD ||
536 gotd_proc_id == PROC_SESSION_WRITE ||
537 gotd_proc_id == PROC_NOTIFY) {
538 if (conf_notify_email(new_repo, NULL, $3,
539 NULL, $5, port_sprintf($7))) {
548 | EMAIL FROM STRING TO STRING RELAY STRING PORT NUMBER {
549 if (gotd_proc_id == PROC_GOTD ||
550 gotd_proc_id == PROC_SESSION_WRITE ||
551 gotd_proc_id == PROC_NOTIFY) {
552 if (conf_notify_email(new_repo, $3, $5,
553 NULL, $7, port_sprintf($9))) {
564 | EMAIL TO STRING REPLY TO STRING RELAY STRING PORT NUMBER {
565 if (gotd_proc_id == PROC_GOTD ||
566 gotd_proc_id == PROC_SESSION_WRITE ||
567 gotd_proc_id == PROC_NOTIFY) {
568 if (conf_notify_email(new_repo, NULL, $3,
569 $6, $8, port_sprintf($10))) {
580 | EMAIL FROM STRING TO STRING REPLY TO STRING RELAY STRING PORT NUMBER {
581 if (gotd_proc_id == PROC_GOTD ||
582 gotd_proc_id == PROC_SESSION_WRITE ||
583 gotd_proc_id == PROC_NOTIFY) {
584 if (conf_notify_email(new_repo, $3, $5,
585 $8, $10, port_sprintf($12))) {
599 if (gotd_proc_id == PROC_GOTD ||
600 gotd_proc_id == PROC_SESSION_WRITE ||
601 gotd_proc_id == PROC_NOTIFY) {
602 if (conf_notify_http(new_repo, $2, NULL,
610 | URL STRING USER STRING PASSWORD STRING {
611 if (gotd_proc_id == PROC_GOTD ||
612 gotd_proc_id == PROC_SESSION_WRITE ||
613 gotd_proc_id == PROC_NOTIFY) {
614 if (conf_notify_http(new_repo, $2, $4, $6, 0)) {
625 | URL STRING USER STRING PASSWORD STRING INSECURE {
626 if (gotd_proc_id == PROC_GOTD ||
627 gotd_proc_id == PROC_SESSION_WRITE ||
628 gotd_proc_id == PROC_NOTIFY) {
629 if (conf_notify_http(new_repo, $2, $4, $6, 1)) {
642 repository : REPOSITORY STRING {
643 struct gotd_repo *repo;
645 TAILQ_FOREACH(repo, &gotd->repos, entry) {
646 if (strcmp(repo->name, $2) == 0) {
647 yyerror("duplicate repository '%s'", $2);
653 if (gotd_proc_id == PROC_GOTD ||
654 gotd_proc_id == PROC_AUTH ||
655 gotd_proc_id == PROC_REPO_WRITE ||
656 gotd_proc_id == PROC_SESSION_WRITE ||
657 gotd_proc_id == PROC_GITWRAPPER |
658 gotd_proc_id == PROC_NOTIFY) {
659 new_repo = conf_new_repo($2);
662 } '{' optnl repoopts2 '}' {
666 repoopts1 : PATH STRING {
667 if (gotd_proc_id == PROC_GOTD ||
668 gotd_proc_id == PROC_AUTH ||
669 gotd_proc_id == PROC_REPO_WRITE ||
670 gotd_proc_id == PROC_SESSION_WRITE ||
671 gotd_proc_id == PROC_GITWRAPPER ||
672 gotd_proc_id == PROC_NOTIFY) {
673 if (!got_path_is_absolute($2)) {
674 yyerror("%s: path %s is not absolute",
679 if (realpath($2, new_repo->path) == NULL) {
681 * To give admins a chance to create
682 * missing repositories at run-time
683 * we only warn about ENOENT here.
685 * And ignore 'permission denied' when
686 * running in gitwrapper. Users may be
687 * able to access this repository via
690 if (errno == ENOENT) {
691 yyerror("realpath %s: %s", $2,
693 } else if (errno != EACCES ||
694 gotd_proc_id != PROC_GITWRAPPER) {
695 yyerror("realpath %s: %s", $2,
701 if (strlcpy(new_repo->path, $2,
702 sizeof(new_repo->path)) >=
703 sizeof(new_repo->path))
704 yyerror("path too long");
710 if (gotd_proc_id == PROC_AUTH) {
711 conf_new_access_rule(new_repo,
712 GOTD_ACCESS_PERMITTED, GOTD_AUTH_READ, $3);
717 if (gotd_proc_id == PROC_AUTH) {
718 conf_new_access_rule(new_repo,
719 GOTD_ACCESS_PERMITTED,
720 GOTD_AUTH_READ | GOTD_AUTH_WRITE, $3);
725 if (gotd_proc_id == PROC_AUTH) {
726 conf_new_access_rule(new_repo,
727 GOTD_ACCESS_DENIED, 0, $2);
735 repoopts2 : repoopts2 repoopts1 nl
742 optnl : '\n' optnl /* zero or more newlines */
754 yyerror(const char *fmt, ...)
