Blob

Date:
Message:
implement per-repository read/write authorization rules in gotd ok op@
Actions:
History | Blame | Raw File
1 /*

2  * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>

3  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>

4  *

5  * Permission to use, copy, modify, and distribute this software for any

6  * purpose with or without fee is hereby granted, provided that the above

7  * copyright notice and this permission notice appear in all copies.

8  *

9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

16  */

18 #include <sys/types.h>

19 #include <sys/queue.h>

20 #include <sys/uio.h>

22 #include <errno.h>

23 #include <event.h>

24 #include <limits.h>

25 #include <pwd.h>

26 #include <grp.h>

27 #include <sha1.h>

28 #include <stdint.h>

29 #include <stdio.h>

30 #include <stdlib.h>

31 #include <imsg.h>

33 #include "got_error.h"

35 #include "gotd.h"

36 #include "auth.h"

38 static int

39 parseuid(const char *s, uid_t *uid)

40 {

41 	struct passwd *pw;

42 	const char *errstr;

44 	if ((pw = getpwnam(s)) != NULL) {

45 		*uid = pw->pw_uid;

46 		if (*uid == UID_MAX)

47 			return -1;

48 		return 0;

49 	}

50 	*uid = strtonum(s, 0, UID_MAX - 1, &errstr);

51 	if (errstr)

52 		return -1;

53 	return 0;

54 }

56 static int

57 uidcheck(const char *s, uid_t desired)

58 {

59 	uid_t uid;

61 	if (parseuid(s, &uid) != 0)

62 		return -1;

63 	if (uid != desired)

64 		return -1;

65 	return 0;

66 }

68 static int

69 parsegid(const char *s, gid_t *gid)

70 {

71 	struct group *gr;

72 	const char *errstr;

74 	if ((gr = getgrnam(s)) != NULL) {

75 		*gid = gr->gr_gid;

76 		if (*gid == GID_MAX)

77 			return -1;

78 		return 0;

79 	}

80 	*gid = strtonum(s, 0, GID_MAX - 1, &errstr);

81 	if (errstr)

82 		return -1;

83 	return 0;

84 }

86 static int

87 match_identifier(const char *identifier, gid_t *groups, int ngroups,

88     uid_t euid, gid_t egid)

89 {

90 	int i;

92 	if (identifier[0] == ':') {

93 		gid_t rgid;

94 		if (parsegid(identifier + 1, &rgid) == -1)

95 			return 0;

96 		for (i = 0; i < ngroups; i++) {

97 			if (rgid == groups[i] && egid == rgid)

98 				break;

99 		}

100 		if (i == ngroups)

101 			return 0;

102 	} else if (uidcheck(identifier, euid) != 0)

103 		return 0;

105 	return 1;

108 const struct got_error *

109 gotd_auth_check(struct gotd_access_rule_list *rules, const char *repo_name,

110     gid_t *groups, int ngroups, uid_t euid, gid_t egid,

111     int required_auth)

113 	struct gotd_access_rule *rule;

114 	enum gotd_access access = GOTD_ACCESS_DENIED;

116 	STAILQ_FOREACH(rule, rules, entry) {

117 		if (!match_identifier(rule->identifier, groups, ngroups,

118 		    euid, egid))

119 			continue;

121 		access = rule->access;

122 		if (rule->access == GOTD_ACCESS_PERMITTED &&

123 		    (rule->authorization & required_auth) != required_auth)

124 			access = GOTD_ACCESS_DENIED;

127 	if (access == GOTD_ACCESS_DENIED)

128 		return got_error_set_errno(EACCES, repo_name);

130 	if (access == GOTD_ACCESS_PERMITTED)

131 		return NULL;

133 	/* should not happen, this would be a bug */

134 	return got_error_msg(GOT_ERR_NOT_IMPL, "bad access rule");