761 if (vasprintf(&msg, fmt, ap) == -1)
762 fatalx("yyerror vasprintf");
764 logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg);
770 kw_cmp(const void *k, const void *e)
772 return (strcmp(k, ((const struct keywords *)e)->k_name));
778 /* This has to be sorted always. */
779 static const struct keywords keywords[] = {
780 { "branch", BRANCH },
781 { "connection", CONNECTION },
785 { "insecure", INSECURE },
787 { "listen", LISTEN },
788 { "namespace", NAMESPACE },
789 { "notify", NOTIFY },
791 { "password", PASSWORD },
793 { "permit", PERMIT },
795 { "protect", PROTECT },
796 { "reference", REFERENCE },
799 { "repository", REPOSITORY },
800 { "request", REQUEST },
804 { "timeout", TIMEOUT },
809 const struct keywords *p;
811 p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
812 sizeof(keywords[0]), kw_cmp);
820 #define MAXPUSHBACK 128
822 unsigned char *parsebuf;
824 unsigned char pushback_buffer[MAXPUSHBACK];
825 int pushback_index = 0;
833 /* Read character from the parsebuffer instead of input. */
834 if (parseindex >= 0) {
835 c = parsebuf[parseindex++];
844 return (pushback_buffer[--pushback_index]);
847 c = getc(file->stream);
849 yyerror("reached end of file while parsing "
854 c = getc(file->stream);
856 next = getc(file->stream);
861 yylval.lineno = file->lineno;
863 c = getc(file->stream);
879 if (pushback_index < MAXPUSHBACK-1)
880 return (pushback_buffer[pushback_index++] = c);
892 /* Skip to either EOF or the first real EOL. */
895 c = pushback_buffer[--pushback_index];
911 unsigned char buf[8096];
912 unsigned char *p, *val;
919 while (c == ' ' || c == '\t')
920 c = lgetc(0); /* nothing */
922 yylval.lineno = file->lineno;
925 while (c != '\n' && c != EOF)
926 c = lgetc(0); /* nothing */
928 if (c == '$' && parsebuf == NULL) {
934 if (p + 1 >= buf + sizeof(buf) - 1) {
935 yyerror("string too long");
938 if (isalnum(c) || c == '_') {
948 yyerror("macro '%s' not defined", buf);
967 } else if (c == '\\') {
968 next = lgetc(quotec);
971 if (next == quotec || c == ' ' || c == '\t')
973 else if (next == '\n') {
978 } else if (c == quotec) {
981 } else if (c == '\0') {
982 yyerror("syntax error");
985 if (p + 1 >= buf + sizeof(buf) - 1) {
986 yyerror("string too long");
991 yylval.v.string = strdup(buf);
992 if (yylval.v.string == NULL)
993 err(1, "yylex: strdup");
997 #define allowed_to_end_number(x) \
998 (isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
1000 if (c == '-' || isdigit(c)) {
1003 if ((unsigned)(p-buf) >= sizeof(buf)) {
1004 yyerror("string too long");
1008 } while (c != EOF && isdigit(c));
1010 if (p == buf + 1 && buf[0] == '-')
1012 if (c == EOF || allowed_to_end_number(c)) {
1013 const char *errstr = NULL;
1016 yylval.v.number = strtonum(buf, LLONG_MIN,
1017 LLONG_MAX, &errstr);
1019 yyerror("\"%s\" invalid number: %s",
1034 #define allowed_in_string(x) \
1035 (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
1036 x != '{' && x != '}' && \
1037 x != '!' && x != '=' && x != '#' && \
1040 if (isalnum(c) || c == ':' || c == '_') {
1043 if ((unsigned)(p-buf) >= sizeof(buf)) {
1044 yyerror("string too long");
1048 } while (c != EOF && (allowed_in_string(c)));
1051 token = lookup(buf);
1052 if (token == STRING) {
1053 yylval.v.string = strdup(buf);
1054 if (yylval.v.string == NULL)
1055 err(1, "yylex: strdup");
1060 yylval.lineno = file->lineno;
1069 check_file_secrecy(int fd, const char *fname)
1073 if (fstat(fd, &st)) {
1074 log_warn("cannot stat %s", fname);
1077 if (st.st_uid != 0 && st.st_uid != getuid()) {
1078 log_warnx("%s: owner not root or current user", fname);
1081 if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {
1082 log_warnx("%s: group writable or world read/writable", fname);
1089 newfile(const char *name, int secret, int required)
1093 nfile = calloc(1, sizeof(struct file));
1094 if (nfile == NULL) {
1098 nfile->name = strdup(name);
1099 if (nfile->name == NULL) {
1104 nfile->stream = fopen(nfile->name, "r");
1105 if (nfile->stream == NULL) {
1107 log_warn("open %s", nfile->name);
1111 } else if (secret &&
1112 check_file_secrecy(fileno(nfile->stream), nfile->name)) {
1113 fclose(nfile->stream);
1123 closefile(struct file *xfile)
1125 fclose(xfile->stream);
1131 parse_config(const char *filename, enum gotd_procid proc_id,
1134 struct sym *sym, *next;
1135 struct gotd_repo *repo;
1136 int require_config_file = (proc_id != PROC_GITWRAPPER);
1138 memset(env, 0, sizeof(*env));
1141 gotd_proc_id = proc_id;
1142 TAILQ_INIT(&gotd->repos);
1144 /* Apply default values. */
1145 if (strlcpy(gotd->unix_socket_path, GOTD_UNIX_SOCKET,
1146 sizeof(gotd->unix_socket_path)) >= sizeof(gotd->unix_socket_path)) {
1147 fprintf(stderr, "%s: unix socket path too long", __func__);
1150 if (strlcpy(gotd->user_name, GOTD_USER,
1151 sizeof(gotd->user_name)) >= sizeof(gotd->user_name)) {
1152 fprintf(stderr, "%s: user name too long", __func__);
1156 gotd->request_timeout.tv_sec = GOTD_DEFAULT_REQUEST_TIMEOUT;
1157 gotd->request_timeout.tv_usec = 0;
1159 file = newfile(filename, 0, require_config_file);
1161 return require_config_file ? -1 : 0;
1164 errors = file->errors;
1167 /* Free macros and check which have not been used. */
1168 TAILQ_FOREACH_SAFE(sym, &symhead, entry, next) {
1169 if ((gotd->verbosity > 1) && !sym->used)
1170 fprintf(stderr, "warning: macro '%s' not used\n",
1172 if (!sym->persist) {
1175 TAILQ_REMOVE(&symhead, sym, entry);
1183 TAILQ_FOREACH(repo, &gotd->repos, entry) {
1184 if (repo->path[0] == '\0') {
1185 log_warnx("repository \"%s\": no path provided in "
1186 "configuration file", repo->name);
1191 if (proc_id == PROC_GOTD && TAILQ_EMPTY(&gotd->repos)) {
1192 log_warnx("no repository defined in configuration file");
1200 uid_connection_limit_cmp(const void *pa, const void *pb)
1202 const struct gotd_uid_connection_limit *a = pa, *b = pb;
1204 if (a->uid < b->uid)
1206 else if (a->uid > b->uid);
1213 conf_limit_user_connections(const char *user, int maximum)
1216 struct gotd_uid_connection_limit *limit;
1220 yyerror("max connections cannot be smaller 1");
1223 if (maximum > GOTD_MAXCLIENTS) {
1224 yyerror("max connections must be <= %d", GOTD_MAXCLIENTS);
1228 if (gotd_parseuid(user, &uid) == -1) {
1229 yyerror("%s: no such user", user);
1233 limit = gotd_find_uid_connection_limit(gotd->connection_limits,
1234 gotd->nconnection_limits, uid);
1236 limit->max_connections = maximum;
1240 limit = gotd->connection_limits;
1241 nlimits = gotd->nconnection_limits + 1;
1242 limit = reallocarray(limit, nlimits, sizeof(*limit));
1244 fatal("reallocarray");
1246 limit[nlimits - 1].uid = uid;
1247 limit[nlimits - 1].max_connections = maximum;
1249 gotd->connection_limits = limit;
1250 gotd->nconnection_limits = nlimits;
1251 qsort(gotd->connection_limits, gotd->nconnection_limits,
1252 sizeof(gotd->connection_limits[0]), uid_connection_limit_cmp);
1257 static struct gotd_repo *
1258 conf_new_repo(const char *name)
1260 struct gotd_repo *repo;
1262 if (name[0] == '\0') {
1263 fatalx("syntax error: empty repository name found in %s",
1267 if (strchr(name, '\n') != NULL)
1268 fatalx("repository names must not contain linefeeds: %s", name);
1270 repo = calloc(1, sizeof(*repo));
1272 fatalx("%s: calloc", __func__);
1274 STAILQ_INIT(&repo->rules);
1275 TAILQ_INIT(&repo->protected_tag_namespaces);
1276 TAILQ_INIT(&repo->protected_branch_namespaces);
1277 TAILQ_INIT(&repo->protected_branches);
1278 TAILQ_INIT(&repo->protected_branches);
1279 TAILQ_INIT(&repo->notification_refs);
1280 TAILQ_INIT(&repo->notification_ref_namespaces);
1281 STAILQ_INIT(&repo->notification_targets);
1283 if (strlcpy(repo->name, name, sizeof(repo->name)) >=
1285 fatalx("%s: strlcpy", __func__);
1287 TAILQ_INSERT_TAIL(&gotd->repos, repo, entry);
1294 conf_new_access_rule(struct gotd_repo *repo, enum gotd_access access,
1295 int authorization, char *identifier)
1297 struct gotd_access_rule *rule;
1299 rule = calloc(1, sizeof(*rule));
1303 rule->access = access;
1304 rule->authorization = authorization;
1305 rule->identifier = identifier;
1307 STAILQ_INSERT_TAIL(&repo->rules, rule, entry);
1311 refname_is_valid(char *refname)
1313 if (strncmp(refname, "refs/", 5) != 0) {
1314 yyerror("reference name must begin with \"refs/\": %s",
1319 if (!got_ref_name_is_valid(refname)) {
1320 yyerror("invalid reference name: %s", refname);
1328 conf_protect_ref_namespace(char **new, struct got_pathlist_head *refs,
1331 const struct got_error *error;
1332 struct got_pathlist_entry *pe;
1337 got_path_strip_trailing_slashes(namespace);
1338 if (!refname_is_valid(namespace))
1340 if (asprintf(&s, "%s/", namespace) == -1) {
1341 yyerror("asprintf: %s", strerror(errno));
1345 error = got_pathlist_insert(&pe, refs, s, NULL);
1346 if (error || pe == NULL) {
1349 yyerror("got_pathlist_insert: %s", error->msg);
1351 yyerror("duplicate protected namespace %s", namespace);
1360 conf_protect_tag_namespace(struct gotd_repo *repo, char *namespace)
1362 struct got_pathlist_entry *pe;
1365 if (conf_protect_ref_namespace(&new, &repo->protected_tag_namespaces,
1369 TAILQ_FOREACH(pe, &repo->protected_branch_namespaces, entry) {
1370 if (strcmp(pe->path, new) == 0) {
1371 yyerror("duplicate protected namespace %s", namespace);
1380 conf_protect_branch_namespace(struct gotd_repo *repo, char *namespace)
1382 struct got_pathlist_entry *pe;
1385 if (conf_protect_ref_namespace(&new,
1386 &repo->protected_branch_namespaces, namespace) == -1)
1389 TAILQ_FOREACH(pe, &repo->protected_tag_namespaces, entry) {
1390 if (strcmp(pe->path, new) == 0) {
1391 yyerror("duplicate protected namespace %s", namespace);
1400 conf_protect_branch(struct gotd_repo *repo, char *branchname)
1402 const struct got_error *error;
1403 struct got_pathlist_entry *new;
1406 if (strncmp(branchname, "refs/heads/", 11) != 0) {
1407 if (asprintf(&refname, "refs/heads/%s", branchname) == -1) {
1408 yyerror("asprintf: %s", strerror(errno));
1412 refname = strdup(branchname);
1413 if (refname == NULL) {
1414 yyerror("strdup: %s", strerror(errno));
1419 if (!refname_is_valid(refname)) {
1424 error = got_pathlist_insert(&new, &repo->protected_branches,
1426 if (error || new == NULL) {
1429 yyerror("got_pathlist_insert: %s", error->msg);
1431 yyerror("duplicate protect branch %s", branchname);
1439 conf_notify_branch(struct gotd_repo *repo, char *branchname)
1441 const struct got_error *error;
1442 struct got_pathlist_entry *pe;
1445 if (strncmp(branchname, "refs/heads/", 11) != 0) {
1446 if (asprintf(&refname, "refs/heads/%s", branchname) == -1) {
1447 yyerror("asprintf: %s", strerror(errno));
1451 refname = strdup(branchname);
1452 if (refname == NULL) {
1453 yyerror("strdup: %s", strerror(errno));
1458 if (!refname_is_valid(refname)) {
1463 error = got_pathlist_insert(&pe, &repo->notification_refs,
1467 yyerror("got_pathlist_insert: %s", error->msg);
1477 conf_notify_ref_namespace(struct gotd_repo *repo, char *namespace)
1479 const struct got_error *error;
1480 struct got_pathlist_entry *pe;
1483 got_path_strip_trailing_slashes(namespace);
1484 if (!refname_is_valid(namespace))
1487 if (asprintf(&s, "%s/", namespace) == -1) {
1488 yyerror("asprintf: %s", strerror(errno));
1492 error = got_pathlist_insert(&pe, &repo->notification_ref_namespaces,
1496 yyerror("got_pathlist_insert: %s", error->msg);
1506 conf_notify_email(struct gotd_repo *repo, char *sender, char *recipient,
1507 char *responder, char *hostname, char *port)
1509 struct gotd_notification_target *target;
1511 STAILQ_FOREACH(target, &repo->notification_targets, entry) {
1512 if (target->type != GOTD_NOTIFICATION_VIA_EMAIL)
1514 if (strcmp(target->conf.email.recipient, recipient) == 0) {
1515 yyerror("duplicate email notification for '%s' in "
1516 "repository '%s'", recipient, repo->name);
1521 target = calloc(1, sizeof(*target));
1524 target->type = GOTD_NOTIFICATION_VIA_EMAIL;
1526 target->conf.email.sender = strdup(sender);
1527 if (target->conf.email.sender == NULL)
1530 target->conf.email.recipient = strdup(recipient);
1531 if (target->conf.email.recipient == NULL)
1534 target->conf.email.responder = strdup(responder);
1535 if (target->conf.email.responder == NULL)
1539 target->conf.email.hostname = strdup(hostname);
1540 if (target->conf.email.hostname == NULL)
1544 target->conf.email.port = strdup(port);
1545 if (target->conf.email.port == NULL)
1549 STAILQ_INSERT_TAIL(&repo->notification_targets, target, entry);
1554 conf_notify_http(struct gotd_repo *repo, char *url, char *user, char *password,
1557 const struct got_error *error;
1558 struct gotd_notification_target *target;
1559 char *proto, *hostname, *port, *path;
1560 int tls = 0, ret = 0;
1562 error = gotd_parse_url(&proto, &hostname, &port, &path, url);
1564 yyerror("invalid HTTP notification URL '%s' in "
1565 "repository '%s': %s", url, repo->name, error->msg);
1569 tls = !strcmp(proto, "https");
1571 if (strcmp(proto, "http") != 0 && strcmp(proto, "https") != 0) {
1572 yyerror("invalid protocol '%s' in notification URL '%s' in "
1573 "repository '%s", proto, url, repo->name);
1579 if (strcmp(proto, "http") == 0)
1580 port = strdup("80");
1581 if (strcmp(proto, "https") == 0)
1582 port = strdup("443");
1584 error = got_error_from_errno("strdup");
1590 if ((user != NULL && password == NULL) ||
1591 (user == NULL && password != NULL)) {
1592 yyerror("missing username or password");
1597 if (!insecure && strcmp(proto, "http") == 0 &&
1598 (user != NULL || password != NULL)) {
1599 yyerror("%s: HTTP notifications with basic authentication "
1600 "over plaintext HTTP will leak credentials; add the "
1601 "'insecure' config keyword if this is intentional", url);
1606 STAILQ_FOREACH(target, &repo->notification_targets, entry) {
1607 if (target->type != GOTD_NOTIFICATION_VIA_HTTP)
1609 if (target->conf.http.tls == tls &&
1610 !strcmp(target->conf.http.hostname, hostname) &&
1611 !strcmp(target->conf.http.port, port) &&
1612 !strcmp(target->conf.http.path, path)) {
1613 yyerror("duplicate notification for URL '%s' in "
1614 "repository '%s'", url, repo->name);
1620 target = calloc(1, sizeof(*target));
1623 target->type = GOTD_NOTIFICATION_VIA_HTTP;
1624 target->conf.http.tls = tls;
1625 target->conf.http.hostname = hostname;
1626 target->conf.http.port = port;
1627 target->conf.http.path = path;
1628 hostname = port = path = NULL;
1631 target->conf.http.user = strdup(user);
1632 if (target->conf.http.user == NULL)
1634 target->conf.http.password = strdup(password);
1635 if (target->conf.http.password == NULL)
1639 STAILQ_INSERT_TAIL(&repo->notification_targets, target, entry);
1649 symset(const char *nam, const char *val, int persist)
1653 TAILQ_FOREACH(sym, &symhead, entry) {
1654 if (strcmp(nam, sym->nam) == 0)
1659 if (sym->persist == 1)
1664 TAILQ_REMOVE(&symhead, sym, entry);
1668 sym = calloc(1, sizeof(*sym));
1672 sym->nam = strdup(nam);
1673 if (sym->nam == NULL) {
1677 sym->val = strdup(val);
1678 if (sym->val == NULL) {
1684 sym->persist = persist;
1685 TAILQ_INSERT_TAIL(&symhead, sym, entry);
1690 symget(const char *nam)
1694 TAILQ_FOREACH(sym, &symhead, entry) {
1695 if (strcmp(nam, sym->nam) == 0) {
1704 gotd_find_repo_by_name(const char *repo_name, struct gotd_repolist *repos)
1706 struct gotd_repo *repo;
1709 TAILQ_FOREACH(repo, repos, entry) {
1710 namelen = strlen(repo->name);
1711 if (strncmp(repo->name, repo_name, namelen) != 0)
1713 if (repo_name[namelen] == '\0' ||
1714 strcmp(&repo_name[namelen], ".git") == 0)
1722 gotd_find_repo_by_path(const char *repo_path, struct gotd *gotd)
1724 struct gotd_repo *repo;
1726 TAILQ_FOREACH(repo, &gotd->repos, entry) {
1727 if (strcmp(repo->path, repo_path) == 0)
1734 struct gotd_uid_connection_limit *
1735 gotd_find_uid_connection_limit(struct gotd_uid_connection_limit *limits,
1736 size_t nlimits, uid_t uid)
1738 /* This array is always sorted to allow for binary search. */
1739 int i, left = 0, right = nlimits - 1;
1741 while (left <= right) {
1742 i = ((left + right) / 2);
1743 if (limits[i].uid == uid)
1745 if (limits[i].uid > uid)
1755 gotd_parseuid(const char *s, uid_t *uid)
1760 if ((pw = getpwnam(s)) != NULL) {
1762 if (*uid == UID_MAX)
1766 *uid = strtonum(s, 0, UID_MAX - 1, &errstr);
1772 const struct got_error *
1773 gotd_parse_url(char **proto, char **host, char **port,
1774 char **request_path, const char *url)
1776 const struct got_error *err = NULL;
1779 *proto = *host = *port = *request_path = NULL;
1781 p = strstr(url, "://");
1783 return got_error(GOT_ERR_PARSE_URI);
1785 *proto = strndup(url, p - url);
1786 if (*proto == NULL) {
1787 err = got_error_from_errno("strndup");
1794 err = got_error(GOT_ERR_PARSE_URI);
1798 q = memchr(s, ':', p - s);
1800 *host = strndup(s, q - s);
1801 if (*host == NULL) {
1802 err = got_error_from_errno("strndup");
1805 if ((*host)[0] == '\0') {
1806 err = got_error(GOT_ERR_PARSE_URI);
1809 *port = strndup(q + 1, p - (q + 1));
1810 if (*port == NULL) {
1811 err = got_error_from_errno("strndup");
1814 if ((*port)[0] == '\0') {
1815 err = got_error(GOT_ERR_PARSE_URI);
1819 *host = strndup(s, p - s);
1820 if (*host == NULL) {
1821 err = got_error_from_errno("strndup");
1824 if ((*host)[0] == '\0') {
1825 err = got_error(GOT_ERR_PARSE_URI);
1830 while (p[0] == '/' && p[1] == '/')
1832 *request_path = strdup(p);
1833 if (*request_path == NULL) {
1834 err = got_error_from_errno("strdup");
1837 if ((*request_path)[0] == '\0') {
1838 err = got_error(GOT_ERR_PARSE_URI);
1849 free(*request_path);
1850 *request_path = NULL;
1858 static char portno[32];
1861 n = snprintf(portno, sizeof(portno), "%lld", (long long)p);
1862 if (n < 0 || (size_t)n >= sizeof(portno))
1863 fatalx("port number too long: %lld", (long long)p);